Archive for the ‘Hackers’ category

North Korea Hackers Hit US Companies

October 14th, 2017

FireEye researchers recently mentioned that spear phishing emails were sent to U.S. electric companies which can be traced back to North Korea.

The emails contained fake invitations to a fundraiser. Anyone who opened attachment will get malware.

The researchers mentioned that the attack is early-stage reconnaissance.

“Nation-states often conduct cyber espionage operations to gather intelligence and prepare for contingencies, especially at times of high tension,” the researchers wrote.

Two years ago North Korean hackers has released sensitive data on South Korean nuclear power plants.

Researchers mentioned that North Korea linked hackers are bold and “likely remain committed to pursuing targets in the energy sector, especially in South Korea and among the U.S. and its allies, as a means of deterring potential war or sowing disorder during a time of armed conflict.”

“North Korea linked hackers are among the most profilic nation-state threats, targeting not only the U.S. and South Korea but the global financial system and nations worldwide,” the researchers wrote. “Their motivations vary from economic enrichment to traditional espionage to sabotage, but all share the hallmark of an ascendant cyber power willing to violate international norms with little regard for potential blowback.”

Eddie Habibi, CEO of PAS Global mentioned that with the growing tension between US and North Korea the frequency of the attack will rise.

And while critical infrastructure is as prepared as it has ever been for phishing attacks, Habibi said, it’s not well prepared for the consequences of attacks that provide the attackers with “access to the process control networks where you find systems that control volatile processes or ensure worker safety.”

“These systems are often 15 or 20 years old and consequently do not adhere to today’s secure by design principles,” Habibi said. “They are also not visible to security personnel, which makes detecting and reacting sufficiently to compromise difficult at best. Exploiting these systems can lead to loss of production, shareholder value, and even life under certain circumstances.”

____________________________________________________________________________________________

AlertSec ACCESS is a patent pending technology. It is designed to enforce that devices are encrypted before access to a network is granted. Encrypted devices secure your data in case a device is lost or stolen. AlertSec ACCESS checks all computers and smartphones and detects all encryption types.

North Korean Hackers

October 11th, 2017

South Korean ruling party lawmaker Lee Cheol-hee said that North Korean hackers have stole 235 GB of data from South Korea’s Defense Integrated Data Center which includes operational plans created by Seoul and Washington for all-out war with North Korea.

The data includes plans for “decapitating” the North Korean leadership if war breaks out. It also includes contingency plan.

“The Ministry of National Defense has yet to find out about the content of 182 GB of the total [stolen] data,” he said.

As per the Pentagon spokesman Colonel Rob Manning, all key information remains secure. “I can assure you that we are confident in the security of our operations plans and our ability to deal with any threat from North Korea,” he said.

“We’ll continue to work closely with our partners in the international community in identifying, tracking and countering any cyber threats,” Manning added.

As per the AlienVault threat engineer Chris Doman, hacker group responsible for the attacks is possibly a subgroup of the attackers behind WannaCry, the Sony breach, and the SWIFT hacks. “They are very active, and I continue to see new malware samples from them every week,” he said.

“In Ukraine, the number of cyber attacks, and their level of sophistication, rose with fighting on the ground,” Comodo senior research scientist Kenneth Geers said. “The threat of sudden decapitation via cyber and traditional strikes may force Kim Jong-un into making desperate moves.”

“Cyber is more unpredictable than traditional weaponry, because you may lose control of your assets before you know it,” Geers added. “Given that the risk is international nuclear war, there are no limits on what both sides might do in cyberspace to prepare the battlespace, in an effort to improve the prospects of victory for their side.”

Geers also mentioned that North Korean hackers may plan sabotage operations in case of war. “It is possible that North Korea might receive cyber help from Russia and/or China, who may perceive an interest in undermining U.S. geopolitical goals, as well as testing national cyber capabilities,” he said.

____________________________________________________________________________________________

AlertSec ACCESS is a patent pending technology designed to check that devices are encrypted before access to a network is granted. Encrypted devices secure your data even if they are lost or stolen.

New Phishing Attack

August 19th, 2017

Comodo researchers found a new ransomware campaign which targeted tens of thousands using simple email which contained only attachment and no text. The file name is E 2017-08-09 (xxx).xxx with the number in parentheses and different file extension with each email.

After the click on the attachment, a new Locky ransomware variant called IKARUSdilapidated is downloaded.

“Named for the appearances of ‘IKARUSdilapidated’ in the code string, it is clearly related to the ‘Locky’ Trojan and shares some of its characteristics,” the researchers note. “As a new malware variant, it is read as an ‘unknown file’ and is allowed entry by organizations not using a ‘default deny’ security posture (which denies entry to all unknown files until it is verified that they are ‘good’ files and are safe to have enter the IT infrastructure).”

The attachment is unreadable having the following phrase-

“Enable macro if data encoding is incorrect,” a social engineering technique which runs  run a binary file that downloads an encryption Trojan.

Comodo-protected endpoints found out more than 62,000 phishing emails on Aug 9,10 and 11. Eleven thousand IP address where used from one thirty-three different countries.

“This quantity of servers can only be used for a specific task if they are formed into a large bot network (or botnet), and have a sophisticated command and control server architecture,” the researchers note.

As per the Kaspersky, Locky and its variants were the most profitable form of ransomware.

“Ransomware is here to stay, and we will have to deal with it for a long time to come,” Google senior strategist Kylie McRoberts said.

Tripwire principal security researcher Travis Smith told that sending such email is a profitable method.

“For ransomware, the attacker just needs one low-level employee to click a link or open an attachment,” he said.

“That one click then allows them to immediately be paid hundreds, if not millions, of dollars in nearly anonymous cryptocurrency,” Smith added.

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by Check Point and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Ukraine’s Postal Service Hit

August 11th, 2017

Ukraine’s national postal service website Ukrposhta was hit by DDoS attacks for two days. The facility mentioned that it was able to start the service after the first day attack. On the second day, the service was slowed down by the attack.

Igal Zeifman Imperva director of marketing said that its not unusual to see such repeat attacks. “Recently, such tactics had become more common due to their ability to disrupt some security measures and cause fatigue to the people in charge of the attack mitigation, forcing them to stay alert even in the quiet time between attacks,” he said.

“In the first quarter of the year, we saw the number of such repeat assaults reach an all-time high, with over 74 percent of DDoS targets attacked at last twice in the span of that quarter,” Zeifman added.

Ukposhta was attacked earlier by hackers. In the late June it was impacted by NotPetya attacks.

As per Kaspersky Lab Q2 2017 DDoS Intelligence Report this quarter saw a 277-hour DDoS attack and 131 percent longer than the longest DDoS attack in Q1 2017.

It also mentioned that DDoS attacks hit 86 countries, up from 72 countries in Q1 2017. The most affected countries were China, South Korea, the U.S., Hong Kong, the U.K., Russia, Italy, the Netherlands, Canada and France.

Kaspersky also said that there is an increase in Ransom DDoS or RDos attacks

“Nowadays, it’s not just experienced teams of hi-tech cybercriminals that can be Ransom DDoS attackers,” Kaspersky Lab head of DDoS protection Kirill Ilganaev said in a statement. “Any fraudster who doesn’t even have the technical knowledge or skill to organize a full-scale DDoS attack can purchase a demonstrative attack for the purpose of extortion.”

“These people are mostly picking unsavvy companies that don’t protect their resources from DDoS in any way and therefore can be easily convinced to pay ransom with a simple demonstration,” Ilganaev added.

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Cyber Insurance and Cloud Cyber Attacks

July 31st, 2017

According to the insurer Lloyd’s, a large cyber attack could cause $53 billion in economic losses which is almost same estimation as per 2012’s Superstorm Sandy. The report mentions the two possibilities. One where a disruptive attack which can lead to losses of $53 billion. Other includes an attack on computer operating systems which could lead to losses of $28.7 billion.

As per Lloyd’s estimation, the range of losses can vary between $15.6 billion to $121.4 billion. Average loss range is from $620 million for a large loss to $8.1 billion for an extreme loss.

“Just like some of the worst natural catastrophes, cyber events can cause a severe impact on businesses and economy, trigger multiple claims and dramatically increase insurers’ claims costs,” Lloyd’s CEO Inga Beale mentioned

“Underwriters need to consider cyber cover in this way and ensure that premium calculations keep pace with the cyber threat reality,” Beale added. “We have provided these scenarios to help insurers gain a better understanding of their cyber risk exposures so they can improve their portfolio exposure management and risk pricing, set appropriate limits and expand into this fast-growing, innovative insurance class with confidence.”

As per the RiskIQ study, cybercrime led to global economy $454 billion loss last year. it also mentioned that $858,153 is lost to cybercriminals every minute. Companies spent $142,694 per minute to protect.

“Today, an organization’s digital assets are subject to malware, malvertising, and phishing efforts on a scale never before seen, while rogue apps, domain and brand infringement, and social impersonation cause business disruption and material loss,” RiskIQ manager of content strategy Mike Browning wrote in a blog post examing the findings.

The report also mentioned that 818 pieces of unique malware are injected in the system per minute.

“As companies innovate Web, social, and mobile means to engage with their customers, partners and employees, threat actors will prey on business exposures and brands to capture users’ trust, access credentials, and sensitive data,” RiskIQ chief marketing officer Scott Gordon said in a statement. “This requires organizations to extend their security programs to monitor and mitigate threats outside the firewall.”

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Kaspersky Lab Defends Allegations

July 18th, 2017

Kaspersky Lab is accused of deep connections with Russia-based hacking efforts. The U.S. government has removed the firm from its vendor list which can be used for federal government. The step was taken after U.S. officials, including Adm. Mike Rogers, director of the National Security Agency and Cyber Command leader, testified before a Senate committee mentioning potential risks from Kaspersky Lab software.

Kaspersky Lab has denied the accusations.

“Regardless of how the facts are misconstrued to fit in with a hypothetical, false theory, Kaspersky Lab, and its executives, do not have inappropriate ties with any government,” the company stated. “The company does regularly work with governments and law enforcement agencies around the world with the sole purpose of fighting cybercrime.”

Allegations were also made against Kaspersky Lab that it took active participation in raids with Russian law enforcement officials and ‘hacked back’ against organizations.

“Hacking back is illegal, and Kaspersky Lab has never been involved in such activities,” the company stated. “Instead we are actively participating in joint shut-down of botnets led by law enforcements of several countries where the company provides technical knowledge.”


Kaspersky Lab mentioned that it only provides technical expertise throughout the investigation to help catch cybercriminals.

“Concerning raids and physically catching cybercriminals, Kaspersky Lab might ride along to examine any digital evidence found, but that is the extent of our participation, as we do not track hackers’ locations,” the company stated.

“I want to reassure you, our valued partner – there is no evidence because no such inappropriate ties exist,” he wrote in reference to the Russian government allegations. “While Kaspersky Lab regularly works with governments and law enforcement agencies around the world to fight cybercrime, the company has never helped nor will help, any government in the world with its cyberespionage efforts.”

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by Check Point and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

AI Security Company Series D Round

July 10th, 2017

Darktrace U.K.-based startup which has offices in San Francisco has recently raised $75 million in a Series D round of funding.

Nicole Eagan, CEO at Darktrace, mentioned that Insight Venture Partners’ participation in the investment “is another strong validation of the fundamental and differentiated technology that the Enterprise Immune System represents,” in a statement. “It marks another critical milestone for the company as we experience unprecedented growth in the U.S. market and are rapidly expanding across Latin America and Asia Pacific in particular, as organizations are increasingly turning to our AI approach to enhance their resilience to cyber-attackers.”

Company uses artificial intelligence to tackle security threats. The Enterprise Immune System uses the algorithm in real time to stop the attack. It tracks normal behaviour and security threats. It also detects insider threats and zero-day attacks.

“Unlike more common forms of malware, which rely on human-mediated methods such as phishing to co-opt people into triggering the payload, this type of attack uses a worm to move from machine to machine without human intervention,” Andrew Tsonchev, director of Cyber Analysis at Darktrace, wrote in a blog post. “Fortunately, it is precisely this – a dramatic change in internal activity – which has allowed us to effectively fight back.”

Company mentioned that its contract value has now reached $200 million. Bookings are also increased in the US. The headcount in last year is doubled to 500. It has 450 partners. Most important the software has detected over 48,000 serious threats.

“Unlike more common forms of malware, which rely on human-mediated methods such as phishing to co-opt people into triggering the payload, this type of attack uses a worm to move from machine to machine without human intervention,” Andrew Tsonchev, director of Cyber Analysis at Darktrace, wrote in a blog post. “Fortunately, it is precisely this – a dramatic change in internal activity – which has allowed us to effectively fight back.”

Another AI based security company Attivo Networks has also raised $15 million.

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers

IoT Security

July 5th, 2017

The Internet of Things (IoT) is seeing the rapid rise but it seems to repeat the history of technology evolution. The pace of growth is not matched with security requirements. IoT helps automation as well as real-time synchronization of business processes. The implementation helps for precise response in real time.

 “IoT devices assist businesses in real-time responses to supply-and-demand market effects, they empower patients and healthcare professionals to continuously monitor conditions, and they enable electric grid operators to adjust the production, flow, and cost of electricity according to real-time market demands to ensure the most efficient, resilient, and cost-effective solution,” says James Scott, senior fellow at the Institute for Critical Infrastructure Technology, a Washington DC-based cybersecurity think tank.

Hundreds of companies now provide IoT solutions. But security aspect is lagging behind.

 “As was shown in the Dyn attack, we appear doomed to repeat the mistakes we made with PCs and mobile devices in IoT,” says Tom Byrnes, founder and CTO of ThreatSTOP. “Once again, cost reduction has made security an afterthought, if a consideration at all, with predictably disastrous consequences.”

 It is different than other systems as threat involved is higher due to many connection points. As per the Intel, 200 billion IoT devices will be online by 2020.

 “Most IoT devices and sensors lack any form of security or security-by-design,” says Scott.

 “Without layered security of the IoT microcosms, hacktivists can disrupt business operations, cyber-criminals can compromise and ransom pacemakers, and cyber-jihadists or nation-state sponsored threats can compromise and control the grid,” to name just a few of the potential IoT security attack scenarios.

“Every IoT device has inherent vulnerabilities and exploitable weaknesses resulting from a culture that sacrifices security in the design process in favor of meager savings and in the rush to market,” says Scott. “The overwhelming preponderance of insecure IoT devices in the future will render security an impossibility in the future.”

 Most of IoT devices do not have computational power or battery life to have security applications.

 “We need to develop cost-effective IoT devices that incorporate security-by-design rather than cheaper and less secure alternatives,” says Scott. “While that may save a few dollars in the short-term, it puts the public and critical infrastructure at risk of losing millions of dollars and valuable data in the long-term.”

 Also, there is lack of platform standards.

 “With old devices lasting longer than ever before, there are many devices currently in use that do not support new standards,” says Sam Rehman, Chief Technology Officer of Arxan. “Hackers will always see legacy devices as a prime choice of entry.”

 ___________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Kmart Attacked by Hackers Again

July 2nd, 2017

Kmart suffered another data breach when its server was attacked by hackers.

 “Our Kmart store payment data systems were infected with a form of malicious code that was undetectable by current anti-virus systems and application controls,” a Kmart FAQ on the data breach states. “Once aware of the new malicious code, we quickly removed it and contained the event.”

 Sears Holdings owns Kmart. It has not mentioned the number of affected card holder in the statement. Also, the location impact is also not disclosed. But it mentioned that only card information got breached.

 “All Kmart stores were EMV ‘Chip and Pin’ technology enabled during the time that the breach had occurred and we believe the exposure to cardholder data that can be used to create counterfeit cards is limited,” the company stated. “There is no evidence that kmart.com or Sears customers were impacted nor that debit PIN numbers were compromised.”

 This is the second breach in three years. Security of the card is crucial and online shops are finding it difficult to secure.

 “Consumers should monitor the transactions on any account linked to credit or debit cards they have used in a Kmart store and report any fraudulent transactions to their bank as soon as they are identified,” Capps said. “Given the brisk migration to a chip-and-pin system, we are unlikely to see the stolen credentials used for in-person payments, but they can be used for online transactions. “

 In 2014, Kmart was affected by malware.

 “We will likely find that this attack started with a stolen credential, used to inject the malware into Kmart’s networks,” Nir Polak, CEO of security vendor Exabeam mentioned. “In this modern operating environment, better behavioral analysis — focused on both use of credentials and on the system processes that are spawned from malware — is the best way to detect and shut down these attacks.”

____________________________________________________________________________________________

 Alertsec encryption is powered by Check Point and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

U.S Election Systems Attacked by Russian Hackers

June 22nd, 2017

Thirty-nine states were hit by Russian hackers prior to the 2016 U.S. election. In Illinois, hackers got access to the database and tried to delete or alter voters data. A software was also accessed which was used by poll workers on Election Day.

“Last year, as we detected intrusions into websites managed by election officials around the country, the administration worked relentlessly to protect our election infrastructure,” Eric Schultz, spokesman for former President Barack Obama, told Bloomberg.

“Given that our election systems are so decentralized, that effort meant working with Democratic and Republican election administrators from all across the country to bolster their cyber defenses.”

A former senior U.S official mentioned that Russians now possess knowledge of U.S. election systems prior to the next presidential election.

“The U.S. must start putting precautions in place today that assures voter data and election systems are protected, or else history is bound to repeat itself.”Seclore CEO Vishal Gupta said.

Federal agents found traces of hacking into the database. Many states refused to cooperate with the agency.

“It’s laughable how systems we thought were immune to attack were so woefully under-secured.” Venafi chief security strategist Kevin Bocek said.

“We’ve seen this with ATMs and POS systems,” Bocek added. “The finance and retail industries have effectively responded to their own deep vulnerabilities, and now state, local and federal governments need to respond in the same way to protect voting systems.”

“Without a record of who is accessing, changing or deleting data, it’s virtually impossible to detect the compromise,” he said. “It’s not hard to imagine a scenario where voter data has been compromised but has gone undetected due to lack of auditing or evidence of a breach.”Varonis vice president of field engineering Ken Spinner said

“It’s more important than ever to monitor file activity and user behaviour, so that if an outside party is attempting to manipulate or delete information — as happened in Illinois — that activity is able to be flagged and investigated right away,” Spinner added.

“Whether you’re a small company or a national government, the best risk reduction is to limit access to those who need it the most, keeping sensitive data locked down, and to monitor data access so that when something suspicious happens, you can catch it before it turns into global headlines,” Spinner said.

____________________________________________________________________________________________

The Alertsec service protects everything stored on the computer such as Word, PowerPoint, Excel, Outlook, Gmail, Photos, Credit Card data files etc. Perhaps, most importantly, your login credentials to cloud applications are protected.