iNews - Vol: 120
Vietnam goes into a tailspin with DUCKTAIL, while UBER admits its role in a data breach cover. From cyberwarfare to malware, the world of technology has us geared for another week of cybersecurity threats to look out for. Our expert Roy Abraham, Enterprise Practice Head shares a few tips toward building a safer digital world. Happy reading!
Since the 2000s, the information age has reinvented almost every aspect of our lives. Your phone is no longer just a calling device. The smartphone is your entry into a world of options, interactions, and possibilities. The same goes for your watch, car, television, and even your fridge. The internet of things (IoT) is expanding our digital sphere and making it easy to access information – sometimes without even touching a button. And the number of IoT-connected devices is only going up. But with great power comes great responsibility, and even greater risks.
Ride-sharing service Uber has reached an agreement with the U.S. Department of Justice to resolve a criminal investigation into its massive 2016 data breach. The November 2016 breach involved hackers stealing legitimate credentials, using them to access Uber's private source code repository and stealing information on numerous drivers and riders. In total, the hackers obtained records on approximately 57 million users, as well as 600,000 drivers' license numbers.
Cyberattacks of all kinds are on the rise globally, and India is reportedly one of the biggest targets with its large and vulnerable tech-connected population. Data breaches and ransomware are two of the biggest ambush tactics, with well-known Indian companies such as Razorpay, Juspay, Pinelabs, and MobiKwik all suffering at the hands of cybercriminals, costing billions in damages, and exposing the sensitive data and credentials of millions of users.
“The malware is designed to steal browser cookies and take advantage of authenticated Facebook sessions to steal information from the victim's Facebook account and ultimately hijack any Facebook Business account that the victim has sufficient access to.” WithSecure has name the malware “DUCKTAIL” and is confident it’s run by a Vietnamese entity that attacks by first scouting for companies that operate on Facebook’s Business/Ads platform and then looking for people likely to have admin access to those accounts.
China's cyber espionage activities are extensive and sophisticated but when the Middle Kingdom tried to steal sensitive economic data from the US Fed, poor security meant its operatives didn't have to dip too far into their bags of tricks.
A new version of the Amadey Bot malware is distributed through the SmokeLoader malware, using software cracks and keygen sites as lures. Amadey Bot is a malware strain discovered four years ago, capable of performing system reconnaissance, stealing information, and loading additional payloads. While its distribution has faded after 2020, Korean researchers at AhnLab report that a new version has entered circulation and is supported by the equally old but still very active SmokeLoader malware.
领英推荐
Security analysts have discovered a new campaign attributed to APT37, a North Korean hacking group, that targets high-value organizations in the Czech Republic, Poland, and other European nations. In this campaign, hackers utilize malware known as Konni, which is a remote access trojan (RAT) capable of establishing persistence and executing privilege escalation on the host.
Phishing attacks via social media are on the rise and India witnessed over 1.5 crore such cyber threats in the second quarter (Q2) this year, an average of more than 17.5 lakh attacks per day which were blocked by Norton Labs, the cyber-security company said on Tuesday.
IBM Security today released the annual Cost of a Data Breach Report,1 revealing costlier and higher-impact data breaches than ever before, with the global average cost of a data breach reaching an all-time high of $4.35 million for studied organizations. With breach costs increasing nearly 13% over the last two years of the report, the findings suggest these incidents may also be contributing to rising costs of goods and services. In fact, 60% of studied organizations raised their product or services prices due to the breach, when the cost of goods is already soaring worldwide amid inflation and supply chain issues.
Many of the country’s private sector banks and UPI platforms engaged in mobile banking are looking to upgrade their cyber security systems, thanks to the exponential increase in digital banking over the past couple of years and the quick adoption of cloud technologies amid the pandemic, with their recent conversations with cyber security providers primarily focused on identity security solutions.
Microsoft says attackers increasingly use malicious Internet Information Services (IIS) web server extensions to backdoor unpatched Exchange servers as they have lower detection rates compared to web shells. Because they're hidden deep inside the compromised servers and often very hard to detect being installed in the exact location and using the same structure as legitimate modules, they provide attackers' with a perfect and durable persistence mechanism.
While remote tech workers hold the advantage in the short run, they will need to constantly upgrade their skill set in order to prevent their replacement by automation.
CXO Relationship Manager
2 年thank u for sharing