Hyderabad: To deal with the evolving cyber threats showing an increase in complexity and scale, the Data Security Council of India (DSCI)’s Cybersecurity Centre of Excellence (CCoE) organised a meet at Plaza Hotel in the city on Tuesday.
The meet was led by CEO Dr Sriram Birudavolu, with Dr Jayesh Ranjan, special chief secretary, ITE&C department taking part as the chief guest.
The conference featured diverse sessions like cyber security best practices, privacy and data protection seal, risk management, attack surface management, application security posture management, incident response, among others. The aim of the session was to make use of latest developments in cyber security to safeguard critical infrastructure and sensitive data assets.
From the warm-and-fuzzy files comes this feel-good Friday post, chronicling this week’s takedown of two hated ransomware groups. One vanished on Tuesday, allegedly after being hacked by a group claiming allegiance to Ukraine. The other was taken out a day later thanks to an international police dragnet.
The first group, calling itself Trigona, saw the content on its dark web victim naming-and-shaming site pulled down and replaced with a banner proclaiming: “Trigona is gone! The servers of Trigona ransomware gang has been infiltrated and wiped out.” An outfit calling itself Ukrainian Cyber Alliance took credit and included the tagline: “disrupting Russian criminal enterprises (both public and private) since 2014.”
Poor operational security
A social media post from a user claiming to be a Ukrainian Cyber Alliance press secretary said his group targeted ransomware groups partly because they consider themselves out of reach of Western law enforcement.
“We just found one gang like that and did to them as they do to the rest,” the press secretary wrote. “Downloaded their servers (ten of them), deleted everything and defaced for the last time. TOR didn’t help them or even knowing they had a hole in it. Their entire infrastructure is completely blown away. Such a hunt forward.’”
A separate social media post dumped what the press secretary said was an administrative panel key and said the group wiped out Trigona’s “landing, blog, leaks site, internal server (rocketchat, atlassian), wallets and dev servers.” The person also claimed that the Ukrainian Cyber Alliance hacked a Confluence server Trigona used.
Enlarge/ Screenshot showing purported hacker’s control of Trigona Confluence server.
By Friday, the Trigona site was unavailable, as evidenced by the message “Onionsite not found.”
Trigona first surfaced in 2022 with close ties to ransomware groups known as CryLock and BlackCat and looser ties to ALPHV. It primarily hacked companies in the US and India, followed by Israel, Turkey, Brazil, and Italy. It was known for compromising MYSQL servers,…
https://spinsafe.com/wp-content/uploads/2023/10/GettyImages-597257986-760x380.jpg380760SecureTechhttps://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svgSecureTech2023-10-22 14:30:062023-10-22 14:30:06Feel-good story of the week: 2 ransomware gangs meet their demise
Data breaches are on the rise worldwide, and the energy sector is among the top five industries targeted most often for hacking and ransomware attacks. While some breaches are caused by weaknesses in an organization’s virtual perimeter that allow hackers to exploit software vulnerabilities, a growing number sneak through connected IoT/IIoT (Internet of Things/Industrial Internet of Things) devices. That figure was more than 112 million in 2022.
Security cameras, access control readers, and other devices that make up physical security systems are likewise often overlooked as a source of vulnerability. With physical security devices of the past, like perimeter fences and door locks, the approach was ‘install what you need and let it do its job.’ As security technology advanced, this mindset persisted. Even as organizations began implementing IP-based technology and IoT devices, they didn’t always think about how these assets might make their networks vulnerable. In some instances, even though a physical security system resides on an organization’s network, it is managed by corporate security instead of the IT department.
Physical security and information security are linked. There’s no difference in the result whether a hacker accesses an organization’s network physically, or through a video surveillance camera, a piece of HVAC equipment, or an employee’s laptop. As cyber threats grow, physical security and IT must work together to safeguard network infrastructure.
Unifying physical and cybersecurity
A unified IT-and-physical-security team can develop a comprehensive security program based on a common understanding of risk, responsibilities, strategies, and practices. First, the team should conduct a current posture assessment to identify devices of concern.
Create an inventory of all network-connected cameras, door controllers, and associated management systems, identify their functions and confirm their…
WormGPT, a private new chatbot service advertised as a way to use Artificial Intelligence (AI) to write malicious software without all the pesky prohibitions on such activity enforced by the likes of ChatGPT and Google Bard, has started adding restrictions of its own on how the service can be used. Faced with customers trying to use WormGPT to create ransomware and phishing scams, the 23-year-old Portuguese programmer who created the project now says his service is slowly morphing into “a more controlled environment.”
Image: SlashNext.com.
The large language models (LLMs) made by ChatGPT parent OpenAI or Google or Microsoft all have various safety measures designed to prevent people from abusing them for nefarious purposes — such as creating malware or hate speech. In contrast, WormGPT has promoted itself as a new, uncensored LLM that was created specifically for cybercrime activities.
WormGPT was initially sold exclusively on HackForums, a sprawling, English-language community that has long featured a bustling marketplace for cybercrime tools and services. WormGPT licenses are sold for prices ranging from 500 to 5,000 Euro.
“Introducing my newest creation, ‘WormGPT,’ wrote “Last,” the handle chosen by the HackForums user who is selling the service. “This project aims to provide an alternative to ChatGPT, one that lets you do all sorts of illegal stuff and easily sell it online in the future. Everything blackhat related that you can think of can be done with WormGPT, allowing anyone access to malicious activity without ever leaving the comfort of their home.”
WormGPT’s core developer and frontman “Last” promoting the service on HackForums. Image: SlashNext.
In July, an AI-based security firm called SlashNextanalyzed WormGPT and asked it to create a “business email compromise” (BEC) phishing lure that could be used to trick employees into paying a fake invoice.
“The results were unsettling,” SlashNext’s Daniel Kelley wrote. “WormGPT produced an email that was not only remarkably persuasive but also strategically cunning, showcasing its potential for sophisticated phishing and BEC attacks.”
https://spinsafe.com/wp-content/uploads/2023/08/Meet-the-Brains-Behind-the-Malware-Friendly-AI-Chat-Service-‘WormGPT.png5101199SecureTechhttps://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svgSecureTech2023-08-08 23:00:112023-08-08 23:00:11Meet the Brains Behind the Malware-Friendly AI Chat Service ‘WormGPT’ – Krebs on Security
