Recently Browsing 0 members
No registered users viewing this page.
Malwarebytes says it was targeted by SolarWinds hackers too
by Paul Hill
In a blog post, the digital security firm Malwarebytes said that it had been targeted by the nation state actor implicated in the SolarWinds breach late last year that affected the U.S. government, Microsoft, Nvidia, VMware, and others.
According to the computer security firm, it does not use SolarWinds but was attacked via another intrusion vector that leveraged applications that had privileged access to Microsoft Office 365 and Azure. Malwarebytes said that the attacker managed to get access to "a limited subset of internal company emails" but didn't find any evidence that their production systems had been compromised.
Malwarebytes’ incident response group worked with Microsoft’s Detection and Response Team (DART) to find out how the attack happened. Explaining what the teams did, Malwarebytes CEO Marcin Kleczynski said:
To ensure that none of its products and systems were compromised, it carried out an analysis of the Malwarebytes source code, build and delivery processes and even reverse-engineered its software. This, coupled with the fact that none of its internal systems were compromised, led the company to declare that its software remains safe to use.
To combat these sophisticated attacks, Malwarebytes has called on other security companies to continue sharing information so that responses are effective. It also thanked the security community for working over the holiday period to respond to the hack.
By Usama Jawad96
Microsoft declares war on Israeli surveillance company NSO Group
by Usama Jawad
Back in 2019, Israeli technology company NSO Group found itself embroiled in controversy when it was alleged that its Pegasus program was used to hack WhatsApp. The sophisticated attack technique allowed attackers to inject spyware into Android and iOS devices by simply calling them. The victim is not even required to attend the call in order for the attack to be successful.
While WhatsApp plugged the vulnerability, it later took NSO Group to court for its malicious actions. The surveillance company has denied wrongdoing multiple times using the defense of immunity since it claims that Pegasus is used on behalf of governments. Following recent reports of Al Jazeera journalists being hacked using software developed by NSO Group, Microsoft and various other corporations have now joined the fight against the Israeli firm.
Group of anonymous hackers in black costumes working with computers in office image via ShutterstockIn a sternly worded blog post, Corporate Vice President of Customer Security & Trust at Microsoft, Tom Burt has described NSO Group as the cyber mercenaries of the 21st century and stated that they should get no immunity. Together with Cisco, GitHub, Google, LinkedIn, VMWare, and the Internet Association, Microsoft has filed an amicus brief in WhatsApp's legal case against NSO Group. Simply stated, this means that the firms will be providing assistance to the court by offering technical expertise.
Microsoft has highlighted that Pegasus infected WhatsApp on 1,400 devices last year, including those of journalists and prominent figures fighting against human rights violations. It emphasized that NSO Group's business model is very dangerous for a number of reasons. Primarily, there is no guarantee that the cyber-weapons won't fall into the wrong hands. Even if NSO Group sells Pegasus only to governments, it could be handed over to customers who lack proper defenses, resulting in highly dangerous software being stolen. Microsoft also stated that:
Lastly, the Redmond tech giant emphasized that such tools developed by private security firms are a threat to human rights and privacy. It stated that NSO Group's clients are spread throughout the world, and they utilize cyber weapons to track journalists and other opposing groups. Microsoft indicated that even if NSO Group's own intention is not to violate human rights, its tools certainly allow its clients to do so.
Moving forward, Microsoft has urged that private security firms such as NSO Group should be liable for any laws that are broken by using their tools, and they should not be granted immunity in any circumstances. The coalition hopes that the amicus brief will enable it to protect the rights and privacy of all its global customers.
By Ather Fawaz
Trump campaign website briefly defaced by hackers
by Ather Fawaz
Image via Alex Brandon With the U.S. Presidential Elections just around the corner, President Donald Trump's campaign website was briefly taken over and defaced by hackers. In an act that lasted close to 30 minutes, The New York Times reports that hackers replaced a section of Trump's campaign website. Gabriel Lorenzo Greschler, who is a journalist at the Jewish News of Northern California, was among the first to report of the incident. Greschler stumbled upon the hack while researching climate change, and proceeded to make a video demonstrating the seized website:
As seen above, hackers took over the 'Coalitions' tab on the President's website and claimed to have compromised 'multiple devices', essentially giving them access to 'most internal and secret conversations', including classified information. They further threatened to discredit the POTUS by choosing to either release the sensitive data or keep it a secret. The choice of this was left at the hands of site visitors; an encryption key was also dropped on the page so that the hackers could solicit votes in a cryptocurrency called Monero. The hackers also accused the Trump administration of cooperating with foreign actors in manipulating the upcoming elections and of having a hand in the advent of the coronavirus.
Tim Murtaugh, the spokesman for the Trump campaign confirmed the reports of the website being defaced and said they were “working with law enforcement authorities to investigate the source of the attack.” He later clarified that there was no leak of sensitive data either and that the website had been restored.
This hack comes less than a week after an ethical hacker claimed to have obtained access to President Trump's official Twitter account with the password 'maga2020!'. It's also days after the President claimed in a campaign rally that “Nobody gets hacked. To get hacked you need somebody with 197 I.Q. and he needs about 15 percent of your password.” Regardless, intelligence agencies have claimed that today's defacement could've been yet another cryptocurrency fraud to solicit money via phishing.
Source: Gabriel Lorenzo Greschler (Twitter) via The New York Times
Nokia report warns of rising cyberattacks on IoT devices
by Paul Hill
Nokia’s latest Threat Intelligence Report has warned that cyberattacks on internet-connected devices are continuing to rise at an “alarming rate” due to poor security protections. The report found that IoT devices now make up 33% of infected devices, up from 16% in 2019.
According to the report, the most affected IoT devices are those that are routinely assigned public-facing internet IP addresses. It highlighted that networks that use carrier-grade Network Address Translation see the infection rate of IoT devices reduced considerably because the vulnerable devices are not visible to network scans.
Commenting on the findings in the report, Bhaskar Gorti, Nokia Software President and Chief Digital Officer, said:
Pivoting away from IoT devices, the report also looks at how cybercriminals have used the COVID-19 pandemic to launch cyberattacks. It said that criminals are using people’s fears to spread malware, for example, it said that a coronavirus map application mimicked the Johns Hopkins University app and deployed malware on the devices it was installed on. To protect against these types of attacks, Nokia’s report suggests that people should only install applications from trusted sources such as Google and Apple.
By Abhishek Baxi
Microsoft is the most imitated brand by hackers according to a report
by Abhishek Baxi
Check Point Research, a cyber threat intelligence company, has highlighted the brands that hackers have imitated the most to lure people into giving up their personal data or payment credentials in its quarterly brand phishing report.
According to the report, for the period of June-July-August 2020, Microsoft was the brand most frequently targeted brand by cybercriminals. Microsoft soared from the fifth place in the second quarter to the first place in the third quarter for brand phishing attacks, making up 19% of all global phishing attacks in the period (from 7% in Q2).
Microsoft is followed by DHL and Google – both accounted for 9% of all brand phishing attempts globally each. Others in the top ten include PayPal, Netflix, Facebook, Apple, WhatsApp, Amazon, and Instagram.
During the period, email was the top attack vector making up 44% of all phishing attacks, closely followed by web phishing (43%). The top phishing brands exploited by email phishing attacks were Microsoft, DHL, and Apple in that order and those exploited by web phishing attacks were Microsoft, Google, and PayPal.
For example, in mid-August, Check Point researchers witnessed a malicious phishing email trying to steal credentials of Microsoft accounts by luring the victim to click on a malicious link which redirects the user to a fraudulent Microsoft login page.
The spurt in phishing attempts by imitating Microsoft is to capitalize on large numbers of employees working remotely because of the pandemic, many for the first time ever.
Source: Check Point