Tag Archive for: Changed

How the ZeuS Trojan Info Stealer Changed Cybersecurity

/in


Information stealer malware is a type of malicious software designed to collect sensitive information from a victim’s computer. Also known as info stealers, data stealers or data-stealing malware, this software is true to its name: after infecting a computer or device, it’s highly adept at exfiltrating login credentials, financial information and personal data.

Info stealers typically operate by monitoring keyboard input, capturing screenshots and intercepting network traffic. They may also search a hard drive for specific types of data. The stolen information is then exfiltrated to the attacker’s command-and-control (C2) server for further exploitation.

Information stealer malware has flourished on underground criminal networks. With extortion currently thriving, info stealer malware is also on the rise. Plus, info stealer services for financial fraud attacks are available on the dark web for as little as $200 per month. 

Though this type of malware has been around in some form for over two decades, the ZeuS trojan was by far one of the most influential info stealers in that timeframe. Let’s take a look at the history of info stealers, and how this type of threat impacted cybersecurity then and now.

What Was the First Info Stealer?

One of the earliest known examples of a successful information stealer attack was the Melissa virus in 1999. One of the first highly successful email worms, Melissa spread rapidly through the use of infected Microsoft Word macros. The worm arrived in the form of an email with an attached document named “list.doc.” 

When the recipient opened the attachment, the worm infected the victim’s computer and continued to spread. It replicated itself by sending infected emails to the first 50 contacts in the victim’s Microsoft Outlook address book. Experts categorize Melissa as an info stealer because, in addition to its worm-like behavior, it also accessed the victim’s email address book and harvested email addresses. 

Harvesting information from the infected computer is a hallmark of info stealer malware. However, it’s worth noting that Melissa was primarily a self-replicating worm. The information-stealing capability was a secondary…

Source…

Why the fundamentals of war haven’t changed

/in


The reality, of course, is that ‘tactical’ nuclear weapons do not exist – they are all strategic weapons – and, as such, come under the doctrine of Mutually Assured Destruction which ably governed the nuclear relationship between the superpowers during the Cold War. Putin won’t use a nuclear weapon, because he can’t be sure that it won’t mean the end of him, and possibly of Moscow. 

Finally, we come to information and cyber warfare. Many warned that Ukraine’s critical infrastructure could be destroyed by Russian cyber attacks in the first weeks of the war. But, in fact, we have seen that moderate cyber defences, as enacted by the Ukrainians, are sufficient to protect critical systems. 

And as for the importance of information—or propaganda as it used to be called: is President Zelensky any different to a Churchill or De Gaulle in the way he uses technology to rally his country and generate support around the world?

The reality is that all of these things – and more – are changes of degree. They are changes of mode in the manner of prosecution of war. But they are not changes to the substance of warfare. The nature of war has not changed since man fought as bands of hunter-gatherers on the African savannah. It is still – primarily and fundamentally – a deeply psychological phenomenon. It is still a contest between evolved human brains. 

The same dynamics of advance, retreat, feint, ruse, confidence and fear decide the outcomes of battles, and of wars. The physicality of war – the bombs, bullets and bayonets – are merely there to affect your enemy’s state of mind, as was illustrated so clearly two weeks ago when Ukraine’s recapture of Russian-occupied territory prompted many frightened Russian soldiers to surrender or flee their positions.  

This fundamental psychological truth about warfare tells us some other things as well. It tells us that strategy – how you change your enemy’s psychology and make them do what you want – is supreme. It also tells us that logistics – your resources or tools for the job – are of crucial importance. And it tells us that morale – that ancient intangible of camaraderie and esprit de corps – is a battle…

Source…

Sansad TV’s YouTube Channel Compromised, Name Changed To “Ethereum”

/in


Sansad TV's YouTube Channel Compromised, Name Changed To 'Ethereum'

Sansad TV broadcasts live proceedings of Lok Sabha and Rajya Sabha. (File photo)

New Delhi:

Sansad TV, which broadcasts live proceedings of Lok Sabha and Rajya Sabha, said today that its YouTube account was “compromised” and the channel name to ‘Ethereum’ by some scamsters, shortly after its account got terminated for allegedly violating YouTube’s community guidelines.

“YouTube has started fixing the security threats permanently and it shall be restored ASAP,” it said.

“YouTube Channel of Sansad TV got compromised due to unauthorized activities by some scamsters on 15 February 2022 (Tuesday 01 :00 a.m.) including live streaming on this Channel. Also, the Channel name has been changed to “Ethereum” by the attacker. However, Sansad TV’s Social Media Team promptly worked on it and got the Sansad TV Channel restored by early morning at around 0345 hours,” it said in a press statement.

The Sansad TV said that its management was also alerted about the incident by the Indian Computer Emergency Response Team (CERT-In), the nodal agency for responding to cyber security incidents in India.

Screenshots of Sansad TV’s YouTube account shared on social media showed message that “This account has been terminated for violating YouTube’s community guidelines”.

Sansad TV was created last year by merging Lok Sabha TV and Rajya Sabha TV.

Source…

Three key ransomware actors changed jobs on October 18 • The Register

/in


October 18, 2021, was a tricky day for the ransomware industry. First, the gang that ran the REvil ransomware had its servers compromised, and then three individuals with key roles changed jobs.

That version of history was told today by Juan Antonio Velasco – a cybersecurity analyst at Spanish financial services giant Santander Group. Speaking at CyberCrimeCon 21, an event convened by threat-hunting and security software company Group-IB, Velasco’s talk tracked the recent career moves of four ransomware actors named Orange, MRT, Kajit and 999.

All have been active on various crime forums for some time. Orange served as the main administrator on a Russia-centric forum called Ramp. He or she reported details of the ransomware gang Babuk’s activities after the group infamously infected The Metropolitan Police Department of Washington DC in April 2021.

999 was Ramp’s forum moderator. Kajit also performed some moderation duties and was active on rival forums such as XXX.is and exploit.in.

They all changed jobs on October 18. Orange, MRT, and 999 decided to go private, while Kajit was named the admin of Ramp. Velasco’s analysis of traffic on crime forums suggests he or she now has a line of contact to the masters of the REvil ransomware once enjoyed by Orange. Kajit has also launched a redesign of Ramp.

Ramp has recently started to court Chinese actors, in addition to its usual Russian-and-English-speaking clientele. Velasco was unable to explain why that’s happened, but thought the increasing interaction between Russian and Chinese actors was notable.

He also noted that October 18 is the day REvil’s servers went offline – but didn’t explicitly link the change of gigs to the (possible) demise of the (probably) Russian gang.

The researcher discussed the job moves in the context of his probes of how ransomware groups operate an increasingly sophisticated and diverse supply chain. Velasco said labor is now divided…

Source…