Tag: sensitive | Page 3

Rising Wave of Hacking Attempts Targeting Sensitive Data on NHIS Servers

October 19, 2023/in Internet Security

The number of hacking attempts from abroad targeting the health insurance server, which contains personal, financial, and medical information, is on a steep rise. (Image courtesy of Yonhap)

SEOUL, Oct. 19 (Korea Bizwire) – The number of hacking attempts from abroad targeting the health insurance server, which contains personal, financial, and medical information, is on a steep rise.

According to data from the National Health Insurance Service (NHIS) on Wednesday, cyberattacks on NHIS servers have been on the rise since the NHIS implemented in-house security control in 2019.

The number of cyberattack attempts detected by the NHIS over the past five years amounted to 1,781 in 2019, 3,684 in 2020, 3,489 in 2021, 8,429 in 2022, and 8,448 cases so far this year.

At 98.3 percent, almost all of the cyberattack attempts are made from abroad. By country, China had the largest share, followed by the U.S., Netherlands, and Germany. Data on cyberattack attempts from North Korea is not compiled as North Korean IP addresses are originally interrupted at the NHIS communication server.

Approximately 64.3 percent of the cyberattack attempts occurred during non-official work hours. According to the NHIS, all detected cyberattack attempts were interrupted, and a data breach has yet to occur.

The NHIS handles personal information, including ID numbers, financial information such as cards and accounts, and medical information, including medical checkups and recuperation allowances for 57 million individuals.

To cope with the increase in cyberattacks and advancements in hacking techniques, the NHIS is working on several countermeasures, including expanding dedicated staff, mobilizing a multi-layered defense system, and operating a segregated Internet network.

Kevin Lee ([email protected])

Source…

How hackers fake”404” error page to steal sensitive data

October 10, 2023/in Computer Security

Hackers are faking 404 error pages of online retailer’s websites to hide malicious codes and steal customer’s credit card information.
| Photo Credit: Reuters

Hackers are faking 404 error pages of online retailer’s websites to hide malicious codes and steal customer’s credit card information. These attacks are part of a variant observed by researchers of Akamai Security Intelligence Group. Other attacks methods include concealing code in the HTML image tag’s “onerror” and an image binary to make it appear as the Meta Pixel code snippet, Bleeping Computer reported.

While the campaign is mainly targeted at Magento and WooCommerce sites, hackers are also targeting renowned organizations in the food and retail sectors, the report said.

Analysis by security researchers found that the hackers behind the campaign have altered the default error page for websites to hide malicious code. The code displays a fake form that the website visitors are expected to fill out with sensitive details including their credit card number, expiration data, and security code.

Once victims share the data on the bogus form, they get a fake “session timeout” error. Meanwhile, the information shared by them is sent to the hacker via an image request URL carrying the string as a query parameter. This helps the attackers evade detection by network monitoring tools, as the request looks like a benign image fetch event.

(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)

While hackers have targeted online stores in the past to steal sensitive user information, the idea of manipulating error pages and the concealment technique is “highly innovative” and something that hasn’t been seen in the past, read Akamai’s report.

The report further along with the methods used in the campaign reinforces the fact that web skimming techniques are constantly evolving, and are becoming more sophisticated, which makes detection and mitigation more complicated.

Source…

Product leasing giant warns that sensitive information was stolen during cyberattack

September 25, 2023/in Internet Security

Progressive Leasing, a billion-dollar company that allows people to lease consumer products, announced a cyberattack last week.

In a statement to Recorded Future News, the company said it has seen no “major” operational impacts to its services as a result of the attack but noted that it is still investigating what happened.

“Progressive Leasing recently experienced a cybersecurity incident affecting certain Progressive Leasing systems. Promptly after detecting the incident, we engaged leading third-party cybersecurity experts and launched an investigation,” a spokesperson said.

“Our team is working diligently alongside our cybersecurity experts and with law enforcement to investigate and respond to this incident … The investigation into the incident, including identification of the data involved, remains ongoing.”

The Salt Lake City-based company has dozens of partnerships with major retailers like Best Buy, Samsung, Cricket, Lowe’s, Zales, Overstock, Dell and more. They are one of the biggest lease-to-own companies in operation and are part of a larger corporation — PROG Holdings — that offers “buy now, pay later” options.

On Thursday, the corporation reported the cyberattack to regulators at the SEC, writing that it “believes the involved data contained a substantial amount of personally identifiable information, including social security numbers, of Progressive Leasing’s customers and other individuals.”

“Progressive Leasing will provide notice to those individuals whose personally identifiable information was involved in the incident, as well as to regulatory authorities, in accordance with applicable laws,” it said.

“The Company has incurred, and may continue to incur, significant expenses to respond to, remediate and investigate this matter. The full scope of the costs and related impacts of this incident, including the extent to which these costs will be offset by the Company’s cybersecurity insurance, has not been determined.”

The company’s chief financial officer added that they do not expect there to be a financial fallout from the attack as a result of limited operations — unlike cleaning giant Clorox, which reported to the SEC…

Source…

New Android Malware CherryBlos Utilizing OCR to Steal Sensitive Data

July 29, 2023/in Computer Security

Jul 29, 2023THNAndroid / Malware

A new Android malware strain called CherryBlos has been observed making use of optical character recognition (OCR) techniques to gather sensitive data stored in pictures.

CherryBlos, per Trend Micro, is distributed via bogus posts on social media platforms and comes with capabilities to steal cryptocurrency wallet-related credentials and act as a clipper to substitute wallet addresses when a victim copies a string matching a predefined format is copied to the clipboard.

Once installed, the apps seek users’ permissions to grant it accessibility permissions, which allows it to automatically grant itself additional permissions as required. As a defense evasion measure, users attempting to kill or uninstall the app by entering the Settings app are redirected back to the home screen.

Besides displaying fake overlays on top of legitimate crypto wallet apps to steal credentials and make fraudulent fund transfers to an attacker-controlled address, CherryBlos utilizes OCR to recognize potential mnemonic phrases from images and photos stored on the device, the results of which are periodically uploaded to a remote server.

The success of the campaign banks on the possibility that users tend to take screenshots of the wallet recovery phrases on their devices.

Trend Micro said it also found an app developed by the CherryBlos threat actors on the Google Play Store but without the malware embedded into it. The app, named Synthnet, has since been taken down by Google.

The threat actors also appear to share overlaps with another activity set involving 31 scam money-earning apps, dubbed FakeTrade, hosted on the official app marketplace based on the use of shared network infrastructure and app certificates.

Most of the apps were uploaded to the Play Store in 2021 and have been found to target Android users in Malaysia, Vietnam, Indonesia, Philippines, Uganda, and Mexico.

“These apps claim to be e-commerce platforms that promise increased income for users via referrals and top-ups,” Trend Micro said. “However, users will be unable withdraw their funds when they attempt to do so.”

The disclosure comes as McAfee detailed a SMS phishing campaign against Japanese…

Source…

Tag Archive for: sensitive