by Anna Fifield
February 23, 2018
TOKYO — North Korea is quietly expanding both the scope and sophistication of its cyberweaponry, laying the groundwork for more devastating attacks, according to a report published Tuesday.
Kim Jong Un’s cyberwarriors have been accused of causing huge disruptions in recent years, including a massive hack on Sony Pictures in 2014 and last year’s WannaCry ransomware worm, as well as numerous attacks on South Korean servers.
Now, it appears that North Korea has also been using previously unknown holes in the Internet to carry out cyberespionage — the kind of activity that could easily metamorphose into full-scale attacks, according to a report from FireEye, a California-based cybersecurity company.
Although the North Korean regime bans the Internet for ordinary citizens and is decidedly behind the times with most technology, it has funneled a huge amount of time and money into building a cyber-army capable of outsmarting more technologically advanced countries such as South Korea.
“Our concern is that this could be used for a disruptive attack rather than a classic espionage mission, which we already know that the North Koreans are regularly carrying out,” said John Hultquist, director of intelligence analysis for FireEye.
FireEye said it has “high confidence” that a cyberespionage group it has identified as APT37 is responsible for a number of attacks, not just in South Korea but also in Japan, Vietnam and the Middle East. These include “zero-day vulnerability” attacks in which hackers find and exploit flaws in software before the developers have had an opportunity to create patches to fix them.
by BBC News
February 21, 2018
More than 52% of Britons aged 18-25 are using the same password for lots of online services, suggests a survey.
By doing so they make it easy for hackers to hijack accounts, warned the UK government’s Cyber Aware campaign.
The danger was acute because of the sensitive data people typically send via email and other accounts, it found.
About 79% of the 2,261 respondents of all ages said they had sent bank details or copies of passports and driving licences via messaging systems.
“Your email account is really a treasure trove of information that hackers won’t hesitate to exploit,” said Det Insp Mick Dodge, national cyber-protect co-ordinator with the City of London police in a statement.
The danger of identity theft was significant, he said, because many people who sent personal information via email rarely deleted it.
Bank statements, electronic copies of signatures and other important documents could all be sitting in lists of sent emails, said Det Insp Dodge.
“You wouldn’t leave your door open for a burglar, so why give criminals an open invitation to your personal information?”
Reusing a password helps cyber-thieves because they try to use login names and password combinations released in data breaches on many different online accounts to see if they get a hit.
by Dell Cameron
February 21, 2018
Employing sophisticated scams involving social engineering, email phishing, and the harvesting of employee passwords, attackers have pilfered millions of dollars from some of the world largest corporations—all while bypassing traditional hacking safeguards by simply avoiding the use malware.
A new report from IBM Security sheds light on ongoing campaigns being waged by “cyber con artists” employing a known scam called Business Email Compromise (BEC). These attacks take on many forms, but typically include fraud involving fake invoices, impersonation of high-ranking corporate officers, and the targeting of accounting or human resources staff to gather sensitive financial information, such as tax statements
The threats tracked by IBM’s global threat intelligence service, known as X-Force (insert Marvel Comics joke here), began by harvesting mass amounts of business user credentials, which in studied incidents enabled attackers to impersonate corporate officers authorized to make large fund transfers.
The compromised accounts were gathered largely using traditional phishing techniques.
In one case, an official-looking email sent to hundreds of corporate contacts appeared to contain a link to a business document. The targets were directed to a fake “DocuSign” website where they were first asked to log in using their email credentials. The attack targeted primarily personnel working in the company’s accounts payable department, the report says.
A key defense against this form of credential harvesting is implementing multi-factor authentication.
Fevereiro 21, 2018
Já está em pré-venda a primeira criptomoeda lançada pelo governo de um país. Trata-se do Petro, a moeda virtual que vai ser colocada no mercado pela Venezuela para tentar aplacar a altíssima inflação que assola a economia local, que faz um Bolívar valer apenas US$ 0,00004. Criada tendo como base o blockchain do Ethereum, o Petro deve entrar em oferta inicial de moeda em cerca de um mês.
A ideia por trás da criação do Petro é que ele sirva como uma segunda moeda oficial da Venezuela, além do Bolívar, com uma quantidade de 82 milhões de unidades da criptomoeda disponível inicialmente, mas intenção de lançar até 100 milhões de petros, que possuem como “lastro” 100 milhões de barris da imensa reserva de petróleo do país.
Fugindo do bloqueio
Outra grande sacada da criptomoeda venezuelana é driblar o bloqueio econômico aplicado pelos Estados Unidos e outros países de economia capitalista contra o país. Usando a moeda virtual, essas barreiras podem ser muito mais facilmente ultrapassadas e a Venezuela receber uma série de investimentos que seriam impossíveis no modelo atual.
Além dos milhões de barris de petróleo que garantem o valor do Petro, acredita-se também que existam reservas de ouro e diamantes que sirvam como lastro da moeda, teria dito o presidente Maduro. A oposição do líder já se declarou contra a medida de criação do Petro e chegou a afirmar que a utilização da criptomoeda seria ilegal e inconstitucional.
by Matthew Field
February 20, 2018
The UK’s top cyber security agency has reaffirmed its commitment to working with Chinese smartphone giant Huawei after US spy chiefs accused the company of presenting a national security risk.
The Government and the National Cyber Security Centre (NCSC) will “continue to benefit” from collaboration with Huawei, according to an NCSC spokesman. It comes despite US government employees potentially being banned from using the Chinese company’s smartphones due to security fears.
In the UK, Huawei operates a cybersecurity centre alongside members of GCHQ. Known as “The Cell”, it is set up to monitor threats and backdoors in the company’s own hardware. It is staffed by Huawei researchers overseen by the NCSC.
Last week, US intelligence chiefs from the Federal Bureau of Intelligence (FBI), Central Intelligence Agency and National Security Agency repeatedly warned against Huawei’s phones and recommended US consumers should avoid them.
“We’re deeply concerned about the risks of allowing any company or entity that is beholden to foreign governments that don’t share our values to gain positions of power inside our telecommunications networks,” FBI Director Chris Wray said.
The UK’s relationship with Huawei has taken a different path than its ally, however. Rather than blocking the company, UK spies from GCHQ work closely with the Chinese company.
“Huawei is a globally important company whose presence in the UK reflects our reputation as a global hub for technology, innovation and design,” an NCSC spokesman said.
“This government and British telecoms operators work with Huawei at home and abroad to ensure the UK can continue to benefit from new technology while managing cyber security risks.”
by Pierluigi Paganini
February 19, 2018
In 2017, hackers stole some personal information belonging to T-Mobile customers by exploiting a well-known vulnerability.
A video tutorial titled ‘T-Mobile Info Disclosure exploit’ showing how to use the flaw was also published on the Internet.
Exploiting the vulnerability it is possible to access certain customers’ data, including email addresses, billing account numbers, and the phone’s IMSI numbers.
Such kind of info could be used by hackers in social engineering attack against T-Mobile’s customer support employees with the intent of stealing the victim’s phone number.
The attackers can use them to impersonate the target customer, crooks call the T-Mobile customer care posing as the victim with the intent to trick the operator to issue a new SIM card for the victim’s number.
The crooks activate the new SIM and take control of your phone number, then they can use is to steal the victim’s identity. This is the beginning of the nightmare for the victims that suddenly lose their service.