Tag Archives: Hackers

21 March 2021
Leave a comment
Bez kategorii

Sodinokibi: The Crown Prince of Ransomware

Reading Time: 2 minutes

Sodinokibi, also known as REvil (short for Ransomware Evil) is a ransomware threat group gaining more and more notoriety. Similar to some other ransomware families, REvil is what is called a Ransomware-as-a-Service (RaaS). Ransomware-as-a-Service is where a group of people maintain the code and another group, known as affiliates, spread the ransomware. Such RaaS models allow affiliates to distribute REvil ransomware in various ways, such as phishing campaigns or by uploading tools and scripts allowing them to execute the ransomware in the internal network of a victim. 

Sodinokibi hacks organizations by infecting them with a file blocking virus, which encrypts files after infection and discards a ransom request message. In the message, Sodinokibi explains that the victim needs to pay a ransom in bitcoins or else the files will be leaked. 

The group recently made headlines when they targeted Acer, a Taiwanese electronics company. On March 19th 2021, Acer was the subject of a hacker attack. The attackers, who are the REvil group, demanded the biggest known ransom to date in the history of cyber-attacks – $50 million. The hackers gave Acer until the 28th of March to pay the ransom, or all the stolen data will be released to the public. As of March 20th, Acer did not acknowledge that they were the victim of a security breach. 

Acer data leak on REvil ransomware site
Acer data leak on REvil ransomware site

The malware first surfaced in 2019, when it was discovered that in Oracle’s WebLogic server a serious flaw was noticed – a remote code execution bug which was remotely exploitable without authentication. This was an unusual attack from the side of the hackers, as it directly utilized the vulnerability of the server – and as researchers suggests, such attacks are typically executed with the involvement of user interactions, e.g., the act of opening an attachment to an email message or clicking on a malicious link. 

Sodinokibi has subsequently targeted organizations such as celebrity law firm Grubman Shire Meiselas & Sacks, foreigner currency exchange giant Travelex, Brown Forman Corp. (the owner of the Ritz Hotel in London) and as of recently Acer. 

REvil ransomware funcionalities

REvil is gaining momentum and notoriety, which is evident in the way the hacking group decided to target the tech giant Acer. This cyber security breach is worth following, as the repercussions for Acer may be substantial. This unfortunate event for Acer should also serve as a reminder to all internet users that cyber security attacks keep getting more refined and complex, and that substantial security measures should always be kept in place. 

References

https://www.bleepingcomputer.com/news/security/computer-giant-acer-hit-by-50-million-ransomware-attack/

https://www.infradata.pl/en/resources/what-is-revil-ransomware/

https://threatpost.com/revil-claims-ransomware-attacks/164739/

https://www.theverge.com/2021/3/20/22341642/acer-ransomware-microsoft-exchange-revil-security

Tagged , , , ,
26 November 2019
Leave a comment
Bez kategorii

How to hack a house using a laser

Reading Time: 2 minutesIf you use the software, such as voice assistants of the largest companies, you should be aware, as scientists discovered a new type of hacker attack!
The attack exploits the sensitivity of microphones using micro-electro-mechanical systems (MEMS). Microscopic MEMS elements react to light as if it were sound. Although researchers have tested the possibility of hacking only Siri, Alexa, Google Assistant, Facebook and a limited number of tablets and phones, they believe that all devices using MEMS microphones are vulnerable to this threat.

Below you can find a video showing how exactly this procedure works:
https://www.youtube.com/watch?time_continue=29&v=iK2PtdQs77c&feature=emb_title

The attack is based on the idea of exchanging the sound with a low-power laser beam directed at the device. Basically the lasers trick the microphones into making electrical signals as if they’re hearing someone’s voice. It works even from the distance of 110m and can be executed from another building, through glass windows or doors. It can be really dangerous as some people do not use the required authorization feature for certain commands so that hackers are able to open smart garage doors, order stuff from Amazon on your cost or even start your vehicle. 

Researchers who discovered this dangerous feature claim that the cost of producing a device that could hack any voice assistant, based on MEMS microphone, is about $400 including $340 laser driver, a $20 laser pointer and a $25 sound amplifier. The low costs and simplicity of using it, in this case, are not an advantage, as it makes it possible for almost anyone to make such a device at home, unfortunately for criminals as well.  

To protect your smart household I would highly recommend setting as many passwords as possible when it comes to the security of your voice assistant, moreover to place it in a part of your house which is not visible from outdoors. 

If you would like to find out more details on how exactly this hacker attack works, you can visit the website devoted to this solution:
https://lightcommands.com

sources:
https://lightcommands.com
https://www.cnet.com/news/lasers-can-seemingly-hack-alexa-google-home-and-siri
https://mlodytechnik.pl/news/29884-badacze-hakuja-siri-alexe-i-google-home-za-pomoca-wiazek-laserowych

Tagged , , ,
1 December 2018
Leave a comment
Bez kategorii

Marriott missed data of 500 million clients

Reading Time: 2 minutesYesterday, famous multinational hospitality organization Marriott joined the company of Facebook, Uber and some other large corporations who failed to protect their users’ data privacy. As Marriott reported, the records of 500 million guests of its Starwood division were compromised by an unauthorized party and involved in a data breach.

Starwood’s hotel brands include W Hotels, Sheraton, Le Méridien and Four Points by Sheraton. Marriott branded hotels were not injured as they use separate reservation system.

According to the results of internal investigation, it was found out that hackers had access to the system since 2014 which gave them many opportunities to learn more about the system weaknesses or simply understand where the valuable data is. Stolen information includes some combinations of:

  • name
  • address
  • phone number
  • email address
  • passport number
  • account information
  • date of birth
  • gender
  • arrival and departure information

Some credit card numbers were also stolen as a part of the breach. Marriott says that this part of information was encrypted but attackers may have also compromised the decryption keys needed to unlock the data. This revelation marks one of the biggest corporate data breaches in history. It is the second behind one involving Yahoo.

Beginning Friday, Marriott is sending notification emails to impacted customers, warning them that criminals could send spam to their emails. It has also established a call center and breach notification website. Although, Marriott is trying to help all victims, there is still one unanswered question.

Marriott International management admitted that they were discovered the breach after an internal security tool alerted them in September. Why did it take them so long to figure out what data was accessed and why did they wait another two weeks before informing those affected? Unfortunately, it is a common problem when big companies try to hide such failures and do not reveal them as long as possible. Such irresponsibility must be accompanied by huge fines such as Uber was fined for concealing data breaches some days ago.

Marriott will continue its investigation but it is already clear that the problem of data protection is becoming one of the most important in the 21st century and needs serious actions from states and organizations.

 

Sources:

https://www.bbc.com/news/technology-46401890

https://www.wired.com/story/marriott-hack-protect-yourself/

https://www.rt.com/news/445298-marriott-customers-data-hack/

Tagged , , , ,
21 November 2017
Leave a comment
Bez kategorii

The Future of Security – Highlights from O. Brodt’s speech at Masters&Robots Conference 2017

Reading Time: 5 minutesOleg Brodt works at Deutsche Telekom Innovation Labs in Israel. He comes from the small city called Beersheba, also spelled Beer-Sheva, which also is the largest city in the Negev desert of southern Israel. In the end of October this year he spoke at Masters&Robots Conference in Warsaw, and I would like to present some of the highlights of his speech on cyber security.

 

1. Beersheba – as a Cyber Security Center of Israel

Israeli government decided that Beersheba is going to be a cyber security capital of Israel (being more than 4 times smaller than Warsaw). Therefore, all the cyber security units of military and other agencies were moved to this city. That is what made a great impact on Beersheba’s development and stimulated the inflow of human capital into the city. Nowadays there are 40 multinational companies located in Beersheba. There are also many accelerators, incubators, around 100 Start-Ups and the Ben-Gurion University, which is the only university in Israel offering a cyber security degree. Generally, there are around 400 Start-Ups focused on cyber security in Israel, furthermore, the country attracts 15% of global venture capital financing of cyber security projects.

Beersheba 2007

Beersheba 2017

 

 

 

 

 

 

 

2. Cyber Security Kids – Israeli Programs for Talented Pupils

In Israel children, who are good at math and IT, have a chance to become a part of the educational programs, which are aimed to prepare human resources for Israeli military units. Those are usually kids, who go to 9th grade. If the kid is cherrypicked, he or she attends the after school classes on cyber security twice a week during four years of high school and after this, he or she joins the army unit.

By the time a child finishes a school, he or she is already an expert in cyber security. Moreover, there is a 6-months gap between the kid finishes school studies and joins the military agency, and during that gap, a kid already works on military CS projects in IT labs. Those are the lowest qualified workers in Israeli IT Labs. The IT labs are being headed by professor Yuval Elovici, who is a known academic figure in the field of CS.

3. There are Different Kinds of Attackers in CS

  • Kids (“Script Kiddies”) – just children, who are bored, they have spare time and technical skills to hack you. They have some basic knowledge, and start to play around with CS, however, they are lowly qualified and normally can not do a lot of harm. Moreover, kids are hacking for “FUN”, there is no real money interest in it.
  • State Actors – governments, which hack each other or specific targets. They are extremely highly qualified, and if you are the target – it will be very difficult to defend. Also, they have “unlimited resources” to hack you, which means they are very dangerous and if they really want to hack you, it is a question of time.
  • Cybercriminals – revenue driven hackers, who aim to get a financial benefit from you.
  • Hacktivism – is the subversive use of computers and computer networks to promote a political agenda or a social change. Perhaps the most prolific and well known hacktivist group, Anonymous has been prominent and prevalent in many major online hacks over the past decade.
  • Terror Organizations – not very active in the field of CS yet, but are increasing their activity gradually.

4. Financial Models of Attackers

There are also different ways attackers might harm you and there are some of them:

  • Ransomware – a type of malicious software from cryptovirology that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim’s files, making them inaccessible, and demands a ransom payment to decrypt them.
  • DDOS-as-a-Service – a new service in the Darknet. If you want to attack your competitor in the internet (for example internet shop), you order such a service in the Darknet from qualified hackers, and than they attack the e-commerce platform of your competitor in a way that it gets too many requests and falls offline.
  • Crypto-Hacks – is something relatively new, and means that hackers attack bitcoins exchangers in order to still their money.
  • Darkweb hacking services – there are even whole price lists for certain violations in the Darkweb. For example, how much does it cost to buy a thousand credit cards, or to hack somebody’s Facebook account.

5. It Is Not Personal – When Hacking You is a Business

  • The hackers, who attack you because of financial motivation are interested only in getting the money. They really do not care who you are, they are not hacking you because you are you, they are hacking you because of your resources. And the most popular way to hack during last two years is ransomware. Due to its “commonness”, there starts to arise a commoditization of the services connected to ransomware, so to say. In other words, hackers, who attack you with ransomware have support centers! So, for example, if you get hacked, and your entire organization data in currently encrypted, you get a message that you have to pay a ransom in bitcoins, but you do not know what actually bitcoin is – you may address hackers’ customer service for help. Yes, you get a phone number on your screen, and if you call on this number – a nice customer service representative guide you through the whole process. Sounds nice, hah?
  • Organizations, which are specialized in negotiations with hackers arise. For example: you are being hacked, and the attacker wants you to pay 5000$ ransom for your files. But how can you know that after the transfer of the money the files will be released? That is where negotiations companies come into play. First, they try to establish a reputation of the hacker – they ask him questions like: “How do I know that you are not going to publish my files in the Darkweb?” or “How do I know that you are not going to sell my files to other organizations?” And what happens next is something surprising – hackers give lists of “previous customers” (people or organizations, which were hacked by them before) to convince the victim that the deal is safe. They also propose to refer to those “customers” to get a recommendation. So there exists so-called recommendation base for hackers, in which new negotiations companies are specialized.

Sources:

  • https://en.wikipedia.org/wiki/Ransomware
  • https://en.wikipedia.org/wiki/Beersheba
  • Oleg’s Brodt Speech at Masters&Robots Conference in Warsaw (26-27 October 2017)

 

Tagged , , ,
13 October 2015
1 Comment
Bez kategorii

Hacking, a new issue for insurance companies

Reading Time: 2 minutesEvery year hackers are responsible for enormous losses in companies. No matter where the company is located, cyber-attacks can occur. This problem is not something new and has existed for the past 10 years. Nevertheless it is a growing phenomenon because of the ubiquitous nature of the Internet, which is present in almost every household and company in the Western world.

 

The lack of security presents opportunities for cyber attackers to penetrate your company and steel sensitive information’s. For this reason I invite you to read this article : 5 tips to protect your business from Hackers.

 

To measure the amplitude of those attacks, here are some major breaches occurring in this century:

 

  • In December 2006: Albert Gonzalez and 11 other hackers, has broken the security system of tjx companies (American apparel and home goods company). Tjx networks were not protected by any firewalls, which resulted in the exposure of 94 million credit cards.
  • April 20, 2011: 77 million Playstation networks have been hacked, additionally 12 million credit cards were unencrypted. Sony has suffered enormously after this attack as the site was shut down for a month.
  • July 2011: Estsoft a South Korean software developer has been the victim of the biggest theft of information of South Korea. This resulted in 35 million Koreans being exposed, which is the majority of the population. A lot of information has been stolen from millions of users, among others: birthdates, ID numbers, addresses etc.

 

The list of major breaches is longer and is growing every year (lien).

 

The problem faced by insurance companies does not lie in the providing of insurance for big enterprises but in the capacity of covering the total amount of losses in certain cases. For the most serious hikes, insurance increase deductibles but in some situations limit the refund to 100 millions of dollars, which means that sometimes only half of losses are covered or even less.

For companies that already experience some breaks, the renewal of their insurance costs them, in some cases, 3 times more than at the beginning.

 

However, these problems also offer new opportunities for insurers. Even if the level refunded by insurance corporations is often lower than the real loss caused by hacker attacks; those major events underline the importance of having protection.

As the demand for protection is rising, insurers raise their prices. According to pwc during next 5 years prices for cyber insurance market will rise to 7,5 billion dollars in US.

More here

 

The real problem is that while prices are skyrocketing, the insurance will not increase the security. Furthermore most policies will not work due to the lack of security. Perhaps companies should increase their preventive measures in order to avoid further attacks.

Tagged , ,