fbpx
Connect with us

Cybersecurity

Google nabs phishing attacks from state-sponsored cybercrimes

Published

 on

In a world where everyone is exposed to infiltration on their devices, Google sent Thursday approximately 50,000 alerts to users whose accounts were exposed to breaches by state-sponsored cybercrimes executing phishing and malware campaigns.

“Countering threats from Iran” is the label the Big Tech giant gave to its latest blog post, addressing Google’s Threat Analysis Group’s (TAG) latest tracking of disinformation campaigns, governmental backed hacking, and financially driven abuse.

“We have a long-standing policy to send you a warning if we detect that your account is a target of government-backed phishing or malware attempts. So far in 2011, we’ve sent over 50,000 warnings, nearly a 33 percent increase from this time in 2020,” the blog post stated.

While receiving the warning does mean an account could be exposed to potential cyber threats, not all those who have received the warning have been breached. 

The search engine elaborated that the company’s analytical branch directs these distressing warnings to accounts it perceives as a potential target to governmental-sponsored phishing attempts, brute-force attacks, malware delivery efforts initiated from a state-backed hacking ecosystem.

Google’s cybercrime statistics revealed that TAG has managed to identify more than 270 targets or hacker groups supported by governmental entities from more than 50 countries. Meaning, some of these accounts are targeted by more than one threat, expanding all around the globe.

Fending off cyberattacks from Iran

Iran’s hacking group, APT35, known for pursuing U.S. politicians before the 2020 Presidential elections, seems to have set its mind to proceed with its mission to creep into governmental representatives’ devices and accounts.

The tech mogul’s report not only highlighted that the group is still actively aiming to infiltrate some of the biggest bureaucratic personnel, but it appears that it allocated its goal to developing devious tricks to deter itself from being detected by security tools, then deceiving targets to submit accounts credentials, or into installing spyware on their devices.

APT35’s main line of specialty is indulging in account theft activities that allow it to spy on journalists, activists, government workers, academics, and anyone that might stimulate the Iranian regime’s curiosity.

Wielding Telegram for threat reports

According to one TAG researcher, Ajax Bash, the attackers’ most adopted tactic is exploiting an API for Telegram scripts, a messaging service, by creating bots in the chat app to facilitates accounts’ theft, alongside bank fraud.

“The attackers embed JavaScript into phishing pages that notify them when the page has been loaded. To send the notification, they use the Telegram API send Message function, which lets anyone use a Telegram bot to send a message to a public channel,” Bach revealed.

In parallel, the messaging platform was informed by Google of the misleading activities accruing on its app, resulting in the bots being netted and eliminated by Telegram.

The governmentally supported group implements this tactic to send device-based data back to the channel, unveiling to hackers sensitive details such as IP, user-agent, and any local visitor to their phishing sites in real-time.

The implementation of Spyware Apps to optimize access

TAG’s systematic outcomes also featured that in May 2020, the company unearthed that APT35 tried to install malicious spyware to Google Play Store via an app masquerading as VPN software. If successfully uploaded, the cybercriminals could have obtained critical data, ranging from call logs, text messages, contacts, location data, and much more.

Once detected, Google eliminated the app from its store before any user installation.

Even though the app was extracted from the store, TAG caught additional attempts by the group to dispense the malicious VPN on other platforms as of July 2021.

Conference-themed phishing emails

ATP35’s most outstanding feature is the parody of conference officials to indulge in phishing attacks. By employing the Munich Security and the Think-20 (T20) Italy conference, attackers allure non-malicious contracts first as email messages for users to answer to. Once they receive a response, hackers then send phishing links in an email as a correspondent follow-up.

Usually, after responding, users would sail through at least one redirect before reaching a phishing domain that will give APT35 access to their email.

For this purpose, the adaptation of link shorteners and click trackers is heavily implemented, and they typically come implanted with PDF files.

In this case, Google broke down attempted cybercrimes using Google Drive, App Scripts, and site pages for specific campaigns as the cybercriminal entity made an effort to break down the tech giant’s embedded defense mechanisms.

If cybercrimes are measured on a governmental scale, once successful, malicious attacks are set to cause irreversible damage. For that reason, cybersecurity enterprises are expecting cyber intrusion rates to heighten in the upcoming years, with the U.S. being its main target. A scheme that could be detrimental to a country recovering its infrastructure from the pandemic’s crippling aftermath that broke its backbone in the past two years.

Daryn is a technical writer with thorough history and experience in both academic and digital writing fields.

Cybersecurity

Panasonic confirms cyber breach to its access data

Published

 on

Japanese manufacturing titan, Panasonic, confirmed Friday its network has been infiltrated by a cyberattack directed at its access data, on November 11, by gaining entry via third party.

In its statement, the company revealed that “some data on a file server had been accessed during the intrusion.”

This marks the only information publicized by the tech manufacturing giant. However, homegrown publications Mainichi and NHK alleged the breach was initiated June 22 and terminated November 23.

“After detecting the unauthorized access, the company immediately reported the incident to the relevant authorities and implemented security countermeasures, including steps to prevent external access to the network,” Panasonic said in its statement.

“In addition to conducting its own investigation, Panasonic is currently working with a specialist third-party organization to investigate the leak and determine if the breach involved customers’ personal information and/ or sensitive information related to social infrastructure,” it added.

In parallel, NHK disclosed that the breached servers contained data about Panasonic business partners and the manufacturer’s own technology, adding that a previous cyberattack directed at a subsidiary also obtained personal business data.

Panasonic also stated that aside from directing its own probe into the matter, the company is also seeking experts’ assistance by working with a third-party establishment to examine all aspects of the cyberattack. This will help the entity identify whether the infiltration was directed towards clients’ personal data.

“We cannot predict whether it will affect our business or business performance, but we cannot deny the possibility of a serious incident,” the Japanese titan said told one of the publications on Friday.

Earlier in March, Panasonic joined forces with cyber security company McAfee to institute a cybersecurity operations center (SOS) to address the rising risks of these attacks on its infrastructure. The pact will prioritize and strictly focus on detection and response.

Continue Reading

Cybersecurity

Apple suing Israeli hacker-for-hire company NSO Group

Published

 on

Tech giant Apple announced Tuesday it is suing Israel’s NSO Group, seeking to block the world’s most infamous hacker-for-hire company from breaking into Apple’s products, like the iPhone.

Apple said in a complaint filed in federal court in California that NSO Group employees are “amoral 21st century mercenaries who have created highly sophisticated cyber-surveillance machinery that invites routine and flagrant abuse.” Apple said NSO Group’s spyware, called Pegasus, had been used to attack a small number of Apple customers worldwide.

“State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability. That needs to change,” said Craig Federighi, Apple’s senior vice president of software engineering.

NSO Group has broadly denied wrongdoing and said its products have been used by governments to save lives.

“Pedophiles and terrorists can freely operate in technological safe-havens, and we provide governments the lawful tools to fight it. NSO group will continue to advocate for the truth,” the company said in a statement.

It’s the latest blow to the hacking firm, which was recently blacklisted by the U.S. Commerce Department and is currently being sued by social media giant Facebook.

Security researchers have found Pegasus being used around the world to break into the phones of human rights activists, journalists and even members of the Catholic clergy.

Pegasus infiltrates phones to vacuum up personal and location data and surreptitiously controls the smartphone’s microphones and cameras. Researchers have found several examples of NSO Group tools using so-called “zero click” exploits that infect targeted mobile phones without any user interaction.

The Biden administration announced this month that NSO Group and another Israeli cybersecurity firm called Candiru were being added to the “entity list,” which limits their access to U.S. components and technology by requiring government permission for exports.

Also this month, security researchers disclosed that Pegasus spyware was detected on the cellphones of six Palestinian human rights activists. And Mexican prosecutors recently announced they have arrested a businessman on charges he used the Pegasus spyware to spy on a journalist.

Facebook has sued NSO Group over the use of a somewhat similar exploit that allegedly intruded via its globally popular encrypted WhatsApp messaging app. A U.S. federal appeals court issued a ruling this month rejecting an effort by NSO Group to have the lawsuit thrown out.

Apple also announced Tuesday that it was donating $10 million, as well as any damages won in the NSO Group lawsuit, to cybersurveillance researchers and advocates.


RICHMOND, Va. (AP)

Continue Reading

Cybersecurity

Thousands of Phone Numbers Compromised During Robinhood Hack

Published

 on

Popular investment and trading platform Robinhood stated that “limited information” had been stolen during a cyber-attack targeting the company last week but highlighted that among them were thousands of personal phone numbers.

Robinhood said on Tuesday, that the list obtained by the hackers, which contained email addresses for about five million people and full names for a different group of roughly two million people, included “several thousand entries” with phone numbers.

While the company failed to reveal how many phone numbers were on the list, Motherboard reported that it’s about 4,400.

Motherboard got a copy of the stolen phone numbers “from a source who presented themselves as a proxy for the hackers.” In a statement, Robinhood did not confirm whether the phone numbers Motherboard had obtained, were authentic but did acknowledge that the stolen information included thousands of phone numbers.

However, the blog added: “We continue to believe that the list did not contain Social Security numbers, bank account numbers, or debit card numbers and that there has been no financial loss to any customers as a result of the incident. We’ll continue making appropriate disclosures to affected people.”

The company added: “After we contained the intrusion, the unauthorized party demanded an extortion payment. We promptly informed law enforcement and are continuing to investigate the incident with the help of Mandiant, a leading outside security firm.”

On his side, Robinhood Chief Security Officer Caleb Sima said, “As a Safety-First company, we owe it to our customers to be transparent and act with integrity.”

“Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do,” he noted.

Continue Reading

Trending