Hacking group LightBasin broke into at least 13 mobile networks – report

According to a detailed report from CrowdStrike, more than a dozen mobile network operators have been infiltrated by a hacking group called LightBasin since 2019.

Importantly, the cybersecurity research firm said that the hackers were able to access subscriber information and call record details. However, the firm did not disclose the identities of the mobile network operators that were hacked, and officials did not answer questions from Light Reading about why they wouldn’t name the affected companies.

Secure mobile infrastructure “is not something that you can take for granted,” cautioned Adam Meyers, CrowdStrike’s senior VP of intelligence, in comments to Cyberscoop.

The firm’s report detailed a number of methods, both simple and complex, that the hacking group used to gain access. For example, one method involved simply attempted to log into systems using the names of standard equipment vendors.

CrowdStrike described LightBasin – also known as UNC1945 – as an “activity cluster” that has been targeting companies in the telecommunications sector since at least 2016. The firm said the group has some knowledge of the Chinese language but that it “does not assert a nexus between LightBasin and China.”

Another day, another attack

This isn’t the first report to call out hacks into telecom network operators. In 2019, Cybereason reported that a nation-state-backed hacking operation of Chinese origin had broken into 10 different telecom companies. However, the firm again did not name the companies that had been hacked.

“Someone was actually active in the network, going from computer to computer stealing credentials and siphoning out what can only be described as an insane amount of data – hundreds of gigabytes of data,” Amit Serper, principal security researcher at Cybereason, told ZDNet at the time.

The firm said the hackers targeted companies in Europe, Africa, the Middle East and Asia, and accessed information including call data records and the geolocation of users.

But those broad reports are supplemented by more targeted hacks. For example, the US Department of Justice (DoJ) offered a detailed look at a hack into AT&T in the US….


India 6th Most Affected Country by Ransomware: Report

India 6th Most Affected Country by Ransomware

Virus, malware, and URL online scanning service VirusTotal has published a report analyzing 80 million ransomware samples submitted over the last year and a half. The report sheds light on the geographical distribution of ransomware-related submissions across over 140 countries.

VirusTotal Ransomware Activity Report

According to the report, users from Israel submitted the most samples, a 600 percent increase to its baseline. India stood at sixth place in the list behind South Korea, Vietnam, China, and Singapore. Other countries with the most number of VirusTotal submissions include Kazakhstan, Philippines, Iran, and the UK.

“Attackers are using a range of approaches, including well-known botnet malware and other Remote Access Trojans (RATs) as vehicles to deliver their ransomware. In most cases, they are using fresh or new ransomware samples for their campaigns,” said VirusTotal’s Vicente Diaz.

You can check out the submission trends in the chart below:

Geographical distribution of ransomware-related submissions

The report highlights that 95 percent of ransomware files detected were Windows-based executables or dynamic link libraries (DLLs). In addition, almost five percent of the analyzed samples were associated with exploits, most commonly Windows elevation of privileges, SMB information disclosures, and remote execution. On the other hand, Android-based submissions accounted for just 2 percent of the submissions.

Top 10 Ransomware Based on Sample Submissions

Going by the report, ransomware activity peaked in the first two quarters of 2020 due to ransomware-as-a-service group GandCrab. The report also lists the widely-used ones based on the number of samples submitted to VirusTotal. You can take a look at the list below:

  • Gandcrab (78.5%)
  • Babuk (7.61%)
  • Cerber (3.11%)
  • Matsnu (2.63%)
  • Wannacry (2.41%)
  • Congur (1.52%)
  • Locky (1.29%)
  • Teslacrypt (1.12%)
  • Rkor (1.11%)
  • Reveon (0.70%)


Week in review: Strengthening firmware security, Help Net Security: XDR Report released

Here’s an overview of some of last week’s most interesting news, articles and interviews:

Help Net Security: XDR Report has been released
The topic of this inaugural report is extended detection and response (XDR), an emerging technology that has been receiving a lot of buzz in the last few years.

Apache OpenOffice users should upgrade to newest security release!
The Apache Software Foundation (ASF) has released Apache OpenOffice 4.1.11, which fixes a handful of security vulnerabilities, including CVE-2021-33035, a recently revealed RCE vulnerability that could be triggered via a specially crafted document.

Apple fixes iOS zero-day exploited in the wild (CVE-2021-30883)
With the newest iOS and iPad updates, Apple has fixed another vulnerability (CVE-2021-30883) that is being actively exploited by attackers.

Microsoft patches actively exploited Windows zero-day (CVE-2021-40449)
On October 2021 Patch Tuesday, Microsoft has fixed 71 CVE-numbered vulnerabilities. Of those, only one was a zero-day exploited in attacks in the wild (CVE-2021-40449) and three were publicly known before the release of the patches.

How do I select a SASE solution for my business?
To select a suitable SASE solution for your business, you need to think about a variety of factors. We’ve talked to several industry professionals to get their insight on the topic.

REvil/Sodinokibi accounting for 73% of ransomware detections in Q2 2021
McAfee released a report which examines cybercriminal activity related to ransomware and cloud threats in the second quarter of 2021.

Strengthening firmware security with hardware RoT
Hackers are growing smarter and more sophisticated in their attempts to avoid detection. With IT security and visibility efforts still largely focused higher in the stack at the application layer, bad actors are seeking to breach systems further down the stack at the firmware level.

Remote work exposing SMEs to increased cybersecurity risk
Remote working is leading to increased cybersecurity risks for SMEs, a research from ServerChoice shows. The research, conducted with 1,000 business leaders at SMEs, found that changes in working patterns are resulting in infrastructure being left…


New report suggests Israel is country most affected by ransomware since 2020

Israel submitted the highest number of ransomware samples for analysis to a cybersecurity research group commissioned by Google to publish a major study on the phenomenon, according to data released Thursday.

Cybersecurity firm VirusTotal published the Ransomware Activity Report, which entailed reviewing 80 million ransomware samples from 140 countries.

Israel, South Korea, Vietnam, China, Singapore, India, Kazakhstan, Philippines, Iran and the United Kingdom were the 10 most-affected territories based on the number of submissions reviewed by VirusTotal.

According to the report, Israel had a near 600 percent increase from its baseline number of submissions between January 2020 and September 2021. It was not clear what Israel’s baseline was.

The report added that Windows-based computers accounted for 95% of the ransomware targets, compared to just 2% on Android devices.

The report comes as an Israeli hospital faced a major ransomware cyberattack, crippling systems, which could take months to recover.

And earlier this week, Microsoft said that it had identified a group of Iranian hackers targeting Israeli and American defense technology companies using the tech giant’s products, as well as firms running maritime shipping in the Middle East.

The statement came as Israel and Iran have accused each other of attacks on ships in the Middle East, and amid reports of growing efforts by Tehran to avenge the death of its top nuclear scientist Mohsen Fakhrizadeh, killed last year.

Separately, Google warned on Friday of a surge in state-backed hackers, with a report focusing on the “notable campaigns” of a group linked to Iran’s Revolutionary Guard Corps.

A ward at Hillel Yaffe Medical Center, on October 14, 2021, as staff try to manage without regular IT systems. (Courtesy: Hillel Yaffe Medical Center)

In July, cybersecurity firm Check Point reported that Israeli institutions are targeted by about twice as many cyberattacks as the average in other countries around the world, particularly the…