Tag Archive for: hours

One third of ‘phishing’ websites usually disappear within 24 hours

/in


One third of 'phishing' websites usually disappear within 24 hours
One third of ‘phishing’ websites usually disappear within 24 hours.
image: pixabay

A report by Kaspersky claims that around one-third of ‘phishing’ websites have a lifespan of only 24 hours

A report by internet security firm Kaspersky, titled “Life cycle of phishing pages”, has concluded that half of the fake websites cybercriminals use in their ‘phishing’ schemes, have a life cycle of fewer than four days, and a third of them do not even last for the first 24 hours.

Phishing is a cybercriminal tactic that consists of impersonating a trusted entity and tricking the victim into providing their login credentials or other sensitive information. Banks, for example, are very commonly used in phishing campaigns for obvious reasons.

Cybercriminals usually initiate contact through a fake email, from which they redirect the victim to the fake website. Other variants of ‘phishing’ initiate contact via an SMS, known as ‘smishing’, or by a phone call, commonly called ‘vishing’.

Compiled by Kaspersky security researchers Egor Bubnov and Mikhail Sytnik, the report analysed 5,307 known fake websites. The end result reveals how quickly these websites are born and die, in order to escape “antiphishing” detection engines, and to subsequently avoid being indexed as what they really are.

Of the 5,307 websites monitored by Kaspersky for a month, 33 per cent (1,784) had disappeared before the end of their first day of detection. After 48 hours, the percentage increased to 42 per cent (2,238), 46 per cent (2,481) after 72 hours, and 50 per cent (2,654) by the end of the fourth day.

At the end of the thirty-day period, only 28 per cent of the fake websites remained accessible.

In most cases, fraudulent websites do not experience any changes before their removal, but when they do, they can be of two types. Cybercriminals might modify the company whose brand is used as a lure, indicating a change in target.

Alternatively, they can make changes to the code of the page, in order to prevent it from being blocked by browsers and search engines, after being detected as a fraudulent website. As Bubnov and Sytnik explain, “Any small change modifies the entire page’s hash value, which…

Source…

Rule requires banks report significant ‘computer-security incidents’ within 36 hours | Article

/in


The Office of the Comptroller of the Currency (OCC), Federal Reserve, and Federal Deposit Insurance Corp. (FDIC) approved the policy, which also requires service providers for financial institutions to notify affected bank customers of any service outage caused by a computer-security incident that lasts longer than four hours.

The rule is effective April 1, 2022, and compliance is required by May 1, 2022.

A computer-security incident is described in the rule as an “occurrence that results in actual harm to the confidentiality, integrity, or availability of an information system or the information that the system processes, stores, or transmits.” Such incidents can be caused by a variety of factors, including cyberattacks launched by hackers with “destructive malware or malicious software” as well as “non-malicious failure of hardware and software, personnel errors, and other causes.”

A “notification incident” is defined in the rule as a computer-security incident “that disrupts or degrades, or is reasonably likely to disrupt or degrade, the viability of the banking organization’s operations; result[s] in customers being unable to access their deposit and other accounts; or impact[s] the stability of the financial sector.”

The rule requires any bank services provider subject to the Bank Service Company Act (BSCA) to notify at least two individuals within the affected banking organization of a computer-security incident that it “believes in good faith could disrupt, degrade, or impair services provided subject to the BSCA for four or more hours.” The bank organization would then determine if the incident rises to the level of a notification incident and inform its regulators if that is the case.

“The notification requirement for bank service providers is important because banking organizations have become increasingly reliant on third parties to provide essential services,” the rule said. “… [A] banking organization needs to receive prompt notification of computer-security incidents that materially disrupt or degrade, or are reasonably likely to materially disrupt or degrade, these services because prompt notification will allow the banking…

Source…

Cyber attack hits Gordon’s official website, goes down for hours

/in


Sen. Richard Gordon

GORDON INSISTS BRC PROBE TO CONTINUE: Sen. Richard Gordon maintains that investigations being conducted by the Blue Ribbon Committee on the alleged anomalies in the procurement of face masks, face shields and personal protective equipment (PPEs) by the Department of Health (DOH) through the Procurement Service of the Department of Budget Management (PS-DBM) will continue. (Screengrab/Senate PRIB)

MANILA, Philippines — Amid the ongoing Senate blue ribbon probe into the alleged irregularities in the government’s procurement of pandemic response supplies, the official website of Senator Richard Gordon was hit by a “coordinated online attack” causing the site to shut down for several hours, the senator’s office said.

In a statement on Wednesday, Gordon’s office said the attack happened last October 4.

“We view such service outage or disruption as a serious concern as its timing comes when the Senate Blue Ribbon panel is investigating alleged irregularities in government procurement for COVID-19 supplies and equipment,” said Myke Cruz, an information technology officer in Gordon’s office.

According to Cruz, a distributed denial of service (DDoS) attack, usually “patched through the dark web by nefarious individuals in exchange for a high price,” caused a web services shutdown from 7 a.m. to 1 p.m.

Administrators of dickgordon.ph were able to contain the problem by barring entry of traffic from outside the Philippines at around 1 p.m., Gordon’s office said.

However, a foreign-led attack “persisted” until 3:04 p.m.

“Past instances have linked DDoS attacks to destabilizing the online presence of an opposing party,” Gordon’s office added.

His office said traffic requests to Gordon’s website primarily came from China, the United States, Ukraine, and other Southeast Asian countries, causing the “usual bandwidth traffic to rise dramatically from less than 100 megabytes to almost 1.8 gigabytes within an hour’s span.”

“Ang nangyari, pwede mo ihalintulad sa sari-sari store, na usually may regular na bilang ng customer na bumibili sa loob ng isang minuto. Ngayon, biglang dinumog ng lahat ng residente ng Metro Manila ang sari-sari store para bumili,…

Source…

For two hours, a large chunk of European mobile traffic was rerouted through China – ZDNet

/in

For two hours, a large chunk of European mobile traffic was rerouted through China  ZDNet

It was China Telecom, again. The same ISP accused last year of “hijacking the vital internet backbone of western countries.”

“HTTPS hijacking” – read more