Yet another exciting time in cyberspace, last week was spent by most of the enterprises trying to fix some of the most common vulnerabilities and various sources of zero-day attack present in much of the software of some of the top organizations around the world. Microsoft was finally able to send a patch for the win32k zero-day attack, and the ransomware that affected Pensacola was eventually detected and stopped; however, even with all this progress, there are still millions of cybercrimes taking place every day in the world.
The superior technical capabilities of cybercriminals are not the reason that these cyber-attacks happen so frequently. Instead most of the times such attacks are possible because of human negligence and lack of information among the users. Cybercrimes are often preventable with the help of easy to deploy safeguards and preventive steps. This reason is why almost all companies and governments are trying to make people aware of the necessity of training needed to prevent malware, phishing emails, and ransomware from affecting our systems. Such training can help us get protection from phishing and other attacks on our own.
The latest news on cybercrimes makes us aware of the new type of attacks that the attackers perpetuate. It enables us to be prepared for the future by designing new methods to prevent email phishing and other attacks.
Update On The Romanian Gang Infecting Computers With Mining Malware
As shown last week, a Romanian cyber gang targeted unsuspecting people and mined up to $4 million worth of cryptocurrency. A press release in Ohio informed that the group was deploying the malware to steal personal information of victims. It may be they were looking for information on certain people, and in the guise of mining 4,00,000, they received that too.
The latest update says that they not only stole the information but also sold it on the dark web. We can infer that the whole operation was a planned ruse by its smoothness. By the time the government took any action to prevent the phishing attack, the entire plan had been executed.
According to sources, the gang behind this attack was the Bayrob Group; this is a Romania based group that has been known to be executing cyber attacks since 2007. Two members of the Bayrob Group- Rady Miclaus and Bogdan Nicolescu- are facing serious charges for fraud and various cybercrimes.
An FBI agent stated that “These sentences reflect that the cyber methods used today take advantage of innocent victims anywhere around the globe. The data that has been stolen included the victim’s financial records, emails, and other personal details too.”
He further stated that “Despite the complexity and global character of these investigations, this investigation and prosecution demonstrates the commitment by the FBI and our partners to pursue these individuals and bring justice to the victims.”
Targeted PoS Attacks On Gas Stations
Recently it has come to notice that two chains in North America are stealing payment card data. Point of Sale systems in gas stations have been attacked in the last few months. Further, it has been seen that these attacks were not like the usual theft operations where the adversaries used skimmers at gas pumps. Instead, these recent attacks were advanced criminal activities wherein malware was planted on the backend system that people use to process the transaction done by cards. Visa has asked customers to remain alert against such attacks.
Visa’s payment fraud division has identified at least three separate attacks targeting PoS systems since August. Two of them were done by FIN8, a threat group that has previously been associated with numerous attacks on PoS systems.
The fraud division of Visa has identified at least three attacks that were targeting the PoS systems. One such attack was introduced when an employee of the gas station clicked a phishing email that led to the downloading of a RAT (Remote Access Trojan). The RAT was used to breach the entire network, and it eventually entered into the merchant’s Pos environment for harvesting card data. This same kind of criminal conduct was observed in the later attacks too.
Computers Shut Down In New Orleans Due To Cyber Attack
Recently New Orleans was hit by a major cyberattack, the result of which was that employees were asked to shut down the computers as a precaution. It was reported that employees began to have problems in the morning at around 11 – 12. What is alarming is that the modus operandi of the attack is still unknown- there is no certainty about what led to the attacks. Some suspect that this could be a ransomware attack where a system is rendered inoperable unless the said amount is paid. These kinds of attacks have become widespread since the WannaCry attacks.
As a cautionary measure, all the employees unplugged their devices and disconnected their WiFi. Apart from this, all servers were also shut down. The government website Nola.gov was also shut down and was not accessible until Friday. Emergency services, however, were still operable. It is not the first time such attacks have occurred. In November, Louisiana was under a similar attack where it took around two weeks to get systems back online. The attack in Louisiana was also a ransomware attack. Cybercriminals are getting more sophisticated by the passage of time and are attacking more and more prominent public and government operations. The government of New Orleans is yet to take the necessary steps to recover the data; however, they have applied some anti-phishing tools that prevent the rise of such ransomware.
Iran Defuses Another Cyber Attack
Iran was recently under a cyberattack that was said to have been successfully repelled. This instance was the second defusion of a cyberattack in less than a week. It has been said that the attack aimed at spying on government information. Mohammad Jahromi, the Iranian minister of Information and Communications Technology, tweeted that a cyber-attack occurred, was defused, and that the situation was under control. He also mentioned that the hackers were identified. Other information has also been circulated regarding this matter. The same personnel informed us last week that the cyber-attacks occurring were targeting the electronic infrastructure of Iran. Although the official did not provide any specifics, he said that an official report would soon be generated.
There are also speculations that the attacks might not be confined merely to government infrastructure and could also be targeting other sensitive areas of the country. Addressing this, the minister responded that the attacks were not targeting local banks and asked people to not fall for such fraudulent news.
It should be remembered that after the Stuxnet attack, Iran disconnected its infrastructure from the Internet.
There is also tension rising between the United States and Iran after President Trump withdrew the nuclear deal with Tehran. It is rumored that the United States launched the attack on Iranian Military computer systems. For now, the Iranian government says the current cyber attack is under control with the help of the best anti-phishing software.
Ransomware Attacks In US schools
Since October, US schools are facing an increasing number of ransomware attacks. These attacks come at a time when the cities of Pensacola and New Orleans are dealing with recent cyber threats of their own. According to the latest report by a firm named Armor- A total of 72 US schools have suffered from ransomware attacks. These are just the numbers that have been disclosed to the public. Many such attacks have possibly gone undisclosed and were brushed under the carpet.
The Armor security firm stated in their latest issue that, “Schools, hospitals and municipalities, these are servers that cannot be shut down for days because they have low tolerance capabilities. This fact is not because they are tech-dependent but because they serve many people, and the information is highly sensitive. Also, this information and servers and equipments are gathered through tax payer’s money. It is the government’s prime duty to secure information of these people, as well as supply them with phishing prevention tips regularly, in any circumstances.” They further stated that “This is the information that the attackers target the most because they know this is the most sensitive topic in any country.“
It was said that the attack had been contained, and things would be more secure, but the country has been under attack for so long that assurance from such statements is not of much help.
Cyber Security Attack On New Orleans On Course For Getting Resolved
The recent ransomware attack on New Orleans affected more than 4000 systems, which is why Mayor Latoya Cantrell has advised engineers to check every part of their computer operations. According to the Chief Information Officer of New Orleans, Kim LaGrue, all the data files that had been encrypted by the attackers were already backed up because the city was aware of the impending attack. The only task remaining for engineers is to restore backed-up data so that everything can return to normal again. City officials are researching the case to get to the bottom of it.
Ransomware is a type of attack where a cybercriminal encrypts all the files in the system, which cannot be used by the owner of the data unless they pay the ransom asked by the attacker. The attacker might then decrypt the system or demand more payment.
Gilbert Montano, the Chief Administrative Officer of New Orleans, has advised that the total cost to fix the entire issue is around $1 million; however, the insurance companies may cover the value of the cybercrime.
Satori Cyber Raises Money To Protect Businesses
In today’s world, we know that our data on cloud servers are not that safe. Many companies store data in massive amounts, often in an insecure way. Criminals have a significant incentive of getting their hands on that data as it represents a myriad of opportunities to commit fraud. Faced with such challenges, we ought to see a variety of start-ups that guarantee the safety of our data. In a funding round led by YL Ventures, Satori Cyber today raised $5.25 million in seed money. The company focuses on governance and data protection.
The Satori Cyber Secure Data Access Cloud is the first official product of Satori that has been launched after leaving stealth mode. This service provides businesses with resources for offering data access controls. The visibility of data flow across hybrid and cloud environments is just as important for these enterprises and their defense systems. The company thinks data is a “Moving target,” and argues that one often doesn’t know who has permission to access the data and how it moves among the services. This idea led them to understand the importance of transparency.
It took nearly nine years for both the co-founders to build a security system at Incapsula and Imperva. After having this experience, they understood that there must be transparency between users and operations.
Lazarus Apt Group Targets Linux Systems
Linux Systems have been under attack by a new malware that has been used by The Lazarus APT. The Remote Access Trojan dubbed Dacls is capable of attacking Windows systems as well. The Lazarus APT first surfaced between 2014 and 2015. The group is also known as the “HIDDEN COBRA.”
In its attacks, the group usually prefers using tailored malware and has been active since 2009.
The Lazarus APT group has been accused of launching several significant attacks across the globe like the Sony Pictures hack and the WannaCry ransomware attack and many more. Process management, network scanning, command execution file management are some of the many functions that the Dacls RAT can perform. Dacls is the hardcoded string and its file name. The RAT dynamically loads plugins (preferably remotely), when targeting Windows Devices.
In the bot program, a compiled plugin is inserted when targeting Linux Systems. The malware they use is a reverse P2P plugin that routes traffic among the C2 server and the bots and also acts as a C2 connection proxy. Users can avoid potential threats from the Dacls Remote Access Trojan by patching their systems as well as by installing advanced anti-virus software to have proper spear phishing protection as well as a good anti-phishing tool.
Malware “Dudell” Discovered Hidden Behind Microsoft Excel Documents
Microsoft researchers have found a malware named “Dudell” that is being circulated by an unknown group called Rancor. This malware is hidden behind the MS Excel documents. The Rancor threat group has been targeting government organizations ever since they came into existence in 2017.
The process of spreading the malware involves a macro code that activates as soon as the user downloads the Excel attachments and clicks on “Enable Content.” The macro runs through the system, and as soon as this is done, it encrypts all the user files.
Another operation of the same malware is said to send the victim’s personal details to the attacker. The information includes IP addresses, hostname, OS information, as well as the language pack.
The name of the macro script that is spread by the Rancor threat group is chrome.vbs. It is used to infect the entire system, thus resulting in a ransomware attack.
K-12 Cybersecurity Act Implemented by US Senators to Safeguard Schools from Cyber Attacks
Gary Peters and Rick Scott have introduced the K-12 district schools to an Act that aims at preventing any phishing or malware attacks on the systems of these schools.
A report suggested that as the primary targets for ransomware attackers have always been K-12 schools, this bill was necessary to safeguard students as well as staff. 86 universities, schools, and colleges that were said to have been impacted by such attacks in the past year and introduction of the K-12 Cybersecurity Act will prove to be of great help.
The information that is stolen in such cases is majorly student records such as grades, qualification records, payroll and teacher employment details, medical records, family records, etc.
According to the act, the CISA (Infrastructure Security Agency and DHS Cybersecurity) would study the risks that are associated with the attacks that have already happened in the K-12 schools. Then they will come up with a viable solution such as spear phishing prevention tools as well as a phishing protection service to protect them from such cybercrimes.