Tag: cybercrime

Source: Fin24

An infamous Russian-speaking hacking group – referred to as Silence – is the likely culprit making thousands of attempts to hack major banks in sub-Saharan Africa, cybersecurity company Kaspersky Labs said on Monday.

The group is called Silence because of the silent monitoring done via their malware. They have already carried out a number of successful campaigns targeting banks and financial organisations around the globe.

According to Kaspersky, the typical scenario of an attack begins with a social engineering scheme, as attackers send a phishing e-mail that contains malware to a bank employee.

From there, the malware gets inside the banks’ security perimeter and lays low for a while, gathering information on the victim organisation by capturing screenshots and making video recordings of the day-to-day activity on the infected device.

“Once attackers are ready to take action, they activate all capabilities of the malware and cash out using, for example, ATMs. The score sometimes reaches millions of dollars,” says Kaspersky.

“The attacks detected began in the first week of January 2020 and indicated that the threat actors are about to begin the final stage of their operation and cash out the funds. To date, the attacks are ongoing and persist in targeting large banks in several SSA countries.”

Kaspersky accordingly advises financial organisations to introduce basic security awareness training for all employees so that they can better distinguish phishing attempts. Banks should also monitor activity in enterprise information systems and prepare an incident response plan to be ready for potential incidents in the network environment.

In August 2019 Kaspersky reported a cyber attack in which South Africa was apparently among 17 countries targeted by North Korean hackers, related to the activity of the so-called Lazarus group. They also targeted banks and other financial institutions.

SA ranks high in global survey on cyberbullying

South Africa showed the highest prevalence of cyberbullying in a recent report by Ipsos Global, based on research in 28 countries. The report showed that more than 80% of South Africans said they were aware of cyberbullying and almost three-quarters of South Africans believe that the anti-bullying measures that are in place are insufficient. A Vodafone survey from 2018 ranked South Africa fourth for teen cyberbullying out of 13 countries, and Dean McCoubrey, founder of MySociaLife, a South African in-school Digital Life Skills Program teaching digital life skills program for schools, says that it’s likely even more prevalent, based on student feedback.

Vodafone survey

Cyberbullying is real, it’s here, and it’s harming South African children and teenagers daily, with its effects often being mistaken for ‘kids just being kids’ by parents who are yet to understand how rife and damaging cyberbullying can be. Anti-Bullying Week 2019, from 11-15 November, is a good time for schools to pay attention to the extent of cyberbullying, and for parents to get a handle on what they can do to avoid and deal with it.

“The challenge with cyberbullying is that parents can’t permanently monitor their child’s devices,” explains McCoubrey, whose programme teaches thousands of students, parents, teachers and psychologists to help children feel safer and behave smarter online.

“Parents and teachers need specifics – not just the broad term of ‘cyberbullying’ – as this is a broad and elusive form of ‘warfare’ on these devices – and parents will definitely find it difficult to track or understand what’s actually going on.

He shares the five faces of cyberbullying:

  • Children can use negative, harmful, false images or text, chat, apps or social media posts to embarrass or threaten someone.
  • The sharing of personal or private information that may cause the victim to feel embarrassed or humiliated. This can surprisingly hail from a friend (a practical joke) or a former friend, turned enemy. In that event, the controlling of a person’s account, posting photographs, starting rumours, or changing profile photos can also occur.
  • Faking profiles, known as ‘catfishing’, when bullies create new accounts and borrow profile photos and names and pretend to be a person to create a false relationship – sometimes sharing the personal and confidential declarations made in confidence.
  • Sexting or sextortion is the sharing of nude photographs either within group chats, or on social media sites, or websites (although less likely due to the possibility of tracking the source of the publisher). Sextortion is focused more on the threat and bribery associated with publishing photographs, rather than the act itself.
  • Video shaming is the sharing of videos of someone being embarrassed, threatened or hurt, and then publishing these to allow the content to go wider, or even viral, compounding the psychological harm.

Students and parents have a few options:

  • Record: Most importantly, kids need to be reminded to record the cyberbullying event by using the device to take a screenshot, and even send the screenshot to a safe place (email, storage) so you can take it off your device. This can be used to prove the problem exists as bullies are cunning and cover their tracks.
  • Don’t take the bait: As difficult as it may seem, reacting is what the bully wants, and kids need to avoid the situation, and remove themselves from groups or feeds which aren’t supporting their mental health. It may be hard but it’s necessary.
    Seek support: Parents and schools need to create safe spaces to discuss the issues and not ‘freak out’ – students often say that reactive parents and teachers who tackle the issue too abruptly can snowball or magnify the problem. Adults need to handle situations calmly with patience and maturity.
  • Engage: From a mental health perspective, students need support, but it’s essential to select a trusted expert. This may be a counsellor or senior figure in the school to assist with the situation. Alternatively you can seek out a social media lawyer or the police, dependent on the extent of the harm. Suggestions include SafetyNet for bullying, or the South African Depression and Anxiety Group for mental health concerns.

In conducting MySociaLife’s interactive social media and safety program, which includes a module about cyberbullying, McCoubrey has been surprised by students coming forward and admitting they had no idea of the extent of cyberbullying, the different sensitivities of human beings, and how different images, social media posts, chat forums and messages can hurt people, and impact them long-term. McCoubrey explained that of the ten modules they teach; cyberbullying is the #1 problem followed by mental health and self-esteem, then privacy and security and sexuality online.

But cyberbullying is an issue which starts early and continues throughout. It’s the nature of social media – we feel we have a voice to say good and bad things! “These are kids, and because they look savvy online, it doesn’t mean they have the maturity to handle the device.

“Four out of 10 kids don’t want to share their concerns. We need to find a way to engage, a safe platform to discuss these concerns, without withdrawing them from their community, unless of course that’s a necessity to keep them safe.

According to Commonsense Media, there are four parties involved in a cyberbullying situation: the cyberbully that’s using digital tools to deliberately upset or harass their target – the victim of cyberbullying. The bystanders are aware that something cruel is happening, but who stay on the side-lines out of indifference or fear of becoming targets themselves. The upstanders are the kids who actively try to stop the cyberbullying cycle, whether it’s by sticking up for the victim, standing up to the bully, or notifying the appropriate authorities about what’s happening.

“Parents and teachers can use Anti-Bullying Week to make children aware that it’s everyone’s responsibility to make the online and real life worlds a safe place,” says McCoubrey. “Anyone can be an upstander by reporting a bully, flagging a cruel comment, or even just choosing not to forward or share cyberbullying content. Doing so will stop a cyberbullying episode from escalating, and will reduce or even remove the bully’s power.

“It’s also important to have open paths of communication with everyone and to continue talking about how to prevent cyber bullying from happening. That is why every school should have a digital life skills program in place,” he says.

Retailers must prepare for cybercrime spikes

Retailers are increasingly coming under attack by cybercriminals, and there is little wonder why. They process payments on oftentimes unprotected Point of Sale (POS) systems, transfer large sums of money, and store and process sensitive customer information, such as banking and card information. They also process more online banking and card transactions. Cybercrime attacks on retail businesses tend to spike over the festive season, starting with Black Friday and Cyber Monday when transactions spike dramatically.

Protecting customers’ payment information at every stage of the payment process is vital. Point-to-Point encryption is becoming more critical as it facilitates secure communication channels between devices and company servers, and so protects payment data in transit. POS systems should be designed to encrypt sensitive data from credit cards the moment information is received and again when it is sent to the payment server, such as passwords, configurations and other critical confidential data. The Payment Card Industry’s Data Security Standard (PCI DSS) increases the governance around cardholder data to reduce credit card fraud. Many banks urge organisations to be PCI DSS compliant to have the right to make credit card payments. Review systems regularly to make sure these standards are followed.

“Most cyber-attacks on retail companies happen in the e-commerce space. However, in-store POS systems are not immune to the treats. With Black Friday around the corner and the festive season looming, it is a boom time for cybercriminals. Retailers must be aware and implement strategies to guard their businesses, both online and in-store,” says Charl Ueckermann, CEO at AVeS Cyber Security.

According to Ueckermann, AVeS Cyber Security has encountered numerous organisations that have limited to no protection on POS devices. This has a direct impact on cyber security for organisations because most times, the POS and corporate systems run on the same infrastructure and network. What this means is that when a POS system is compromised, a network breach can occur for the corporate network as well, leading to confidential client information breaches.

“Protecting POS systems, therefore, requires a multi-faceted and multi-layered approach. You want a highly-effective detection and protection tool to identify and remedy vulnerabilities proactively. The solution should have anti-virus capabilities specifically designed for POS systems. You also want to ensure that the POS software itself is up to date to the latest version, at all times. This is especially important for high transaction times, such as Black Friday and Cyber Monday.”

POS systems are vulnerable to attack when they are old or outdated because the software would not have been designed with today’s modern-day hackers in mind, making them vulnerable and susceptible to malicious code. Attacks on POS systems are becoming quite sophisticated, and cybercriminals are known to use both hardware and software to hijack payment card information and steal business data. Malware targeting POS systems is common and is one of the many ways to steal payment card details. Malware is used to obtain sensitive information, and in some cases, to even steal money directly from bank accounts.

“Your security technology should be able to detect malware, tampering, rooted/jailbroken POS devices, and more. The security stack should include a feature that proactively alerts retailers and POS providers when it is not safe to use the POS devices for making payments or performing other electronic transactions. If not, your system and your business will be vulnerable,” stresses Ueckermann.

Attackers also exploit mobile POS applications to steal personal and sensitive information that is used to make fraudulent purchases. This can result in big financial losses and damage to credit reputations for unsuspecting customers, and worse still, identity theft.

The backend of mobile applications can also be used by cybercriminals to compromise POS systems as well as the majority of business transactions that are processed on the server’s side. This gives them a way into internal business systems. Once the attacker gets inside the network or central system of POS vendors or retailers, they are able to access the compromised POS application as well as other POS applications used by the retailer in other locations. Attacking the entry point at the backend is a common attacking method, and Ueckermann says countless large-scale security breaches have been caused by this method.

He concludes: “The onus is on retailers to do the due diligence to protect their customers and data against cyber-attacks over the holiday shopping season and beyond. Strategies and measures should be in place to provide a safe and secure experience for customers online and in-store.

“Card and online payment processes should be secured and encrypted, controls should be in place to check and ensure the integrity of handheld POS devices, and mobile payment systems should be subjected to regular patches, updates, and equipment upgrades to protect against continually evolving threats.”

South Africa is under cyberattack

South Africa is facing one of the largest cyber attacks it has ever seen, with banks, ISPs, and the government being targeted.

In the last two months:

  • The City of Johannesburg fell victim to a cyberattack which led to its information systems becoming compromised, and its systems (including the website and billing) being such down. A ransom was demanded but the City is refusing to pay
  • The banking industry was hit by a wave of DDoS attacks targeting consumer-facing services
  • ISPs were hit by a number of DDoS attacks, as previously reported in My Tech News. In September, Cool Ideas and Atomic Access suffered an attack that severely affected their services; in October, Cybersmart was hit by a large DDoS attack which caused intermittent connectivity over two days; and recently Afrihost, Axxess, and Webafrica were hit by a very large DDoS attack which affected DSL and fibre subscribers

Parmi Natesan, CEO of the Institute of Directors in South Africa (IoDSA), told MyBroadband that “these attacks should serve as a wake-up call to companies” – who may not be taking adequate steps to protect themselves.

Discovery Bank discovered a system flaw on Monday which allowed the incorrect credit card card verification value (CVV) numbers to be used for online payments.

The CVV is the last three digits on the back of a bank card, and is considered a critical as a last-ditch security measure against certain card fraud.

Business Insider South Africa was tipped off about the flaw, and on Monday morning was able to make payments with a random CVV code, such as 000.

  • Discovery Bank said it was alerted about the issue last week
  • The bank suffered no fraud losses due to the issue
  • The flaw has now been fixed
  • Previously, the Bank didn’t require further authorisation such as an OTP (one-time pin)
  • When Business Insider later tried to use an incorrect CVV number, a call centre agent phoned to let them know it was incorrect us after the transaction to alert us that an incorrect CVV number had been used.

 

By Mohit Kumar for The Hacker News

The infamous eGobbler hacking group that surfaced online earlier this year with massive malvertising campaigns has now been caught running a new campaign exploiting two browser vulnerabilities to show intrusive pop-up ads and forcefully redirect users to malicious websites.

To be noted, hackers haven’t found any way to run ads for free; instead, the modus operandi of eGobbler attackers involves high budgets to display billions of ad impressions on high profile websites through legit ad networks.

But rather than relying on visitors’ willful interaction with advertisements online, eGobbler uses browser (Chrome and Safari) exploits to achieve maximum click rate and successfully hijack as many users’ sessions as possible.

In its previous malvertising campaign, eGobbler group was exploiting a then-zero-day vulnerability (CVE-2019-5840) in Chrome for iOS back in April, which allowed them to successfully bypass browser’s built-in pop-up blocker on iOS devices and hijack 500 million mobile user sessions in just a week to show pop-up ads.
apple malware advertisement

Though Google already patched the vulnerability with the release of Chrome 75 in June, eGobbler is still using the flaw to target those who haven’t yet updated their Chrome browser.

However, according to the latest report published by security firm Confiant, the eGobbler threat actors recently discovered and started exploiting a new vulnerability in WebKit, the browser engine used by Apple Safari browser for both iOS and macOS, Chrome for iOS and also by earlier versions of Chrome for desktop.

The new WebKit exploit is more interesting because it doesn’t require users to click anywhere on legit news, blog or informative websites they visit, neither it spawns any pop-up ad.

Instead, the display ads sponsored by eGobbler leverage the WebKit exploit to forcefully redirect visitors to websites hosting fraudulent schemes or malware as soon as they press the “key down” or “page down” button on their keyboards while reading the content on the website.

This is because the Webkit vulnerability actually resides in a JavaScript function, called the onkeydown event that occurs each time a user presses a key on the keyboard, that allows ads displayed within iframes to break out of security sandbox protections.

“This time around, however, the iOS Chrome pop-up was not spawning as before, but we were, in fact, experiencing redirections on WebKit browsers upon the ‘onkeydown’ event,” the researchers said in their latest report.
“The nature of the bug is that a cross-origin nested iframe is able to ‘autofocus’ which bypasses the ‘allow-top-navigation-by-user-activation’ sandbox directive on the parent frame.”

“With the inner frame automatically focused, the keydown event becomes a user-activated navigation event, which renders the ad sandboxing entirely useless as a measure for forced redirect mitigation.”

Though Apple’s app store guidelines restrict all iOS apps with web browsing ability to use its WebKit framework, including for Google Chrome for iOS, mobile users are still less likely to be impacted by the redirection flaw as the ‘onkeydown’ event doesn’t work on the mobile OS.

However, the eGobbler payload, often delivered through popular CDN services, also includes code to trigger redirections when visitors of a targeted web application try to input something in a text area or search forms, likely “to maximize the chances of hijacking these keypresses.”

As researchers believe, “this exploit was key in magnifying the impact of this attack.”

Between August 1 and September 23, the threat actors have been seen serving their malicious code to a staggering volume of ads, which the researchers estimate to be up to 1.16 billion impressions.
While the previous eGobbler malvertising campaign primarily targeted iOS users in the United States, the latest attack targeted users in Europe countries, with a majority being from Italy.

Confiant privately reported the WebKit vulnerability to both the Google and Apple security teams. Apple fixed the flaw in WebKit with the release of iOS 13 on September 19 and in Safari browser 13.0.1 on September 24, while Google has yet to address it in Chrome.

Cool Ideas hit by a DDoS attack again

Internet service provider (ISP) Cool Ideas was hit by a second distributed denial of service (DDoS) attack in as many weeks on Saturday.

The first attack took place on 11 September and knocked the provider out for more than eight hours.

Cool Ideas then put a number of measures in place to mitigate these attacks; however, the second attack, on 21 September, was more than four times the size.

Below are highlights of the events that took place:

  • Cool Ideas posted a notice to its website at 14:00 on Saturday to inform clients that it was being hit with another distributed denial of service attack (DDoS)
  • It seemed that the cybercriminals were watching for announcements from the ISP, as the attack then increased in intensity
  • DDoS attacks work by using “zombie” devices, which fake or “spoof” the amount of traffic on a given network
  • DDos attacks do not have a specific target – the idea is merely to do reputational damage
  • The attack occurred across the whole IP space, changing over time to use different ports and protocols
  • One aspect of the attack was DNS amplification or DNS reflection attacks. A poorly configured Domain Name System (DNS) is used to flood computers with network traffic. The high volume of fake traffic prevents the computer from being able to carry out legitimate commands and the website appears to be offline
  • The sheer size and distribution of the attack made it as effective as it was
  • It is not known who attacked the ISP nor what the motivation for doing so was

ISP Cool Ideas hit in DDoS attack

Internet service provider Cool Ideas yesterday suffered a distributed denial of service (DDoS) attack, which affected all customers on their network.

The attack lasted almost four hours. Customers experienced intermittent connectivity loss and degraded performance during this time.

In a statement issued last night, the company did not have an exact time to resolution. By this morning, however, the issue affecting the Cool Ideas network has been mitigated.

What is a DDoS attack?
Accoding to CloudFlare, a DDoS attack is defined in the following way:

“A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic. DDoS attacks achieve effectiveness by utilizing multiple compromised computer systems as sources of attack traffic. Exploited machines can include computers and other networked resources such as IoT devices. From a high level, a DDoS attack is like a traffic jam clogging up with highway, preventing regular traffic from arriving at its desired destination.”

 

Source: Mapletronics

In a time when billions of login credentials are floating around the internet, Google’s new Chrome extension aims to help.

Google’s new extension (currently only available for Chrome) will alert you if one of your username/password combinations is known to already be ‘out in the wild’, according to the company’s blog post.

The extension called Password Checkup, works in the background whenever enter your login details on a site. It compares the data against a large database with nearly four billion credentials that are known to be compromised over the years. If Password Checkup finds a match a red alert box appears and gives you a suggestion to change your password.

Google worked closely with cryptography experts at Stanford University to ensure that your credentials are not compromised while using Password Checkup. In its security blog, Google highlighted that Password Checkup scrambles all credentials with hashing and encryption as protection. Google also assures users that their login details are never seen by the company itself, either.

Don’t have Chrome? There are several other services available for free on the internet that can check to see if your credentials or other personal details have been compromised in a growing number of breaches. Check out Have I Been Pawned, Identity Leak Checker, or Firefox Monitor.

IT managers inundated with cyberattacks

A recent Sophos survey has found that IT managers are struggling to cope with the volume and magnitude of cyberattacks.

The following key findings relate to South Africa:

  • Cybercriminal tactics have evolved into using multiple attack methods and often multiple payloads to maximize profits
  • Software exploits were the initial cause of 17percent of incidents and used in 23 percent of cyberattacks, demonstrating how exploits are used at multiple stages of the attack chain
  • Phishing emails impacted 47 percent of those hit by a cyberattack
  • Ransomware impacted 38percent of attack victims
  • 39 percent of attack victims suffered a data breach
  • Only 16 percent consider supply chain a top security risk, exposing an additional weak spot
  • Nation state adversaries have proven how successful supply chain attacks are, which means common cybercriminals are likely to adopt the attack method
  • Supply chain attacks are a launch pad to emerging automated, active-adversary attacks
  • IT teams spend 27 percent of their time managing security, yet still struggle with a lack of expertise, budget and up to date technology
  • 74 percent said recruiting people with the cybersecurity skills they need is challenge
  • 65 percent said their organization’s cybersecurity budget is below what it needs to be
  • 73 percent believe that staying up to date with cybersecurity technology is a challenge
  • 1
  • 2
  • 4

Follow us on social media: 

               

View our magazine archives: 

                       


My Office News Ⓒ 2017 - Designed by A Collective


SUBSCRIBE TO OUR NEWSLETTER
Top