Category Archives: cyber attack

CyberSecurity: Story of Tesla employee who refuses to accept $1 million offered by Hackers

Abstract

Sometimes, the events that transpire inside a company could be just as exciting and nail-biting as the most popular thrillers in fiction. In Tesla’s case, such a scenario recently played out, as a worker in Gigafactory Nevada ended up turning down a $1 million incentive, working closely with the FBI, and thwarting a planned cybersecurity attack against the electric car maker. 

This Tuesday, the Department of Justice announced the arrest of Egor Igorevich Kriuchkov, a Russian citizen accused of conspiring to breach the network of a US company and introduce malware to compromise the said company’s networks. Media reports about the incident have identified the US company to be electric car maker Tesla. Interestingly enough, a criminal complaint filed by the FBI Las Vegas Field Office suggests that the attempted cybersecurity attack is no ordinary hacking attempt — it may very well be part of a well-financed, organized, scheme. 

Read more in

https://www.teslarati.com/tesla-employee-fbi-thwarts-russian-cybersecurity-attack/

Cybercrime May Be the World’s Third-Largest Economy by 2021

Abtract

As organizations go digital, so does crime. Today, cybercrime is a massive business in its own right, and criminals everywhere are clamoring to get a piece of the action as companies and consumers invest trillions to stake their claim in the digital universe.

Putting things into perspective: Walmart, which racks up America’s greatest firm earnings, generated a mind-blowing $514 billion in revenue last year. Yet cybercrime earns 12 times that. Both sell a huge variety of products and services. In fact, in terms of earnings, cybercrime puts even Tesla, Facebook, Microsoft, Apple, Amazon, and Walmart to shame. Their combined annual revenue totals “just” $1.28 trillion. 

Cybercrime is undergoing an industrialization wave and offers everything that a regular legal company does: product development, technical support, distribution, quality assurance, and even customer service. Cybercriminals rob and then sell new technologies or secret strategic plans that will give their buyers an edge over their competitors. Hackers steal military secrets, renewable energy innovations, and more. 

Read more in

https://www.darkreading.com/vulnerabilities—threats/cybercrime-may-be-the-worlds-third-largest-economy-by-2021/a/d-id/1337475

Learn how Malicious PDFs can be used to target you?

Abstract

In some kinds of malicious PDF attacks, the PDF reader itself contains a vulnerability or flaw that allows a file to execute malicious code. Remember that PDF readers aren’t just applications like Adobe Reader and Adobe Acrobat.

Most browsers contain a built-in PDF reader engine that can also be targeted. In other cases, attackers might leverage AcroForms or XFA Forms, scripting technologies used in PDF creation that were intended to add useful, interactive features to a standard PDF document. One of the easiest and most powerful ways to customize PDF files is by using JavaScript.

PDF structure can have embedded javascript objects and could connect to remote servers. Read more in

https://www.sentinelone.com/blog/malicious-pdfs-revealing-techniques-behind-attacks/

Cyber Security headlines of the week

Windows malware opens RDP ports on PCs for future remote access

Security researchers say they’ve spotted a new version of the Sarwent malware that opens RDP (Remote Desktop Protocol) ports on infected computers so hackers could gain hands-on access to infected hosts.

Researchers from SentinelOne, who spotted this new version, believe the Sarwent operators are most likely preparing to sell access to these systems on the cybercrime underworld, a common method of monetizing RDP-capable hosts.

THE SARWENT MALWARE

The Sarwent malware is a lesser-known backdoor trojan that has been around since 2018. In its previous versions, the malware contained a limited set of functionality, such as having the ability to download and install other malware on compromised computers. Read more in

Easyjet Hacks: it wasn’t just a few credit cards: Entire travel itineraries were stolen by hackers

Victims of the Easyjet hack are now being told their entire travel itineraries were accessed by hackers who helped themselves to nine million people’s personal details stored by the budget airline.

As reported earlier this week, the data was stolen from the airline between October 2019 and January this year. Easyjet kept quiet about the hack until mid-May, though around 2,200 people whose credit card details were stolen during the cyber-raid were told of this in early April, months after the attack.

Read more in: https://www.theregister.co.uk/2020/05/22/easyjet_hack_victim_notification/

Ransomware tries to evade antivirus by hiding in a virtual machine on infected systems

With antivirus tools increasingly wise to common infection tricks, one group of extortionists has taken the unusual step of stashing their ransomware inside its own virtual machine.

According to Vikas Singh, Gabor Szappanos, and Mark Loman at Sophos, criminals have slotted the file-scrambling Ragnar Locker nasty into a virtual machine running a variant of Windows XP, called MicroXP. Then, once the crooks have infiltrated a victim’s network and gained administrative access – typically via a weak RDP box or through a compromised managed services provider – they download the VM, along with Oracle’s VirtualBox hypervisor to run it, on each machine they can get into.

Read more in https://www.theregister.co.uk/2020/05/22/byovm_ransomware_in_virtualbox/

Twitter Bots: Roughly half the Twitter accounts pushing to ‘reopen America’ are bots.

As parts of the US have lifted shutdown orders during the COVID-19 pandemic, there’s been a fierce argument online about the risks and benefits of reopening. New research suggests that bots have been dominating that debate.

Read more in https://www.businessinsider.com/nearly-half-of-reopen-america-twitter-accounts-are-bots-report-2020-5?r=US&IR=T

Working from home: Cybersecurity tips for remote workers

One of the key measures to reduce the spread of Covid-19 is social distancing, which for many organisations means encouraging – or instructing– staff to work from home.

But moving at short notice from a trusted office environment to working remotely can create security risks. On top of this, nasty opportunist crooks are already using the coronavirus as subject matter for their phishing scams, hoping that the unwary will click through and hand over passwords or other data.

With the rapid increase in remote working in mind, European cybersecurity agency ENISA has set out a series of recommendation

ENISA’s other security advice for home working for employees also includes:

  • Ensure your Wi-Fi connection is secure. While most Wi-Fi is correctly secured, some older installations might not be, which means people in the near vicinity can snoop your traffic.
  • Ensure anti-virus is in place and fully updated.
  • Check all security software is up to date: Privacy tools, add-ons for browsers and other patches need to be checked regularly.
  • Have a back-up strategy and remember to do it: All important files should be backed up regularly. In a worst case scenario, staff could fall foul of ransomware for instance. Then all is lost without a backup.
  • Lock your screen if you work in a shared space: ENISA said workers should really avoid co-working or shared spaces at this moment and that social distancing is extremely important to slow down the spread of the virus.
  • Make sure you are using a secure connection to your work environment.
  • Check if you have encryption tools installed.

ENISA said employers should:

  • Provide initial and then regular feedback to staff on how to react in case of problems. That means info on who to call, hours of service and emergency procedures.
  • Give suitable priority to the support of remote access solutions. Employers should provide at least authentication and secure session capabilities (essentially encryption).
  • Provide virtual solutions. For example, the use of electronic signatures and virtual approval workflows to ensure continuous functionality.
  • Ensure adequate support in case of problems. This may require setting up special rotas for staff.
  • Define a clear procedure to follow in case of a security incident.
  • Consider restricting access to sensitive systems where it makes sense.