Category: Cyber

Hints of cyber’s role in Taiwan

Posted on by esimantiras

Hints of cyber’s role in Taiwan

source: axios.com, contributed by Artemus FAN, Bill Amshey  |  image: pixabay.com

 

he latest evidence of China-linked hackers infiltrating U.S. critical infrastructure is highlighting what role cyberattacks could end up playing in a possible invasion of Taiwan.

What’s happening: Earlier this week, researchers at Microsoft unveiled that a Chinese state-sponsored groupknown as Volt Typhoon has been targeting critical infrastructure organizations in the U.S. and Guam.

  • Affected organizations spanned a long list of sectors: communications, manufacturing, utility, transportation, construction, maritime, government, information technology and education.
  • Volt Typhoon, which has been in operation since mid-2021, infiltrated these organizations by targeting internet-facing devices running Fortinet’s FortiGuard products, per Microsoft.
  • Once inside, the hackers can start “living off the land” and obtain access to a network by stealing user credentials and rerouting any suspicious traffic through home routers, Microsoft said.

Continue reading “Hints of cyber’s role in Taiwan”

Hackers Promise AI, Install Malware Instead

Posted on by esimantiras

Hackers Promise AI, Install Malware Instead

source: securityweek.com  |  image: pexels.com

 

Facebook parent Meta warned that hackers are using the promise of generative artificial intelligence like ChatGPT to trick people into installing malware on devices.

Meta on Wednesday warned that hackers are using the promise of generative artificial intelligence like ChatGPT to trick people into installing malicious code on devices.

Over the course of the past month, security analysts with the social-media giant have found malicious software posing as ChatGPT or similar AI tools, chief information security officer Guy Rosen said in a briefing.

“The latest wave of malware campaigns have taken notice of generative AI technology that’s been capturing people’s imagination and everyone’s excitement,” Rosen said.

Continue reading “Hackers Promise AI, Install Malware Instead”

Meet APT43, the newest North Korean threat

Posted on by esimantiras

Meet APT43, the newest North Korean threat

source: Axios, contributed by FAN Bill Amshey  |  image: pexels.com

 

Researchers have identified a new state-backed hacking group in North Korea: APT43.

Driving the news: Mandiant, a threat intelligence firm owned by Google, said in a report today that APT43 has been engaging in espionage campaigns to support the North Korean regime.

  • APT43 also appears to target cryptocurrency firms and services and uses the profits to fund its espionage operations, the report states.
  • The group typically targets organizations in South Korea and the United States, with a special focus on government, business services, manufacturing and education and research groups.

The big picture: Mandiant has “moderate confidence” that APT43 is specifically linked to North Korea’s foreign intelligence service.

  • Mandiant has been tracking this gang’s activities since 2018, and today’s report officially elevates the group to an official state-backed hacking group.

Of note: Other companies refer to the group as “Kimsuky” or “Thallium” in their reports. Each cyber research firm uses its own naming conventions for identifying hacking groups.

Details: APT43 engages in two types of cyber activity: Spear-phishing email campaigns to harvest specific targets’ credentials and high-value research, and cryptocurrency firm hacks to get funds for its own operations.

  • In the spear-phishing attacks, APT43 poses as reporters and researchers to trick employees at U.S. defense and research organizations, as well as South Korea-based think tanks, into clicking on a malicious email link or responding with key intel.
  • APT43 has been seen using cryptocurrency services to launder stolen currency, suggesting the group has been involved in the string of recent attacks.

Threat level: Unlike other state-backed hacking groups, APT43 has yet to be seen exploiting critical, unknown vulnerabilities in systems.

  • However, the group continues to maintain “a high tempo of activity” and has collaborated with several North Korea state-backed hacking groups.

Britain uses cyber capabilities to counter enemies online – GCHQ

Posted on by esimantiras

Britain uses cyber capabilities to counter enemies online – GCHQ

 

source: reuters.com  |  image: pexels.com

 

LONDON, April 4 (Reuters) – British government hackers have launched operations against militants, state-backed disinformation campaigns and attempts to interfere in elections, the GCHQ spy agency said on Tuesday, in a rare statement on its offensive cyber work.

The attacks were carried out over the last three years by the secretive National Cyber Force (NCF), a hacking unit operational since 2020 made up of spies and defence officials from Britain’s armed forces and Government Communications Headquarters (GCHQ), the eavesdropping agency said in a statement.

“In an increasingly volatile and interconnected world, to be a truly responsible cyber power, nations must be able to contest and compete with adversaries in cyberspace,” GCHQ director Jeremy Fleming said.

The statement was published alongside a 28-page paper designed “to illustrate aspects of how the UK is being a responsible cyber power”. It did not elaborate on the specifics of those operations.

Britain’s position as a leading hacking power competing alongside the United States with countries including Russia, China and Iran has been long known but rarely acknowledged.

Continue reading “Britain uses cyber capabilities to counter enemies online – GCHQ”

The DEA is using Apple’s AirTags for surveillance

Posted on by esimantiras

The DEA is using Apple’s AirTags for surveillance

source: imore.com  |  image: pixabay.com

It’s the first time a federal agency has used the tracker for surveillance.

A new report says that the DEA used an AirTag for surveillance in anti-drug operations last year, in what is believed to be the first instance of a federal agency using the tracker in such a manner.

According to Forbes(opens in new tab), border agents intercepted two packages from Shanghai, China, in May of 2022, which were found to contain a pill press that is used to turn powders into tablets. “Believing that they were destined for an illegal narcotics manufacturer”, the DEA stepped in, and rather than swipe the goods, instead placed an AirTag inside the device so they could track its whereabouts. 

A warrant seen by the outlet reveals what “appears to be the first known case of a federal agency turning Apple’s location-tracking device into a surveillance technology.”

Continue reading “The DEA is using Apple’s AirTags for surveillance”

The Deepfake Dangers Ahead

Posted on by esimantiras

The Deepfake Dangers Ahead

source: wsj.com, contributed by Artemus Founder, Bob Wallace  |  image: pexels.com

 

AI-generated disinformation, especially from hostile foreign powers, is a growing threat to democracies based on the free flow of ideas

 

By Daniel BymanChris Meserole And V.S. Subrahmanian

Feb. 23, 2023 9:58 am ET

Bots, trolls, influence campaigns: Every day we seem to be battling more fake or manipulated content online. Because of advances in computing power, smarter machine learning algorithms and larger data sets, we will soon share digital space with a sinister array of AI-generated news articles and podcasts, deepfake images and videos—all produced at a once unthinkable scale and speed. As of 2018, according to one study, fewer than 10,000 deepfakes had been detected online. Today the number of deepfakes online is almost certainly in the millions.

We can hardly imagine all the purposes that people will find for this new synthetic media, but what we’ve already seen is cause for concern. Students can have ChatGPT write their essays. Stalkers can create pornographic videos featuring images of the people they are obsessed with. A criminal can synthesize your boss’s voice and tell you to transfer money.

Deepfakes risk leading people to view all information as suspicious.

Continue reading “The Deepfake Dangers Ahead”

3 Overlooked Cybersecurity Breaches

Posted on by esimantiras

3 Overlooked Cybersecurity Breaches

source: thehackernews.com  |  image: pexels.com

 

Here are three of the worst breaches, attacker tactics and techniques of 2022, and the security controls that can provide effective, enterprise security protection for them.

#1: 2 RaaS Attacks in 13 Months

Ransomware as a service is a type of attack in which the ransomware software and infrastructure are leased out to the attackers. These ransomware services can be purchased on the dark web from other threat actors and ransomware gangs. Common purchasing plans include buying the entire tool, using the existing infrastructure while paying per infection, or letting other attackers perform the service while sharing revenue with them.

In this attack, the threat actor consists of one of the most prevalent ransomware groups, specializing in access via third parties, while the targeted company is a medium-sized retailer with dozens of sites in the United States.

The threat actors used ransomware as a service to breach the victim’s network. They were able to exploit third-party credentials to gain initial access, progress laterally, and ransom the company, all within mere minutes.

The swiftness of this attack was unusual. In most RaaS cases, attackers usually stay in the networks for weeks and months before demanding ransom. What is particularly interesting about this attack is that the company was ransomed in minutes, with no need for discovery or weeks of lateral movement.

Continue reading “3 Overlooked Cybersecurity Breaches”

IT Leaders Reveal Cyber Fears Around ChatGPT

Posted on by esimantiras

IT Leaders Reveal Cyber Fears Around ChatGPT

source: infosecurity-magazine.com  |  image: pexels.com

 

The majority (51%) of security leaders expect ChatGPT to be at the heart of a successful cyber-attack within a year, according to new research by BlackBerry.

The survey of 1500 IT decision makers across North America, the UK and Australia also found that 71% believe nation-states are likely to already be using the technology for malicious purposes against other countries.

ChatGPT is an artificially intelligence (AI) powered language model developed by OpenAI, which has been deployed in a chatbot format, allowing users to receive a prompt and detailed response to any questions they ask it. The product was launched at the end of 2022.

Cyber-Threats from ChatGPT

Despite its enormous potential, information security experts have raised concerns over its possible use by cyber-threat actors to launch attacks, including malware development and convincing social engineering scams.

Continue reading “IT Leaders Reveal Cyber Fears Around ChatGPT”

A Sneaky Ad Scam Tore Through 11 Million Phones

Posted on by esimantiras

A Sneaky Ad Scam Tore Through 11 Million Phones

source: wired.com  |  image: pexels.com

Some 1,700 spoofed apps, 120 targeted publishers, 12 billion false ad requests per day—Vastflux is one of the biggest ad frauds ever discovered.

 

EVERY TIME YOU open an app or website, a flurry of invisible processes takes place without you knowing. Behind the scenes, dozens of advertising companies are jostling for your attention: They want their ads in front of your eyeballs. For each ad, a series of instant auctions often determines which ads you see. This automated advertising, often known as programmatic advertising, is big business, with $418 billion spent on it last year. But it’s also ripe for abuse.

Security researchers today revealed a new widespread attack on the online advertising ecosystem that has impacted millions of people, defrauded hundreds of companies, and potentially netted its creators some serious profits. The attack, dubbed Vastflux, was discovered by researchers at Human Security, a firm focusing on fraud and bot activity. The attack impacted 11 million phones, with the attackers spoofing 1,700 app and targeting 120 publishers. At its peak, the attackers were making 12 billion requests for ads per day.

“When I first got the results for the volume of the attack, I had to run the numbers multiple times,” says Marion Habiby, a data scientist at Human Security and the lead researcher on the case. Habiby describes the attack as both one of the most sophisticated the company has seen and the largest. “It is clear the bad actors were well organized and went to great lengths to avoid detection, making sure the attack would run as long as possible—making as much money as possible,” Habiby says. 

Continue reading “A Sneaky Ad Scam Tore Through 11 Million Phones”

T-Mobile Breached Again, This Time Exposing 37M Customers’ Data

Posted on by esimantiras

T-Mobile Breached Again,

This Time Exposing 37M Customers’ Data

source: darkreading.com  |  image: pexels.com

This time around, weak API security allowed a threat actor to access account information, the mobile phone giant reported.

T-Mobile has disclosed a new, enormous breach that occurred in November, which was the result of the compromise of a single application programming interface (API). The result? The exposure of the personal data of more than 37 million prepaid and postpaid customer accounts.

For those keeping track, this latest disclosure marks the second sprawling T-Mobile data breach in two years and more than a half-dozen in the past five years.

And they’ve been expensive.

Continue reading “T-Mobile Breached Again, This Time Exposing 37M Customers’ Data”