Tag Archive for: hackers

Experts provide tips on how to stay safe from online hackers | FOX 4 Kansas City WDAF-TV

/in


KANSAS CITY, Mo. — Since the COVID-19 pandemic, many of us are spending more time online. Cyber scammers know that and are working harder than ever to separate you from your cash.

TJ Max, Nintendo, Marriot, Dunkin Donuts, the federal government – those are just a few of the recent victims of computer hacks. When big companies or big governments get hacked, everyone feels the pain.

“The attackers are using data that has been stolen in a whole bunch of these data breaches over the years to get our contact information,” said Neil Daswani, a cyber security expert and co-director of the Stanford Advanced Security Certification Program.

Daswani said it’s easier than ever to become a victim of a cyber scammer.

“Simply clicking on a malicious link these days can affect your phone,” said Daswani, a former security expert at Google. “You don’t have to do anything beyond clicking on a link and within a few hundred milliseconds your phone can get infected. “

So what can a consumer do when even the federal government has been unable to thwart cyber attacks. For starters, Daswani said to slow down when you are online.

“I think some of the attackers prey on the fact that people are very busy and will click on anything to get things out of the way,” he said.

Another mistake many people make is not checking the address of an email before clicking on a link.

If you don’t recognize the address (URL) the email came from, don’t open that link. Better yet, if the email purports to be from the government or from your bank, call them (using a number you can trust) to verify that the email is legit.

As Daswani explains in his new book, “Big Breaches: Cybersecurity Lessons for Everyone,” some of the best ways to protect yourself are also the easiest. He recommended always signing up for two- factor identification – where you need to type in a code sent to your phone before you can log into your account.

“The attacker has to compromise your phone in addition to stealing your password,”…

Source…

Feds Indict North Korean Hackers for Years of Heists and Scams

/in


Most surprising, perhaps, is the extent of the hackers’ alleged schemes as cryptocurrency scammers and even would-be entrepreneurs. The indictment outlines how the North Koreans—specifically Kim Il—made plans to launch a cryptocurrency token scheme called Marine Chain, which would sell a blockchain-based stake in marine vessels including cargo ships. According to the British think tank the Royal United Services Institute, Marine Chain was identified by the United Nations as a North Korean sanctions-evasion scheme in 2018; it’s not clear if it ever got off the ground.

In another cryptocurrency theft scheme, the hackers are charged with creating a long list of malicious cryptocurrency apps with names like WorldBit-Bot, iCryptoFx, Kupay Wallet, CoinGo Trade, Dorusio, Ants2Whales, and CryptoNeuro Trader, all designed to surreptitiously steal victims’ cryptocurrencies. The US Cybersecurity and Infrastructure Security Agency issued an advisory Wednesday about the malware family integrated into those apps known as AppleJeus, warning that the malicious apps have been distributed by hackers posing as legitimate cryptocurrency firms, who sent the apps in phishing emails or tricked users into downloading them from fake websites. Security firm Kaspersky had warned about versions of AppleJeus as early as 2018.

The indictment demonstrates the United States’ growing willingness to indict foreign hackers for cyberattacks and cybercriminal schemes that don’t merely target US institutions, says Greg Lesnewich, a threat intelligence analyst at security firm Recorded Future. For some of the charges, he points out, Americans were impacted only as the holders of cryptocurrency stolen from international exchanges. “It’s an expansion of what the US is willing to prosecute for, even if the victims aren’t US entities,” he says.

At the same time, Lesnewich says the long arc of the crimes the indictment describes also show North Korea has expanded its ambitions to use and steal cryptocurrency in any way that might help fund its sanctions-starved government. “They’re using very ingenious methods to steal cryptocurrency now,” says Lesnewich. “They’re clearly putting some of their ‘best’ people on…

Source…

North Korean hackers are ‘the world’s leading bank robbers,’ U.S. charges

/in


It also incorporates earlier allegations about North Korea’s role in the massive Sony hack, which allegedly retaliated for the studio’s release of a satirical film about leader Kim Jong Un, and the WannaCry ransomware outbreak, which infected networks in 150 countries and may have caused as much as $4 billion in losses.

“North Korea’s operatives, using keyboards rather than guns, stealing digital wallets of cryptocurrency instead of sacks of cash, are the world’s leading 21st century nation-state bank robbers,” John Demers, the assistant attorney general for national security, told reporters during a press call.

In a second announcement on Wednesday, the U.S. charged a Canadian man, Ghaleb Alaumary, with helping North Korea launder money stolen through criminal schemes such as those contained in the new indictment. Alaumary, who already faces separate cybercrime charges in Georgia, is in U.S. custody and has pleaded guilty to the newly announced charges.

According to the North Korean indictment, from 2015 to 2019, the three hackers and their co-conspirators tried to steal money from banks in Vietnam, Bangladesh, Taiwan, Mexico, Malta and elsewhere by hacking into their networks and generating fraudulent transfers through a global financial platform. One of these intrusions, into the Bank of Bangladesh, netted them a record $81 million.

The hackers also stole approximately $112 million from cryptocurrency companies after infecting them with malware by tricking them into downloading fake trading applications, prosecutors alleged. On Wednesday, the FBI, the Treasury Department and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency released a technical report about those applications.

“In most instances, the malicious application — seen on both Windows and Mac operating systems — appears to be from a legitimate cryptocurrency trading company, thus fooling individuals into downloading it as a third-party application from a website that seems legitimate,” the agencies said.

Prosecutors have obtained warrants to seize and return $1.8 million of the stolen cryptocurrency to a New York financial services firm, which they did not…

Source…

The negotiators taking on the ransomware hackers

/in


Kurtis Minder has spent the past year negotiating six-figure ransom demands from gangs of ruthless criminals.

Not for the safe return of kidnap victims, but for the release of valuable data that is being held hostage by hackers.

Ransomware attacks, which see hackers lock up data or computer systems until they are paid off, have been one of the biggest cyber security headaches for the private and public sectors in the past year.

Gangs of ransomware hackers made more than $350m in 2020, a 311 per cent jump on the previous year, according to the software company Chainalysis. The true figure is likely to be far more given many victims do not disclose when they have been attacked and made a payout. Some analysts estimate that the cost to businesses from the disruption is now as high as $20bn a year.

In response, an industry of negotiators has sprung up to help the thousands of companies, schools, local authorities and even hospitals navigate the aftermath of a crippling attack. Minder said his cyber intelligence company, GroupSense, started offering negotiation services, for $350 an hour, after requests from desperate clients. 

“You have to approach [the negotiation] mechanically and effectively as a transaction,” he said, adding that there was little point in hurling invectives at the hackers. “We don’t need to tell the threat actor that they’re a bad person,” he said, with a laugh. “They know that. It does not help us achieve our goal.”

The FBI discourages paying ransoms, arguing that it does not guarantee that data will be released, and that it incentivises hackers to continue. But most organisations feel they have little choice.

The aim for Minder is to try to haggle down the ransom demands “as low as possible as quickly as possible” and then handle the payment of any funds, often in cryptocurrencies.

And it also requires some soft skills. “The second part of my job that does not get talked about much is counselling companies that are very, very angry or small businesses where it’s very emotional…

Source…