Instagram Ransomware attack

This is the recent news that has been published by the news outlets from all over the world. At least 5 high profile Instagram accounts have been hacked by the syndicates and the users are locked out. The hackers are demanding ransom in form of Bitcoins and the worst part is that the company is silent on the issue.

The hackers also threatened to delete the account within 3 hours if the ransom is not paid though nothing of this kind has been reported. Your Account has been Hacked is the message that is being displayed leaving the users in despair and anguish. As per some Instagramers they are going through emotional turmoil. There is no hope of account restoration one influencer added.

FBI numbers on hacking

There are about 18,855 law enforcement agencies working in the US. The computer crime data that has been compiled by the FBI shows that about 64 cases of hacking have been registered in the country. This data was provided by 189 agencies that are in direct collaboration with the FBI. It is worth mentioning that the data is based on both old styled UCR and the new NIBRS.

The actual figure at the NIBRS section of the FBI website is staggering and it shows that in 2017 6191 incidents of crimes against property have been committed out of which 64 are classified as hacking. For detailed information, it is advised to visit the NIBRS website and filter the results according to the Law Enforcement Agency Types to get a clear view of the situation.

Satori Botnet developer arrested

Kenneth Currin has been arrested by the Feds and the hacker is the alleged developer of malicious Satori Botnet malware. He has been charged with Computer Fraud and Abuse Act for causing damage to the number of systems. In addition to all this, the malware also affected about 500,000 routers from all over the world scanning the hardware to collected confidential user information.

His full name and address were published online by his rivals and this made it too easy for the Feds to nab him. Some specialists are of the view that he used his home IP which became a major cause of his arrest and the story of name publishing is just a hoax. Kenneth lives with his father and suffers from Asperger Syndrome.

Malware to survive OS reinstalls

One of the best things that can be done once the computer is affected by malware is to reinstall the OS. This is not the case now as the Russian hackers have developed the malware that would corrupt the roots of the hard drive. In such case, even OS reinstall would not remove it at all. Most of the affected systems in this regard would have windows installed which shows how vulnerable this OS really is.

In addition to the root directory, the Unified Extensible Firmware Interface or the UEFI of the computer also gets corrupted. The only way out of this is to make sure that the firmware remains updated so that there is no vulnerability left.

Feds use of hacking as a tool

The private companies have been hired by the US government to develop the hacking tools that can be used by the Feds to track and take down criminals. The department is also working rigorously to develop tools that would track the internet history, communications and even sensitive data like personal files.

It will make sure that tactics are developed to nab the internet based criminals well before they commit any crime. The FBI has also invested about $1 million to develop and source hacking software that will read the data even if the phones are locked. The users, on the other hand, are not communicated with facts that to what extent will such technologies work.

Midterm elections can be jeopardized by the hackers

The optical scan ballot papers and the electronic voting machines are all vulnerable to hacking. This could affect the midterm elections that are planned for November 6th this year. The number is not one or two but thousands of machines are vulnerable and this can leave the experts devastated once the incident happens. The optical scan ballot machines are also not safe and the problem is the USB ports that are attached.

The states have not upgraded the election hardware kudos to budget cuts and constraints. The Defcon conference also demonstrated the hack of electronic voting machines within 15 minutes leaving the experts baffled. The system is vulnerable and only time would tell how effectively it performs during crises of any kind.

North Korean citizen charged with hacking charges

Park Jin has been charged by the US government to conspire against the biggest corporations in the USA namely Sony. The company suffered a data breach in 2014 and now the US has also blamed the Reconnaissance General Bureau of the North Korea for the activity. The hackers don’t live or operate from North Korea.

According to the intelligence reports, some of the operatives live in China while the others live in Malaysia due to better internet access. The notorious Lazarus Group has been created to destabilize the US military networks and the Pentagon by simultaneous attacks from all over the world. North Korea has denied all such claims.

Ransomware attack on Ontario town office

It has been reported that the computer network held hostage by the hackers has been released as the Ontario Town office has paid the desired amount. The office is now in the process of server reconfiguration. The remote take over by the hackers was done with the help of the email attachment malicious in nature. The office did not disclose the number of Bitcoins transferred to the hacker wallet.

The residents of the town are of the view that the office should not have paid the ransom as it will further foster the activities of the hackers. According to some sources, it would take full 48 hours before the systems are up and running.

Russian hacker extradition to the US

Andrei Tyurin aged 35 has been extradited to the USA under the charges of espionage and computer hacking. The sensitive info of about 100 million customers was published as a result of a single attack that exploited the loopholes in the networks. The financial institutions of the USA suffered the most and the hacker got away with a profit of $18 million.

He is also suspected of operating an illegal online casino with the payment gateways integrated. This was used for the money laundering on behalf of criminal syndicates and illegal pharmaceutical companies from all over the world. The FBI is of the view that extradition of Tyurin is a lesson for those engaged in similar activities.

Skype Vulnerability allows Hackers to Execute Arbitrary code on Victim’s Machine

Skype Vulnerability

Security researchers have discovered a flaw in Skype that could enable hackers to run code on a target system, phish for credentials and crash applications.

According to Zacharis Alexandros, an independent researcher, a bug in Skype was discovered in January, but it has only recently been bought to light following the successful patch of the problem by Microsoft. He dubbed the bug, Spyke.

In a blog post (at time of publication, the article on LinkedIn (also owned by Microsoft) appears to have disappeared – here is a cached page), Alexandros said the problem mainly affected the Windows version of the VoIP application and to mount an attack, a hacker would need local access to the login screen of a running Skype instance.

He said that the vulnerability targets the fact that Skype instance contains an embedded Internet Explorer browser used for authentication purposes. An attacker can circumvent the normal authentication process and abuse the login via Facebook function to fingerprint the Internal Browser (IE), execute code in the context of the Skype process, phish credentials, and over communication traces.

He added that any system using Skype Client 7.31.0.104 and older versions that allow Facebook Login as an option are vulnerable. “Systems that use Skype and are publicly reachable like info kiosks or smart TV appliances, are particularly more attractive than local private systems (PCs) in order to be used for phishing attacks,” he warned.

The researcher also uploaded a video showing a proof of concept where code can be taken from Facebook’s developer site from inside Skype and crash the app. A hacker could also replace the login with a fake one to phish for a victim’s credentials.

Snapchat Data Breach

1.7M Snapchat user details Posted in India Data Breach

  • Snapchat CEO Evan Spiegel might want to tone down his comments while discussing the target demographic for his app to handle a Snapchat Data breach instead..
  • A former employee at Snapchat, instigating a lawsuit, told a Los Angeles court that Spiegel interrupted him as he was making a presentation about the app’s growth prospects overseas. “This app is only for rich people. I don’t want to expand into poor countries like India and Spain,” Spiegel said, according to Anthony Pompliano, who worked at the company for three weeks after moving over from facebook’s product team.
  • After the alleged comments from Spiegel appeared in Variety, hackers in India, as yet unidentified, took the disparaging remarks personally and in an apparent act of revenge claimed to have posted personal details of 1.7 million Snapchat users online, according to a report on UK site Independent.

Almost Half of UK firms hit by Cyber Breach or Attacks in the Past Year

Attacks Hit Many UK Firms

  • Government report says seven in ten large companies identified a breach or attack with firms holding personal data more likely to be attacked primarily by fraudulent emails, followed by viruses and
  • Businesses large and small are being urged to protect themselves against cyber-crime after new government statistics found more than half of all UK businesses suffered a cyber-breach or attack in the past 12
  • The Cyber-Security Breaches Survey 2017 reveals nearly seven in ten large businesses identified a breach or attack, with the average cost to large businesses of all breaches over the period being £20,000 and in some cases reaching
  • The survey also shows businesses holding electronic personal data on customers were much more likely to suffer cyber-breaches than those that do not (51% compared to 37%)
  • The Cyber-Breaches Survey is part of the UK government’s five-year national cyber-security strategy to transform this country’s cyber-security and to protect the UK online. As part of the strategy, the government recently opened the new National Cyber-Security Centre (NCSC), a part of

Callisto Group Hackers targeted Foreign Office Data

The UK’s Foreign Office was targeted by highly motivated and well-resourced hackers over several months in 2016.

Hack

  • The government has investigated the previously unreported attack that began in April last year. However the UK’s National Cyber Security Centre would not say whether data was
  • Research published on Thursday by cybersecurity firm F-Secure suggested the attack was a “spear-phishing” campaign, in which people were sent targeted emails in attempts to fool them into clicking a rogue link or handing over their username and
  • To do this, the attackers created a number of web addresses designed to resemble legitimate Foreign Office websites, including those used for accessing
  • F-Secure does not know whether the attack was successful. The company says the domains were created by hackers that it calls the Callisto Group, which it says is still active.

Hack Attacks on UK Businesses Cost Investors £42bn

 A typical FTSE 100 firm is worse off by an average of £120m after a hack or breach.

 

  • Risks relating to cyber security have risen to the top of the corporate agenda in recent years but few company leaders are aware of the full extent of the possible damage that data breaches can cause.
  • A new study commissioned by cyber security firm CGI and conducted by Oxford Economics, has found that companies’ share prices fall by an average of 1.8 per cent on a permanent basis following a severe breach – where large amounts of sensitive information are
  • This means a typical FTSE 100 firm is worse off by an average of £120m after a breach, according to the
  • Oxford Economics compiled the data using the Gemalto Breach Index – a register of publicly disclosed cyber security
  • Some 315 breach events were examined in total with a focus on 65 “severe” and “catastrophic” breaches occurring since 2013 across seven global stock exchanges. The analysis found that investors have lost at least £42bn due to severe public domain cyber security incidents since 2013.

Wonga Data Breach Hack

Wonga Data Breach Hack ‘affects 245,000 UK Customers’

 

  • The payday loan firm Wonga has suffered a data breach hack which may have affected up to 245,000 customers in the UK.
  • The firm said it was “urgently investigating illegal and unauthorised access to the personal data of some of its customers”.
  • The information stolen includes names, addresses, phone numbers, bank account numbers and sort codes. The range of information stolen may also include the last four digits of customers’ bank cards – information used by some banks as part of the login process for online accounts.
  • Prof Alan Woodward, a cybersecurity expert at the University of Surrey, said it was “looking like one of the biggest” data breaches in the UK involving financial information.
  • A further 25,000 customers in Poland were also potentially affected. In a statement, the firm said: “We are working closely with authorities and we are in the process of informing affected customers. We sincerely apologise for the inconvenience caused.”
  • Wonga said it did not believe the attackers had gained access to users’ loan accounts, but warned them to be vigilant.
  • The lender, which provides short-term loans, said it had became aware of the breach last week but at that time thought no data was involved.

 

Hotel Chain Giant Card Payment Breach could have ‘over 1000’ Locations

InterContinental Hotel Group Breach

• A breach on the card payment systems of a major hotel chain are larger than expected. In February 2017 it was reported that the InterContinental Hotel Group had experienced breaches on 12 of its hotels. IHG are now reporting that many more such breaches at its locations, possibly upwards of a 1000.

• The hotel giant has released a finder tool on its website listing all of the affected IHG locations. The tool shows 50 US states and one location in Puerto Rico. While the full number has not yet been counted, Brian Krebs, the investigative journalist who first broke the story, reckons that there could be more than 1000 locations affected.

• IHG runs over 5000 hotels across 100 countries and plenty of brands including Holiday Inn and Crowne Plaza hotels, making it a major hotelier.

• A statement released on the hotel’s website says that the malware, which infected the hotels’ card payment systems, was identified between 29 September and 29 December 2016.

• The statement adds that “there is no evidence of unauthorised access to payment card data” after 29th December, it still took until March 2017 to ensure that the malware had been completely expunged from the systems.

• The company’s statement notes that many IHG locations had implemented “a point to point encryption payment” solution. Those that had done so before September 2016, were not affected by the breach and many more did so after the breach. The implementation of the solution effectively ended the ability of the malware to steal data.

List of data breaches and cyber attacks in February 2017

ransomware1

It’s the shortest month of the year, but it has not been short of breaches or cyber attacks.

The list is the usual mix of ransomware attacks and careless employees causing data breaches.

Our US readers, however, will be well aware that tax day is fast approaching, so W-2 phishing is rife. Earlier this month, the IRS sent out an urgent alert warning employers that this W-2 phishing scam had spread beyond the corporate world to other sectors, including school districts, tribal organisations and non-profits.

Continue reading “List of data breaches and cyber attacks in February 2017”

The Story Behind the Biggest Hacking Scheme in the US History

It is not much longer when an attorney of the United States of America exposed a group of professional hackers which was based on five members. The four members of the group were Russian national and the fifth was a Ukrainian national. The attorney Paul Fisherman claimed that it is the biggest hacking and data breach scheme in the history of the United States of America. The group was performing its criminal activities 2005, they hacked and stolen data for about seven years until they were caught. The group of these cyber criminals stole the information of about 160 million credit cards and debit cards that result in a loss of hundreds of millions of Dollars.

This cyber criminal gang majorly aimed the large scale firms. These five devilish geniuses targeted the big fishes of the company and mostly were multinational organizations. Their victims included the NASDAQ (the electronic stock exchange), 7 eleven inc.; JCPenney Co.; the New England Supermarket chain Hannaford Brothers Co.; JetBlue, Heartland Payment System (which is one of the largest credit and debit processing companies) and there were strong organizations such as Dexia Bank Belgium. You can imagine how capable would be these criminals that they breached some strong security barriers and stole data.

The criminals were accused that they communicated with each other via instant messages. An example of such was seen when they break into the database of NASDAQ and one member of the group sent an instant message to another that “NASDAQ is owned”. A member used to constantly check the Google News to whether their cyber crimes had been revealed or not. The suspected group was so organized that they had their tasks distributed, they all used to perform a specific task in which they had become masters.

The group members named Drinkman and Kalinin were professional hackers who used to penetrate the computer network and helped their mates to break in. Kitov, the other member was an expert in harvest data from the database and the fourth member Rytikov used to provide web hosting facilities to hack the computer. Similianets, the fifth member of the gang was given the task of selling the stolen data and get a handsome amount against it.

The ones who purchased the stolen credit card and debit card numbers resold this data online on different forums or directly to the known people that give cash against it. The rates of credit card numbers vary from country to country. A credit card number that belonged to the United States values about $10, Canadian credit card number worth $15 and European credit card number are sold for about $50. Then this data can be circulated to any part of the world easily.

The multinational companies usually have some security measures to make the data secure, on the other hand, your data is probably completely unsecured. Your data is also precious; you can also become a fraud victim if you take effective measures for data security. Using security software that can Lock Folders can make your data secure.

For more information please visit:

https://www.newsoftwares.net/folderlock/

Almost 50% Of US Companies Lack CyberAttack Insurance

Are You Covered For CyberAttack ?

BLOOMFIELD, Conn.—A recent study from NTT Com Security, found that 49 percent of the U.S. companies surveyed currently do not have insurance specifically for cybersecurity attacks.

corporations-logo-collage

NTT Com Security surveyed 1,000 “non-IT business decision makers in organizations in the U.K., U.S., Germany, France, Sweden, Norway and Switzerland,” for the report.

“Faced with risks every day, it’s easy for organizations to look for quick-fix solutions rather than focusing on building a solid security and risk management strategy,” Garry Sidaway, SVP security strategy and alliances for NTT Com Security, said in a prepared statement.

“Rather than relying solely on an insurance policy to cover losses, businesses need a different game plan. Buy insurance by all means, but ensure that you can demonstrate that you have put controls in place to reduce your risks, and, what these controls cover. This way you know what is being insured,” he said.

cyberattack-2

While a majority of global organizations believe information security breach insurance is crucial, less than half—41 percent—are fully covered for both security breaches and data loss, and just over one-third have dedicated cybersecurity insurance, according to the company’s 2016 Risk:Value report.

U.S. businesses are the most likely to have this type of insurance, 51 percent, compared to 26 percent in the U.K.

“Security needs to be embedded into the culture of an organization, from top to bottom, championed by the CEO, designed and executed by the CISO and communicated effectively so that every employee takes responsibility for ensuring that good practices are followed,”

Do You Need CyberAttack Incident Support? We Can Help. Contact Us Now!