Always Providing You With Ongoing Information

Posts tagged ‘Hacking’

 

White House homeland security adviser Thomas Bossert said “the best and the brightest are working on” tracking who was behind the ransomware cyberattack.

 

Michael Reynolds/European Pressphoto Agency

White House homeland security adviser Thomas Bossert said “the best and the brightest are working on” tracking who was behind the ransomware cyberattack.

Security researchers have discovered digital clues in the malware used in last weekend’s global ransomware attack that might indicate North Korea is involved, although they caution the evidence is not conclusive.

An early version of the ‘‘WannaCry’’ ransomware that affected more than 150 countries and major businesses and organizations shares a portion of its code with a tool from a hacker group known as Lazarus, which researchers think is linked to the North Korean government.

John Bambenek, a research manager at Fidelis Cybersecurity says “This implies there is a common source for that code, which could mean that North Korean actors wrote ‘WannaCry’ or they both used the same third-party code,’’

White House homeland security adviser Thomas Bossert said Monday that investigators were still working to determine who was behind the attack. The best and the brightest are working on it.

Several security researchers studying ‘‘WannaCry’’ on Monday found evidence of possible connections to the crippling hack on Sony Pictures Entertainment in 2014 attributed by the US government to North Korea. That hack occurred in the weeks before Sony released a satiric movie about a plot to kill North Korean leader Kim Jong Un.

However, Bambenek cautioned that the links are circumstantial. ‘‘It could be a freak coincidence,’’ he said. ‘‘The code in question is not a large portion of the overall Wannacry malware so it’s plausible that the attackers got it from somewhere else.’’

The spread of the WannaCry virus has slowed as new cyberdefenses have been put in place and some eight to 10 U.S. entities, including a few in the health-care sector, reported possible “WannaCry” infections to the Department of Homeland Security, a US official said.

Factories, hospitals, and schools were disrupted in China by the attack, the spread of the virus appeared to be slowing. State media said 29,000 institutions had been hit, along with hundreds of thousands of devices.

South Korea reported that just five companies were affected, including the country’s largest movie chain.

Researchers discovered a ‘‘kill switch’’ on the virus that stopped its spread from computer to computer, potentially saving tens of thousands of machines from further infection.

The ransomware program, which is spread through e-mail, encrypts computer files and then demands the bitcoin equivalent $300 to unlock them.

The attack hobbled operations at Russia’s Interior Ministry, Spanish telecommunications giant Telefónica, and Britain’s National Health Service.

 

 

 

WannaCry Ransomeware

wannacrypt ransom note

The worm called WannaCry infected  200,000 computers in more than 150 countries, tied the UK health service in knots, took out the Spanish phone company, made train travelers in Germany chaotic, and took big swipes out of FedEx, Renault, a reported 29,000 Chinese institutions, and networks all over Russia—including the Russian Interior Ministry.

Can you get infected by Wanna Cry Ransomeware?

No. MalwareTech defanged the malware. Although there are a few extraordinary situations where the threat persists (in particular if your network blocks access to one odd website), for most people, WannaCry has been out of commission since late Friday.

Well Do I  need to worry about it right now?

Yes. There have been reports from Matt Suiche of a new WannaCry variant that’s been sinkholed with 10,000 infections logged. The clones are coming, and many of them won’t be easy to stop. You have to get your Windows PC patched now.

What’s Happening With The SAT

 

 

 

Snapshotpink3_001

Hacking The SAT

FedEx Also Suffers Malware Attack

blacktop3_001

FedEx Corp confirms it has suffered a malware attack on Friday  and said its Windows-based systems were “experiencing interference” due to malware and that it was trying to fix the issue as quickly as possible. Computer systems at companies and hospitals in dozens of countries were hit Friday, apparently part of a huge extortion plot. The so-called ransomware attack appears to exploit a weakness that was purportedly identified by the U.S. National Security Agency and leaked to the internet. It encrypts data on infected computers and demands payment before the information is unencrypted..

A cyberattack that is forcing computer owners to pay hundreds of dollars in ransom to unlock their files has hit almost every corner of the world. This is the biggest ransomware outbreak in history.

Security experts from Kaspersky Lab and Avast Software say Russia was the hardest hit, followed by Ukraine and Taiwan. Researchers believe a criminal organization is behind this, given its sophistication.Russia’s Interior Ministry says it has come under cyber attack. Agency spokeswoman Irina Volk says in a statement carried by Russian news agencies that Friday’s cyber attacks hit about 1,000 computers. She said the ministry’s servers haven’t been affected. Volk also said that ministry experts are now working to recover the system and do necessary security updates.

Russian media also said that the Investigative Committee, the nation’s top criminal investigation agency, also has been targeted. The committee denied the reports.

Megafon, a top Russian mobile operator, also said it has come under cyberattacks that appeared similar to those that crippled U.K. hospitals on Friday.

Microsoft has released fixes for vulnerabilities and related tools disclosed by TheShadowBrokers, a mysterious group that has repeatedly published alleged NSA software code. But many companies and individuals haven’t installed the fixes yet, or are using older versions of Windows that Microsoft no longer supports and didn’t fix.

Hospitals in the U.K. and telecommunications companies in Spain are among those hit by a “ransomware” attack that locked up computer data and demanded payment to free it. The attacks use a malware called Wanna Decryptor, also known as WannaCry.

Vault 7 & The Grasshopper

Snapshotwhite10_001

WikiLeaks has published more secret hacking manuals belonging to the US Central Intelligence Agency as part of its Vault7 series of leaks. The site is billing Vault7 as the largest publication of intelligence documents ever.

Friday’s installment includes 27 documents related to “Grasshopper,” the code name for a set of software tools used to build customized malware for Windows-based computers. The Grasshopper framework provides building blocks that can be combined in unique ways to suit the requirements of a given surveillance or intelligence operation. The documents can be useful to potential CIA targets looking for signatures and other signs indicating their Windows systems were hacked. The leak will also prove useful to competing malware developers who want to learn new techniques and best practices.

 

Gotta Smart TV? Well It Could Be Hacked

blacktop2_001

Security consultant Rafael Scheel of Oneconsult AG  demonstrated the attack by using a cheap transmitter to embed malicious commands into a rogue TV signal. When that signal is broadcast to devices in the vicinity, it can gain access to the televisions. What can cause the attack is the exploitation of two documented security flaws in the Web browsers that run in the background of the TV models used in the test, both manufactured by Samsung. This can work on other TV sets as well. Once a hacker has control over theSmart TV, the TV could be used to attack further devices in the home network or to spy on the user with the TV’s camera and microphone

Phishing Attacks Targeting Gmail Customers

Snapshotpinktop4_001

A phishing technique targeting Gmail and other services has been gaining popularity during the past year among attackers. Over the past few weeks there have been reports of experienced technical users being hit by this.

This attack is currently being used to target Gmail customers and is also targeting other services.The attacker will send an email to your Gmail account. That email may come from someone you know who has had their account hacked using this technique. It may also include something that looks like an image of an attachment you recognize from the sender.You click on the image, expecting Gmail to give you a preview of the attachment. Instead, a new tab opens up and you are prompted by Gmail to sign in again. You glance at the location bar and you see accounts.google.com in there. It looks like this….

You go ahead and sign in on a fully functional sign-in page that looks like this:

GMail data URI phishing sign-in page

Your account has been compromised once you complete sign-in.

Tag Cloud

%d bloggers like this: