Tag: attack

Ransomware attack hits top chipmaker Nexperia, huge hoard of data set to be leaked

Post author By lisa nichols
Post date April 16, 2024
No Comments on Ransomware attack hits top chipmaker Nexperia, huge hoard of data set to be leaked

[ad_1]

Top chipmaker Nexperia suffered a ransomware attack last month which saw threat actors get away with a terabyte of sensitive corporate data.

“Nexperia has become aware that an unauthorized third party accessed certain Nexperia IT servers in March 2024,” the company said in a statement shared with BleepingComputer. “We promptly took action and disconnected the affected systems from the internet to contain the incident and implemented extensive mitigation.”

The company later brought in third-party security experts to determine the nature and the scope of the incident, and took “strong measures” to terminate the unauthorized access.

Dark Angels

In the meantime, a threat actor calling itself Dunghill Leak assumed responsibility for the attack, claiming they were in possession of a terabyte of confidential data. To prove its claims, the group shared a sample, which included microscope scans of electronic components, employee passports, non-disclosure agreements, and other information.

The group is now demanding an unknown ransom payment, and if Nexperia declines, they will allegedly leak:

371 GB of design and product data, including QC, NDAs, trade secrets, technical specifications, confidential schematics, and production instructions.
246 GB of engineering data, including internal studies and manufacturing technologies.
96 GB of commercial and marketing data, including pricing and marketing analysis.
41.5 GB of corporate data, including HR, employee personal details, passports, NDAs, etc.
109 GB of client and user data, including brands such as SpaceX, IBM, Apple, and Huawei.
121.1 GB of various files and miscellaneous data, including email storage files.

Nexperia is a subsidiary of Wingtech Technology, a major Chinese chipmaker that operates plants in Germany and the UK. It builds transistors, diodes, MOSFETs, and logic divides, it was said. Its annual revenue exceeds $2 billion.

In its writeup, BleepingComputer claims the Dunghill Leak site is linked to the Dark Angels ransomware group.

Hackers are loading SVG files with multi-stage malware in new phishing attack

Post author By lisa nichols
Post date April 9, 2024
No Comments on Hackers are loading SVG files with multi-stage malware in new phishing attack

[ad_1]

A sophisticated new phishing attack was spotted in the wild, leveraging a wide variety of tools to bypass antivirus protections and ultimately deliver different Remote Access Trojan (RAT) malware.

According to cybersecurity researchers at Fortinet, an unidentified threat actor was seen sending phishing emails, stating a shipment has been delivered, and attaching an invoice. This attachment, however, is a Scalable Vector Graphics (SVG) file which, when run, triggers the infection sequence.

The SVG file drops a ZIP archive created with BatCloak – a tool designed to help malware bypass antivirus protection. This archive unpacks a ScrubCrypt batch file, which is another antivirus-evading tool which, in turn, sets up persistence, and bypasses AMSI and ETW protections to deliver the Venom RAT.

Rat infestation

While ScrubCrypt was first seen last year, and linked to the 8220 Gang threat actor, Fortinet does not mention if the same group was behind this campaign as well.

Venom RAT is described as a fork of Quasar RAT, and a powerful remote access trojan allowing threat actors full system takeover, sensitive data exfiltration, and more.

“While Venom RAT’s primary program may appear straightforward, it maintains communication channels with the C2 server to acquire additional plugins for various activities,” the researchers said in the report. “This includes Venom RAT v6.0.3 with keylogger capabilities, NanoCore RAT, XWorm, and Remcos RAT.

“This [Remcos RAT] plugin was distributed from VenomRAT’s C2 using three methods: an obfuscated VBS script named ‘remcos.vbs,’ ScrubCrypt, and Guloader PowerShell,” they added.

Besides Venom RAT, the researchers observed the malware dropping Remcos RAT, XWorm, NanoCore RAT, and a stealer that grabs information from cryptocurrency wallets such as Atomic Wallet, Electrum, Exodus, Jaxx Liberty, and others. Information from Foxmail and Telegram were also being exfiltrated to a remote server, they concluded.

The best way to protect against these attacks is to be extra careful when receiving emails with links, attachments, or similar calls to action.

Via The Hacker News

This new phishing attack targets iPhone and Android alike via RCS

Post author By lisa nichols
Post date March 28, 2024
No Comments on This new phishing attack targets iPhone and Android alike via RCS

[ad_1]

A new phishing service has been detected sporting a unique way of approaching iOS and Android users.

The Phishing-as-a-Service (PhaaS) tool, called “Darcula” and uncovered by researchers at Netcraft, stands out from the crowd as it reaches out to its victims via the Rich Communication Services (RCS) protocol for Google Messages and iMessage, instead of the usual Short Message System (SMS).

There are two reasons for the move to RCS, they explain, with the first one being an improved sense of legitimacy of the messages. The second one is that RCS messages are end-to-end encrypted, making them impossible to intercept, or block based solely on the contents of the message.

Thousands of domains and IP addresses

It’s impossible to say how many people received these smishing messages, but we do know that they’re located in more than 100 countries around the world.

Hackers who sign up for the service can impersonate dozens of organizations, choosing between more than 200 phishing templates. After paying for the subscription, the threat actors can choose one of many companies in the postal, financial, government, tax, telecommunications, airlines, and utility verticals, and get a dedicated phishing website with properly aligned fonts, logo images, and more.

The researchers described the phishing websites as “high quality”.

“The Darcula platform has been used for numerous high-profile phishing attacks over the last year, including messages received on both Apple and Android devices in the UK, as well as package scams impersonating United States Postal Service (USPS) highlighted in numerous posts on Reddit’s /r/phishing,” the researchers explained in their writeup.

The PhaaS apparently has some 20,000 domains, across 11,000 IP addresses. More than 100 new domains are being added to the tool, every day.

As usual, the best way to defend against phishing is to use common sense. If the message is unexpected, sounds strange, or too good to be true, extra caution is advised.

Via BleepingComputer

Warning: Apple Users Targeted in Advanced Phishing Attack Involving Password Reset Requests

Post author By miranda cosgrove
Post date March 26, 2024
No Comments on Warning: Apple Users Targeted in Advanced Phishing Attack Involving Password Reset Requests

[ad_1]

Phishing attacks taking advantage of what appears to be a bug in Apple’s password reset feature have become increasingly common, according to a report from KrebsOnSecurity. Multiple Apple users users have been targeted in an attack that bombards them with an endless stream of notifications or multi-factor authentication (MFA) messages in an attempt to get them to approve an Apple ID password change.

reset password request iphone
An attacker is able to cause the target’s iPhone, Apple Watch, or Mac to display system-level password change approval texts over and over again, with the hope that the person being targeted will mistakenly approve the request or get tired of the notifications and click on the accept button. If the request is approved, the attacker is able to change the ‌Apple ID‌ password and lock the Apple user out of their account.

Because the password requests target the ‌Apple ID‌, they pop up on all of a user’s devices. The notifications render all linked Apple products unable to be used until the popups are dismissed one by one on each device. Twitter user Parth Patel recently shared his experience being targeted with the attack, and he says he could not use his devices until he clicked on “Don’t Allow” for more than 100 notifications.

When attackers are unable to get the person to click “Allow” on the password change notification, targets often get phone calls that seem to be coming from Apple. On these calls, the attacker claims to know that the victim is under attack, and attempts to get the one-time password that is sent to a user’s phone number when attempting a password change.

In Patel’s case, the attacker was using information leaked from a people search website, which included name, current address, past address, and phone number, giving the person attempting to access his account ample information to work from. The attacker happened to have his name wrong, and he also became suspicious because he was asked for a one-time code that Apple explicitly sends with a message confirming that Apple does not ask for those codes.

The attack seems to hinge on the perpetrator having access to the email address and phone number associated with an ‌Apple ID‌.

KrebsOnSecurity looked into the issue, and found that attackers appear to be using Apple’s page for a forgotten ‌Apple ID‌ password. This page requires a user’s ‌Apple ID‌ email or phone number, and it has a CAPTCHA. When an email address is put in, the page displays the last two digits of the phone number associated with the Apple account, and filing in the missing digits and hitting submit sends a system alert.

It is not clear how the attackers are abusing the system to send multiple messages to Apple users, but it appears to be a bug that is being exploited. It is unlikely that Apple’s system is meant to be able to be used to send more than 100 requests, so presumably the rate limit is being bypassed.

Apple device owners targeted by this kind of attack should be sure to tap “Don’t Allow” on all requests, and should be aware that Apple does not make phone calls requesting one-time password reset codes.

[ad_2]

Source Article Link

Tags advanced, Apple, attack, involving, Password, Phishing, Requests, reset, targeted, users, Warning

Featured

A new ZenHammer attack is targeting more AMD CPUs

Post author By lisa nichols
Post date March 26, 2024
No Comments on A new ZenHammer attack is targeting more AMD CPUs

[ad_1]

The infamous Rowhammer DRAM attack can now be pulled off on some AMD CPUs as well, academic researchers from ETH Zurich have proved.

As reported by BleepingComputer, the researchers dubbed the attack ZenHammer, after cracking the complex, non-linear DRAM addressing functions in AMD platforms.

For the uninitiated, the Rowhammer DRAM attack revolves around changing data in Dynamic Random Access-Memory (DRAM), by repeatedly “hammering”, or accessing, specific rows of memory cells. Memory cells keep information as electric charges. These charges determine the value of the bits, which can either be a 0, or a 1. As the density of the memory cells in today’s chips is fairly big, “hammering” can alter the state in adjacent rows, or “flip” the bit. By flipping specific bits, the attackers can pull cryptographic keys, or other sensitive data, BleepingComputer explained.

Purely theoretical?

This means that AMD has joined Intel and ARM CPUs who were already known to be vulnerable to hammering attacks.

The researchers tested their theory on different platforms. For AMD Zen 2, they were successful 70% of the time. For AMD Zen 3, 60%. For AMD Zen 4, however, they were only successful 10% of the time, suggesting that “the changes in DDR5 such as improved Rowhammer mitigations, on-die error correction code (ECC), and a higher refresh rate (32 ms) make it harder to trigger bit flips.”

While usually academic research is purely theoretical, the researchers said this attack could be pulled off in the real world, too. They simulated successful attacks targeting the system’s security, and manipulating page table entries for unauthorized memory access.

Those fearing ZenHammer, it’s important to stress that these types of attacks are quite difficult to pull off. What’s more, there are patches and mitigations. Earlier this week, AMD released a security advisory with mitigation options.

This new attack uses the sound of your keystrokes to steal your passwords

Post author By lisa nichols
Post date March 18, 2024
No Comments on This new attack uses the sound of your keystrokes to steal your passwords

[ad_1]

Two researchers from Augusta University, in Georgia, U.S., demonstrated a novel way to steal people’s passwords that would put even James Bond to shame.

Last week, researchers Alireza Taheritajar and Reza Rahaeimehr published a paper called “Acoustic Side Channel Attack on Keyboards Based on Typing Patterns” which is just as weird as it sounds.

According to the research, there is a way to deduce a person’s password (or any other word that’s typed into a computer) by simply listening to them type.

Is it feasible?

The method is not as accurate as some other side channel attacks, as the researchers suggested the accuracy of this attack is around 43%. To pull it off, all the attackers would need is a relatively small sample of the victim’s typing (just a few seconds, apparently), but would need more than one recording.

Furthermore, they would need an English dictionary. The mitigating circumstance here is that the recording doesn’t have to be particularly “clean”. It could have significant background noise, or come from multiple different keyboards, and still work.

In theory, a threat actor could place a smartphone, or a similar microphone-equipped device, in the relative vicinity of the victim and record them typing. From that recording, they would be able to establish certain patterns, which could then be used to determine potential words. The English dictionary would help to predict which words would make most sense in the context of the sentence.

While it sounds ominous, there are quite a few moving parts that need to align perfectly, for the attack to be pulled off.

For one, the attacker needs to either be really close to the victim, have a recording device nearby (a smart speaker would suffice, apparently), or have malware installed that’s capable of leveraging the computer’s microphone. Then, the attacker needs to type in their password, as well as a bunch of other words.

They cannot be a professional typist, or be able to type fast in general, as that messes with the predictions. Then, the attackers can analyze the recordings and will still end up with just a 43% chance of success.

Russian Hackers Stole Microsoft Source Code—and the Attack Isn’t Over

Post author By miranda cosgrove
Post date March 9, 2024
No Comments on Russian Hackers Stole Microsoft Source Code—and the Attack Isn’t Over

[ad_1]

For years, Registered Agents Inc.—a secretive company whose business is setting up other businesses—has registered thousands of companies to people who appear to not exist. Multiple former employees tell WIRED that the company routinely incorporates businesses on behalf of its customers using what they claim are fake personas. An investigation found that incorporation paperwork for thousands of companies that listed these allegedly fake personas had links to Registered Agents.

State attorneys general from around the US sent a letter to Meta on Wednesday demanding the company take “immediate action” amid a record-breaking spike in complaints over hacked Facebook and Instagram accounts. Figures provided by the office of New York attorney general Letitia James, who spearheaded the effort, show that in 2023 her office received more than 780 complaints—10 times as many as in 2019. Many complaints cited in the letter say Meta did nothing to help them recover their stolen accounts. “We refuse to operate as the customer service representatives of your company,” the officials wrote in the letter. “Proper investment in response and mitigation is mandatory.”

Meanwhile, Meta suffered a major outage this week that took most of its platforms offline. When it came back, users were often forced to log back in to their accounts. Last year, however, the company changed how two-factor authentication works for Facebook and Instagram. Now, any devices you’ve frequently used with Meta services in recent years will be trusted by default. The move has made experts uneasy; this means that your devices may not need a two-factor authentication code to log in anymore. We updated our guide for how to turn off this setting.

A ransomware attack targeting medical firm Change Healthcare has caused chaos at pharmacies around the US, delaying delivery of prescription drugs nationwide. Last week, a Bitcoin address connected to AlphV, the group behind the attack, received $22 million in cryptocurrency—suggesting Change Healthcare has likely paid the ransom. A spokesperson for the firm declined to answer whether it was behind the payment.

And there’s more. Each week, we highlight the news we didn’t cover in depth ourselves. Click on the headlines below to read the full stories. And stay safe out there.

In January, Microsoft revealed that a notorious group of Russian state-sponsored hackers known as Nobelium infiltrated the email accounts of the company’s senior leadership team. Today, the company revealed that the attack is ongoing. In a blog post, the company explains that in recent weeks, it has seen evidence that hackers are leveraging information exfiltrated from its email systems to gain access to source code and other “internal systems.”

It is unclear exactly what internal systems were accessed by Nobelium, which Microsoft calls Midnight Blizzard, but according to the company, it is not over. The blog post states that the hackers are now using “secrets of different types” to breach further into its systems. “Some of these secrets were shared between customers and Microsoft in email, and as we discover them in our exfiltrated email, we have been and are reaching out to these customers to assist them in taking mitigating measures.”

Nobelium is responsible for the SolarWinds attack, a sophisticated 2020 supply-chain attack that compromised thousands of organizations including the major US government agencies like the Departments of Homeland Security, Defense, Justice, and Treasury.

[ad_2]

Source Article Link

Tags attack, Codeand, hackers, isnt, Microsoft, Russian, source, Stole

News

Cyber attack trends for 2024 from the X-Force Threat Report

Post author By miranda cosgrove
Post date February 22, 2024
No Comments on Cyber attack trends for 2024 from the X-Force Threat Report

X-Force Threat Intelligence Index Report 2024

In the dynamic arena of cybersecurity, the stakes are high and the adversaries are relentless. The latest insights from IBM’s X-Force Threat Intelligence Index Report for 2024 provide a crucial glimpse into the cyber threats that dominated the previous year. For anyone with a stake in the digital world, these findings are not just informative; they are essential for the protection of your digital assets.

The report highlights a significant rise in the exploitation of legitimate user credentials, which saw a 71% increase in 2023, making it as prevalent as phishing in terms of methods used for initial access by cybercriminals. This alarming trend underscores the critical need for robust Identity and Access Management (IAM) protocols. Without strong IAM measures, your digital presence is at risk, as cybercriminals continue to refine their tactics to gain unauthorized access to systems and data.

Phishing attacks, a long-standing threat, remain a formidable challenge, with cybercriminals constantly updating their strategies to install malware or steal credentials. The malware that is particularly concerning is the kind that hijacks user accounts, potentially leading to significant data breaches. It is more important than ever to remain vigilant and to be able to recognize and respond to these deceptive tactics.

Cyber Attack Trends 2024

Here are some other articles you may find of interest on the subject of artificial intelligence

Data security has become increasingly important, with incidents of data theft and leakage now accounting for 32% of the major impacts on organizations. This represents a significant increase from the 19% reported in 2022. The rise of info stealers has contributed to this trend, emphasizing the need to protect your data from theft and unauthorized disclosure.

Application security is another area that demands continuous attention. The most common vulnerabilities are due to misconfigurations, failures in identity and authentication, and issues with access control. These vulnerabilities are often linked to poor password practices and the use of default settings. Addressing these issues through rigorous security measures is essential to safeguard your applications from potential breaches.

The report also touches on the emergence of Generative AI, including advanced chatbots, which has been a hot topic in 2023. While the use of this technology in attacks has been minimal so far, the interest shown in dark web forums suggests that it could pose future threats. Keeping up with the developments in generative AI is therefore an important aspect of your cybersecurity strategy.

X-Force Threat Intelligence Index Report for 2024

A review of 2023 identifying major threat trends in cybersecurity, drawing on data from IBM’s global team across 17 countries, including ethical hackers, incident responders, researchers, and analysts.

Identity and Access Management:
- Initial access factors highlighted, with valid accounts or improper use of a valid account and phishing tied for the top method at approximately 30%.
- A significant increase in valid account misuse, up by 71% over the previous year.
Phishing Details:
- Split into two main types: those involving attachments and those involving links, aiming to plant malware or steal credentials.
- A considerable portion of malware is intended to steal credentials.
Data Security:
- Data theft and leakage were the top impact on organizations, constituting 32%, up from 19% in 2022.
- The rise of info stealers, malware designed to exfiltrate sensitive information and credentials, saw an increase of 266%.
Application Security:
- Misconfiguration was the most frequent application security vulnerability, according to the OWASP Top 10 list.
- Identity and authentication failures, along with related access control issues, were significant, collectively accounting for 36% of the vulnerabilities.
Zero-Day Attacks:
- A significant decrease in 2023 compared to 2022, down by 72%, possibly due to easier attack methods being available.
Ransomware:
- A slight decrease in real-world cases, down by 12%.
- Early signs of better defense against ransomware attacks and a growing trend of organizations not paying the ransom.
Generative AI:
- 2023 marked a significant year for the adoption and discussion of generative AI technologies.
- Over 800,000 mentions of AI and generative AI in dark web forums, indicating both interest and experimentation by malicious actors.
- Concerns raised about the potential misuse of generative AI in cyber attacks, with some alternative chatbots lacking restrictions on generating malicious content.
Preventive Measures and Recommendations:
- Emphasis on the effectiveness of industry best practices in preventing 84% of attacks on critical infrastructure.
- Recommendations include multi-factor authentication, use of passkeys, data encryption, immutable backups, patching applications, system hardening, and staying informed about generative AI developments.

However, it’s not all grim news. The report notes a significant 72% decline in zero-day attacks and a 12% reduction in ransomware incidents, indicating that cybersecurity efforts are making a difference. These positive trends highlight the effectiveness of proactive prevention measures and the benefits of staying ahead of cybercriminals.

Prevention is, and always has been, the best defense. The report suggests that adhering to industry best practices could have prevented 84% of the attacks on critical infrastructure that occurred. Among the recommended practices are the use of multi-factor authentication, passkeys, data encryption, immutable backups, regular patching, system hardening, and staying informed about the latest developments in generative AI.

The X-Force Threat Intelligence Index Report for 2024 is a wake-up call to learn from the previous year’s cybersecurity challenges and to strengthen our defenses. It is imperative that you review the full report for a comprehensive analysis and adopt the suggested security practices. By doing so, you can enhance the security of your digital ecosystem and be better prepared to face the emerging threats that lie ahead.

Filed Under: Technology News, Top News

Latest timeswonderful Deals

Disclosure: Some of our articles include affiliate links. If you buy something through one of these links, timeswonderful may earn an affiliate commission. Learn about our Disclosure Policy.

Tags attack, Cyber, Report, threat, Trends, XForce