Tag Archive for: takes

Russian hacking group takes responsibility for DDoS attacks on Lithuania

/in


A Russian hacking group has taken responsibility for a distributed denial-of-service attack targeting government and private organizations in Lithuania.

According to a report today in The Baltic Times, the attack, from a group known as “Killnet,” caused delays in processing passports and residence permits through Lithuania’s Migration Department. Other public agencies and companies in the communications and finance sectors also suffered temporary service disruptions.

The cyberattacks follow a decision by Lithuania to restrict the transit of steel and ferrous metals to Kaliningrad, a Russian exclave on the Baltic Sea that can only be accessed by land through Lithuania or Poland. Lithuania restricted the goods because of European Union sanctions, but the decision enraged the Kremlin, who denounced the move as unprecedented and unlawful.

A spokesperson for Killnet told Reuters that the DDoS attack was in direct response to Lithuania’s decision to block the transit of sanctioned goods. “The attack will continue until Lithuania lifts the blockade,” the spokesperson said. “We have demolished 1,652 web resources. And that’s just so far.”

The figure of 1,652 “web resources” being demolished was not backed up with evidence. Jonas Skardinskas, director of Lithuania’s National Cyber Security Center, told Yahoo News that the attacks have already been “contained,” but warned that “it is very likely that attacks of similar or higher intensity will continue in the coming days, especially in the transport, energy and financial sectors.”

Attacks originating from Russia have been prolific since the start of the invasion of Ukraine, including an attack on the Viasat satellite service in February. On June 22, Microsoft Corp. warned that Russian hacking against allied governments — Lithuania is a member of NATO — continues to increase.

“Every significant military power in the world has developed cyber capabilities,” Chris Clymer, director and chief information security officer of cybersecurity risk management provider Inversion6, told SiliconANGLE. “These have evolved from espionage tools into full-fledged weapons to be used as part of a…

Source…

International Law Enforcement Partnership Takes Down Russian Botnet; Illicit Proxy Service Had Been Selling Hacked IP Addresses

/in


The US Department of Justice (DOJ), in partnership with law enforcement agencies from several European countries, has taken down a major Russian botnet that had compromised millions of devices worldwide. The botnet was essentially functioning as an underground proxy service provider for criminals, allowing for rental of the IP addresses attached to its collection of hacked IoT devices, Android phones and computers.

Russian botnet rented access to thousands of proxies for as little as $30 per day

RSOCKS is a Russian botnet that has been active since at least 2014, the first point at which its handlers began to advertise it openly on underground forums in the country. Over the years the botnet has amassed millions of devices in its collection, first focusing on compromising poorly secured Internet of Things (IoT) devices but soon moving on to include Android phones/tablets and even computers.

Illicit actors rented access to RSOCKS as a proxy service, primarily for the purpose of brute force / password guessing login campaigns, disguising the sources of traffic for phishing campaigns, and distributed denial of service (DDoS) attacks. This was as simple as accessing a dark web storefront that allowed rental of varying amounts of proxies by the day, ranging in price from $30 for 2,000 to $200 for 90,000.

Tom Garrubba (Risk, Cyber, and Privacy Executive, Shared Assessments) expands on the risk that these bogus proxy services present, and why takedowns of the ones of the magnitude of the Russian botnet are a major cybersecurity win: “It is great to see that law enforcement is making progress towards taking down these large botnets as of late. Botnets are so dangerous because they control large swaths of vulnerable computer systems at a scale unlike any other attack. Those infected computer pools can then be pointed at legitimate resources and cause havoc. Botnets can perform very disruptive attacks like Distributed Denial of Service or large-scale vulnerability exploitation to sell to initial access brokers who will later lend that access to ransomware gangs.”

There are legitimate proxy services in the world, but they cut off customers for engaging in the sort of cyber criminal…

Source…

DeadBolt ransomware takes another shot at QNAP storage • The Register

/in


QNAP is warning users about another wave of DeadBolt ransomware attacks against its network-attached storage (NAS) devices – and urged customers to update their devices’ QTS or QuTS hero operating systems to the latest versions.

The latest outbreak – detailed in a Friday advisory – is at least the fourth campaign by the DeadBolt gang against the vendor’s users this year. According to QNAP officials, this particular run is encrypting files on NAS devices running outdated versions of Linux-based QTS 4.x, which presumably have some sort of exploitable weakness.

The previous attacks occurred in January, March, and May.

Taiwan-based QNAP recommended enterprises whose NAS system have “already been compromised, take the screenshot of the ransom note to keep the bitcoin address, then, upgrade to the latest firmware version and the built-in Malware Remover application will automatically quarantine the ransom note which hijacks the login page.”

They should contact QNAP Assistance if they want to input a decryption key given by the attackers but are unable to find the ransom note after upgrading the firmware.

The cybercriminals behind DeadBolt primarily target NAS devices. QNAP systems are the main targets, though in February the group attacked NAS devices from Asustor, a subsidiary of systems maker Asus, said analysts with cybersecurity firm Trend Micro.

QNAP and its customers are examples of a growing interest by cybercriminals in NAS, Trend Micro wrote in a January report. Businesses are relying more on the Internet of Things (IoT) for constant connectivity, workflow continuity and access to data, the analysts said.

“Cybercriminals have taken notice of this dependence and now regularly update their known tools and routines to include network-attached storage (NAS) devices to their list of targets, knowing full well that users rely on…

Source…

UAE telecoms group takes 9.8 per cent stake in Vodafone

/in


Emirates Telecommunications Group has acquired a 9.8 per cent stake in Vodafone for around $4.4bn as it kick-starts its latest expansion into international markets.

The state-controlled UAE group, formerly known as Etisalat and now rebranded e&, on Saturday said the investment allowed it to “gain significant exposure to a world leader in connectivity and digital services”. e& said the transaction provided a “compelling and attractive valuation”.

The Abu Dhabi-listed group said it planned to be a long-term shareholder in Vodafone and was supportive of Vodafone’s board. There were no plans to make an offer for the British multinational, it added.

“We are looking forward to building a mutually beneficial strategic partnership with Vodafone with the goal of driving value creation for both our businesses, exploring opportunities in the rapidly developing global telecom market and supporting the adoption of next-generation technologies,” Hatem Dowidar, chief executive, said in a statement.

Vodafone acknowledged the investment, saying it looked forward to building a long-term relationship with Etisalat.

Vodafone has been under pressure since it emerged that Cevian Capital, Europe’s largest activist investor, had built an unspecified stake, and had been angling for an overhaul of what its investors believe to be an overly-complex business model.

Investors at Cevian have called for the company to shed poorly performing parts of the business, and make material progress towards mergers or acquisitions in markets that chief executive Nick Read has said he is looking to do deals in, namely the UK, Italy and Spain.

The Financial Times reported earlier this week that Vodafone was in talks to combine its UK operations with its domestic rival Three UK, the mobile operator owned by Hong Kong infrastructure conglomerate CK Hutchison.

Karen Egan, an analyst at Enders Analysis, said e&’s stake amounted to “another shareholder to add to the pressure on Read . . . at a crucial time for him”.

“A company like that doesn’t take a sizeable minority position unless they think they can have a lot of influence and I don’t think that they would buy a company like Vodafone…

Source…