Tag Archive for: Dollars

Zero-days for hacking WhatsApp are now worth millions of dollars

/in


Thanks to improvements in security mechanisms and mitigations, hacking cell phones — both running iOS and Android — has become an expensive endeavor. That’s why hacking techniques for apps like WhatsApp are now worth millions of dollars, TechCrunch has learned.

Last week, a Russian company that buys zero-days — flaws in software that are unknown to the developer of the affected product — offered $20 million for chains of bugs that would allow their customers, which the company said are “Russian private and government organizations only,” to remotely compromise phones running iOS and Android. That price is in part likely caused by the fact that there aren’t many researchers willing to work with Russia while the invasion of Ukraine continues, and that Russian government customers are likely willing to pay a premium under the current circumstances.

But even in the markets outside of Russia, including just for bugs in specific apps, prices have gone up.

Leaked documents seen by TechCrunch show that, as of 2021, a zero-day allowing its user to compromise a target’s WhatsApp on Android and read the content of messages can cost between $1.7 and $8 million.

“They’ve shot up,” said a security researcher who has knowledge of the market, and asked to remain anonymous as they weren’t authorized to speak to the press.

WhatsApp has been a popular target for government hackers, the kind of groups that are more likely to use zero-days. In 2019, researchers caught customers of the controversial spyware maker NSO Group using a zero-day to target WhatsApp users. Soon after, WhatsApp sued the Israeli surveillance tech vendor, accusing it of abusing its platform to facilitate its customers using the zero-day against more than a thousand WhatsApp users.

In 2021, according to one of the leaked documents, a company was selling a “zero click RCE” in WhatsApp for around $1.7 million. RCE is cybersecurity lingo for remote code execution, a type of flaw that allows malicious hackers to remotely run code on the target’s device. Or in this case, inside WhatsApp, allowing them to monitor, read and exfiltrate messages. “Zero click” refers to the fact that the exploit…

Source…

How network security can save security dollars

/in


For the last twelve years, 100% of CIOs have said that they expect to spend more on IT security, making security the only category that just keeps on absorbing investment. Every year in the last three years, over 80% of enterprises have said that their IT security still needed improvement. So, like death and taxes, is security spending growth inevitable? If we keep on the way we have, it sure seems like it. But what might change?

Let’s start with what’s important to users. External threats, meaning hacking, are a problem for every CIO. Internal threats, from badly behaving employees, are a problem for three out of four. Data theft is a universal fear, and malware that interferes with applications and operations is an important problem for over 90% of CIOs. As far as approaches or targets are concerned, 100% say access security on applications and data is essential and so is regular malware scanning. If you ask CIOs to pick a single thing they think is essential for IT security, it’s access security.

Access security, according to CIOs, is ensuring that applications and data are accessed only by those with the right to do so. If you have it, they believe, then hacking poses little threat because hackers won’t be authorized. Malware that impersonates an authorized user may still have to be addressed, but access security can limit the scope of what malware can do. It’s no wonder that every security vendor offers something in access security, and it’s no wonder that the hottest topic in security, zero-trust security, is a form of access security. Given that access is almost always via a network connection, it’s reasonable to ask whether network security features could enhance access security and zero-trust, and maybe even slow the growth of security spending overall. If you can’t connect to it, you can’t hack it.

Let’s dissect that by starting with a critical statement: Zero-trust doesn’t mean there is no trust, it means that trust is never assumed. That which isn’t assumed is explicit, and that means that all true zero-trust strategies depend on deciding what information connections are valid. One way to do this is to require…

Source…

Scammer steals thousands of dollars worth of laptops from South Florida business – WSVN 7News | Miami News, Weather, Sports

/in


(WSVN) – A South Florida business has become the victim of a highly sophisticated scam. Kevin Ozebek exposes the scheme in tonight’s 7 Investigates.

Jake Luther’s company supplies items big and small to a host of clients.

Jake Luther: “Anything from toilet paper at your local museum or sandblasting a trailer for the military.”

So Jake was ecstatic when he got an email from a man saying he was Rodney Cartwright, the senior procurement executive at the National Gallery of Art in Washington, D.C.

Jake Luther: “It was from a dot-gov email address. From there it says, ‘We’d like you to bid on the opportunity to supply us with laptops for a new office expansion.’ We looked him up, we looked up the address, we looked up the National Gallery of Art. Everything lined up.”

Since the museum houses one of the most prestigious art collections in the country, Jake jumped at the chance.

He replied with a bid to send 63 laptops for $97,900.

A few days later, he got an email saying the bid was approved.

Jake Luther: “I was planning for my wedding, so we had a bunch of expenses coming up, so to me, being a Christian guy, this is a blessing from God.”

From his Cutler Bay office, Jake ordered the computers and sent them to a warehouse in Nashua, New Hampshire.

He was told it was the gallery’s distribution center.

Jake Luther: “During this time, he came back to me, and he was like, ‘You know, there’s a chance that we’re doing another expansion. It’s our final one. We need to order like another 60 more units.’”

So Jake sent 60 more laptops for $116,000 to Nashua.

He then focused on his upcoming wedding.

Jake Luther: “When I got back from my honeymoon, we’re about the 30-day mark where this contract should be paid out through wire transfer, which is relatively typical for these type of deals.”

But the money never came, and Jake stopped getting responses from the man he thought was Rodney Cartwright.

Jake Luther: “It’s one of my lowest emotional moments. It was like I could feel my head pounding, I could hear ringing in my ears. I immediately got on my knees and didn’t know what to do.”

Jake then tracked down the real Rodney Cartwright at the museum and…

Source…

$10 Million US Dollars, Missing Ransomware Gangs, and so much more!

/in


 

Ransomware Attacks Increase As Threat Actors Evolve (2)

Wow, what a week. From new incentives to become a cyber defender to new targets for threat actors, this week had it all. We start with the $10 million dollar information bounty currently offered by the US Government and we end with the startling news of the Trickbot comeback. See? This week was wild–keep reading for the News In Review.

 

The U.S. government will begin offering up to $10 million for information to identify or locate threat actors working on behalf of foreign governments that are trying to cripple the internet operations of American businesses and infrastructure. The new reward was announced as the U.S. faces a growing threat from ransomware attacks. Apparently, ransomware attacks went up by 300% in the last year alone. These attacks on US enterprises are usually from Russia, according to US officials. For more information about the new incentive, click here.


The REvil ransomware gang, implicated in the high-profile attacks on JBS and Kaseya, seems to have disappeared. Cybersecurity researchers report that the entirety of the group’s infrastructure, from extortion pages to servers, has gone offline. The group has even closed up pages advertising its services on the dark web. Even on the dark web, no trace of the group can be found. Authorities are unsure if this vanishing act is permeant or part of a larger scheme. To learn more about the missing gang, click here.

Schedule a demo

 

An “imminent ransomware campaign” will be impacting SonicWall’s Secure Mobile Access 100 series and Secure Remote Access products, according to a security advisory from the vendor. SonicWall published a security advisory Wednesday for unpatched and end-of-life (EOL) 8.x firmware versions of its SMA 100 and SRA devices. According to the vendor, threat actors are “actively targeting” and exploiting a known vulnerability in an “imminent ransomware campaign” using stolen credentials. The advisory doesn’t identify the vulnerability. Impacted devices include SRA 4600/1600 (EOL 2019), SRA 4200/1200 (EOL 2016), SSL-VPN 200/2000/400 (EOL 2013/2014), and SMA 400/200, supported in “Limited Retirement Mode.” To read the full story about the potential attack, click here.


Source…