Tag: cybercrime

In Focus: Backdoor Malware Targeting SSH Keys

In Focus: Backdoor Malware Targeting SSH Keys

Information Security
In Focus: Backdoor Malware Targeting SSH Keys A backdoor malware that targeted SSH keys previously used by the most sophisticated and well-financed threat groups has trickled down to ordinary cybercriminals as this malware is now being sold to anyone with access to the dark web, a new report showed. “SSH keys can be potent weapons in the wrong hands,” Yana Blachman, threat intelligence specialist at Venafi, told Infosecurity. “But until recently, only the most sophisticated, well-financed hacking groups had this kind of capability. Now, we’re seeing a ‘trickle-down’ effect, where SSH capabilities are becoming commoditized.” What Is SSH? SSH, which stands for Secure Shell, is a protocol used to secure remote login from one computer to another. The SSH protocol is used for many applications across many platforms, including Linux,…
Read More
New Ransomware Tactic: Data Publication in Case Victims Don’t Pay Ransom

New Ransomware Tactic: Data Publication in Case Victims Don’t Pay Ransom

Information Security, News
New Ransomware Tactic: Data Publication in Case Victims Don’t Pay Ransom Ransomware attackers typically encrypt victims’ data and demand from victims ransom in exchange for the decryption keys. To pressure victims into paying ransom, attackers have added a new tactic: publication of stolen data in the event victims fail to pay ransom. While ransomware attackers in the past threatened victims to leak stolen data online for failing to pay ransom, many don’t follow through. Ransomware victims, as shown in their official statements, often view ransomware attacks not as data breaches – a type of cyber-attack that steals data. Ransomware victims, rather, believe that ransomware attackers can’t access the content itself. This perception that ransomware attackers can’t access the content itself is thrown out of the window as recent ransomware trend…
Read More
Coordinated Ransomware Attack Used for the First Time in 22 Local Governments in Texas

Coordinated Ransomware Attack Used for the First Time in 22 Local Governments in Texas

Information Security, News
Coordinated Ransomware Attack Used for the First Time in 22 Local Governments in Texas Ransomware attacks on local governments are becoming all too common these days. Past ransomware attacks, while targeted, were conducted separately. The latest ransomware attack on 22 local governments across Texas marks a shift in the way ransomware attacks are launched: in a coordinated manner. The Texas Department of Information Resources, in a press statement, said that on the morning of August 16, 2019, a total of 22 local governments in the State of Texas reported a ransomware attack. While not naming the affected local governments, the Texas Department of Information Resources said majority of the victims are smaller local governments. Ransomware is a type of malicious software (malware) that attackers use to infect computers. In a…
Read More
Time to Patch: BlueKeep Exploit Is Now Up For Sale

Time to Patch: BlueKeep Exploit Is Now Up For Sale

Information Security, IT Support
Time to Patch: BlueKeep Exploit Is Now Up For Sale A U.S. company has recently made available, for a fee, a BlueKeep Exploit, that takes advantage of a security vulnerability in the Remote Desktop Protocol (RDP) service included in older versions of the Windows operating system. While the commercial availability of this BlueKeep exploit gives legitimate cybersecurity professionals a tool to detect exposed RDP-enabled systems, it also gives malicious actors an opportunity to pirate or legitimately buy this tool for malicious activities. What Is BlueKeep? BlueKeep, officially known as CVE-2019-0708, is a vulnerability in the Remote Desktop Protocol (RDP) service included in Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows 2003 and Windows XP. Remote Desktop Protocol, commonly referred to as RDP, is a proprietary protocol developed by…
Read More
Cybercriminals Target Another Legitimate Tool: MYSQL Servers

Cybercriminals Target Another Legitimate Tool: MYSQL Servers

Information Security, IT Support
Cybercriminals Target Another Legitimate Tool: MYSQL Servers The recent discovery by researchers at Sophos that attackers are scanning the internet to find vulnerable MYSQL servers for the purpose of infecting them with the GandCrab ransomware shows that attackers are increasingly targeting legitimate tools as a means to sneak into organizations’ networks. MySQL server is a database platform that uses tables to store data and indexes to sort data and speed up performance. This database platform supports desktop and web applications and runs on either Linux or Windows operating system. GandCrab ransomware, meanwhile, is a particular type of malicious software (malware) designed to lock out legitimate users from their computer system or data until a ransom is paid. Researchers at Sophossaid that they set-up a mocked up insecure MySQL server for…
Read More
15 Leading DDoS-for-Hire Sites Shut Down by Authorities

15 Leading DDoS-for-Hire Sites Shut Down by Authorities

Information Security
15 Leading DDoS-for-Hire Sites Shut Down by Authorities Just a few days before the busiest holiday season, the Federal Bureau of Investigation (FBI) shut down 15 websites that offered DDoS-for-hire services. Following the seizure warrants issued by the U.S. District Court for the Central District of California, the FBIshut down 15 sites offering DDoS-for-hire services. These 15 DDoS-for-hire sites, including downthem.org and quantumstress.net, represent some of the world’s leading DDoS-for-hire services, the FBI said in a statement. According to the FBI, the 15 DDoS-for-hire sites that were taken down were responsible for DDoS attacks directed at victims in the U.S. and abroad, including financial institutions, universities, internet service providers, government systems, and various gaming platforms. Between October 2014 and November 2018, the FBI said, Downthem’s database showed it had more…
Read More
Canadian University Shuts Down IT Network After Cryptojacking Attack

Canadian University Shuts Down IT Network After Cryptojacking Attack

Information Security
Canadian University Shuts Down IT Network After Cryptojacking Attack St. Francis Xavier University, one of Canada’s oldest universities, was forced to temporarily disable all its network systems in response to a cryptojacking attack. The university, in a statement, said that a malicious software (malware) infected its network which then attempted to utilize the university’s collective computing power in order to mine the cryptocurrency Bitcoin. The university added that it's bringing its IT systems back online in a staggering process to minimize potential risk. This cyber incident at St. Francis Xavier Universityhighlights the dangers of a cryptojacking attack. What Is Cryptojacking? Cryptojacking happens when a cyberattacker uses without consent the computing power of another for the purpose of mining a cryptocurrency such as Bitcoin. Mining a cryptocurrency like Bitcoin is similar…
Read More

Tag: cybercrime

In Focus: Backdoor Malware Targeting SSH Keys

In Focus: Backdoor Malware Targeting SSH Keys

Information Security
In Focus: Backdoor Malware Targeting SSH Keys A backdoor malware that targeted SSH keys previously used by the most sophisticated and well-financed threat groups has trickled down to ordinary cybercriminals as this malware is now being sold to anyone with access to the dark web, a new report showed. “SSH keys can be potent weapons in the wrong hands,” Yana Blachman, threat intelligence specialist at Venafi, told Infosecurity. “But until recently, only the most sophisticated, well-financed hacking groups had this kind of capability. Now, we’re seeing a ‘trickle-down’ effect, where SSH capabilities are becoming commoditized.” What Is SSH? SSH, which stands for Secure Shell, is a protocol used to secure remote login from one computer to another. The SSH protocol is used for many applications across many platforms, including Linux,…
Read More
New Ransomware Tactic: Data Publication in Case Victims Don’t Pay Ransom

New Ransomware Tactic: Data Publication in Case Victims Don’t Pay Ransom

Information Security, News
New Ransomware Tactic: Data Publication in Case Victims Don’t Pay Ransom Ransomware attackers typically encrypt victims’ data and demand from victims ransom in exchange for the decryption keys. To pressure victims into paying ransom, attackers have added a new tactic: publication of stolen data in the event victims fail to pay ransom. While ransomware attackers in the past threatened victims to leak stolen data online for failing to pay ransom, many don’t follow through. Ransomware victims, as shown in their official statements, often view ransomware attacks not as data breaches – a type of cyber-attack that steals data. Ransomware victims, rather, believe that ransomware attackers can’t access the content itself. This perception that ransomware attackers can’t access the content itself is thrown out of the window as recent ransomware trend…
Read More
Coordinated Ransomware Attack Used for the First Time in 22 Local Governments in Texas

Coordinated Ransomware Attack Used for the First Time in 22 Local Governments in Texas

Information Security, News
Coordinated Ransomware Attack Used for the First Time in 22 Local Governments in Texas Ransomware attacks on local governments are becoming all too common these days. Past ransomware attacks, while targeted, were conducted separately. The latest ransomware attack on 22 local governments across Texas marks a shift in the way ransomware attacks are launched: in a coordinated manner. The Texas Department of Information Resources, in a press statement, said that on the morning of August 16, 2019, a total of 22 local governments in the State of Texas reported a ransomware attack. While not naming the affected local governments, the Texas Department of Information Resources said majority of the victims are smaller local governments. Ransomware is a type of malicious software (malware) that attackers use to infect computers. In a…
Read More
Time to Patch: BlueKeep Exploit Is Now Up For Sale

Time to Patch: BlueKeep Exploit Is Now Up For Sale

Information Security, IT Support
Time to Patch: BlueKeep Exploit Is Now Up For Sale A U.S. company has recently made available, for a fee, a BlueKeep Exploit, that takes advantage of a security vulnerability in the Remote Desktop Protocol (RDP) service included in older versions of the Windows operating system. While the commercial availability of this BlueKeep exploit gives legitimate cybersecurity professionals a tool to detect exposed RDP-enabled systems, it also gives malicious actors an opportunity to pirate or legitimately buy this tool for malicious activities. What Is BlueKeep? BlueKeep, officially known as CVE-2019-0708, is a vulnerability in the Remote Desktop Protocol (RDP) service included in Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows 2003 and Windows XP. Remote Desktop Protocol, commonly referred to as RDP, is a proprietary protocol developed by…
Read More
Cybercriminals Target Another Legitimate Tool: MYSQL Servers

Cybercriminals Target Another Legitimate Tool: MYSQL Servers

Information Security, IT Support
Cybercriminals Target Another Legitimate Tool: MYSQL Servers The recent discovery by researchers at Sophos that attackers are scanning the internet to find vulnerable MYSQL servers for the purpose of infecting them with the GandCrab ransomware shows that attackers are increasingly targeting legitimate tools as a means to sneak into organizations’ networks. MySQL server is a database platform that uses tables to store data and indexes to sort data and speed up performance. This database platform supports desktop and web applications and runs on either Linux or Windows operating system. GandCrab ransomware, meanwhile, is a particular type of malicious software (malware) designed to lock out legitimate users from their computer system or data until a ransom is paid. Researchers at Sophossaid that they set-up a mocked up insecure MySQL server for…
Read More
15 Leading DDoS-for-Hire Sites Shut Down by Authorities

15 Leading DDoS-for-Hire Sites Shut Down by Authorities

Information Security
15 Leading DDoS-for-Hire Sites Shut Down by Authorities Just a few days before the busiest holiday season, the Federal Bureau of Investigation (FBI) shut down 15 websites that offered DDoS-for-hire services. Following the seizure warrants issued by the U.S. District Court for the Central District of California, the FBIshut down 15 sites offering DDoS-for-hire services. These 15 DDoS-for-hire sites, including downthem.org and quantumstress.net, represent some of the world’s leading DDoS-for-hire services, the FBI said in a statement. According to the FBI, the 15 DDoS-for-hire sites that were taken down were responsible for DDoS attacks directed at victims in the U.S. and abroad, including financial institutions, universities, internet service providers, government systems, and various gaming platforms. Between October 2014 and November 2018, the FBI said, Downthem’s database showed it had more…
Read More
Canadian University Shuts Down IT Network After Cryptojacking Attack

Canadian University Shuts Down IT Network After Cryptojacking Attack

Information Security
Canadian University Shuts Down IT Network After Cryptojacking Attack St. Francis Xavier University, one of Canada’s oldest universities, was forced to temporarily disable all its network systems in response to a cryptojacking attack. The university, in a statement, said that a malicious software (malware) infected its network which then attempted to utilize the university’s collective computing power in order to mine the cryptocurrency Bitcoin. The university added that it's bringing its IT systems back online in a staggering process to minimize potential risk. This cyber incident at St. Francis Xavier Universityhighlights the dangers of a cryptojacking attack. What Is Cryptojacking? Cryptojacking happens when a cyberattacker uses without consent the computing power of another for the purpose of mining a cryptocurrency such as Bitcoin. Mining a cryptocurrency like Bitcoin is similar…
Read More