Tag Archive for: Scary

AI and ransomware: a scary combination

/in


Artificial intelligence (AI) is disrupting the modern world and most notably in the digital sphere. The cybercrime threats that have existed in the digital world have become more powerful and harmful because of AI.

For example, ransomware is used by hackers to lock up your computer files and then demand money to release them and ransomware attacks frequently start with a fake, or “phishing”, email that tricks a computer user into clicking on a link or opening an attachment to deliver the malicious ransomware.

Cybercriminals are now using AI to better target people and organizations and to create more realistic-looking emails to fool users into taking harmful actions. Thanks to AI, hackers can create more personalized emails that are even more authentic looking than ever. AI is even being used as camouflage against traditional antivirus programs, making it harder for detection tools to stop attacks.

Let’s look at some of the scary threats that are being created with AI.

Phishing and Social Engineering: The next time you receive an email that looks like it’s from someone you know, it could be a hacker who’s trying to steal your information. By gathering data about you from the internet, they can send you personalized phishing emails to trick you into believing the email is legitimate and getting you to click on harmful links or divulge personal details. Thanks to AI, these fakes are more authentic looking; forcing all of us to be more vigilant and to use an abundance of caution in double-checking emails.

Automated Spear Phishing: AI can be used to automate targeted attacks on specific people or groups by using machine learning to learn about the targets and create tailor-made emails for each victim, at scale. By launching larger scale attacks, more people are reached, increasing the chances for success. Cybersecurity awareness and safe email handling training is essential to combat this new generation of phishing attacks.

Polymorphic Malware: AI can be used to change the code and behavior of malware so that it can hide from traditional antivirus software. This makes it very challenging for your computer’s traditional anti-malware defenses to catch and remove…

Source…

A new scary ransomware group is on the rise

/in


US federal agencies warned hackers were targeting the business sector using malware that can lead to ransomware attacks – © AFP

According to a ransomware analysis report by NordLocker, Royal  is a new ransomware group launching record numbers of attacks. Despite being new and having appeared only a few months ago, Royal managed to launch 26 attacks in March 2023 worldwide, which puts it among the top three most notorious ransomware gangs globally.

Royal predominantly targets U.S. companies, accounting for almost 60 percent of its attacks. The group has been particularly active against finance and construction firms. In total, Royal has targeted 40 different industries, ranging from oil and gas, construction, luxury goods to hospitals, non-profit organizations, and public sectors.

The Royal ransomware group was particularly active in November 2022, which was the first month the group appeared on the map. During this month, it launched 29 attacks worldwide. From November 2022 to March 2023, the group carried out 106 ransomware attacks. Royal’s targets spanned 18 countries, including the U.S., Canada, the U.K, Australia, France, and Germany.

The ransomware itself is a 64-bit Windows executable written in C++.

In the first quarter of 2023, Royal’s ransomware attacks were primarily directed toward companies that had between 51 and 100 employees. However, the group targeted firms of all sizes, ranging from those with only one employee to enterprises with over 10,000. Despite being a relatively new ransomware group, Royal is already among the top three most notorious groups, with 26 attacks launched in March 2023 alone. In comparison, LockBit, the most infamous ransomware group, conducted 76 and AlphaVM (Blackcat) 28 attacks in the same month.

The demands for ransom by the Royal actors have ranged from $1 million to $11 million in Bitcoin.

According to analyst Aivaras Vencevicius, head of product for NorLocker: “Adopting proper file hygiene practices, regularly using encryption, and maintaining backups are critical cybersecurity measures that can mitigate the impact of a cyberattack. While these practices may not prevent a cyberattack altogether, the ability to restore data…

Source…

Trick or treat? Stay so cyber‑safe it’s scary – not just on Halloween

/in


Gather around, folks, to learn about some of the ghastliest tricks used by criminals online and how you can avoid security horrors this Halloween and beyond

Trick or treat, it is Halloween! The day has come when children knock on your door dressed in scary costumes and ask for a treat. Be ready…or a spooky spell will be cast upon you!

The real danger, however, doesn’t knock on the door. Hackers, imposters and scammers of all ilk are looking for you in all corners of the internet, and all they want is to trick you into giving away your personal data or money.

With Cybersecurity Awareness Month ending on the last day of October, it’s a good time to look at some common ways your personal information could be at risk (not just this Hallow’s eve!) and offer up some sweet treats to help you and your family avoid falling for hackers’ tricks.

Self-defense against scammers’ tricks

Trick #1: Fake websites

vs.

Treat #1: Recognizing phishing attacks

So someone messaged you on Instagram about an amazing Bitcoin deal. Awesome! And is it just as simple as clicking a link? Even better. Or not? Let me guess, it will take you to a site that looks super professional and convincing and there’s a place to enter your credit card details to get started? Yes? Then that’s most certainly a scam. And it becomes even harder to tell right away if a website is real or when it’s a fraudulent version of well-known crypto exchanges.

In order to avoid falling for scams involving fake websites, especially those that request your personal information or banking details, make sure to:

  • Avoid clicking on links in unsolicited messages, doubly if the message came out of the blue and uses a generic salutation.
  • Don’t ever feel rushed into taking an action.
  • Watch out for misspelled domains and once on a website, use common sense to look out for other red flags, such as suspicious grammar mistakes or low-resolution images.
  • Consider manually typing out the website’s address into the browser bar and/or try Google’s  Safe Browsing site status tool or VirusTotal’s URL checker to…

Source…

Nation-state hackers are already exploiting the scary Log4j vulnerability

/in


Security researchers recently stunned the world with the Log4Shell hack, revealing that the entire internet is scrambling to patch a vulnerability in a widely used Java utility that many companies employ in their servers. Also known as the Log4j hack, the security issue allows hackers to get into computer systems without a password. We saw the first proof of concept in Minecraft, where hackers used text messages to control a computer remotely.

Unlike other massive security breaches, the fix for Log4j isn’t simple, and end-users can’t do anything about it themselves. It’s up to companies to patch the vulnerability. And each provider of an internet product will have to ensure that Log4j attacks can’t breach their servers. Researchers have now discovered that nation-state hackers from China, Iran, and North Korea are already looking into exploiting the scary vulnerability.

Today’s Top Deals

Don’t Miss: Wednesday’s deals: $89 AirPods 2, Beckham pillows, $89 Philips Hue bundle, more

Unpatched Log4j servers would allow hackers to breach computer systems and perform all sorts of malicious activities. Security companies have said that hackers could steal information once inside a server system. They could install other programs remotely, with some attackers deploying crypto-mining tools via the Log4j vulnerability.

But nation-states could mount significantly larger campaigns, especially the kind of attackers that routinely appear in cybersecurity briefings. A new report in The Wall Street Journal mentions some of the countries that are looking to exploit Log4j.

Nation-state hackers targeting Log4j

The list includes China, Iran, North Korea, and Turkey. Surprisingly, Russia doesn’t appear in these early Log4j security reports.

The data doesn’t come from the US government, but rather private firms. Microsoft and Mandiant have already observed hacking groups that were previously linked to China and Iran targeting Log4j. Microsoft also identified nation-backed hackers from North Korea and Turkey.

The company said that some hackers are just experimenting with Log4j. Others are trying to break in.

One of the groups exploiting the new Java hack is the same China-backed team…

Source…