The Internet Society says that current perceptions of data encryption are misguided and need to change for the sake of the digital economy.
The post Internet Society: Encryption is key to growing world economy appeared first on WeLiveSecurity
The Internet Society says that current perceptions of data encryption are misguided and need to change for the sake of the digital economy.
The post Internet Society: Encryption is key to growing world economy appeared first on WeLiveSecurity
Latvian-born hacker Alexsey Belan, a Russian citizen, has been on the FBI’s list of most wanted cybercriminals for some time. His latest misdeed was the theft of 500 million Yahoo accounts in order to spy on Russian journalists and officials from both the US government and the Kremlin itself.
The Department of Justice of the United States has officially accused him of the crime. The department suspects that he have committed the crime in collaboration with another cybercriminal and with two spies from the Russian Federal Security Service. Antichat was one of the cybercrime forums which Belan frequented. It is also one of those used by the Russian spyware company OpenGSM to recruit cybercriminals and increase their sales.
According to a Forbes investigation, OpenGSM has resold a tool to spy iPhones and Android smartphones that was developed by an American. Killer Mobile, a company headed by Joshua Alner, created a surveillance software called Tracer that has made its way to Russian shores.
A researcher who preferred to remain anonymous found an OpenGSM document that redirects users to a website owned by Alner from which a spyware kit could be obtained as part of a 600 euro package.
He also found Killer Mobile malware for Android on an OpenGSM website, proof that the company bought the vendor’s surveillance tools. In fact, Alner could have pocketed between 150 and 500 thousand dollars for that sale.
Neither Alner nor OpenGSM, which sells its software to government agencies and consumers, have come forth to comment about their research. Killer Mobile, a company with only ten employees, offered its malware — which is legally defined as a “hidden listening device” — to about sixty resellers in at least ten countries, an activity requiring an export license .
The spy software that OpenGSM commercialized served to host spyware on the devices of almost 800 users in Russia, Kazakhstan and the European Union in 2015. Another tool that OpenGSM offered, which was not developed by Killer Mobile, appears to have had mobile users in the US in its crosshairs.
Tensions are on the rise between geopolitical actors, both big and small, in the cyber-sphere, and as such we are collectively entering a period of uncertainty about where we stand in terms of our own personal security on our devices. Wherever the threat may come from, be it a government agency or a malware entrepreneur, it’s always best to be protected by an advanced cybersecurity solution.
The post The US Malware Developer who Helped Russia Spy on Devices appeared first on Panda Security Mediacenter.
We’re all familiar with the massive data leaks that Yahoo suffered last year. But until recently, we had very little in the way of clues as to who was behind the attacks which started at the beginning of 2014. As more evidence comes to light, it’s becoming increasingly apparent that this is not your run-of-the-mill cybercrime. According to a recent indictment by the US Department of Justice, the folks behind that attack appear to be agents of the Russian Federal Security Service.
The theft of 500 million Yahoo accounts three years ago was allegedly used as a way for the Russian government to access information on a series of targets ranging from the White House itself to cloud computing companies. Military officials, executives of financial companies, and even an airline company were also among the targeted.
In the name of espionage, this attack gave hackers the means of stealing data such as names, email addresses, and credentials. According to information provided by Yahoo in their announcement of the breach, the culprits would not have been able to access data of a more confidential nature, such as sensitive financial information.
In a somewhat ironic turn of events, the information provided by the Justice Department indictment appears to indicate that the stolen data was also used to spy on Russian government officials.
While this would not be the first time that Russian cybercriminals have been accused of data theft, it is in fact the first time that charges have been filed against officials operating in the shadow of Vladimir Putin. Although the agency is supposed to help agencies of other countries track down Russian cybercriminals, in this case two of its own operatives allegedly collaborated to conceal the robbery from their superiors.
“The involvement and direction of F.S.B. officers with law enforcement responsibilities makes this conduct that much more egregious,” said acting assistant US Attorney General Mary B. McCord.
Although the Russian administration has not given an official response to the US indictment, the country’s press has called into question the US Department of Justice’s movement.
In any case, and regardless of who is responsible for these or other breaches, massive data leaks at services such as Yahoo highlight the need to use secure credentials and a protection that is suited to the needs of your company to prevent the theft of confidential information, or even considerable sums of money, in the event of a cyberattack.
The post Who’s Behind the Yahoo Attack? It might be Russian Agents appeared first on Panda Security Mediacenter.
A smartphone’s internal sensors may provide cybercriminals with enough information to be able to guess a user PINs and passwords, according to new research by Newcastle University in the UK.
The post Smartphone sensors ‘can reveal PINs and passwords’ appeared first on WeLiveSecurity
A new report by PwC UK and BAE Systems has revealed a sophisticated cyber campaign “of unprecedented size and scale” targeting managed IT service providers (MSPs). The campaign, dubbed Operation Cloud Hopper, was motivated by espionage and information gathering, as evidenced by the attackers’ choice of high value and low profile targets.
The authors of the report were able to conclude that Operation Cloud Hopper is almost certainly the work of a previously known group called APT10. The APT10 group is already well known in the world of cybersecurity, and it is a widely held view that it is based in China.
Using forensic analysis of operational times and IP zones, the authors of the report were able to conclude with a high level of certainty the identity of the group, their location in China, and the extent of the campaign. They were even able to sketch a portrait of their workday, including “a two hour lunch break”.
“Operating alone, none of us would have joined the dots to uncover this new campaign of indirect attacks,” Richard Horne, cyber security partner at PwC, recently told the BBC.
APT10 appears to be a well-staffed, highly organized operation with extensive logistical resources. According to the report, the group uses a variety of customized open-source software, original bespoke malware, and spear phishing techniques to infiltrate their targets’ systems.
Their strategy of choosing MSPs as a primary target has given them “unprecedented potential access to the intellectual property and sensitive data of those MSPs and their clients globally,” according to the report. “Given the level of client network access MSPs have, once APT10 has gained access to a MSP, it is likely to be relatively straightforward to exploit this and move laterally onto the networks of potentially thousands of other victims.”
Luis Corrons, technical director of PandaLabs, points out that carefully selecting targets, and customizing attacks accordingly, is more common every day. “Aside from the myriads of common cyberattacks businesses regularly have to deal with, nowadays we are witnessing huge increases in the amount of attacks in which cybercriminals are actually inside their victim’s network, adapting to his defenses and carrying out strikes with surgical precision as they target specific assets,” wrote Mr. Corrons in an email.
The Cloud Hopper campaign comes at a time when geopolitical tensions are increasingly crossing over into the realm of cyberespionage and cyberwarfare. Though the report does not openly suggest that there was any involvement on the part of the Chinese government, it does point out that the targeting of diplomatic and political organizations, as well as certain companies, “is closely aligned with strategic Chinese interests.”
Fortunately, targeted attacks, even sophisticated ones perpetrated by highly professional groups like APT10, are pieces of cake for Panda’s Adaptive Defense. As it sees absolutely everything happening on all computers, it can stop these kinds of attacks proactively. Adaptive Defense can also provide forensic information about threats, by giving detailed and intelligent traceability for everything that happens on a company’s IT infrastructure — threat timeline, information flow, the behavior of active processes, etc.
Adaptive Defense 360 is the first cybersecurity managed service that combines next-generation protection (NG EPP) and detection and remediation technologies (EDR), with the ability to classify 100% of running processes. With this innovative technology, it is able to detect and block malware that other protection systems miss.
The post China-based ‘Cloud Hopper’ Campaign Targets MSPs and Cloud Services appeared first on Panda Security Mediacenter.
No less than $75,000 in cryptocurrency (Bitcoin or Ether), or $100,000 in iTunes gift cards — this is the exorbitant ransom that cybercriminals have demanded from Apple. The group, calling themselves the Turkish Crime Family, claims to have stolen access to 300 million iCloud accounts, and have threatened to wipe them on April 7 (tomorrow) if the corporation doesn’t pay up.
The cybercriminals sent a series of screen shots to Motherboard that apparently show the exchange of emails between the hacker group and Apple’s security team. They also provided access to one of the email accounts that they allegedly used to communicate with the company and lay down their conditions for the deal.
According to the messages on the account, the cybercriminals uploaded videos to YouTube to show how they were able to log in to several stolen iCloud accounts and even showed how they were able to access an elderly woman’s photos and remotely delete them.
Allegedly, an Apple employee had asked the criminals to take down the video that they’d uploaded to YouTube. The company also declared, “We do not reward cyber criminals for breaking the law”.
There are a few holes in the attackers’ story. In the initial correspondence, they claimed to have accessed 300 million accounts on Apple’s iCloud, but on the Turkish Crime Family twitter account the claim was a more modest 200 million. In a later correspondence, the number jumped up to 559 million.
“I just want my money and thought this would be an interesting report that a lot of Apple customers would be interested in reading and hearing,” one of the hackers told Motherboard. It seems clear that one of the strategies of this group is to blackmail Apple by making their actions public, alarming as many Apple clients as possible.
However, a spokesperson for Apple has stated that “there have not been any breaches in any of Apple’s systems including iCloud and Apple ID.” The supposed list of email addresses and passwords may therefore have been obtained through a third-party service that had been previously compromised.
The spokesperson also stated that they are “actively monitoring to prevent unauthorized access to user accounts and are working with law enforcement to identify the criminals involved.” We’ll have to wait until tomorrow to see if there is a real threat, or if the hackers are simply bluffing.
In any event, the company has taken the opportunity to remind users to use robust passwords, that they don’t use the same credentials over various websites, and that they activate two-step authentication to add an extra layer of security.
The post Millions of iCloud Accounts Could Be Wiped if Apple Refuses Ransom appeared first on Panda Security Mediacenter.
Millennials and the demands of upcoming GDPR regulations could result in a greater cybersecurity risk for many businesses, new research has suggested.
The post Millennials and GDPR ‘pose increased cybersecurity risk to companies’ appeared first on WeLiveSecurity
The IAAF has become the latest organization to fall victim to the cybercriminal gang Sednit.
The post IAAF: ‘Fancy Bear’ Sednit behind cyberattack appeared first on WeLiveSecurity
Evgeniy M. Bogachev is in his early thirties and lives a comfortable life among his collection of luxury cars in a small resort city on the shores of the Black Sea. He is the most-wanted cybercriminal in the world, and the FBI is offering 3 million dollars for his capture.
The US accuses Bogachev of having created a global botnet composed of infected computers with the attention of winnowing millions of dollars from bank accounts all over the world. According to reporting from The New York Times, the cybercriminal’s victims included everyone from private users to public organizations such as, for example, a pest control company in North Carolina or a police precinct in Massachusetts.
However, Bogachev is seemingly much more than your common cybercrook. The FBI suspects that although he probably got into the business for the same reason as most cybercriminals (money), his activities have grown more complex with time. In fact, he is also suspected of controlling more than a million computers around the world, with access to photographs, documents, and all kinds of confidential personal and corporate information. So what began as a way of draining bank accounts all over the world for huge financial gain has become a unique window of opportunity for Russian intelligence agencies to carry out wide-reaching espionage.
While Bogachev perpetrated his cyber-heists, the Russian authorities appear to have not only turned a blind eye, but also shown their appreciation of his work. Given the extent of Bogachev’s access to computers from all over the globe, the Russian agency allegedly obtained, among other things, information from military services with ties to the conflicts in Ukraine and Syria. According to the Times, they also appear to have accessed information from US intelligence agencies.
At the moment, the attacks carried out by Bogachev under pseudonyms like slavik, lucky12345 or pollingsoon are going unpunished. Russia has no extradition treaty with the United States, and Russian officials have stated that as long as Bogachev does not commit any crime in Russian territory, there would be no reason to stop him.
The logical conclusion of this stance toward international cybercrime is troubling. It implies that the sale of malware by Russian cybercriminals in the dark corners of the internet, or even the theft of money, could be given a pass by Russian agencies.
If confirmed, the situation would prove that black hats could be recruited as mercenaries in cyber-conflicts between the world’s major powers. In such a scenario, the victims (i.e., individuals and businesses) are mere pawns in a game of cyberwar. The loss of things that are of great value to you, such as your privacy, confidential data, even the money in your bank accounts, is seen as mere collateral damage caught up in the forces of conflict between rival nations. It is now more indispensable than ever to have the necessary security tools to protect yourself and guarantee the safety of your digital assets.
The post The Russian Government Uses Known Black Hat for Cyberespionage appeared first on Panda Security Mediacenter.
Laptops, handheld video games, cameras, tablets… unless it has some sort of medical use, all electronic devices bigger than a smartphone will be banned from the cabin of all flights originating in North Africa and the Middle East and bound for the US or UK.
The Trump administration announced the drastic measure, which will affect ten airports in Jordan, Egypt, Saudi Arabia, Kuwait, Morocco, Qatar, Turkey, and the United Arab Emirates.
According to the department of Homeland Security, terrorist organizations “continue to target commercial aviation and are aggressively pursuing innovative methods to undertake their attacks, to include smuggling explosive devices in various consumer items.”
The UK has adopted a similar ban against laptops and tablets. In this case, the measurements are specified and can only travel in checked luggage. The ban is effective for six countries in order to “maintain the safety of British nationals.” Recently, a bomb exploded on a Daallo Airlines flight that may have been hidden on a laptop, forcing the plane to make an emergency landing in Mogadishu.
Even though the TSA (Transport Security Administration) hasn’t gone into detail about the ban, Kip Hawley, ex-director of the organization, defended the decision. According to Hawley, an explosive charge could be installed in a smartphone as well, but would be limited by size and insufficient to pose any major threat.
At the same time, a bomb in the cargo bay would be ineffective, since not only is it surrounded by suitcases that would stifle the blast, but is also itself highly reinforced.
Oddly enough, the decision arrived not long after the Federal Aviation Administration announced that lithium batteries presented the risk of catching fire while in storage under the plane. Some experts have criticized the new measures. Nicholas Weaver, researcher at the International Computer Science Institute, has taken the opposing stance that a bomb “would work just as well in the cargo hold.”
Weaver also points out that if hacking is the main concern, “a cellphone is a computer.” After the Germanwings accident, which took the lives of 150 people, some questioned whether a cybercriminal could be responsible. As of now, however, the threat of a cyberattack is still hypothetical. Indeed, it has only been demonstrated that control can be taken of navigation systems in a simulation environment.
Recently, a Spanish researcher discovered vulnerabilities in planes’ in-flight entertainment systems. The most damage he could do, however, was to turn on and off the lights, broadcast messages over the PA, or steal card numbers from passengers making in-flight purchases.
For the time being, it seems the fears of the US and UK are not based on a potential cyberattack, but rather on the stated concern about hidden explosives. As can be expected from sensitive policy decisions, however, neither London nor Washington are offering much in the way of details.
The post New Security Measure in the US and UK: Tablets Banned on Some Flights appeared first on Panda Security Mediacenter.