Tag: threatens | Page 2

US-Canada water org confirms ‘cybersecurity incident’ after ransomware crew threatens leak • The Register

September 15, 2023/in Internet Security

The International Joint Commission, a body that manages water rights along the US-Canada border, has confirmed its IT security was targeted, after a ransomware gang claimed it stole 80GB of data from the organization.

“The International Joint Commission has experienced a cybersecurity incident, and we are working with relevant organizations to investigate and resolve the situation,” a spokesperson for the org told The Register.

The spokesperson declined to answer specific questions about what happened, or confirm the miscreants’ data theft claims.

IJC is a cross-border water commission tasked with approving projects that affect water levels of the hundreds of lakes and rivers along the US-Canada border. It also resolves disputes over waters shared between the two countries.

On September 7, the NoEscape ransomware crew listed IJC as a victim on its dark-web site, and claimed it breached the commission’s network, and then stole and encrypted a flood of confidential data. This info, according to the crooks, included contracts and legal documents, personal details belonging to employees and members, financial and insurance information, geological files, and “much other confidential and sensitive information.”

The cyber-crime gang has given the IJC ten days to respond to its ransom demand, or it may make the swiped info public.

“If management continues to remain silent and does not take the step to negotiate with us, all data will be published,” the NoEscape leak notice threatened. “We have more than 50,000 confidential files, and if they become public, a new wave of problems will be colossal. For now, we will not disclose this data or operate with it, but if you continue to lie further, you know what awaits you.”

The IJC spokesperson contacted by The Register declined to comment on the ransom demand or if the commission would pay.

Who is NoEscape?

NoEscape is a ransomware-as-a-service operation that appeared in May and takes a double-extortion approach. That means instead of simply infecting victims’ machines with malware, encrypting their files and demanding a ransom to release the data, the crooks first steal the files before locking them up. They threaten to…

Source…

How US threatens global internet security through decades of cyber surveillance, attacks

May 13, 2023/in Internet Security

Photo: VCG

Editor’s Note:

A decade has passed since the PRISM scandal was exposed by Edward Snowden and enraged the world. Under the guise of so-called “national interests,” the US government and its related intelligence agencies utilize their technological and first-mover advantages to conduct cyber surveillance and attacks around the world.

Documents leaked from the Pentagon earlier this year offered further proof that the US has extended its hand to almost every corner of the globe. What evil deeds the US has orchestrated and probably continues to do in the cyber world? In this series, the Global Times will closely look into how this veritable “network surveillance empire” gradually damages global cyber security through its intelligence network, which has in turn severely hurt its own reputation and credibility.

Recently leaked Pentagon documents have once again exposed to the world the ugly face of US espionage campaigns orchestrated against other countries. While maintaining the close surveillance of both its “enemies” and allies, the US has extended its evil hand to almost every corner of the globe.

For years, the US has conducted large-scale surveillance and launched cyberattacks targeting overseas governments, companies, and individuals with its technological advantages and vast intelligence network, a severe violation of International Law and the basic norms governing international relations. Worse still, the US paints itself as the victim while perpetrating these villainous acts, by defaming other countries including China with groundless accusations.

Last month, China’s Cybersecurity Industry Alliance (CCIA) released a report titled “Review of Cyberattacks from US Intelligence Agencies – Based on Global Cybersecurity Communities’ Analyses.”

The report details the malicious behavior of the US in conducting long-term cyberattacks and surveillance worldwide, such as attacks against key infrastructure in other countries, indiscriminate cyber theft and monitoring, and implantation of backdoor pollution standards and supply chain sources.

The report lays out evidence that reveals the true nature of the US’ role as the world’s biggest secret information stealer and “hacker…

Source…

Ransomware gang threatens to expose one million sensitive medical records online

September 16, 2022/in Internet Security

Ransomware operators Daixin Team are claiming to have stolen “more than a million records” from a U.S. healthcare organization, and are threatening to leak it all to the public.

It’s unclear whether this means a million affected patients, or a million pieces of sensitive information belonging to fewer patients, but whatever the case, the threat actors stole sensitive data from OakBend Medical Center, which operates three hospitals in the state of Texas, and shut down its communications and IT systems in the process.

The stolen data allegedly includes employee and customer names, dates of birth, Social Security numbers, as well as data regarding patient treatments. More than enough to be used in identity theft, extortion, stage-two data breaches, and more.

Full leak

But that will only happen if the group decides to go for the “full leak”, which suggests they might be negotiating with the healthcare provider over a potential ransom payment.

OakBend did not say if it plans on paying or not, but it did say it pulled compromised endpoints (opens in new tab) offline and notified law enforcement and government agencies, including the FBI. Microsoft, Dell, and Malware (opens in new tab) Protects, have also been called in to assist. “At no time was patient safety ever in jeopardy,” the company said in a press release following the incident.

Even though some ransomware operators publicly promised not to go after healthcare organizations, non-profits, and similar institutions, some pay no regard to the fact that these attacks might put actual human lives in jeopardy. A similar attack happened in Pennsylvania recently as well, when Medical Associates of the Lehigh Valley had its systems breached, and 75,628 individuals’ names, addresses, Social Security numbers, as well as medical records, compromised.

Hospitals and other healthcare institutions were a major target during the Covid-19 pandemic, as well.

Check out our list of the best antivirus (opens in new tab) solutions right now

Via: The Register (opens in new tab)

Source…

New ChromeLoader malware surge threatens browsers worldwide

May 25, 2022/in Computer Security

Chrome logo on a red background

The ChromeLoader malware is seeing an uptick in detections this month, following a relatively stable volume since the start of the year, causing the browser hijack to become a widespread threat.

ChromeLoader is a browser hijacker that can modify the victim’s web browser settings to show search results that promote unwanted software, fake giveaways and surveys, and adult games and dating sites.

The malware’s operators receive financial gains through a system of marketing affiliation by redirecting user traffic to advertising sites.

There are many hijackers of this kind, but ChromeLoader stands out for its persistence, volume, and infection route, which involves the aggressive use of PowerShell.

Abusing PowerShell

According to Red Canary researchers, who have been following the activity of ChromeLoader since February this year, the operators of the hijacker use a malicious ISO archive file to infect their victims.

The ISO masquerades as a cracked executable for a game or commercial software, so the victims likely download it themselves from torrent or malicious sites.

The researchers have also noticed Twitter posts promoting cracked Android games and offering QR codes that lead to malware-hosting sites.

When a person double-clicks on the ISO file in Windows 10 or later, the ISO file will be mounted as a virtual CD-ROM drive. This ISO file contains an executable that pretends to be a game crack or keygen, using names like “CS_Installer.exe.”

Finally, ChromeLoader executes and decodes a PowerShell command that fetches an archive from a remote resource and loads it as a Google Chrome extension.

Once this is done, the PowerShell will remove the scheduled task leaving Chrome infected with a silently injected extension that hijacks the browser and manipulates search engine results.

**The PowerShell used against Chrome on Windows**
*(Red Canary)*

macOS targeted too

The operators of ChromeLoader also target macOS systems, looking to manipulate both Chrome and Apple’s Safari web browsers.

The infection chain on macOS is similar, but instead of ISO, the threat actors use DMG (Apple Disk Image) files, a more common format on that…

Source…

Tag Archive for: threatens

Who is NoEscape?

Abusing PowerShell

macOS targeted too