Tag Archive for: targeting

Hackers Targeting Digitally Connected Consumers This Tax Season

/in


Consumers’ Digital-First Lifestyle Opens Them to Potential Risks

Consumers have faced a lot of change over the past year with the shift to a digital-first lifestyle, and tax season is no exception. McAfee’s 2021 Consumer Security Mindset study revealed that while roughly 2 out of 3 Americans (63%) plan to do their taxes online in 2021, 12% of Americans will be doing them online for the first time. With the increase in activities online, consumers are potentially exposed to more digital risks and threats, and it is crucial that they understand how to stay safe online.

According to the IRS, Criminal Investigation identified $2.3 billion in tax fraud schemes during FY2020. Hackers target tax payers every year, but the increase in online filings due to COVID-19 in 2020 presented an even greater opportunity, as scams related to coronavirus tax relief such as Economic Impact Payments, have now earned a spot on the IRS “Dirty Dozen” tax scam list. Also relatively new to the list are social media attacks – thanks to the rapid development and adoption of social media platforms in recent years. Social media attacks involve scammers harvesting information from social media profiles, then using that data to impersonate someone you know to gain access to accounts, funds and more.

Other common attacks include email phishing attacks, phone calls posing as IRS agents, and robocalls that threaten jail time. Taking advantage of the current environment, many phishing attacks are now leveraging keywords such as “coronavirus,” “COVID-19” and “stimulus.” Additional tax scams can be harder to spot, such as when a hacker secures someone else’s Social Security number (SSN) and begins exploiting this sensitive information on the dark web and facilitating fraudulent tax returns. The IRS has warned about scams related to SSN, where scammers claim to be able to suspend or cancel the victim’s SSN, hoping that fear will get consumers to return robocall voicemails.

Consumers can do their part this tax season to protect their personal information and keep their finances secure:

  • Beware of phishing attempts. Phishing is a common tactic hackers leverage during tax season, so double-check…

Source…

Lazarus APT hacking group is targeting the defense industry

/in


Security researchers have warned of a new hacking campaign by a Lazarus APT group closely linked to the North Korean regime. The hackers have targeted defense industry companies.

According to Kaspersky researchers, the Lazarus group is a highly prolific advanced threat actor active since at least 2009 and linked to many multifaceted campaigns. Since early last year, Kaspersky said the group has been targeting the defense industry with a custom backdoor dubbed ThreatNeedle that moves laterally through infected networks, gathering sensitive information.

Before this most recent campaign, the hackers have been involved in other large-scale cyberespionage campaigns, ransomware campaigns, and even attacks against the cryptocurrency market. These latest attacks signal a change in direction.

Researchers said they became aware of this campaign when they were called in to assist with incident response and discovered the organization had fallen victim to the ThreatNeedle backdoor.

The initial infection occurs through spear-phishing, in which targets receive emails with malicious Word attachments or links to them hosted on company servers. These emails claim to have urgent updates on the coronavirus pandemic and appear to come from a respected medical center.

If a victim opens a malicious document, it installs malware belonging to the Manuscrypt family, which is attributed to the Lazarus group. Researchers have previously seen this malware attacking cryptocurrency businesses. 

Once installed, the malware gains full control of the victim’s device, meaning it can do everything from manipulate files to execute received commands.

Researchers said one of the more interesting aspects of the campaign is its capacity to steal data from an office IT network and a plant’s restricted network with mission-critical assets and computers with highly sensitive data and no internet access.

While company policies usually prevent data transfer between these two networks, administrators could connect to both networks to maintain these systems. Lazarus was able to control administrator workstations and set up a malicious gateway to attack the restricted network, allowing it to steal and extract confidential data…

Source…

New TeamTNT malware targeting kubernetes | 2021-02-04

/in


New TeamTNT malware targeting kubernetes | 2021-02-04 | Security Magazine




Source…

Google says North Korean state hackers are targeting security researchers on social media

/in


  • Google believes that hackers in North Korea are pretending to be cybersecurity bloggers and targeting researchers in the field on social media platforms like Twitter and LinkedIn.
  • The search giant announced that its Threat Analysis Group has “identified an ongoing campaign targeting security researchers working on vulnerability research and development at different companies and organizations.”
  • It attributed the campaign to a government-backed entity based in North Korea.



a man sitting at a desk in front of a computer

© Provided by CNBC


Google believes that hackers in North Korea are pretending to be cybersecurity bloggers and targeting researchers in the field on social media platforms like Twitter and LinkedIn.

Loading...

Load Error

The search giant announced that its Threat Analysis Group has “identified an ongoing campaign targeting security researchers working on vulnerability research and development at different companies and organizations.”

It attributed the campaign to a government-backed entity based in North Korea. The nation’s cooperation office with South Korea did not immediately respond to CNBC’s request for comment..

Google said the actors have targeted specific security researchers with a “novel social engineering” technique, although it didn’t specify which researchers have been targeted.

Google’s Adam Weidemann said in a blog on Monday that the hackers set up a research blog and created multiple Twitter profiles to engage with security researchers.

The hackers used these accounts to post links to the blog and share videos of software exploits that they claimed to have found, Google said. 

They also used LinkedIn, Telegraph, Discord, Keybase and email to engage with security researchers, Google said.

“After establishing initial communications, the actors would ask the targeted researcher if they wanted to collaborate on vulnerability research together,” wrote Weidemann.

The actors then shared a group of files with the researchers that contained malware — software that is intentionally designed to cause damage to a computer, server, client, or computer network.

Google listed several accounts and websites that it believes are controlled by the hackers. The list includes 10 Twitter profiles and five LinkedIn…

Source…