1.5 lakh online transactions get compromised every day in India
As many as 1.5 lakh online transactions, out of the total 230 crore such deals, get compromised on a daily basis in India, according to sources. “In IT ministers’ conclave, it was said that on an average 2.3 billion e-transactions take place daily in the country, out of which 0.15 million get compromised,” official sources citing a presentation by National Cyber Security Coordinator Gulshan Rai said. The presentation was made by Rai at the state IT ministers’ conference, which was chaired by Union IT minister Ravi Shankar Prasad. A source said that Rai attributed the main reason for the breach to phishing attack, ransomware, IP address manipulation, etc. The number of compromises cited by Rai is around 3-4 times higher than observations made by the Indian Computer Emergency Response Team (CERT-In). As per the information reported to and tracked by CERT-In, a total number of 44,679, 49,455, 50,362 and 40,054 cyber security incidents were observed during the year 2014, 2015, 2016 and 2017 (till November), respectively. Rai has asked state governments to set up their cybersecurity operations and take computers’ hygiene seriously. Prasad said the Centre will send a special team for auditing cybersecurity of critical infrastructure, and all states should ramp up their infrastructure and manpower to curb breaches that occur online, official sources said. CERT-In has empanelled 54 security auditing organisations to support and audit implementation of information security best practices.
Abhinav Bindra’s Twitter account hacked by Turkish hackers
Former India shooter and Beijing Olympics gold medallist Abhinav Bindra’s official Twitter account fell prey to a cyber attack on late Monday evening. On Saturday, Japanese sports manufacturer Yonex allegedly had its Instagram account hacked and a post was uploaded that claimed the company had parted ways with India’s star badminton player PV Sindhu as she belongs to a “poor country like India”. The company later issued a clarification that their account was hacked. Players from poor countries like India will no longer be sponsored by Yonex as we change our focus towards the Japanese youth” read the caption alongside an image of Sindhu in action. Bindra isn’t the first Indian to have his/her account hacked this month. The account was hacked but a couple of tweets were sent out from the handle. Sindhu, too, later revealed that the company had issued an apology to her. The accounts have been hacked by a group that goes by the name of “Turkish Cyber Army”. ” As a security measure, the account was later temporarily suspended. Last week, a slew of attacks saw Anupam Kher, Abhishek Bachchan, Swapan Dasgupta, Ram Madhav, Kiran Bedi and Pritish Nandy’s social media presence compromised on the microblogging service.
Malicious file-wiping malware hits Pyeongchang to embarrass organisers
Cybersecurity experts say they have identified a destructive malware dubbed “Olympic Destroyer” that was likely used in a cyberattack on the Pyeongchang Winter Olympics during the opening ceremony last week. Disruption is the clear objective in this type of attack and it leaves us confident in thinking that the actors behind this were after embarrassment of the Olympic committee during the opening ceremony,” researchers said, noting that the malware author knew a lot of technical details of the Olympic Game infrastructure. With “moderate confidence”, Talos researchers said they have identified the malware used in the attack that appeared to perform “only destructive functionality. Actors like APT28 have unceasingly harassed organizations associated with the games and the Russians have been increasingly willing to leverage destructive and disruptive attacks. John Hultquist, director of analysis at FireEye’s intelligence analysis team, said: “We have anticipated an attack of some nature on the events for quite a while, particularly by a Russian actor. Winter Olympics officials confirmed on Sunday that a cyberattack did target their networks resulting in technical failures during the opening ceremony but have refused to disclose the perpetrators responsible. Russia’s foreign ministry has already dismissed any “pseudo-investigations” blaming Moscow for cyberattacks on the Winter Olympics saying “no evidence would be presented to the world. Researchers at Cisco’s threat intelligence arm Talos, CrowdStrike and FireEye analysed the malicious code used in the attack and said it was designed to destroy targeted critical systems rather than steal data. com were included in the malware’s code, researchers said. The malware itself is a binary file that drops a browser credential stealer that supports Chrome, Firefox and Internet Explorer and a system stealer to swipe credentials from Local Security Authority Subsystem Service (LSASS) using a method similar to that to that used by Mimikatz.
Hackers hijack over 4,000 US, UK and Australian government websites to secretly mine cryptocurrency
Security researcher Scott Helme first reported the incident and managed to trace the compromised script to 4,275 websites across the globe including NHS websites, the UK’s Student Loans Company, the United States Courts homepage, several state government websites in the US, the Queensland Government’s legislation website and multiple English councils. Hackers hijack over 4,000 US, UK and Australian government websites to secretly mine cryptocurrency Hackers have hijacked more than 4,000 websites, including government sites, in the US, UK and Australia and other nations over the weekend to exploit the processing power of visitors’ computers and secretly mine cryptocurrency. Security researcher Scott Helme first reported the incident after he was alerted by a friend who received a malware warning when visiting the website of the UK’s data protection watchdog, the Information’s Commissioner’s Office (ICO. This weekend’s incident with a cryptominer being embedded in thousands of dependent sites (many of them government) has taught us some valuable lessons,” security researcher Troy Hunt tweeted. McKay said the firm is also commissioning a security review by an independent security consultancy and noted that no other TextHelp services other than BrowseAloud were affected in the attack. The incident comes as cybercriminals increasingly look to tap into the growing digital currency market with cryptojacking attacks, malware and more. Other websites found running cryptocurrency miners include Showtime, Starbucks Argentina, Politifact, UFC’s website and the Pirate Bay. This is not a particularly new attack and we’ve known for a long time that CDNs or other hosted assets are a prime target to compromise a single target and then infect potentially many thousands of websites,” Helme wrote in a blog post. Running at 40% CPU utilisation, the cryptomining script would then covertly mine for Monero coins without the knowledge of the user visiting the website. Government websites will continue to operate securely.
Russian nuclear engineers arrested for using one of the country’s largest supercomputers to mine Bitcoin
Several engineers working at Russia’s top nuclear research facility, the All-Russian Research Institute of Experimental Physics, have been arrested for attempting to use one of the country’s most powerful supercomputers to secretly mine bitcoin. There has been an unsanctioned attempt to use computer facilities for private purposes including so-called mining,” the nuclear centre said in a statement. Russian news services reported that the accused engineers attempted to connect the supercomputer to the internet to mine cryptocurrency. This isn’t the first time industrial facilities in Russia have been used to mine cryptocurrency as Russian lawmakers moved to regulate the burgeoning yet volatile digital currency market. The nuclear facility employs up to 20,000 people and houses a 1-petaflop supercomputer capable of performing around 1,000 trillion calculations per second. The facility is a secretive “closed” city about 500km east of Moscow where nuclear weapons research has been conducted since 1946. Similar attempts have recently been registered in a number of large companies with large computing capacities, which will be severely suppressed at our enterprises, this is technically a hopeless and criminal offence,” the statement added. Guarded by the Russian military and barbed wire fences, the city is still restricted and requires special permits for Russians to visit. Their activities were stopped in time,” Tatyana Zalesskaya, a spokeswoman for The Federal Nuclear Centre in Sarov, western Russia, told Interfax news agency on Friday (9 February) and added that a criminal case has been opened against them all. She, however, did not reveal how many employees of the nuclear facility were arrested.
iBoot leak: Apple intern reportedly leaked sensitive iPhone source code that was posted to GitHub
A portion of Apple’s sensitive and proprietary iOS source code was posted to GitHub on Wednesday (7 February) in a breach that some dubbed as the “biggest leak in history. According to the takedown notice, the offending post contained a “reproduction of Apple’s ‘iBoot’ source code” which is “proprietary and it includes Apple’s copyright notice. The source code for iBoot — the iOS process that starts up the system when you switch on your iPhone and makes sure the code being run is valid and legitimate — was leaked by an anonymous user named “ZioShiba. Although Apple says the outdated code is unlikely to be exploited by hackers to break into their devices or compromise users’ security, experts say the leak of such code itself is worrying. The Cupertino company confirmed that the post did contain legitimate code but dismissed any potential security implications of the leak. The fact that Apple’s key proprietary code was seemingly swapped in the wild around the jail-breaking community before it was leaked also raises serious security concerns. The release of the iBoot code demonstrates that vendors can’t take it for granted that source code will always remain hidden,” RedScan CTO Andy Kays told SC Magazine UK. Having the iBoot source code and not being inside Apple. According to Motherboard, the three-year-old source code for iOS 9 was initially stolen by a former Apple intern who shared it with a group of five friends in the iOS jailbreaking community. He pulled everything, all sorts of Apple internal tools and whatnot,” one friend of the intern who received the code told Motherboard.
Hackers hijack millions of Android devices to secretly mine Monero in drive-by cryptomining scheme
Over the past few months, security experts have observed a steady rise in cryptojacking attacks, malware-based miners and browser-based cryptominers to ensnare the processing power of millions of devices to generate digital currencies without the knowledge or consent of users. In this malicious campaign, the threat actors redirect unsuspecting mobile users to dubious pages set up to perform in-browser cryptomining by exploiting their device’s processing power to generate Monero coins. Victims are presented with a CAPTCHA code to solve while the cryptomining script runs in the background Malwarebytes Labs “It’s possible that this particular campaign is going after low quality traffic—but not necessarily bots —and rather than serving typical ads that might be wasted, they chose to make a profit using a browser-based Monero miner,” they noted. Hackers hijack millions of Android devices to secretly mine Monero in drive-by cryptomining scheme Hackers have managed to hijack millions of Android devices over the past few months to secretly generate Monero coins in a new “drive-by” cryptomining campaign, security researchers have discovered. Until users solve the CAPTCHA code, the site runs an exhaustive cryptojacking script that exploits the phone’s CPU power to mine Monero – a process that could damage the device if left running long enough. Until the code (w3FaSO5R) is entered and you press the Continue button, your phone or tablet will be mining Monero at full speed, maxing out the device’s processor,” Jerome Segura, lead malware intelligence analyst at Malwarebytes, wrote in a blog post. Over the weekend, more than 4,000 websites in the US, UK, Australia and other nations were hijacked with hackers tweaking the code of a plugin named BrowseAloud to secretly mine cryptocurrency. Five identical domains have been identified using the same CAPTCHA code but with different Coinhive site keys. We believe there are several more domains than than just the few that we caught, but even this small subset is enough to give us an idea of the scope behind this campaign,” Segura said.
Telegram zero-day flaw used by suspected Russian hackers to spread backdoor and cryptocurrency miner
Hackers have exploited a zero-day flaw in Telegram to infect users with a backdoor that provides cybercriminals with remote control of victims’ systems. According to security researchers at Kaspersky Lab, who discovered the zero-day flaw and the attacks, the hackers began exploiting the vulnerability, targeting Telegram Windows users in March 2017. Hackers also infected users’ systems with a backdoor that used the Telegram API, which in turn gave attackers remote control access to victims’ computers. The researchers discovered that the hackers were exploiting the vulnerability to mine for various cryptocurrencies, including Monero, ZCash, Fantomcoin and others. It appears that only Russian cybercriminals were aware of this vulnerability, with all the exploitation cases that we detected occurring in Russia. However, once the researchers alerted Telegram about the flaw, the vulnerability was fixed. It also remains unknown as to how many Telegram users were targeted by the hackers. The researchers believe that the attacks are likely the work of Russian hackers. However, RLO can also be used by hackers to trick users into downloading malicious files disguised as photos. We have found several scenarios of this zero-day exploitation that, besides general malware and spyware, was used to deliver mining software – such infections have become a global trend that we have seen throughout the last year.
What is AndroRAT? New Android malware comes with extensive spying and data-stealing abilities
New Android malware comes with extensive spying and data-stealing abilities A new variant of an Android malware has been discovered, which comes with extensive data-stealing and spying abilities, allowing hackers to gain access to almost all data on infected devices. These include the ability to steal a list of all the installed apps, steal browser history and Wi-Fi passwords, record calls, upload files into the infected device, send and delete SMS messages, install a keylogger and use the front camera to capture high resolution photos. The first time TrashCleaner runs, it prompts the Android device to install a Chinese-labeled calculator app that resembles a pre-installed system calculator. In addition to possessing the original features of AndroRAT, such as stealing GPS location, contacts, Wi-Fi names, device model details, SMS messages and more, the new variant also comes with new abilities. The malware can hijack devices to use the front camera to take high-resolution photos, record audio, steal files and more. The new version of the malware disguises itself as an app called TrashCleaner, which once installed, can allow hackers to perform various malicious activities. Downloading only from legitimate app stores can go a long way when it comes to devise security. Although Google already patched the vulnerability, older Android devices may still be vulnerable. The malware was originally a university project – meant to be an open-source application that provided remote control of an Android system. Users should refrain from downloading apps from third-party app stores to avoid being targeted by threats like AndroRAT,” Trend Micro researchers warned.
Thousands of California state employees, contractors’ sensitive data exposed in security breach
California’s Department of Fish and Wildlife said that thousands of state employees and contractors’ sensitive, personal data were exposed in a security breach discovered nearly two months ago. Department officials said a former employee downloaded the data to an unencrypted personal device and took the records outside of the state department’s network. Compromised data included the full names, Social Security Numbers and, in some cases, home addresses of people who worked at the CDFW and California’s Wildlife Conservation Board in 2007, a memo sent to its existing employees last week reportedly states. Department spokeswoman Jordan Traverso said CDFW has not yet found evidence of any malicious hackers profiting off of the exposed data, Sacramento Bee reports. In December last year, a MongoDB database containing the personal data of every voter in California was also left unprotected. News of the security breach comes just days after the Sacramento Bee accidentally leaked a database that included 19 million California voters’ records online. CDFW said it did not notify the individuals until this week in compliance with a civil code that says notification may be delayed until law enforcement determines doing so will not affect its criminal investigation into the breach. We take the security of personally identifiable information very seriously,” CDFW said in the memo dated 15 February. The security breach was first discovered before Christmas on 22 December 2017, officials said. The department has not named the ex-employee in question or provided any details regarding when or why the data was downloaded by the former staffer.