Tag Archive for: sees

BPUB customer concerned about ransomware, sees foreign logins to email

/in


BROWNSVILLE, Texas (ValleyCentral) — Customers with the Brownsville Public Utility Board (BPUB) are growing concerned following the news of a ransomware attack, and one customer said she believes she is being affected by it.

A Brownsville PUB customer, that wishes to remain anonymous, reached out to ValleyCentral about texts and calls from unknown numbers asking to confirm her identity.

“I saw it and I thought nothing of it until I remembered that I saw your report on the news,” said the customer.

She said she believes the ransomware hack is related to what she experienced this week.

This customer added that she also noticed a foreign login to her email account from Moscow, Russia.

“I pay my parents’ account through my account. It has never happened before I’ve never had an issue,” said the customer. “So, I just started freaking out since then.”

However, the BPUB does not believe the ransomware attack is linked to what she is experiencing.

The BPUB says they still have an ongoing investigation and they can’t release too much of the details just yet. According to the ransomware website ‘Lockbit,’ the BPUB has until Monday to pay the ransom or information could be leaked.

Screenshot of LockBit’s website

“One of the things that we’re trying to find out, is what files if any were compromised,” said Ryan Greenfeld, the communications and public relations manager at BPUB.

Greenfeld did not specify whether BPUB would pay the ransom or not.

“Right now, our goals are to remove any infections from our systems, make sure all viruses are cleaned, and to make sure all internal data and functionality is restored,” said Greenfeld.

To better protect your information online:

  • Use two-step authentication
  • Do not open suspicious emails
  • Do not click on unknown URL links
  • Change your password every few months

ValleyCentral will continue following this developing story.

Source…

Linux malware sees 35% growth during 2021

/in


linux

The number of malware infections targeting Linux devices rose by 35% in 2021, most commonly to recruit IoT devices for DDoS (distributed denial of service) attacks.

IoTs are typically under-powered “smart” devices running various Linux distributions and are limited to specific functionality. However, when their resources are combined into large groups, they can deliver massive DDoS attacks to even well-protected infrastructure.

Besides DDoS, Linux IoT devices are recruited to mine cryptocurrency, facilitate spam mail campaigns, serve as relays, act as command and control servers, or even act as entry points into corporate networks.

A Crowdstrike report looking into the attack data from 2021 summarizes the following:

  • In 2021, there was a 35% rise in malware targeting Linux systems compared to 2020.
  • XorDDoS, Mirai, and Mozi were the most prevalent families, accounting for 22% of all Linux-targeting malware attacks observed in 2021.
  • Mozi, in particular, had explosive growth in its activity, with ten times more samples circulating in the wild the year that passed compared to the previous one.
  • XorDDoS also had a notable year-over-year increase of 123%.

Malware overview

XorDDoS is a versatile Linux trojan that works in multiple Linux system architectures, from ARM (IoT) to x64 (servers). It uses XOR encryption for C2 communications, hence the name.

When attacking IoT devices, XorDDoS brute-forces vulnerable devices via SSH. On Linux machines, it uses port 2375 to gain password-less root access to the host.

A notable case of the malware’s distribution was shown in 2021 after a Chinese threat actor known as “Winnti” was observed deploying it with other derivative botnets.

Mozi is a P2P botnet relying on the distributed hash table (DHT) lookup system to hide suspicious C2 communications from network traffic monitoring solutions.

The particular botnet has been around for a while, continually adding more vulnerabilities and expanding its targeting scope.

DHT system implemented into Mozi
DHT system implemented in Mozi
Source: Crowdstrike

Mirai is a notorious botnet that spawned numerous forks due to its publicly available source code that continues to plague the IoT world.

The various derivatives implement different…

Source…

Africa sees increase in ransomware, botnet attacks – but online scams still pose biggest threat

/in


Fraud is still the primary goal of cybercriminals operating across the continent, Interpol warns in latest market report

Fraud is still the primary goal of cybercriminals operating across the continent, Interpol warns

Online scams are still the biggest cyber threat to African citizens, a new report has revealed, though ransomware attacks are “expanding rapidly” across the continent.

The study (PDF), published by Interpol yesterday (October 25), found that internet-enabled fraud was the biggest risk to African countries, which have reported a sharp increase in the number of online banking scams, including instances of banking and credit card fraud, in 2021.

Read more of the latest ransomware news

Digital extortion – defined as “allegations of sexually compromising images or direct blackmail campaigns” – was the second highest recorded cyber threat.

While business email compromise (BEC) scams have also risen in prominence during the Covid-19 pandemic, due, in part, to the increase of businesses and organizations relying on bank wire transfers.

Better connected

The number of African citizens who have access to the internet is estimated to be around 500 million, which is a huge figure in itself, though when compared to the overall population only equates to 38%.

Leading the way is Kenya with 83% of its population being online, Nigeria with 60%, and South Africa with 56%.

RELATED Millions of South Africans caught up in security incident after debt recovery firm suffers ‘significant data breach’

Fraud has historically been an issue across the continent – in particular, phishing campaigns and romance scams – however the report found that the increase in digitization across Africa has created new avenues for crime.

The report reads: “… the move towards a digital society – particularly within the African region – has created new attack vectors for criminals to both obfuscate their identity and target new victims.”

Ransomware rising

While social engineering remains the most popular attack vector in Africa, the study found that instances of ransomware and botnet attacks are also rising.

Ransomware is the fourth most prevalent cyber-attack identified in the report, which states that more than 61% of companies in the region were…

Source…

Kuwait sees large spike in malware attacks … up 64% – ARAB TIMES

/in






Cyber threats against ICS systems most prominent

Emad Haffar, Head of Technical Experts — Kaspersky

At GITEX Technology Week 2021, which opened Sunday October 17 at the World Trade Center in Dubai, Kaspersky research highlights that malware is widespread across the Middle East. Accounting for 161 million of attacks and growing by 17% when compared to the last year figure – 138 million. “Kuwait has seen a large spike in malware attacks increasing by 64%,” said Emad Haffar, Head of Technical Experts for the Middle East, Turkey and Africa at Kaspersky. Cyber threats against ICS systems stand out as the most prominent.

The UAE experienced a 4% increase in attacks against ICS computers during the first half of 2021 when compared to the same period last year. This stands higher than the global average which only increased by 1.2% for the same period. Industrial control system (ICS) security oversees the safeguarding and protection of control systems used for monitoring industrial processes. Such systems are critical in keeping essential infrastructure functioning and they are increasingly under attack. The potential for critical system breakdown, production accidents, and even city-wide or national impact is increasing. In Kaspersky’s “Threat Landscape for Industrial Automation Systems Report”, spyware, which is mostly deployed to steal money and information, are up by 0.6 percentage points in UAE. Simultaneously, malicious scripts grew by 2.7 percentage points. Threat actors use such scripts on various websites hosting pirated content to redirect users to sites that distribute spyware or malware designed to mine cryptocurrency without the user’s knowledge. “The global trajectory is to move to digital services across the board. This also includes Industrial Control systems which today are increasingly connected. For many, this has translated in increased convenience and efficiency, but it also exposes them to cyberattacks. A worst-case scenario can result in total disruption of industrial processes.

Depending on the criticality of an industrial object, the results can mean a loss of…

Source…