Tag Archive for: hack

Hackers Don’t Even Have To Hack Users Who Voluntarily Download Apps And Browser Extensions

/in


I previously wrote What Do Hacking And Malware Have To Do With Ad Fraud? Put simply, hackers get malware onto devices not only to collect personal information and steal passwords from real human users. They also use the malware to make money via ad fraud. Monetizing via ad fraud is more efficient and profitable than harvesting passwords for sale on the dark web. The former is a one-step process that yields continuous high-margin profits; the latter is a two-step process, and the hacker is not even sure if there will be buyers for his lists of compromised passwords. In recent years, we’ve seen hackers dump entire datafiles of passwords for free on hacker forums. This suggests they could not even find any buyer for that data, because it is already so prevalent and readily available. So hackers are increasingly using their malware and botnets for digital ad fraud instead – loading ads and website pages in the background to make money.

Note that more and more of the recent botnets are colored green, which means their primary use is ad fraud, as opposed to DDoS (distributed denial of service) attacks, spam, or ransomware.

No Hacking Needed

But hackers may not even need to spend any effort hacking into real humans’ devices. In some cases, unsuspecting humans voluntarily download browser extensions or mobile apps that are already laced with malicious code. The code is designed to load ads in the background even when the app is not in use or the mobile device is not in use. This is ad fraud because the millions of ad impressions are never seen by human users. Today comes yet another story of humans downloading browser extensions that purport to do one thing, but in actuality are designed for committing ad fraud in the background.

ZDNetThree million users installed 28 malicious Chrome or Edge extensions | ZDNet

“The 28 extensions contained code that could perform several malicious operations. Avast said it found code to:

  • redirect user traffic to ads
  • redirect user traffic to phishing sites
  • collect personal data, such as birth dates, email addresses, and active devices
  • collect browsing history
  • download further malware onto a user’s device

Source…

Huge federal hack ripples across energy industry — Thursday, December 17, 2020 — www.eenews.net

/in


Electric utilities are grappling with the fallout from one of the most significant cyber intrusions in years, as the far-reaching impact of a sophisticated hacking campaign comes into sharper focus.

Four days after the supply chain cyberattack on IT service provider SolarWinds was revealed, details on its global victims — from federal agencies to oil and electricity companies — are still emerging (Energywire, Dec. 15).

The SolarWinds software hijacked by suspected Russia-linked hackers was widely used by U.S. power providers, experts say, leaving many companies scrambling to find out if they’re affected by the breach. And sources say a simple software update or patch won’t erase the threat from the “Sunburst” malware: Organizations targeted by the hackers will likely have additional malware installed that could be difficult to find.

“Any organization that says, ‘Yep, we got it solved. It’s all good,’ in the next 90 days: I would respectfully disagree,” said Jim Guinn, global managing director for cybersecurity in energy, chemicals, utilities and mining at Accenture.

The number of agencies and organizations that may have been hit by the cyber espionage campaign is unclear. Reuters first reported that the Commerce, Treasury and Homeland Security departments were among those targeted. The list of agencies has since grown to include the State Department and the Pentagon, The New York Times reported, citing anonymous sources familiar with the ongoing investigations.

In a joint statement yesterday, DHS’s Cybersecurity and Infrastructure Security Agency, the FBI and the Office of the Director of National Intelligence said they have formed a “Cyber Unified Coordination Group to coordinate a whole-of-government response” to the hacking campaign.

“This is a developing situation, and while we continue to work to understand the full extent of this campaign, we know this compromise has affected networks within…

Source…

Trump aide O’Brien cuts Europe trip short to deal with cyber hack

/in


The sweeping attacks, first reported by Reuters on Sunday, prompted the U.S. Department of Homeland Security and thousands of businesses to scramble to investigate and respond to the hacking campaign that officials suspect was directed by the Russian government.

RELATED: Biden taps former rival Pete Buttigieg for U.S. transportation secretary

O’Brien “is holding NSC meetings tonight and tomorrow morning and will convene a high-level interagency meeting this week,” National Security Council spokesman John Ullyot said.

A bipartisan group of U.S. senators, including the top Republican and Democratic members of the Senate commerce panel, wrote a letter to the directors of the FBI and the Cybersecurity and Infrastructure Security Agency requesting a report about the extent of the attacks.

Newsletter signup for email alerts

Citing people familiar with the matter, Reuters reported on Sunday that hackers backed by a foreign government had been monitoring internal email traffic at the U.S. Treasury Department and the Commerce Department’s National Telecommunications and Information Administration, an agency that decides internet and telecommunications policy.

Technology company SolarWinds, which was the key steppingstone used by the hackers, said up to 18,000 of its customers had downloaded a compromised software update that allowed hackers to spy unnoticed on businesses and agencies for almost nine months.

In their letter, the senators asked for, among other things, a list of all federal agencies that are customers of SolarWinds, the categories and quantities of data that were susceptible to hacking, and any confirmed cases of unauthorized access.

The letter was signed by Republican Senator Roger Wicker, chairman of the Commerce Committee; Senator Maria Cantwell, the committee’s top Democrat; and four other senators.

O’Brien had visited Israel and France on his trip but canceled stops in Italy, Germany, Switzerland and Britain….

Source…

Hack may have exposed deep US secrets; damage yet unknown

/in


BOSTON (AP) — Some of America’s most deeply held secrets may have been stolen in a disciplined, monthslong operation being blamed on elite Russian government hackers. The possibilities of what might have been purloined are mind-boggling.

Could hackers have obtained nuclear secrets? COVID-19 vaccine data? Blueprints for next-generation weapons systems?

It will take weeks, maybe years in some cases, for digital sleuths combing through U.S. government and private industry networks to get the answers. These hackers are consummate pros at covering their tracks, experts say. Some theft may never be detected.

What’s seems clear is that this campaign — which cybersecurity experts say exhibits the tactics and techniques of Russia’s SVR foreign intelligence agency — will rank among the most prolific in the annals of cyber-espionage.

U.S. government agencies, including the Treasury and Commerce departments, were among dozens of high-value public- and private-sector targets known to have been infiltrated as far back as March through a commercial software update distributed to thousands of companies and government agencies worldwide. A Pentagon statement Monday indicated it used the software. It said it had “issued guidance and directives to protect” its networks. It would not say — for “operational security reasons” — whether any of its systems may have been hacked.

On Tuesday, acting Defense Secretary Chris Miller told CBS News there was so far no evidence of compromise.

In the months since the update went out, the hackers carefully exfiltrated data, often encrypting it so it wasn’t clear what was being taken, and expertly covering their tracks.

Thomas Rid, a Johns Hopkins cyberconflict expert, said the campaign’s likely efficacy can be compared to Russia’s three-year 1990s “Moonlight Maze” hacking of U.S. government targets, including NASA and the Pentagon. A U.S. investigation determined the height of the documents stolen — if printed out and piled up — would triple the height of the Washington Monument.

In this case “several Washington Monument piles of documents that they took from different government agencies is probably a realistic estimate,” Rid said. “How would they use that?…

Source…