Tag Archive for: Sight

This sneaky new Android malware can hide in plain sight – and it’s all thanks to virtualization


A sneaky new Android malware was recently discovered, using virtualization to avoid detection and make serious money for its operators.

It is called FjordPhantom and its goal is to steal money from people’s bank accounts. The malware was discovered by cybersecurity researchers Promon, who say it mostly targets users in Indonesia, Thailand, Vietnam, Singapore, and Malaysia. 

Source…

Is there an end in sight for Oakland’s ransomware crisis? – East Bay Times


OAKLAND — A ransomware attack against Oakland that has affected city services and exposed reams of sensitive personnel data is creating a nightmare for city officials who aren’t sure what it will take to resolve the crisis.

While there is much still unknown about the full extent of the attack that has unfolded over the last month, experts in cybercrime say the resolution is not likely to be a happy one for those affected.

“This is a really devastating cyberattack for sure,” said Sarah Powazek, the director of a cybersecurity academic program at UC Berkeley. “It’s a big deal, and it’s really unfortunate how poorly prepared folks are for dealing with this. And I’m not blaming the city at all — it’s sad that cities are supposed to be prepared and know what to do with what is an international cyber attack.”

The attack was carried out by hackers associated with the ransomware group Play, also known as PlayCrypt, that has targeted municipalities around the globe, including the small city Cordoba in Argentina, as well as hotels in Brazil and other private businesses.

The city has released few details about the attack, and has not revealed how its data was compromised or the dollar amount sought by the hackers.

As the frequency of ransomware attacks has increased, public entities like Oakland have found themselves more vulnerable, and with fewer resources to defend themselves. Other victims of such attacks in the Bay Area include Bay Area Rapid Transit and Contra Costa County.

Over the past weekend, the Play hackers released about 11 gigabytes of data from the Oakland attack to the dark web, including home addresses and social security numbers of numerous city employees — including the current mayor, and her predecessor — as well as police files and other city data, according to multiple city sources who reviewed the data.

The city has offered one year of free credit protection to employees whose data may have been compromised.

Ransomware attacks in recent years have become more frequent, reaching what some experts call epidemic levels since 2019. Earlier this month, President Joe Biden declared ransomware attacks a national security threat, and a report on…

Source…

Hackers may be hiding in plain sight on your favorite website


Security researchers have detailed how domain shadowing is becoming increasingly popular for cybercriminals.

As reported by Bleeping Computer, analysts from Palo Alto Networks (Unit 42) revealed how they came across over 12,000 such incidents over just a three-month period (April to June, 2022).

A depiction of a hacked computer sitting in an office full of PCs.
Getty Images

An offshoot of DNS hijacking, domain shadowing provides the ability to create malicious subdomains by infiltrating legitimate domains. As such, shadowed domains won’t have any impact on the parent domain, which naturally makes them difficult to detect.

Cybercriminals can subsequently use these subdomains to their advantage for various purposes, including phishing, malware distribution, and command and control (C2) operations.

“We conclude from these results that domain shadowing is an active threat to the enterprise, and it is hard to detect without leveraging automated machine learning algorithms that can analyze large amounts of DNS logs,” Unit 42 stated.

Once access has been obtained by threat actors, they could opt to breach the main domain itself and its owners, as well as target users from that website. However, they’ve had success by luring in individuals via the subdomains instead, in addition to the fact that the attackers remain undetected for much longer by relying on this method.

Due to the subtle nature of domain shadowing, Unit 42 mentioned how detecting actual incidents and compromised domains is difficult.

In fact, the VirusTotal platform identified just 200 malicious domains out of the 12,197 domains mentioned in the report. The majority of these cases are connected to an individual phishing campaign that uses a network of 649 shadowed domains via 16 compromised websites.

A system hacked warning alert being displayed on a computer screen.
Getty Images

The phishing campaign revealed how the aforementioned subdomains displayed fake login pages or redirected users to phishing pages, which can essentially circumvent email security filters.

When the subdomain is visited by a user, credentials are requested for a Microsoft account. Even though the URL itself isn’t from an official source, internet security tools aren’t capable of differentiating between a legitimate and fake login page as no warnings are presented.

One of…

Source…

Companies Linked to Russian Ransomware Hide in Plain Sight


MOSCOW — When cybersleuths traced the millions of dollars American companies, hospitals and city governments have paid to online extortionists in ransom money, they made a telling discovery: At least some of it passed through one of the most prestigious business addresses in Moscow.

The Biden administration has also zeroed in on the building, Federation Tower East, the tallest skyscraper in the Russian capital. The United States has targeted several companies in the tower as it seeks to penalize Russian ransomware gangs, which encrypt their victims’ digital data and then demand payments to unscramble it.

Those payments are typically made in cryptocurrencies, virtual currencies like Bitcoin, which the gangs then need to convert to standard currencies, like dollars, euros and rubles.

That this high-rise in Moscow’s financial district has emerged as an apparent hub of such money laundering has convinced many security experts that the Russian authorities tolerate ransomware operators. The targets are almost exclusively outside Russia, they point out, and in at least one case documented in a U.S. sanctions announcement, the suspect was assisting a Russian espionage agency.

“It says a lot,” said Dmitri Smilyanets, a threat intelligence expert with the Massachusetts-based cybersecurity firm Recorded Future. “Russian law enforcement usually has an answer: ‘There is no case open in Russian jurisdiction. There are no victims. How do you expect us to prosecute these honorable people?’”

Recorded Future has counted about 50 cryptocurrency exchanges in Moscow City, a financial district in the capital, that in its assessment are engaged in illicit activity. Other exchanges in the district are not suspected of accepting cryptocurrencies linked to crime.

Cybercrime is just one of many issues fueling tensions between Russia and the United States, along with the Russian military buildup near Ukraine and a recent migrant crisis on the Belarus-Polish border.

The Treasury Department has estimated that Americans have paid $1.6 billion in ransoms since 2011. One Russian ransomware strain, Ryuk, made an estimated $162 million last year encrypting the computer systems of American hospitals…

Source…