The Lazarus Group, a nation-state level of attacker tied to the 2014 attacks on Sony Pictures Entertainment, has splintered off a portion of its operation to concentrate on stealing money to fund itself.
The group, widely believed to be North Korean, has been linked to a February 2016 attack against the Bangladesh Central bank that resulted in more than $850 million in fraudulent SWIFT network transactions, $80 million of which still has not been recovered. Researchers explained how the splinter group, known as Bluenoroff, has almost exclusively hit financial institutions, casinos, financial trade software development companies and cryptocurrency businesses.Read more
The feds warned that “a group of malicious cyber actors,” whom security experts believe to be the government-sponsored hacking group known as APT6, “have compromised and stolen sensitive information from various government and commercial networks” since at least 2011, according to an FBI alert.
The alert shows that foreign government hackers are still successfully hacking and stealing data from US government’s servers, their activities going unnoticed for years. This comes months after the US government revealed that a group of hackers had for more than a year infiltrated the computer systems of the Office of Personnel Management.Read more
To appreciate how malware targeting banks and other financial institutions is adopting sophisticated techniques once reserved for state-sponsored spies using so-called advanced persistent threats, consider the recently discovered Metel crimeware package.
It contains more than 30 separate modules that can be tailored to the computer it's infecting. One of the most powerful components automatically rolls back ATM transactions shortly after they're made. As a result, people with payment cards from a compromised bank can withdraw nearly unlimited sums of money from ATMs belonging to another bank.Read more
Turla APT group is one the most advanced threat actors in the world. This cyber espionage group has been active for more than 8 years, but little was known about its operations until last year.
Specifically, this research included examples of language artifacts, showing that part of the Turla are Russian-speakers. What makes the Turla group especially dangerous and difficult to catch is not just the complexity of its tools, but the exquisite satellite-based command-and-control mechanism implemented in the final stages of the attack. Command-and-control servers are the base of advanced cyber-attacks.Read more
Merchant vessels are continuously becoming bigger and getting more electronic systems. Seafarers often depend on technology data more than their own skills, knowledge, and senses.
Crews are becoming smaller as computer systems are being used for navigation, as well as for rapid unloading and tracking of goods at ports. These systems are vulnerable to cyber threats. Victims often try to keep successful hacks a secret. The reason for this is that the maritime companies value their reputation more than the money they actually lose. Also, cyber criminals are stealthy and in many cases companies are unaware they have been hacked.Read more
The Chinese-language Naikon advanced persistent threat group is targeting military, government and civil organizations located in and around the South China Sea, which is an increasingly contentious hot-bed of territorial disputes between various Southeast Asian nations.
Naikon infects its victims with spear-phishing emails in which malicious executables masquerade as seemingly relevant document attachments. When a victim opens one of these malicious attachments, a decoy document appears as an executable file and quietly exploits an old Microsoft Office vulnerability, installing malware on the victim’s machine.Read more
1 in 3 security professionals recommend negotiating with cybercriminals for the return of stolen data or the restoration of encrypted files. The study also found that firsthand experience with cybercrime extortion clearly shaped opinions.
Whether data is stolen by APTs or targeted attacks, or lost due to ransomware infection, enterprises need to reevaluate their cybersecurity strategies to incorporate the latest advanced threat defenses and become obsessive about backing up their data. Security professionals within the healthcare and financial services sectors were least likely to recommend negotiating with cyber-extortionists.Read more
Nowadays, we talk a lot about malware that invades our daily activities. Some are more dangerous than others — whether they target private users or companies. Organizations are also threatened by attacks for their intellectual property, which is a key element in the functionality of a business.
Advanced persistent threats are among the most dangerous that exist in the computing world. Earlier, security researchers have uncovered the first ever Arabic language advanced persistent threat group, called Desert Falcons. Let's discuss the characteristics of these attacks and the way organizations and individuals can protect themselves against them.Read more
Security researchers have uncovered the first ever Arabic language advanced persistent threat group. Dubbed Desert Falcons, the group of thirty or so attackers, operates out of Palestine, Egypt and Turkey and is said to have developed and deployed their wares exclusively in the Middle East.
It is impossible to determine whether Desert Falcons is state sponsored, but internet security is under threat. Their arsenal consists of homemade malware tools, social engineering and other techniques designed to execute and conceal campaigns on traditional and mobile operating systems. Desert Falcons’ malware is intended to steal sensitive information.Read more
Researchers have uncovered an extremely stealthy trojan for Linux systems that attackers have been using to siphon sensitive data from governments and pharmaceutical companies around the world.
The previously undiscovered malware represents a missing puzzle piece tied to Turla, a so-called advanced persistent threat disclosed in August. For at least four years, the campaign targeted government institutions, embassies, military, education, research, and pharmaceutical companies in more than 45 countries. The unknown attackers have infected several hundred Windows-based computers by exploiting a variety of vulnerabilities.Read more