Tag Archive for: Lax

Lax Security Fuels Massive 8220 Gang Botnet Army Surge

/in


Leveraging little more than Linux bugs, common cloud application vulnerabilities, and misconfigurations, the 8220 Gang has been able to use its latest IRC botnet to infect more than 30,000 hosts with their PwnRig cryptominer.

Researchers with SentinelOne reported observing this noteworthy increase in the number of infected hosts over the course of just the past month. In mid-2021, the analysts said the malicious botnet was running on just 2,000 hosts worldwide.

The 8220 Gang gets its name from its original command-and-control communications port choice:8220.

“Over the past few years, 8220 Gang has slowly evolved their simple, yet effective, Linux infection scripts to expand a botnet and illicit cryptocurrency miner,” the cloud botnet security warning explained. “From our observations, the group has made changes over the recent weeks to expand the botnet to nearly 30,000 victims globally.”

Patching and better password hygiene would prevent most infections, researchers noted.

The report includes indicators of compromise (IoCs).

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Source…

Global increase in mobile malware but smartphone security lax here, Tech News News & Top Stories

/in


SINGAPORE – Amid the Covid-19 pandemic last year, the volume of malware detected globally for mobile devices such as smartphones jumped 15 per cent compared with 2019.

And the number of new mobile malware programs detected in 2020 spiked by 88 per cent, based on figures cyber-security firm McAfee provided to The Straits Times last week.

Moreusers in Singapore have been found by recent surveys to be lax with security on their mobile gadgets even as many consumers and businesses have gone digital during the pandemic.

“Cyber criminals are getting more and more sophisticated, and they’re always on the lookout for easy targets through the channels consumers spend the most time on. And increasingly, this means our mobile devices,” said Mr Shashwat Khandelwal, McAfee’s head of consumer business for South-east Asia.

“With the boom in digital banking, e-commerce and mobile payment, our smartphones are now gateways to our credit card details, personal data and more. This makes cyber threats targeted at mobile devices a much more lucrative and enticing business for malicious actors.”

In Singapore, the total value of mobile payments made through smartphone apps more than doubled last year to US$2 billion (S$2.7 billion), according to research firm Statista.

The latest figures from McAfee also showed that mobile malware could be rising this year too. In the first quarter, there were 46 million mobile malware programs detected by the firm globally, up 23 per cent from the same period last year.

Total mobile malware programs detected last year hit 160 million, higher than the nearly 139 million in 2019.

As for new mobile malware, McAfee found 2.3 million in the first three months of this year, up 73 per cent from a year ago.

There were 7.7 million new types of malware affecting mobile devices last year, nearly twice the 4.1 million in 2019.

The rising threat of mobile malware contrasts with more people here who are not taking steps to protect themselves.

Findings released last week by the Cyber Security Agency of Singapore showed that 78 per cent of people here understood the risks of not having cyber-security apps installed on their mobile devices, such as anti-virus software and…

Source…

Lawsuit Alleges Lax Cybersecurity Allowed Pipeline Hack

/in


(TNS) — Still reeling from a devastating Russian-based ransomware attack earlier this month, Colonial Pipeline is now the subject of a lawsuit alleging the Georgia-based company employed lax cybersecurity measures that left it vulnerable to such an attack.

The lawsuit was filed May 18 in the U.S. District Court for the Northern District of Georgia, according to Bloomberg Law. Plaintiff Ramon Dickerson said the company breached its duty to employ industry security standards which resulted in system outages that harmed consumers by raising prices at the pump.

“As a result of the Defendant’s failure to properly secure the Colonial Pipeline’s critical infrastructure — leaving it subjected to potential ransomware attacks like the one that took place on May 7, 2021 — there have been catastrophic effects for consumers and other end-users of gasoline up and down the east coast,” Dickerson alleged.


On May 7, hackers locked up the company’s computer systems. The hackers didn’t take control of pipeline operations, but the Alpharetta-based company shut it down to prevent malware from affecting industrial control systems. President Joe Biden later said the attack was the work of Russian-based hackers, though he added the U.S. does not believe the Russian government was responsible.

Colonial Pipeline CEO Joseph Blount said he approved paying more than $4 million to the Russian-based hackers who cyber attacked his company because “it was the right thing to do for the country.”

In a May 19 interview published by The Wall Street Journal, Blount said he authorized the ransom payment of $4.4 million because executives were unsure how badly the cyber attack had breached its systems or how long it would take to bring the pipeline back.

“I know that’s a highly controversial decision,” Blount said. “I didn’t make it lightly. I will admit that I wasn’t comfortable seeing money go out the door to people like this. But it was the right thing to do for the country.”

The interview was the first time Blount or the company acknowledged paying the ransom. He also said it will take months and cost the company…

Source…

Comptroller warns Johnstown of lax cyber security; State audit shows inappropriate computer use

/in


The New York State Comptroller’s Office has determined City of Johnstown officials have placed the local government in danger of lawsuits, disruption of operations and cyber security breaches due to inadequate Information Technology policies.

The Comptroller released findings from its Jan. 1, 2019 to Jan. 15, 2020 audit of the city’s IT practices on March 26.

The Comptroller found the city of Johnstown paid an IT company $92,309 for services during the audit period, even though the city had no formal written contract with the company and city officials seemingly had little understanding of how the money was being spent.

“City officials have relied on an IT provider for IT services, technical assistance and purchase of IT equipment, as needed, for over 10 years without a written contract or [Service-level-agreement] SLA,” reads the Comptroller’s report. “The Council did not negotiate a written contract with its IT service provider and officials did not enter into an SLA with the provider to identify the specific services to be provided or the provider’s responsibilities.”

The state Comptroller’s Office has determined the City of Johnstown paid a $1,250 monthly service fee for its IT services, but details about how that money was spent were not forthcoming from city officials.

“Except for two four-hour on-site visits each month, officials were unable to identify the services included in the monthly fee,” reads the Comptroller’s report. “As a result of our inquiry, the IT provider gave the Treasurer a written list of services included and not included in this fee.”

The list of services included in the Comptroller’s audit of Johnstown’s IT spending is as follows:

• $37,138 for equipment and supplies

• $18,829 for software renewals and warranty

• $15,000 for monthly services

• $9,717 for technical support

• $5,355 for software services

• $4,018 for hardware installation

• $2,252 for backup services.

“City officials were given an opportunity to respond to our findings and recommendations within 30 days of the exit conference, but they did not respond,” reads the Comptroller’s report.”

Members of the Common Council did not…

Source…