Tag Archive for: Running

Pro-Russia hack campaigns are running rampant in Ukraine

/in


Pro-Russia hack campaigns are running rampant in Ukraine

Getty Images

Pro-Russian threat actors are continuing their unrelenting pursuit of Ukrainian targets, with an array of campaigns that include fake Android apps, hack attacks exploiting critical vulnerabilities, and email phishing attacks that attempt to harvest login credentials, researchers from Google said.

One of the more recent campaigns came from Turla, a Russian-speaking advanced persistent threat actor that’s been active since at least 1997 and is among the most technically sophisticated in the world. According to Google, the group targeted pro-Ukrainian volunteers with Android apps that posed as launchpads for performing denial-of-service attacks against Russian websites.

Google

“All you need to do to launch the process is install the app, open it and press start,” the fake website promoting the app claimed. “The app immediately begins sending requests to the Russian websites to overwhelm their resources and cause the denial of service.”

In fact, a researcher with Google’s threat analysis group said, the app sends a single GET request to a target website. Behind the scenes, a different Google researcher told Vice that the app was designed to map out the user’s Internet infrastructure and “work out where the people that are potentially doing these sorts of attacks are.”

The apps, hosted on a domain spoofing the Ukrainian Azov Regiment, mimicked another Android app Google first saw in March that also claimed to perform DoS attacks against Russian sites. Unlike the Turla apps, stopwar.apk, as the latter app was named, sent a continuous stream of requests until the user stopped them.

Google

“Based on our analysis, we believe that the StopWar app was developed by pro-Ukrainian developers and was the inspiration for what Turla actors based their fake CyberAzov DoS app off of,” Google researcher Billy Leonard wrote.

Other hacking groups sponsored by the Kremlin have also targeted Ukrainian groups. Campaigns included the exploitation of Follina, the name given to a critical vulnerability in all supported versions of Windows that was actively targeted in the wild

Source…

Android devices running on Chinese UNISOC chips have critical security error: Report

/in


A mobile security firm has raised alerts to users who have purchased smartphones powered by a UNISOC chipset. These chipsets have a critical security error that allows bad actors to access system and call logs, text messages, contacts and other private data. Keep reading to know more about the error and the devices that can be affected by it. 

On March 15, 2022, a mobile security and privacy solutions company Kryptowire announced that they “have identified a critical security and privacy vulnerability affecting mobile devices with UNISOC, China’s largest designer of chips for mobile phones.” Adding to it, the firm says that “the vulnerability within the chipset, if exploited, allows malicious actors to take control over user data and device functionality.” This is bad news for Android smartphones that run on UNISOC chipsets, even in India. 

A security bug in UNISOC chips has put a large number of Android devices in danger

Apart from gaining access to several device controls, the vulnerability allows intruders to record the activities happening on the screen of a smartphone or event taking control of the device remotely. Kryptowire mentioned in its release that it has already informed the manufacturers and carriers, as well as UNISOC, back in December 2021. Whether companies have addressed the issue or not is not clear at the moment. 

After tie-ups with several smartphone manufacturers, UNISOC started providing chipsets for a number of models. For instance, the Realme C11 launched in 2021 comes with a UNISOC chipset. The smartphone is priced at Rs. 7,556 on Flipkart and has close to two lakh ratings on the platform, the actual number of users that would have purchased the smartphone being larger. Another smartphone from the same company, Realme C21Y is currently available on Flipkart for Rs 10,499. It is also powered by a UNISOC T610 chipset.

This one has two lakh ratings on the e-commerce platform. Additionally, another popular smartphone powered by a UNISOC chipset is the Motorola e40 and Nokia C01 Plus. Building upon that, there are a lot of users whose information could be in danger. Since the error is directly associated with the chipset, there is nothing much…

Source…

Bandwidth: We defeated ‘unprecedented’ ransomware hack in ‘running gun battle’

/in


RALEIGH – Hackers did indeed attack Raleigh-based communications provider Bandwidth seeking a ransom, but its CEO said the company didn’t pay and ultimately defeated what he called an “unprecedented” assault and “running gun battle.”

CEO David Morken briefed Wall Street Analysts in a conference call Monday after Bandwidth reported quartertly earnings and formally acknowledged losing as much as $12 million as a result of the September hack described as a DDOS, or distributed denial of service.

Bandwidth had denied to even acknowledge that the cyber attack was indeed ransomeware before Monday’s call.

“We did not pay a ransom and instead relied on innovative solutions and strategies to confront the threat, head on. To sum up, we believe, Bandwidth is now stronger than ever and we plan to leverage what we’ve learned to help make the ecosystem safer for enterprise communications,” he said.

Learning from the attack, Bandwidth has deployed additional safeguards – what he called prophylactic security” – against future hacks, he added.

Ransomware attacks, which have soared in recent years, have led to payoffs as much as $67 million plus inflict remediation cosots on average totalling more than $2 million.

Bandwidth projects bigger revenue loss from hack attack, stock drops

“It is a small price to pay right now as a prophylactic security to have that additional nominal step at the beginning of a user experience,” Morken explained.

Bandwidth is a global provider of communications services such as 911 access to a host of tech giants.

Bandwidth’s customers include Microsoft, Google, Zoom and many others that utilize internet-based services in Bandwidth’s product portfolio.

Morken also sought to assure analysts that the company, whose stock (Nasdaq: BAND) is down nearly 50% this year due in part to the attack, is regaining some customers who turned to other service providers in the VoIP [voice over internet protocol] marketplace for voice and data as Bandwidth suffered outages and service delays.

“Those conversations [with customers], unexpectedly have become extremely positive regarding Bandwidth being the most resilient and best place to…

Source…

Clearfield target of ransomware attack; official says city now ‘up and running’ | Government

/in


CLEARFIELD — The City of Clearfield’s computer system was the target of a ransomware attack, which prompted the city to turn off the network for much of last week to minimize the potential impact.

The unknown hackers have asked for a ransom “in the millions” of dollars to unlock access to the system. But J.J. Allen, Clearfield’s city manager, says the Davis County city is taking steps to get around the hack, hasn’t paid any money and may end up paying nothing. Either way, it’s a point of concern and the cyberattack put a big dent in city operations last week.

“Our phones were down all of last week. We had no internet. All of our systems were down. It was a rough week,” Allen said.

The city’s information technology staffers discovered the attack on July 11 and the city’s computer systems were subsequently shut down in response. The city is recovering data from backup systems managed separately from the main network and Allen said city operations started going back to normal late last week. As of Tuesday, he said the city was “back up and running” and he praised the “heroic efforts from our IT people.”

Even so, officials are still trying to pinpoint the extent of the infiltration, how it occurred, who may be behind it and what data, precisely, may be compromised. “That is still being investigated and analyzed,” Allen said.

In a statement on Wednesday, Mayor Mark Shepherd said the quick reaction of IT staffers “prevented this event from becoming an absolute disaster.” He also emphasized that city residents’ financial data was not compromised, which factored in not talking publicly about the matter until now, as word has seeped out.

“We are still in the middle of a negotiation with those whom the investigators refer to as ‘actors.’ I prefer to call them pirates, terrorists or simply thieves. When you are in the process of negotiating, the last thing you want is to show your cards or to show weakness,” Shepherd said.

Randy Boyle, a professor of management information systems at Weber State and a Fulbright scholar, said the Clearfield attack has the hallmarks of cyberattacks that have increasingly been occurring…

Source…