Tag Archive for: Who’s

Chart: Who’s Behind Cyber Attacks?

/in


The Cybersecurity and Infrastructure Security Agency (CISA), alongside the National Security Agency (NSA) and the Federal Bureau of Investigation (FBI), has issued a warning about potential cyber threats posed by Chinese state-sponsored actors targeting critical infrastructure in the United States.

The warning follows recent incidents involving a group known as Volt Typhoon, which also goes by names such as Vanguard Panda and BRONZE SILHOUETTE, and is believed to have breached the IT environments of multiple critical infrastructure organizations in the U.S., including in Communications, Energy, Transportation Systems, and Water and Wastewater Systems sectors. According to the advisory, these malicious actors are actively attempting to infiltrate U.S. networks and are potentially paving the way for disruptive or destructive cyberattacks.

Between 2000 and 2023, the European Repository of Cyber Incidents (EuRepoC) database recorded a total of 2,506 politically motivated cyber attacks worldwide, perpetrated by 679 known actors/groups. These cyber incidents include politicized and non-politicized attacks aimed at political targets, as well as attacks against critical infrastructure, whether carried out by states (and affiliated groups) or by non-state actors with political objectives.

As detailed in the following infographic, almost 12 percent of politically-motivated cyberattacks detected since the turn of the century were launched from China, followed by Russia with a similar share (11.6 percent). Iran was responsible for 5.3 percent of these cyber incidents over the period studied, and North Korea for 4.7 percent. It’s important to note here that most malicious acts of this type (45 percent) were unattributed, meaning that the country of origin could not be identified in many cases.

Almost a third of the politically-motivated cyber attacks analyzed were carried out by states (or affiliated groups), and a similar proportion by non-state actors with political objectives. Around half of the attacks recorded were aimed at political targets (public figures, political parties, etc.), and almost 20 percent at critical infrastructures.

Source…

Every day, half a million malware apps are created for scamming. Who’s behind them?

/in


HANOI: One hour. That is all the time it takes to build malicious software that can access the camera, messages, calls, storage, microphone, location, contacts — nearly everything — on a victim’s phone.

And cyber threat hunter Ngo Minh Hieu finds more than half a million of such malware apps created every day, in his work for Vietnam’s National Cyber Security Centre.

Vietnam saw a 64 per cent rise in online fraud in the first half of this year compared with the same period last year, according to the country’s Authority of Information Security.

A growing number of incidents in the last five years are related to malware, said Nguyen Quang Dong, the director of the Institute for Policy Studies and Media Development.

The flurry of fraudulent activity has landed Vietnam among the world’s top 10 cybercrime hotspots according to the Global Tech Council, the programme Talking Point found as it investigated who might be behind the malware scams that have emerged in Singapore this year.

FORMER SCAMMER BECOMES CYBER THREAT HUNTER

Between January and August, more than 1,400 victims in Singapore lost at least S$20.6 million in total, police said.

The perpetrators linked to malware scams have mostly played the role of money mules, said Ang Hua Huang, assistant superintendent at the newly operationalised anti-scam command centre run by the Singapore Police Force.

There have been teenagers arrested for suspected involvement.

WATCH: Who are the people behind malware scams? (21:58)

Source…

Who’s Behind the 8Base Ransomware Website? – Krebs on Security

/in


The victim shaming website operated by the cybercriminals behind 8Base — currently one of the more active ransomware groups — was until earlier today leaking quite a bit of information that the crime group probably did not intend to be made public. The leaked data suggests that at least some of website’s code was written by a 36-year-old programmer residing in the capital city of Moldova.

The 8Base ransomware group’s victim shaming website on the darknet.

8Base maintains a darknet website that is only reachable via Tor, a freely available global anonymity network. The site lists hundreds of victim organizations and companies — all allegedly hacking victims that refused to pay a ransom to keep their stolen data from being published.

The 8Base darknet site also has a built-in chat feature, presumably so that 8Base victims can communicate and negotiate with their extortionists. This chat feature, which runs on the Laravel web application framework, works fine as long as you are *sending* information to the site (i.e., by making a “POST” request).

However, if one were to try to fetch data from the same chat service (i.e., by making a “GET” request), the website until quite recently generated an extremely verbose error message:

The verbose error message when one tries to pull data from 8Base’s darknet site. Notice the link at the bottom of this image, which is generated when one hovers over the “View commit” message under the “Git” heading.

That error page revealed the true Internet address of the Tor hidden service that houses the 8Base website: 95.216.51[.]74, which according to DomainTools.com is a server in Finland that is tied to the Germany-based hosting giant Hetzner.

But that’s not the interesting part: Scrolling down the lengthy error message, we can see a link to a private Gitlab server called Jcube-group: gitlab[.]com/jcube-group/clients/apex/8base-v2. Digging further into this Gitlab account, we can find some curious data points available in the JCube Group’s public code repository.

For example, this “status.php” page, which was committed to JCube Group’s Gitlab repository roughly one month ago, includes code that makes…

Source…

Cyber Vendors or Cyber-Criminals: Who’s Winning the Race for the Brows

/in


From the rollout of text-to-image generation tools like DALL-E to natural language processing platforms such as ChatGPT, wowing in their ability to write resumes, scientific papers and more, it has been a breakthrough 12 months for artificial intelligence (AI). 

Many industries are already embracing these advances. Market research, copywriting, time management, coding and customer service are all purposes for which ChatGPT, and its rival platforms, are being leveraged by businesses. However, it’s not just corporations tapping into AI’s potential.

With the emergence of ever more useful tools, threat actors have also become empowered to find and develop increasingly sophisticated threat campaigns designed to exploit common vulnerabilities facing enterprises in 2023.

At Menlo Security, we have seen a major uptick in the use of highly evasive attacks targeting the browser, in part driven by this increasingly easy access to AI tools that even amateur attackers can use to create malware or viruses.

It’s an adjustment that adversaries have made in response to the changing working norms. Where many organizations have continued to embrace remote and flexible policies post-Covid, employees are enjoying the freedom of working wherever, whenever and however it best suits them – be it from the office, at home or on the go, both within and outside of the traditional 9 to 5. 

To facilitate this, enterprises have embraced cloud-based models – a dynamic in which the browser has become the central hub of operations. In fact, Google reports that the average employee spends as much as 75% of their working day using a web browser. 

As threat actors have adapted, cultivating an increasingly expansive and sophisticated arsenal of browser-based attack methods in response, 80% of breaches are now estimated to come through the browser.

Adapting Security Strategies

The spike in browser-focused cyber-attacks is, of course, a problem and one that has seen a range of policies deployed to find a resolution. 

Recently, it was reported that Google is running a pilot scheme to encourage selected staff members (around 2500) to work without access to the internet, the…

Source…