Tag Archive for: tool

Microsoft turns to court order to take down ransomware hacking tool that targeted hospitals

/in


Microsoft and a group of cybersecurity firms received help from the courts with the massive takedown Thursday of a notorious hacking tool that had been co-opted by cybercriminals to target hospitals and healthcare systems. 

Joining forces with cybersecurity firm Fortra and the Health Information Sharing and Analysis Center (H-ISAC), the firms applied for and received a court order designed to remove bootleg versions of Fortra’s Cobalt Strike software. Last Friday, the U.S. District Court for the Eastern District of New York awarded the court order to the organizations, enabling them to seize domain names where malicious actors were storing the “cracked” versions of the software.

For years, a malicious version of the tool — initially designed to enable companies to check their cyber defenses — has been manipulated by bad actors launching ransomware attacks on unwitting victims.

Ransomware families associated with the cracked copies of Cobalt Strike “have been linked to more than 68 ransomware attacks impacting healthcare organizations in more than 19 countries around the world,” according to Microsoft, costing hospital systems “millions of dollars in recovery and repair costs, plus interruptions to critical patient care services including delayed diagnostic, imaging and laboratory results, canceled medical procedures and delays in delivery of chemotherapy treatments.” 

As hospitals grappled with the coronavirus pandemic across the U.S., cybercriminals ramped up crippling cyber attacks designed to lock down computer networks containing patient data in exchange for hefty ransoms. Analysis conducted by the Cybersecurity and Infrastructure Security Agency (CISA) found such attacks posed long-term negative impacts on hospitals, creating more ambulance diversions and increased mortality. 

Older, illegal copies of the Cobalt Strike software — often referred to as “cracked” versions — have been abused by criminals in a series of high profile attacks, including those waged against the government of Costa Rica and the Irish Health Service Executive, according to Microsoft.

At least two infamous Russian-speaking ransomware gangs — Conti and LockBit — are listed…

Source…

Police Banking on Phone-Hacking Tool to Solve Cold Case

/in


(TNS) — For years, a locked cellphone belonging to the suspect in a Pasadena, California, homicide sat in an evidence room as investigators sought a way to get around the device’s security measures.

Police might have finally caught a break.

Israeli mobile forensics firm Cellebrite has released a software update with a “Lock Bypass” feature that could allow police to access the suspect’s locked Samsung g550t phone and retrieve any evidence about the December 2015 slaying, according to a recently filed search warrant application.


As smartphones have become ubiquitous, law enforcement agencies across the U.S. have recognized their potential usefulness in criminal investigations — a vast trove of personal information about whom the users communicate with, where they shop and where they travel.

But police departments’ attempts to access phones have often put them at odds with companies such as Apple and Samsung, which market their devices’ built-in security and privacy to digital-savvy users.

It’s not clear from the warrant in the Pasadena case if investigators were able to bypass the phone’s passcode lock using the Cellebrite program or what, if any, data they extracted. But in an affidavit supporting the warrant, a Pasadena homicide detective wrote that he learned about the update in mid-January from a computer forensic examiner assigned to the Verdugo Regional Crime Laboratory.

“In January 2023, the Cellebrite program successfully bypassed the lock on a Samsung cellular telephone, for an unrelated investigation, with the new software update,” said the warrant, which seeks records from a month before the incident through Nov. 18, 2015, the date of the suspect’s arrest. “This search warrant seeks permission to search and seize records that may be found on [the suspect’s] cellular telephone in whatever form they are found as it relates to this homicide investigation.”

The simmering debate over cellphone privacy first spilled into the mainstream in 2016 after a mass shooting in San Bernardino.

At the time, Apple was resisting the FBI’s demands that it help unlock the iPhone 5C belonging to the shooter, Syed Rizwan…

Source…

Pasadena police banking on phone-hacking tool to solve cold case murder

/in


An engineer shows devices and explains the technology developed by the Israeli firm Cellebrite's technology on November 9, 2016 in the Israeli city of Petah Tikva. It only takes a few seconds for an employee of Cellebrite's technology, one of the world's leading hacking companies, to take a locked smartphone and pull the data from it. / AFP / JACK GUEZ (Photo credit should read JACK GUEZ/AFP via Getty Images)

An engineer displays devices developed by the Israeli firm Cellebrite in 2016. It takes only a few seconds for an employee of Cellebrite, one of the world’s leading hacking companies, to take a locked smartphone and pull the data from it. (Jack Guez/ AFP via Getty Images)

For years, a locked cellphone belonging to the suspect in a Pasadena homicide sat in an evidence room as investigators sought a way to get around the device’s security measures.

Police might have finally caught a break.

Israeli mobile forensics firm Cellebrite has released a software update with a “Lock Bypass” feature that could allow police to access the suspect’s locked Samsung g550t phone and retrieve any evidence about the December 2015 slaying, according to a recently filed search warrant application.

As smartphones have become ubiquitous, law enforcement agencies across the U.S. have recognized their potential usefulness in criminal investigations — a vast trove of personal information about whom the users communicate with, where they shop and where they travel.

But police departments’ attempts to access phones have often put them at odds with companies such as Apple and Samsung, which market their devices’ built-in security and privacy to digital-savvy users.

It’s not clear from the warrant in the Pasadena case if investigators were able to bypass the phone’s passcode lock using the Cellebrite program or what, if any, data they extracted. But in an affidavit supporting the warrant, a Pasadena homicide detective wrote that he learned about the update in mid-January from a computer forensic examiner assigned to the Verdugo Regional Crime Laboratory.

“In January 2023, the Cellebrite program successfully bypassed the lock on a Samsung cellular telephone, for an unrelated investigation, with the new software update,” said the warrant, which seeks records from a month before the incident through Nov. 18, 2015, the date of the suspect’s arrest. “This search warrant seeks permission to search and seize records that may be found on [the suspect’s] cellular telephone in whatever form they are found as it relates to this homicide investigation.”

The simmering debate over cellphone privacy first spilled into the…

Source…

A new AI-based tool to detect DDoS attacks

/in


by Ingrid Fadelli

, Tech Xplore

IDS deployment on the ISP. Credit: Mustapha et al

Cybercriminals are coming up with increasingly savvy ways to disrupt online services, access sensitive data or crash internet user’s devices. A cyber-attack that has become very common over the past decades is the so-called Distributed Denial of Service (DDoS) attack.

This type of attack involves a series of devices connected to the internet, which are collectively referred to as a “botnet.” This “group” of connected devices is then used to flood a target server or website with “fake” traffic, disrupting its operation and making it inaccessible to legitimate users.

To protect their website or servers from DDoS attacks, businesses and other users commonly use firewalls, anti-malware software or conventional intrusion detection systems. Yet detecting these attacks can be very challenging today, as they are often carried out using generative adversarial networks (GANs), machine learning techniques that can learn to realistically mimic the activity of real users and legitimate user requests.

As a result, many existing anti-malware systems ultimately fail to secure users against them.

Researchers at Institut Polytechnique de Paris, Telecom Paris (INFRES) have recently developed a new computational method that could detect DDoS attacks more effectively and reliably. This method, introduced in a paper published in Computers & Security, is based on a long short-term memory (LSTM) model, a type of recurrent neural network (RNN) that can learn to detect long-term dependencies in event sequences.

“Our research paper was based on the problem of detecting DDoS attacks, a type of cyber-attacks that can cause significant damage to online services and network communication,” Ali Mustapha, one of the researchers who carried out the study, told Tech…

Source…