Tag Archive for: news

Russia behind cyber attacks on Western utilities, security firm says | Yle News

/in


“It’s kind of an escalation in that we’re seeing more than just data collection, surveillance and intelligence gathering,” Mikko Hyppönen says.

Portrait of a man with glasses, a mustache and dark hair combed back into a ponytail, wearing a blue blazer.

Withsecure’s research director Mikko Hyppönen Image: Jari Kovalainen / Yle

Russia has used malware in cyber attacks on targets in Eastern European countries since at least mid-2022, according to Finnish cyber security firm Withsecure.

More specifically, the company has reported that a Russian military intelligence effort led to the breach of databases belonging to an Estonian logistics company.

Finland’s eastern neighbour also appears to have tampered with water utility data systems in the US, France and Poland, according to Mandiant, a data security firm and subsidiary of Google.

So far, the cyberattacks do not appear to have caused significant disruptions. For example, the attack in the US caused a water tank at a facility in Texas to overflow until the system was brought under control, according to CNN.

But according to Withsecure’s research director, Mikko Hyppönen, it is a serious matter if Russia has started carrying out cyber attacks on Nato countries’ utilities.

“It’s kind of an escalation in that we’re seeing more than just data collection, surveillance and intelligence gathering,” Hyppönen told Yle.

Hyppönen: Russia attacked Estonian firm

At the end of 2022 malicious code dubbed “Kapeka” helped hackers to breach a database belonging to an Estonian logistics firm. A recent study at Withsecure revealed who was behind the attack, according to Hyppönen.

“Our research linked the Kapeka malware directly to Russia’s Sandworm group, the country’s military cyber intelligence unit,” he explained.

The Sandworm group is known for having carried out several destructive attacks in Ukraine, including temporarily knocking out the war-torn country’s electricity grid.

“Kapeka’s development and deployment likely follow the ongoing Russia-Ukraine conflict, with Kapeka being likely used in targeted attacks of firms across Central and Eastern Europe since the illegal invasion of Ukraine in 2022,” a Withsecure brief on the matter explained.

According to Hyppönen, the Sandworm-delivered malware in Estonia caused disruptions at the…

Source…

Omni Hotels confirms customers’ personal data stolen in ransomware attack – KIRO 7 News Seattle

/in


DALLAS — Officials with Omni Hotels & Resorts confirmed that cybercriminals stole the personal information of its customers during what appeared to be a ransomware attack last month.

>> Read more trending news

According to a post on its website on Sunday, the hotel giant said that “limited information pertaining to a subset of our customers may have been impacted.”

Omni said the stolen data includes customer names, email addresses, postal addresses and guest loyalty program information. The breach does not include information pertaining to financial information or Social Security numbers.

Omni said it shut down its systems on March 29 after discovering intruders in its systems, TechCrunch reported. Guests reported outages across Omni’s properties, with some customers experiencing issues with telephone and wi-fi issues, according to the technology news website.

Some customers said their room keys stopped working.

Omni officials said the chain’s systems were restored by April 8, TechCrunch reported.

“Omni Hotels & Resorts continues to investigate a recent cyberattack on its systems with the assistance of a leading cybersecurity response group,” the company wrote in an update on its website.

The FBI reported that more than 2,825 ransomware complaints were reported during 2023, an increase of 18% over 2022. Losses reported rose by 74%, from $34.3 million to $59.6 million, according to the agency.

Omni Hotels & Resorts is based in Dallas, and the chain operates 50 hotels and resorts in the United States and Canada, according to The Dallas Morning News.

© 2024 Cox Media Group

Source…

Cyber Security News Weekly Round-Up (Vulnerabilities, Threats & New Stories)

/in


The weekly cybersecurity news wrap-up provides readers with the latest information on emerging risks, vulnerabilities, ways to reduce them, and harmful schemes to help make defensive measures proactive.

A well-developed knowledge base is necessary for securing networks from the newest targets and vulnerabilities in the face of the changing risk landscape.

Staying updated with the latest trends, reports, and news is completely necessary nowadays.

Cyber Attacks

CoralRaider Hackers Steal Data

XClient stealer and RotBot are two attack tools that Vietnamese threat actor CoralRaider uses to steal financial data, login credentials, and social media information from victims in Asian and Southeast Asian countries.

Since 2023, the group has been operational with complex approaches where they would integrate Vietnamese vocabularies into their payloads as a sort of hard coding.

The most recent campaign by this threat group involves using Windows shortcut files to distribute malware targeting South Korean, Bangladeshi, and Chinese nationals. This is a significant threat to individuals and businesses in the region.

Chinese Hackers Using AI Tools To Influence Upcoming Elections

The report concerns how Chinese hackers could use AI to influence the elections. While no instances are specifically mentioned in the report, it cautions against this cyber risk. 

Not only that even AI can be used to generate deepfake videos, control social media sites and undertake highly developed cyber offences which makes it a very powerful tool to influence the elections. 

Moreover, the report stresses on increasing cybersecurity defenses against such threats including improvements in detection and response capabilities. 

While it highlights the need of remaining alert and proactive towards changing cyber risks especially in line with elections and politics at large.

Threat Actors Deliver Malware Via YouTube Video

The report highlights a recent malware campaign in which Vidar, StealC, and Lumma Stealer information-stealing malware are disseminated via YouTube videos by hackers. 

These videos that pretend to be guides for getting free software or game upgrades have links to cracked video games and pirated…

Source…

Van Nuys man indicted for allegedly selling ‘trojan’ malware to help others crack computers – Daily News

/in


Federal authorities on Thursday announced the arrest of a Van Nuys man who allegedly schemed to market and sell malware that gave purchasers control over computers and enabled them to access victims’ private communications, their login credentials and other personal information.

Edmond Chakhmakhchyan, 24, allegedly used the screen name “Corruption.” He was arrested Wednesday by special agents with the FBI. During his arraignment in federal court, he pleaded not guilty to charges contained in a two-count indictment and was ordered back to court on June 4. His bond was set at $70,000.

The indictment charges Chakhmakhchyan with one count of conspiracy to advertise a device as an interception device, to transmit a code to intentionally cause damage to a protected computer and to intentionally access a computer to obtain information, as well as one count of advertising a device as an interception device. Each count carries a maximum sentence of five years in federal prison.

The indictment alleges an agreement between the malware’s creator and Chakhmakhchyan in which the defendant allegedly would post ads for the Hive remote access trojan, or RAT, on the Hack Forums website, accept Bitcoin payments for licenses to use the Hive RAT and provide customer service to those who purchased the licenses.

Customers purchasing the malware would transmit Hive RAT to protected computers and gain unauthorized control over and access to those devices, allowing the RAT purchaser to close or disable programs, browse files, record keystrokes, access incoming and outgoing communications and steal victim passwords and other credentials for bank accounts and cryptocurrency wallets, all without the victims’ knowledge or permission, according to the indictment.

Chakhmakhchyan allegedly began working with the creator of the Hive RAT, previously known as “Firebird,” about four years ago and advertised online the RAT’s many features.

Source…