Tag: Profile | SpinSafe

Facebook account hacked? How this Aussie dad recovered his profile after distraction scam

January 17, 2022/in Computer Security

Kit Lucev woke up on August 1, 2020, to a strange email.

His Facebook account had been suspended.

“I assumed it was some sort of error, so I logged on, expecting that I’d get my account reinstated,” he told 7NEWS.com.au.

But it wasn’t that simple.

The 31-year-old had fallen victim to an increasingly popular distraction technique where hackers target accounts linked to a business page that has likely purchased Facebook advertising in the past using a saved payment method.

Kit Lucev, his partner and two children. Credit: Supplied

Once the account is compromised, the hacker changes the password and shares photographs they know will trigger Facebook’s community standards – such as terrorist group imagery or child pornography.

While the victim is busy attempting to regain control of their account, the hackers use their payment details to purchase Facebook ads for their own pages – often based overseas.

On the morning of August 1, 2020, Kit woke to this email. Credit: Supplied

It all became clear for Kit when he received a message from a friend, a fly-in-fly-out worker who is “up at all hours of the night”.

“What’s with all that ISIS stuff that you were posting last night? That’s not funny,” the message read.

Kit’s personal account had been linked to a business page – a page for his side business selling footy merchandise and one he had spent thousands of dollars on in Facebook ads.

Thankfully, the hacker had tried but failed to use his credit card to buy $408 in advertisements. Despite several attempts, the purchase was unable to be processed and to Kit’s knowledge, they didn’t spend a single cent.

But his problems were far from over.

An example of the type of imagery being used. Credit: Facebook

Kit appealed the suspension and Facebook said it would investigate but warned it may take time.

“I was a bit annoyed, thinking it would take two days. Then two days turned into a week, then a month, then six months,” he said.

During this time, Kit’s side business Uncle Bushchook had gone from making more than $100,000 at its peak in 2017/18 to less than $5000 last year without Facebook, and any way to connect with his 20,000 loyal followers.

“It absolutely was impacted….

Source…

NIST Releases New “Cybersecurity Framework Profile for Ransomware Risk Management” to Battle Growing Threat of Ransomware Attacks | Faegre Drinker Biddle & Reath LLP

November 12, 2021/in Internet Security

Ransomware incidents continue to be on the rise, wreaking havoc for organizations globally. Ransomware attacks target an organization’s data or infrastructure, and, in exchange for releasing the captured data or infrastructure, the attacker demands a ransom. This creates a dilemma for organizations — the decision to pay the ransom, relying on the attacker to release the data as they say, or to reject the ransom demand and try to restore the data or operations on their own.

On the heels of new federal actions related to cyber security, the National Institute of Standards and Technology (NIST) recently issued a Cybersecurity Framework Profile for Ransomware Risk Management (Ransomware Profile), currently designated as “NISTIR 8374.” This new Ransomware Profile “maps security objectives” from the Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1 (Cybersecurity Framework). The Ransomware Profile “can be used as a guide to managing the risk of ransomware events” and can help “gauge an organization’s level of readiness to mitigate ransomware threats and to react to the potential impact of events.”

This is the second cybersecurity framework profile recently released by NIST to help reverse ransomware attacks. In late 2020, NIST released its “Zero Trust Architecture” framework as an additional alternative to ransomware defense. To learn more about NIST’s Zero Trust Architecture model, read here.

This new NIST Ransomware Cybersecurity Framework Profile is composed of three unique parts:

The Framework Core
The Framework Implementation Tiers
The Framework Profile

Additionally, the Framework Core includes five parts, intended to be concurrent and continuous functions that adopting entities should employ:

Identify
Protect
Detect
Respond
Recover

These functions “provide a high-level, strategic view of the lifecycle of an organization’s management of cybersecurity risk” and, to simplify what NIST is propounding, the Ransomware Profile expands on the Cybersecurity Framework by using the five parts of the Framework Core to offer practical steps that organizations can take to safeguard their networks from potential…

Source…

DirtyMoe Botnet Returns With Undetectable Threat Profile

August 23, 2021/in Computer Security

The malware botnet known as DirtyMoe has been around since at least 2016, but its newest version makes some major changes that put it back in the spotlight. Take a look at how the new version works, what is different about it and how to defend against it.

Back in 2016, NuggetPhantom appeared as its first iteration. NuggetPhantom and several of the threat’s other early samples didn’t work well, however. They tended to be unstable and they yielded symptoms expected of a compromise.

Fast forward five years, and DirtyMoe is a different malware. Avast analyzed its most recent variants and found that they match other threats in terms of their anti-forensic, anti-debugging and anti-tracking capabilities. On top of this, the DirtyMoe botnet balances a modular structure with a threat profile that can’t be detected or tracked.

How the DirtyMoe Botnet Works

DirtyMoe’s attack chain begins with the attackers attempting to gain admin privileges on a target’s Windows machine.

One of their preferred techniques is relying on the PurpleFox exploit kit to misuse EternalBlue, an opening in Windows. In spring 2019, researchers discovered a campaign in which digital attackers leveraged the flaw to distribute cryptomining malware.

DirtyMoe’s authors also used infected files and phishing emails. These contained URLs to exploit Internet Explorer flaws as a means of gaining higher privileges. Once they gain admin rights, the attackers can use the Windows MSI installer to deploy DirtyMoe. They used Windows Session Manager to overwrite ‘sens.dll,’ the system file which pertains to the Windows System Event Notification. The compromise enabled the main DirtyMoe botnet service to run at the system level.

Loading that service started up a rootkit driver concealing DirtyMoe’s services, files and registry entries. At the time when it was discovered, the malware authors used their creation mostly to engage in cryptojacking. Other researchers found the threat could conduct distributed denial-of-service (DDoS) attacks, as well.

All the while, attackers used VMProtect and the malware’s own encryption algorithm to hide what they were doing. They also employed…

Source…

Google Pixel phones first to meet the Common Criteria’s MDF protection profile on Android 11

March 12, 2021/in Mobile Security

Google Pixel smartphones may lack in terms of the overall hardware besides their cameras, but the fastest software updates make them immensely desirable. Pixel devices not only get the best Android features before others, but they also get top-notch security with monthly security updates. In addition to these updates, the dedicated Titan M security chip is claimed to offer enterprise-grade privacy protection. Now, the Pixel devices running Android 11 are also the first to meet Common Criteria’s MDF security standards.

Mobile Device Fundamentals (MDF) Protection Profile by Common Criteria outlines guidelines that IT companies across 31 countries around the world must follow. These guidelines ensure the enterprise user data is safeguarded by “strongest possible protections,” Google notes in a blog post. This certification allows Google to endorse its Pixel devices running Android 11 — i.e., Pixel 3 and above — which are the best-suited devices for corporate users with a lot of sensitive data to protect.

What makes Common Criteria’s MDF guidelines even more convincing is that the evaluation is performed in a lab where experts test a device’s resilience against various “real-world threats facing both consumers and businesses.” The tests are performed to warrant “every mitigation works as advertised.” To verify the mitigations in case of different threats on Pixel devices, the lab evaluates the function of:

Protected Communications – to ensure traffic across all communications and networks, including Wi-Fi, are encrypted.
Protected Storage – to ensure storage encryption and tamper-proof mechanisms such as the Titan M chip.
Authorization and Authentication – to check against spoofing and false acceptance
Mobile Device Integrity – to verify Android’s implementation of Verified Boot, Google Play System Updates, and Seamless OS Updates.
Auditability – for users to reports or IT admins to check for events such as device start-up and shutdown, data encryption, data decryption, and key management.
Mobile Device Configuration – for enterprise admins to enforce Android Enterprise’s security policies for the camera, location, or app installation.

Other than for…

Source…

Tag Archive for: Profile

How the DirtyMoe Botnet Works