Tag: hacker

Ramaphosa’s personal data hacked

Source: Cape Town etc

President Cyril Ramaphosa was recently hacked, with sensitive details exposed by the group “SpiderLog$”.

According to the Sunday Times, his home address, ID and cellphone numbers, as well as a loan Ramaphosa took out back in the early 2000s, were accessed.

The data was reportedly obtained from an earlier breach as TransUnion contested.

The aim of the hack was to expose how much of a “playground” South Africa is for hackers, as the group said to Sunday Times, with whom they also supplied screenshots that inferred access to military intelligence datasets.

MyBroadband reports that part of the vulnerabilities ‘secured’ by the government, is the DigiTech app store, which showed an “inability to properly secure online system.”

Although it may come as a shock to some that our president was hacked, the gaping holes in security at the top echo what appears to be the gaping limitations of data security in SA.

TransUnion hacked and held to ransom

Source: Fin24

Credit bureau TransUnion has been hacked and has received a demand for ransom, it said in a statement.

The hackers, who described themselves as a “criminal third party”, gained access to the bureau’s server by misusing an authorised client’s credentials, according to the statement.

“We have received an extortion demand and it will not be paid,” TransUnion said.

The Southern African Fraud Prevention Service (SAFPS) said it appears that TransUnion is battling to retrieve the compromised data from the hackers. TransUnion has not yet confirmed or denied this directly to Fin24.

But the company said it is working with law enforcement and regulators. Its investigation is ongoing, and as it progresses, TransUnion SA will notify and assist those whose personal data may have been affected.

According to TransUnion, it immediately suspended the compromised client’s access, engaged cybersecurity and forensic experts, and began investigating. It is working with law enforcement, it said.

It also took some of its services offline, but these have since resumed.

“We believe the incident impacted an isolated server holding limited data from our South African business. We are working with law enforcement and regulators,” it said.

“We are engaging clients in South Africa about this incident. As our investigation progresses, we will notify and assist individuals whose personal data may have been affected.

“We will be making identity protection products available to impacted consumers free of charge,” TransUnion added.

CEO Lee Naik added that protecting client data was TransUnion’s “top priority”.

“We understand that situations like this can be unsettling and TransUnion South Africa remains committed to assisting anyone whose information may have been affected,” said Naik.

Technology site ITWeb earlier reported that the hacker group was going by the name N4aughtysecTU and claimed to come from Brazil. Speaking to ITWeb via Telegram, the hacker group reportedly said it had 4 terabytes of client information and had accessed some 54 million records, including data from over 200 corporates.

The group allegedly threatened to attack TransUnion’s corporate clients if the bureau didn’t cough up. According to ITWeb it wants $15 million (~R223 million) in Bitcoin.

Rising data breach incidents in SA

SAFPS CEO Manie van Schalkwyk said records of 54 million South Africans might have been compromised.

“This alarming news is further indication that every company that holds personal information is a potential target. The consumer desperately needs an extra layer of protection on their identity against criminals who will turn their lives upside down without a second thought,” said SAFPS CEO Manie van Schalkwyk.

SAFPS said cyberattacks and data breaches targeting SA companies have escalated over the past two years.

In 2020, another credit bureau, Experian, suffered a data breach, which potentially exposed the information of 24 million South Africans. In 2021, Debt-IN Consultants, a debt recovery partner to many South African financial services institutions, got a ransomware attack. It is estimated that the personal information of more than 1.4 million South Africans was illegally accessed from its servers.

Banks have not been spared either. Absa announced a data leak in November 2020, and it has been identifying more impacted customers this year, almost a year-and-a-half after the incident. Standard Bank also identified a data breach on its LookSee platform in November last year.

“Data breaches have been on the rise globally, and South Africa has seen unprecedented increases in the number of cyber victims,” said Dalene Deale, the executive head of Secure Citizen, which was created through a collaboration with SAFPS and OneVault to identity theft following online fraud.

Deale said this increase in data breaches means that fraudsters are now armed with more the correct information enabling them to impersonate individuals.

SAFPS said when records of more than 20 million consumers were compromised at another credit bureau – possibly Experian – it saw impersonation rise by more than 300%.

Source: CNBC

As Russia steps up its cyberattacks on Ukraine alongside a military invasion, governments on both sides of the Atlantic are worried the situation could spill over into other countries, becoming an all-out cyberwar.

Russia has been blamed for a number of cyberattacks targeting Ukraine’s government and banking system in recent weeks.

On Thursday, cybersecurity firm ESET said it had discovered new “wiper” malware targeting Ukrainian organisations. Such software aims to erase data from the systems it targets.

A day earlier, the websites of several Ukrainian government departments and banks were knocked offline by a distributed denial of service (DDoS) attack, which is when hackers overwhelm a website with traffic until it crashes.

It comes after a separate attack last week took down four Ukrainian government websites, which U.S. and U.K. officials attributed to the GRU, the Russian military intelligence agency.

Ukrainian residents also reportedly received fake text messages saying ATMs in the country did not work, which cybersecurity experts say was likely a scare tactic.

For its part, Russia says it “has never conducted and does not conduct any ‘malicious’ operations in cyberspace.”

The onslaught of attacks has led to fears of a wider digital conflict, with Western governments bracing for cyberthreats from Russia — and considering how to respond.

Officials in both the U.S. and Britain are warning businesses to be alert to suspicious activity from Russia on their networks. Meanwhile, Estonian Prime Minister Kaja Kallas on Thursday said European nations should be “aware of the cybersecurity situation in their countries.”

NBC News reported Thursday that President Joe Biden has been presented with options for the U.S. to carry out cyberattacks on Russia to disrupt internet connectivity and shut off its electricity. A White House spokesperson pushed back on the report, however, saying it was “wildly off base.”

Nevertheless, cybersecurity researchers say an online conflict between Russia and the West is indeed a possibility — though the severity of any such event may be limited.

“I think it’s very possible, but I think it’s also important that we reflect on the reality of cyberwar,” John Hultquist, vice president of intelligence analysis at Mandiant, told CNBC.

“It’s easy to hear that term and compare it to real war. But the reality is, most of the cyberattacks we’ve seen have been nonviolent, and largely reversible.”

Toby Lewis, head of threat analysis at Darktrace, said the attacks have so far been largely focused on supporting Russia’s physical invasion of Ukraine.

“It is the physical land and territory that Russia appears to seek rather than economic leverage, for which a cyber-first campaign may be more effective,” he told CNBC.

However, researchers at Symantec said the wiper malware detected in Ukraine also affected Ukrainian government contractors in Latvia and Lithuania, hinting at a potential “spillover” of Russia’s cyberwarfare tactics into other countries.

“This likely shows the beginning of the collateral impact of this cyber-conflict on global supply chains, and there may begin to be some effect on other Western countries that rely on some of the same contractors and service providers,” Lewis said.

Several European Union countries, including Lithuania, Croatia and Poland, are offering Ukraine support with the launch of a cyber rapid-response team.

“We have long theorized that cyberattacks are going to be part of any nation-state’s arsenal and I think what we’re witnessing for the first time frankly in human history is cyberattacks have become the weapon of first strike,” Hitesh Sheth, CEO of Vectra AI, told CNBC’s “Squawk Box Asia” on Friday.

Sheth suggested Russia could launch retaliatory cyberattacks in response to Western sanctions announced earlier this week.

“I would fully expect that, given what we are witnessing with Russia overtly attacking Ukraine with cyberattacks, that they would have covert channels as a way to attack institutions that are being deployed to curtail them in the financial community,” he said.

What happens next?
Russia has long been accused by governments and cybersecurity researchers of perpetrating cyberattacks and misinformation campaigns in an effort to disrupt economies and undermine democracy.

Now, experts say Russia could launch more sophisticated forms of cyberattacks, targeting Ukraine, and possibly other countries, too.

In 2017, an infamous malware known as NotPetya infected computers across the world. It initially targeted Ukrainian organisations but soon spread globally, affecting major corporations such as Maersk, WPP and Merck. The attacks were blamed on Sandworm, the hacking unit of GRU, and caused upward of $10 billion in total damage.

“If they actually focus these types of activity against the West, that could have very real economic consequences,” Hultquist told CNBC.

“The other piece that we’re concerned about is that they go after critical infrastructure.”

Russia has been digging at infrastructure in Western countries like the U.S., U.K. and Germany “for a very long time,” and has been “caught in the act” multiple times, Hultquist said.

“The concern, though, is we’ve never seen them pull the trigger,” Hultquist added. “The thinking has always been that they were preparing for contingency.”

“The question now is, is this the contingency that they have been preparing for? Is this the threshold that they’ve been waiting for to start carrying out disruptions? We’re obviously concerned that this could be it.”

Last year, Colonial Pipeline, a U.S. oil pipeline system, was hit by a ransomware attack that took critical energy infrastructure offline. The Biden administration says it doesn’t believe Moscow was behind the attack. DarkSide, the hacking group responsible, was believed to have been based in Russia.


By Zaini Majeed for Republic World

In a shocking ‘virtual heist’ at a prestigious jewellery company, Russian hackers on Saturday, October 30 stole details of Hollywood stars and billionaire tycoons including Donald Trump, Oprah Winfrey, Tom Hanks, David Beckham, among many other prominent names.

According to several reports, the hackers conducted an online raid at Graff, a famous jewellery outlet, and one identified cybercriminal based near St. Petersburg compromised the personal information of the world’s most famous and influential people, as well as celebrities including Tom Hanks and Oprah Winfrey, UK’s Mirror reported earlier yesterday.

The criminal raid involves close to 600 Brits that are said to be among the victims. Russian hackers managed to leak as many as 69,000 confidential documents and other information on the dark web as they demanded millions in ransom from the London-based jewellery firm.

Another UK based network Mail reported that members of the Russian hacking gang Conti are suspected of the virtual heist. They are now asking the business to pay tens of millions of pounds in ransom money, supposedly in Bitcoins or jewellery. Of the compromised information, many of the credit notes, invoices and client lists from the business have been leaked.

But the information published on the dark web comprises just about 1% of the total stolen files, says the UK outlet. It quoted a former colonel in British military intelligence, Philip Ingram, as saying, “given the profile of the customer database, this is absolutely massive. This is going to bring the highest levels of international law enforcement down on the gang, and that’s going to give them a whole lot of headaches in trying to get the ransom paid and then get away with it.”

Meanwhile, a spokesman for the Information Commissioner’s Office (ICO), who is capable of imposing penalties of up to 4% of company turnover told Mirror: “We have received a report from Graff Diamonds Ltd regarding a ransomware attack.”

Furthermore, he said, ”We will be contacting the organisation to make further enquiries in relation to the information that has been provided.” The jewellery firm Graff’s spokesperson said: “Regrettably we, in common with a number of other businesses, have recently been the target of a sophisticated – though limited – cyber-attack by professional and determined criminals.”

Hawks arrest Experian breach suspect

Source: ITWeb

The Hawks’ Serious Commercial Crime Investigation unit has arrested a 36-year old suspect in Gauteng for his alleged involvement in last year’s Experian data breach.

Last August, credit bureau Experian suffered a data breach that exposed the personal information of as many as 24 million South Africans and 793 749 business entities to a suspected fraudster.

In a statement released today, the Hawks says Experian is believed to have entered into a contract with the suspect who was disguised as a business owner.

“The suspect purported to be a certain Tebogo Mogashoa, a director of Talis Holdings. The agreement [with Experian] gave the person access to the personal information held by the credit bureau of millions of people. The suspect then proceeded to download approximately 23 million personal data records and 727 000 business records. The suspect then attempted to sell these records at about R4.2 million,” the Hawks statement reads.

Following the data breach incident, it emerged that some data from the credit bureau was later compromised and dumped on the Internet.

According to a report by iAfrikan, after investigations and a tip-off, the alleged Experian database was made available on the Web – on publicly viewable Web sites and forums.

Experian confirmed at the time that the files found on the Internet were identified as files which contain Experian data relating to the data breach incident, noting that it was taking all steps available to investigate the incident and reduce further dissemination of information.

By Carol Hildebrand for CSO

As the COVID-19 pandemic triggered a massive shift in internet usage, cybercriminals quickly pounced, launching more than 10 million distributed denial-of-service (DDoS) attacks aimed at crippling targets with a heavy reliance on online services. Attack frequency spiked 20 percent year over year and 22 percent for the last six months of 2020.

According to the most recent NETSCOUT Threat Intelligence Report, vital pandemic industries such as ecommerce, streaming services, online learning, and healthcare all experienced increased attention from malicious actors targeting the very online services essential to remote work and online life.

The top 10 vertical industries under attack in the second half of 2020 further illustrates the enormous impact COVID-19 has had on DDoS attack activity. Threat actors always have embraced an opportunistic pivot, and this was no exception as they enthusiastically flocked to the ensuing smorgasbord of new opportunities.

The top 10 are:

  1. Wired telecommunications carriers
  2. Data processing, hosting and related services
  3. Wireless telecommunications carriers
  4. Internet publishing and broadcasting
  5. Electronic shopping and mail order houses
  6. Electronic computer manufacturing
  7. All other telecoms
  8. Colleges, universities and professional schools
  9. Software publishers
  10. Computer training

The top three listed sectors fall under the category of Old Faithfuls because attacks on both subscribers and their operational infrastructures are inherent to their role as connectivity providers. However, attackers widened their target profile beyond typical targets as the massive shift to online work and play opened promising new avenues of attack.

For instance, the fourth sector—Internet Publishing and Broadcasting—is by no means a usual suspect in the NETSCOUT top 10. Its presence can be summed up in two words: Netflix and Zoom.

Similarly, online shopping, which grew an impressive 44 percent in 2020, represents another pandemic stalwart that came under increased attack, as did online learning. Interestingly, this activity was seen not only at the usual hot spots of colleges and universities but also at the high school and middle school levels.

With DDoS-for-hire services both readily available and incredibly cheap, it seems likely that budding online delinquents set about playing hooky on an internet scale.


By Sizwe Dlamini for IOL

Consumer, business and credit information services agency Experian has experienced a breach of data which has exposed personal information of as many as 24-million South Africans and 793 749 business entities to a suspected fraudster.

Experian confirmed in a statement on Wednesday that the breach had been reported to law enforcement and the appropriate regulatory authorities.

The company handed over information to a suspected fraudster, and the suspect had already been identified and the data deleted.

It said banks had been working with Experian and South African Banking Risk Centre (SABRIC) to identify which of their customers might have been exposed to the breach and to protect their personal information, even as the investigation unfolds.

Banks and SABRIC have also been co-operating with Experian in their efforts to secure the data and ensure the perpetrators are brought to book.

SABRIC chief executive Nischal Mewalall said the compromise of personal information could create opportunities for criminals to impersonate another person but did not guarantee access to banking profile or accounts. “However, criminals can use this information to trick you into disclosing your confidential banking details.”

“Should you suspect that your identity has been compromised, apply immediately for a free Protective Registration listing with Southern Africa Fraud Prevention Service (SAFPS). This service alerts SAFPS members, which includes banks and credit providers, that your identity has been compromised and that additional care needs to be taken to confirm that they are transacting with the legitimate identity holder,” said SABRIC.

Consumers wanting to apply for a Protective Registration can contact SAFPS at protection@safps.org.za.

SABRIC and SAFPS urged bank customers and other consumers to follow sound identity management practices to mitigate the risk of impersonation and fraudulent applications.

SAFPS chief executive Manie van Schalkwyk said: “Think of your identity information in the same way as you think of cash. Keep it safe and secure at all times, because once it is compromised, it can be used by anybody, often to impersonate you.”

It is also recommended that bank customers follow precautionary measures, including:

  • Do not disclose personal information such as passwords and PINs when asked to do so by anyone via telephone, fax, text messages or even email.
  • Change your password regularly and never share them with anyone else.
  • Verify all requests for personal information and only provide it when there is a legitimate reason to do so.


By Bradley Prior for MyBroadband

HaveIBeenPwned has added a large data breach – involving popular writing website Wattpad – to its database of data breaches.

In June 2020, Wattpad – a website that allows users to publish their own literary content and critique the work of others – suffered a large data breach which exposed almost 270 million user records.

This data was reportedly sold to a private purchaser for $100,000, and has since reportedly been published to a public hacking forum – where it was shared broadly.

The data exposed in this breach includes names, usernames, email addresses, IP addresses, passwords, genders, and birth dates, HaveIBeenPwned said.

According to the post on the hacker website, included in the database are 145 million passwords hashed with bcrypt, and another 44-million hashed with SHA256.

“We are aware of reports that some user data has been accessed without authorisation. We are urgently working to investigate, contain, and remediate the issue with the assistance of external security consultants,” said Wattpad director of PR and communications Kiel Hume.

“From our investigation, to date, we can confirm that no financial information, stories, private messages, or phone numbers were accessed during this incident. Wattpad does not process financial information through our impacted servers, and active Wattpad users’ passwords are salted and cryptographically hashed.”

Hume said Wattpad is committed to maintaining the trust of its users “to ensure the safety and security of the Wattpad community”.

How to check if you are affected

HaveIBeenPwned allows you to check if your data was affected by data breaches including the recent breach of Wattpad.

To do this, users need to navigate to HaveIBeenPwned’s homepage and enter their email address into the search bar.

Check your email address here.

Source: Fin24

An infamous Russian-speaking hacking group – referred to as Silence – is the likely culprit making thousands of attempts to hack major banks in sub-Saharan Africa, cybersecurity company Kaspersky Labs said on Monday.

The group is called Silence because of the silent monitoring done via their malware. They have already carried out a number of successful campaigns targeting banks and financial organisations around the globe.

According to Kaspersky, the typical scenario of an attack begins with a social engineering scheme, as attackers send a phishing e-mail that contains malware to a bank employee.

From there, the malware gets inside the banks’ security perimeter and lays low for a while, gathering information on the victim organisation by capturing screenshots and making video recordings of the day-to-day activity on the infected device.

“Once attackers are ready to take action, they activate all capabilities of the malware and cash out using, for example, ATMs. The score sometimes reaches millions of dollars,” says Kaspersky.

“The attacks detected began in the first week of January 2020 and indicated that the threat actors are about to begin the final stage of their operation and cash out the funds. To date, the attacks are ongoing and persist in targeting large banks in several SSA countries.”

Kaspersky accordingly advises financial organisations to introduce basic security awareness training for all employees so that they can better distinguish phishing attempts. Banks should also monitor activity in enterprise information systems and prepare an incident response plan to be ready for potential incidents in the network environment.

In August 2019 Kaspersky reported a cyber attack in which South Africa was apparently among 17 countries targeted by North Korean hackers, related to the activity of the so-called Lazarus group. They also targeted banks and other financial institutions.

By Mohit Kumar for The Hacker News

The infamous eGobbler hacking group that surfaced online earlier this year with massive malvertising campaigns has now been caught running a new campaign exploiting two browser vulnerabilities to show intrusive pop-up ads and forcefully redirect users to malicious websites.

To be noted, hackers haven’t found any way to run ads for free; instead, the modus operandi of eGobbler attackers involves high budgets to display billions of ad impressions on high profile websites through legit ad networks.

But rather than relying on visitors’ willful interaction with advertisements online, eGobbler uses browser (Chrome and Safari) exploits to achieve maximum click rate and successfully hijack as many users’ sessions as possible.

In its previous malvertising campaign, eGobbler group was exploiting a then-zero-day vulnerability (CVE-2019-5840) in Chrome for iOS back in April, which allowed them to successfully bypass browser’s built-in pop-up blocker on iOS devices and hijack 500 million mobile user sessions in just a week to show pop-up ads.
apple malware advertisement

Though Google already patched the vulnerability with the release of Chrome 75 in June, eGobbler is still using the flaw to target those who haven’t yet updated their Chrome browser.

However, according to the latest report published by security firm Confiant, the eGobbler threat actors recently discovered and started exploiting a new vulnerability in WebKit, the browser engine used by Apple Safari browser for both iOS and macOS, Chrome for iOS and also by earlier versions of Chrome for desktop.

The new WebKit exploit is more interesting because it doesn’t require users to click anywhere on legit news, blog or informative websites they visit, neither it spawns any pop-up ad.

Instead, the display ads sponsored by eGobbler leverage the WebKit exploit to forcefully redirect visitors to websites hosting fraudulent schemes or malware as soon as they press the “key down” or “page down” button on their keyboards while reading the content on the website.

This is because the Webkit vulnerability actually resides in a JavaScript function, called the onkeydown event that occurs each time a user presses a key on the keyboard, that allows ads displayed within iframes to break out of security sandbox protections.

“This time around, however, the iOS Chrome pop-up was not spawning as before, but we were, in fact, experiencing redirections on WebKit browsers upon the ‘onkeydown’ event,” the researchers said in their latest report.
“The nature of the bug is that a cross-origin nested iframe is able to ‘autofocus’ which bypasses the ‘allow-top-navigation-by-user-activation’ sandbox directive on the parent frame.”

“With the inner frame automatically focused, the keydown event becomes a user-activated navigation event, which renders the ad sandboxing entirely useless as a measure for forced redirect mitigation.”

Though Apple’s app store guidelines restrict all iOS apps with web browsing ability to use its WebKit framework, including for Google Chrome for iOS, mobile users are still less likely to be impacted by the redirection flaw as the ‘onkeydown’ event doesn’t work on the mobile OS.

However, the eGobbler payload, often delivered through popular CDN services, also includes code to trigger redirections when visitors of a targeted web application try to input something in a text area or search forms, likely “to maximize the chances of hijacking these keypresses.”

As researchers believe, “this exploit was key in magnifying the impact of this attack.”

Between August 1 and September 23, the threat actors have been seen serving their malicious code to a staggering volume of ads, which the researchers estimate to be up to 1.16 billion impressions.
While the previous eGobbler malvertising campaign primarily targeted iOS users in the United States, the latest attack targeted users in Europe countries, with a majority being from Italy.

Confiant privately reported the WebKit vulnerability to both the Google and Apple security teams. Apple fixed the flaw in WebKit with the release of iOS 13 on September 19 and in Safari browser 13.0.1 on September 24, while Google has yet to address it in Chrome.

  • 1
  • 2

Follow us on social media: 


View our magazine archives: 


My Office News Ⓒ 2017 - Designed by A Collective