Tag Archive for: Won’t

Botnets: The uninvited guests that just won’t leave

/in


Botnets have been in existence for nearly two decades. Yet despite being a longstanding and widely known threat, they still have the power to wreak havoc on an organization’s networks, and often do so successfully while evading detection. 

The majority of contemporary malware families have set up botnets for command and control (C2) connections. It stands to reason that the number of active botnets would grow in sync with the number of malware families and versions. When FortiGuard Labs researchers analyzed botnet activity during the first half of 2023, we saw there are more botnets currently active, inevitably increasing the chances that organizations will be impacted by this threat.

What’s more concerning, though, is that we observed an increase in dwell time: Botnets are lingering on networks longer than ever before being detected. This underscores the fact that reducing response time is critical because the longer organizations allow botnets to remain, the greater the damage and risk to the business.

Botnet activity and dwell time are on the rise

The number of active botnets grew in the first half of 2023, up 27% from the prior six-month period. We also saw a higher rate of botnet activity (+126%) among organizations when comparing those same periods. 

Botnets are like uninvited guests that just won’t leave.

The true eye-opener for botnet trends in the first half of this year is the sharp rise in the overall number of \”active days\”—the period between the start of a botnet\’s activity and the termination of its C2 communications. In comparison to measurements made at the beginning of 2018, this reveals a more than 1,000x rise, demonstrating that botnets have become more tenacious in the last five years.

As botnets are quick to adapt and broaden the variety of devices they can automatically infiltrate and control—including some devices that traditionally haven’t been closely inspected, such as IoT—there are more vulnerabilities and exploits than ever that botnets can leverage.

Take back control from the botnets

Reducing response time is vital. The longer the dwell time, the more likely it is that botnets can impact a…

Source…

Google accounts may be vulnerable to new hack, changing password won’t help

/in


A new method allegedly enables hackers to exploit authorization protocol OAuth2 functionality to compromise Google accounts and maintain valid sessions by regenerating cookies despite IP or password reset.

According to security firm CloudSEK, a threat actor under the alias PRISMA boasted a potent zero-day exploit and developed a sophisticated solution to generate persistent Google cookies through token manipulation.

“This exploit enables continuous access to Google services, even after a user’s password reset,” the report reads.

OAuth 2.0 stands for “Open Authorization 2.0” and is a widely used protocol for securing and authorizing access to resources on the internet. It makes verifying user identity easy by tapping into their social media accounts, such as Google or Facebook.

CloudSEK’s threat research team identified the exploit’s root at an undocumented Google Oauth endpoint named “MultiLogin.” This is an internal mechanism designed for synchronizing Google accounts across services, which ensures that browser account states align with Google’s authentication cookies.

The developer of the exploit “expressed openness to cooperation,” which accelerated the discovery of the endpoint responsible for regenerating the cookies.

The exploit, incorporated in a malware called Lumma Infostealer on November 14th, boasts two key features: session persistence and cookie generation. To exfiltrate the required secrets, tokens, and account IDs, the malware targets Chrome’s token_service table of WebData of logged-in Chrome profiles.

“The session remains valid even when the account password is changed, providing a unique advantage in bypassing typical security measures,” the report quotes PRISMA. “The capability to generate valid cookies in the event of a session disruption enhances the attacker’s ability to maintain unauthorized access.”

Researchers noted a concerning trend of rapid exploit integration among various Infostealer groups. They think the exploitation of undocumented Google OAuth2 MultiLogin endpoint provides a textbook example of sophistication, as the approach hinges on a nuanced manipulation of the GAIA ID (Google Accounts and ID…

Source…

Watchdog says it won’t give in to hackers’ blackmail

/in


The Consumer Council on Friday confirmed it has been the victim of a hacking attack, saying it won’t pay a blackmail demand and will only find out exactly what data has been stolen when it gets leaked on the internet.

The watchdog said its computer system was hacked on Wednesday and was told to pay a ransom of US$700,000 to prevent the stolen data from being made public.

The hackers are offering a US$200,000 discount if the ransom is paid by 11.20pm on Saturday.

The attack comes just weeks after government-owned Cyberport also fell prey to hackers who stole personal information on various individuals linked to the technology park.

The Consumer Council said it wasn’t sure what data has been stolen from its system, but it could include ID and phone numbers of current and former staff, their relatives, as well as job applicants.

The watchdog said the breach might also affect some 8,000 subscribers to its CHOICE magazine.

“Because we will definitely not pay the ransom, we will probably need to wait after the ransom deadline and the attackers leak the stolen data to determine what data has exactly been stolen,” said Gilly Wong, the council’s chief executive.

At a press briefing, chairman Clement Chan said the hacking incident has caused disruption to the council’s services.

“The attack has resulted in almost 80 percent damage of the computer system, causing disruption to its hotline services and update of price comparison tools,” said Chan.

“The council has taken immediate action to strengthen the security measures of the system to prevent further attacks by the hacker, whilst appointing a forensic expert immediately to conduct investigations. Hotline services have currently resumed after emergency repairs.”

The council said it would reach out to potential victims of the breach in the next few days, adding that it has also reported the incident to the police and the privacy watchdog.

Source…

You Won’t Believe What Hackers Can Do With Your SSN

/in


F8 studio / Shutterstock.com

F8 studio / Shutterstock.com

From GhostTouch to Vishing, there are so many scams out there attacking your phone, computer, and every bit of technology housing your private information. While we’ve grown accustomed to hearing about hacking, you still might be amazed and appalled by the many ways a scammer can fraudulently use your Social Security number.

See: 6 Big Shakeups to Social Security in 2023
Find: 3 Ways To Recession-Proof Your Retirement

“It’s crucial to be vigilant about SSN disclosure to minimize the chances of falling victim to cybercrime and identity theft,” cautions Sean O’Brien, a lecturer in Cybersecurity at Yale Law School Privacy Lab. “For the past two decades, we’ve seen electronic systems reduce reliance upon SSN as an identifier and a push for other methods of authentication and identification.”

“Due to increased pressure from U.S. regulators and government agencies, however, many systems now require SSN as part of KYC or know your customer policy,” says O’Brien. “This has meant that SSN is, once again, a linchpin to our digital lives.”

Discover some of the awful — but very real — consequences that might happen if your SSN gets stolen, and learn how to prevent or deal with these worst-case scenarios.

aodaodaodaod / Shutterstock.com

aodaodaodaod / Shutterstock.com

Hackers can use your SSN to get credit cards in your name.

It is possible for a hacker to get a credit card with just your name, address and Social Security number. Once the credit cards are in place, fraudsters can run up a lot of debt. Generally speaking, criminals aim to get the most they can with the least effort.

Keeping your SSN safe requires two things: understanding and implementing security best practices, and luck.

Pro tip: If you suspect someone has opened a credit card in your name, your first calls should be to the three major credit reporting agencies: Equifax, Experian and TransUnion. Don’t just contact one — call all three.

Discover: Retirees Confess What They Wish They’d Done With Their Money
Social Security: 20% Cuts to Your Payments May Come Sooner Than Expected

guteksk7 / Shutterstock.com

guteksk7 / Shutterstock.com

They can use your SSN to open a phone account in your name.

Right now, with how phones are connected to our lives and data in so many…

Source…