Connect with us

Breaches

How Cybercriminals Target Victims: Report Cites Top Information Resources

Published

on

Cybercriminals, whose attacks cost organizations millions of dollars a year, do extensive research on their targets. They gather organizational and personal information before deciding which vulnerabilities to exploit.

SurfWatch Labs, a security consultancy, has released a report on research resources cybercriminals use. The purpose of the report is to provide organizations a tool to prevent cyber attacks. The report includes an overview of information resources cybercriminals use to target the victims. Knowing about these resources can help organizations defend against cyber attacks.

Adam Meyer

Adam Meyer

The majority of threat awareness training is taking place in medium to large sized businesses, according to Adam Meyer, SurfWatch Labs’ chief security strategist. “However, much of this training is geared toward protecting the employer and less about employees protecting themselves and their personal lives, even though some would transfer over and provide benefit to the employer,” Meyer told Hacked.com.

Lack Of Public Awareness

“Many organizations, and individuals for that matter, do not know their ‘level of presence’ out there,” he said. “They don’t know what their true exposure to cyber threats is, and therefore are not making fully informed risk decisions. We all use technology every day in our lives and have become completely dependent on it, but we don’t place much effort in trying to live a cyber safe lifestyle. A well-rounded cyber safety awareness program is one of the cheapest and most impactful efforts you can do to combat cyber crime, yet is the least utilized,” he said.

awareness

SurfWatch Labs searches the public Internet and the Dark Web to gather information about criminal activity.

The company’s website offers an example of a Dark Web screen shot showing where an organization’s stolen credit cards are for sale. The screen shot shows bank identification numbers corresponding to credit cards, searchable location information that makes it easy for criminals to evade conventional fraud detection, multiple base names that indicate batches of stolen card information, and a number indicating how many cards are for sale.

Criminals Use Security Websites

One takeaway from the report is that websites that appear to be intended to help protect people from cyber attack are actually resources for cyber attackers.

Most tools can be used for both positive and negative purposes with the only difference being the intent of the individual, Meyer said.

Asked if SurfWatch could also serve as a resource for cyber criminals, Meyers was adamant that it cannot. “No, our core resources are not publicly available and the information we do share is only shared with the organization who is entitled to it,” he said.

Top Three Public Resources

The top three public web sources criminals use for gathering information are Shodan.io, virustotal.com and companies’ own individual websites.

Shodan.io, launched in 2009 by John Matherly, has become the top site cyber criminals use. It constantly scans the Internet to find what is accessible publicly. The report dubs Shodan as the “Google for the Internet of Things (IoT).”

Shodan, which calls itself a search engine for security, has expanded from a list of ports and IPs to maps indicating where devices are located. It includes screenshots from unsecured servers, workstations and webcams.

shodan

The website notes that it has servers worldwide scanning the Internet to provide the latest Internet intelligence. “Who buys Smart TVs? Which countries are building the most wind farms? What companies are affected by Heartbleed?” the site advertises.

Shodan also allows organizations to keep track of all of the computers in their network that are directly accessible on the Internet. It provides a public API that allows access to all of Shodan’s data. Integrations are available for Chrome, Firefox, Nmap, FOCA, Metasploit, Maltego and many more.

Matherly’s original focus was problems associated with connected hard goods like thermostats and refrigerators, the report noted. He expanded the focus to open computer systems, industrial control systems, unsecured cameras and other things.

Shodan demonstrates the seriousness of the risk associated with putting information online. There is not much online that can be hidden from Shodan. Organizations must find a way to protect any information that goes online if they don’t want Shodan to find it.

Virustotal.com

VirusTotal presents itself as a free service that analyzes suspicious URLs and helps detect malware. The reality is that it helps malicious actors test their wares. Attackers upload new malware to test it against at least 56 anti-virus vendors to find out how their new malware will be detected.

virustotal

The time frame for detecting malware is short, so it has to be used rapidly. Otherwise, the criminals would be testing a new “obfuscating” tool to hide a known malware from being detected for use in future campaigns.

The website states that anyone can send a suspicious file and receive a report with antivirus scanner results. In exchange, antivirus companies receive new malware samples to improve protections for their users. It claims to be an ecosystem where everyone works together to improve Internet security.

VirusTotal saves metadata from the files it analyzes. A user can view the IP history of the domain to get the current WHOIS, but VirusTotal will also provide a list each time it detects something malicious on the site, in addition to all samples that tried to communicate with the domain.

What About Your Own Site?

The best way for an attacker to learn about a target is from their own website. Most company websites include information about officers and key employees, such as names, email addresses, pictures, LinkedIn profiles and more.

SurfWatch noted word documents, PDFs and powerpoint presentations include metadata that has additional information about companies, including software versions of the program used to create these documents.

Google searches reveal more information about a company that many people are not aware of.

google-pdf

Top Dark Web Sources

The top three dark web sources are AlphaBay Market and Forum, TheRealDealMarket and HANSA Market.

AlphaBay has become the most popular Dark Web market, providing tens of thousands of things for sale, including stolen credentials, drugs, fraudulent items, bank account logins, personal information about individuals, hacking tools and more. Launched by “alpha01” in 2014, it mimics Amazon and eBay in its organization. Users purchase items anonymously using bitcoin.

Criminals access AlphaBay with the Tor browser. Since the Tor browser is available to anyone, legitimate parties can also see what is for sale.

The AlphaBay Market website claims to be the largest Darknet Market, four times larger than its closest competitor, with more than 120,000 listings. The website includes an easy-to-understand overview of how the Dark Web works, including the Tor browser, which is used to access the Dark Web.

alphabay

It notes that the government is monitoring people who download Tor, but it adds that one can get around this problem by using a VPN. It encourages users to visit a site for such VPNs: https://topvpnsoftware.com.

By visiting the website, users are invited to sign up for a newsletter that provides information on how to remain anonymous online to hide Dark Web activities.

The site notes Tor has some issues with exit nodes, and that someone who has access to all nodes in the chain can track a user. The best approach is to pair Tor with a VPN that keeps no logs.

TheRealDeal Market

TheRealDeal, launched in 2015, focuses on selling code and exploits. Law enforcement in July of 2015 arrested some of the founders in operations against the Dark Web forums. The site shut down for a few months before relaunching in December of 2015.

therealdeal

TheRealDeal made news after selling user credentials from healthcare databases, as well as Yahoo, LinkedIn and MySpace. The site also offers source code, zero-day vulnerabilities and other items. Legitimate parties will gain insight into the types of tools and information that cyber criminals use.

While TheRealDeal Market site has reportedly relaunched, it is hard to access. Another website, deepdotweb, has a section on how to sign up for TheRealDeal Market.

On Sept. 17, deepdotweb noted that TheRealDeal’s evolution code (or at least a large portion of it) was bought from a hacking forum, but lacked some major parts. It noted the site would be providing free vendor accounts for 24 to 48 hours.

Deepdotweb, for its part, includes a lot of information about how to secure anonymity on the Dark Web. It notes that law enforcement is actively scrutinizing Dark Web users. There is a lot of information on finding the best VPN to ensure anonymity. There is even a chart ranking and comparing VPNs. There is also a list of 23 Dark Web sites that rates the sites and gives information on registration requirements, active warnings, security issues and more.

HANSA Market

HANSA Market resembles an eBay for illicit goods and was created to improve Dark Web users’ security in response to the numerous exit scams. It claims that its multi-signature escrow payment process protects against theft.

hansa

HANSA vendors offer tools and information, but pirated products are the most common, including video games, software, movies and credentials for related accounts.

Top Public Payload Destinations

Public payload destinations are places from which malware is sent to end users. The three main avenues are social media, email and “malvertising.”

socialmedia-targets-data

Source: SurfWatch Labs Data

Social media provides the greatest avenue cyber criminals use for reaching victims. Malicious “shortened URLs” target Twitter’s text limitation. Malicious Facebook apps attract people looking to add a new application using Facebook as their login tool. Social media also gives a lot of information about people and provides attackers avenues for approaching targets.

Email Spearphishing

Email spearphishing remains the leading tool for attacking victims. A phishing attack succeeds by getting one recipient out of a thousand to click a link or download a file. Nearly every major attack this year has come from spearphishing.

To protect against spear-phishing, boundary protection is required at a minimum. The only mitigation is ongoing education. Organizational policies that restrict the use of email addresses when signing up for public services will reduce an organization’s chances of falling victim to a spearphising attack.

Malvertising

Cyber criminals typically use malicious ads, “malvertising,” to spread malware. They often use a third party advertising network to exploit software vulnerabilities. Malvertising works because it usually appears to be legitimate and it targets victims based on their interests.

malware-stats

The advertising provider network is massive, making it easy for attackers to inject their malware into ads without being traced.

The Fessleak campaign, exposed last year, utilized “burner” domains that expired after eight hours.

The Fessleak attacks exploited zero-day vulnerabilities in Adobe’s Flash Player, according to securityaffairs.co. Attackers spread it from an advertising network that managed ad groups on popular websites. Initially, the ransomware was sent through an exploit kit. Researchers also found an instance of the malware served via a real-time ad-bidding network, which sent the malware.

After Microsoft patched the escalation flaw in Windows systems, the hackers stopped using file-less infections and switched to zero-day exploits.

Helpful Tips

Blacklists of malicious domains are helpful tools in preventing malware. Organizations should update these lists often and automatically.

Organizations should update their software as often as possible since malware campaigns exploit known vulnerabilities in common software.

Users should also restrict the use of scripts in browsers to prevent malware from running in the first place, although this tactic is not foolproof.

Also read: Phishing malware claims 10,000 Facebook victims

Awareness Remains An Issue

“Sadly, many organizations are only relying on general cyber crime news to keep abreast on what’s going on out there because that resource is easy, and generally free to consume,” Meyer said. “As one step beyond that, an organization might also join an industry Information Sharing and Analysis Center (ISAC) where they will receive industry specific threat information of a general nature for an annual fee.

“A third and I would say the top tier step, is for the organization to resource a full-scale intelligence capability that will look at the specifics of threat capabilities, opportunities and intent and most importantly how those threats can impact the organization specifically and paint a picture of what the organization needs to do to mitigate the threat.”

Will Regulation Help?

“While more organizational regulation isn’t always the best solution in most cases, there is an increase in regulatory oversight for cyber security efforts than just a few years ago. and I see this as a positive step,” Meyer said. “Regulators still have a long ways to go in maturing what value-added, practical steps organizations need to take to meet these regulations but at least there is an effort to enforce accountability in the right places.”

Hacker

“While organizations have progressed in deploying technologies that help protect general public users, they have only done so because the market was a forcing factor due to fallout from breaches and regulatory action,” he said. “Unfortunately, too many organizations still continue to operate with heads in the sand. Additionally, the general public user is also very naïve in how they use technology and how much of their personal lives they expose on a daily basis. More education for cyber safety is needed both at the organizational level as well as for the individual.”

Images from Shutterstock and iStock/Dimitrios Stefanidis.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...

3.9 stars on average, based on 8 rated postsLester Coleman is a veteran business journalist based in the United States. He has covered the payments industry for several years and is available for writing assignments.




Feedback or Requests?

Altcoins

Monero Price Analysis: Stronger Malware to Mine Monero; XMR/USD Has Room for Another Potential Squeeze South

Published

on

  • Researchers: a stronger malware has been uncovered, which can mine Monero.
  • XMR/USD price action remains stuck in a narrowing range, subject to an imminent breakout.

The XMR/USD price has seen some upside on Saturday, holding gains of around 3% towards the latter stages of the day. Despite the press higher from the bulls, a move which has been observed across the cryptocurrency market, vulnerabilities remain. Price action has been ranging for the past nine sessions. Once again, this isn’t specifically just XMR, as this type of behavior is witnessed across the board. The narrowing in play came after the steep drop that rippled across the market on 10th January.

Price action was initially well-supported to the upside by an ascending trend line, which was in play from 15th December. This at the time was a very promising recovery, as XMR/USD had gained as much as 55%. Unfortunately, however, the bulls were unable to break down supply heading into the $60 region and were eventually dealt a big hammer blow. On 10th January, the market bears forced a heavy breach to the downside, smashing through this support. The price had dropped a big double-digits, some 20%.

Stronger Malware Mining Monero (XMR)

There is a dangerous form of malware that can bypass being detected and mine Monero (XMR) on cloud-based servers. A recent notice was put out by Palo Alto Networks’ Unit 42, an intelligence team that specializes in cyber threats, regarding a Linux mining malware. This was detailed to have been developed by Rocke group, which has the ability uninstall cloud security products. It can do this to the likes of Alibaba Cloud and Tencent Cloud, to then illegally mine Monero on compromised machines.

The two researchers from Palo Alto Networks, Xingyu Jin and Claud Xiao, detailed the findings of their studies. Once the malware is downloaded, it takes administrative control to initially uninstall all cloud security products. Shortly after, it will then then transmit code that will mine the Monero (XMR). Further within their press release, they said, “To the best of our knowledge, this is the first malware family that developed the unique capability to target and remove cloud security products.”

Technical Review – XMR/USD

XMR/USD daily chart.

Given the current range block formation, eyes should be on the key near-term technical areas. Firstly, to the downside, $43, which is the lower part of the range. A breach here will likely see a retest of the December low, $38. To the upside, resistance be observed at around the mid $46 level. Should a breakout be observed here, then a potential retest of the broken trend line will be watched.

Disclaimer: The author owns Bitcoin, Ethereum and other cryptocurrencies. He holds investment positions in the coins, but does not engage in short-term or day-trading.

Featured image courtesy of Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...

4.6 stars on average, based on 123 rated postsKen has over 8 years exposure to the financial markets. During a large part of his career, he worked as an analyst, covering a variety of asset classes; forex, fixed income, commodities, equities and cryptocurrencies. Ken has gone on to become a regular contributor across several large news and analysis outlets.




Feedback or Requests?

Continue Reading

Altcoins

Crypto-Security Testnet Surpasses Key Milestones

Published

on

Security and has been combined with micro-compucomputing are a combination which ascended to greatly relevant, both economically and financially, since the early days of commercial internet technology, the John McAfee associated era of anti-virus software, and fears of ‘millennium-bug’ (‘Y2K’)-induced societal meltdowns.

As a market player, ‘cybersecurity‘ is hailed for its continuedvalue and growth, with recent implementations advancing in tandem with technological development. With ‘blockchain’ having become a key buzzword in recent years, it comes as little surprise that digital security providers have been attempting to identify and provide protection against cryptocurrency related scams.

Examples of these include ‘malware‘ AKA ‘malicious software’. They are often created with the aim of illicitly subvert the processing power of the victim’s device for use towards the mining of cryptocurrencies, or lock and potentially delete highly sensitive data (such as Ransomware’).

Cybersecurity and Blockchain

Crypto attacks can affect almost any person or institution: from private wallets and exchanges, to cryptocurrency operators, and even sometimes unsuspecting users of internet browsers with no relation to blockchain based services.

In an article published at CCN in August 2018, I wrote about the large prolificity and news coverage of cyber-attacks carried out against cryptocurrency organisations: with a majority of them involving the theft of high-value quantities of tokens or sensitive data.

Key points raised in the piece include the identification of wallets and exchanges as high-value targets for potential thieves, as well as a discussion surrounding a study of over 1000 participants in which none of the top exchanges were “lauded for security”.

As cybersecurity has been exposed as a fatal flaw in the unauthorised access / theft access of finances and data, it has also drawn a spotlight on the various methods employed by the companies which suffer these attacks.

Middleware, Wear and Tear

Some teams attempt to protect their data and finances through the creation and implementation of their own proprietary cybersecurity solutions whilst others seek the tender of others,

‘Middleware’ is nothing new and has long been utilised as a means of implementing third-party solutions as a means of shifting professional a legislative liability regarding essential functions of a brand technology.

It’s a creation by third party product / service providers that sits between external and internal code in order to facilitate functions or protections.

Decentralized Security Testnet

REMME is a project harnessing blockchain technology to create a distributed cybersecurity solution for enterprises.

Its now-released testnet has already demonstrated the efficacy of storing hashed Public Key Infrastructure certificates on the blockchain, and with 300 pilot program participants signed up, REMME isn’t short of applicants eager to trial its distributed identity and access management solution.

‘Distributed Identity and Access management’ (IAMd) and ‘Public Key Infrastructure’ requests (PKId) count amongst two of the primary features of the proprietary REMChain testchain network infrastructure. Both claims of which have come from CEO Alex Momot, who additionally praised “The interoperability of the public blockchain and sidechains”.

Additional features include the ‘REMchain block explorer’ – ‘node monitoring’ (connected to five nodes worldwide) – REMME WebAuth demo application.

While a pilot program reportedly attracting over 300 global enterprise applicants, REMME feels confident about the future of their long terms plans: which include full integration existing enterprise systems (ERP, CRM, Accounting software etc.).

Featured image courtesy of Shutterstock. 

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
3 votes, average: 4.33 out of 53 votes, average: 4.33 out of 53 votes, average: 4.33 out of 53 votes, average: 4.33 out of 53 votes, average: 4.33 out of 5 (3 votes, average: 4.33 out of 5)
You need to be a registered member to rate this.
Loading...

4.5 stars on average, based on 12 rated posts




Feedback or Requests?

Continue Reading

Breaches

MyEtherWallet Compromised in Security Breach; Users Urged to Move Tokens

Published

on

Popular cryptocurrency service MyEtherWallet (MEW) is urging users to move their tokens after the platform succumbed to its second cyber attack of the year. As the company reported earlier, hackers targeted MEW’s popular VPN service in an attempt to steal cryptocurrency.

Hola VPN Users Compromised

Rather than target MEW directly, hackers took control of the Hola VPN service, which claims nearly 50 million users. For the next five hours, MEW users who had the Hola chrome extension installed and running on their computer were exposed.

MEW took to Twitter to urge users to move their funds immediately.

“Urgent! If you have Hola chrome extension installed and used MEW within the last 24 hrs, please transfer your funds immediately to a brand new account!” the company said. It added the following message shortly thereafter:”We received a report that suggest Hola chrome extension was hacked for approximately 5 hrs and the attack was logging your activity on MEW.”

At the time of writing, MEW’s Twitter feed had no further updates.

MyEtherWallet is used to access cryptocurrency wallets, where users can send and receive tokens from other people.

The company reportedly told TechCrunch that the attack originated from a Russian-based IP address.

“The safety and security of MEW users is our priority. We’d like to remind our users that we do not hold their personal data, including passwords so they can be assured that the hackers would not get their hands on that information if they have not interacted with the Hola chrome extension in the past day,” MEW said, as quoted by TechCrunch.

It’s not yet clear how many users were compromised in the attack or how much, if any, was stolen from their wallets. MEW suffered a similar incident in February after a DNS attack wiped out $365,000 worth of cryptocurrency from users’ accounts.

Cyber Attacks on the Rise

The attack on MEW came less than 24 hours after Hacked reported another major cyber breach involving Bancor, a decentralized cryptocurrency exchange. The security breach compromised roughly $23.5 million worth of digital currency, including Ethereum, NPXS and BNT, Bancor’s native token.

Last month, a pair of South Korean exchanges fell prey to cyber criminals, prompting local regulators to expedite their approval of new cryptocurrency laws.

It has been estimated that a total of $761 million has been stolen from cryptocurrency exchanges in the first half of the year, up from $266 million in all of 2017. That figure is expected to rise to $1.5 billion this year.

CipherTrace, the company behind the estimates, told Reuters last week that stolen cryptocurrencies are mainly used to launder money and aid criminals in concealing their identities.

Disclaimer: The author owns bitcoin, Ethereum and other cryptocurrencies. He holds investment positions in the coins, but does not engage in short-term or day-trading.

Featured image courtesy of Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
2 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 5 (2 votes, average: 5.00 out of 5)
You need to be a registered member to rate this.
Loading...

4.7 stars on average, based on 770 rated postsChief Editor to Hacked.com and Contributor to CCN.com, Sam Bourgi has spent the past nine years focused on economics, markets and cryptocurrencies. His work has been featured in and cited by some of the world's leading newscasts, including Barron's, CBOE and Forbes. Avid crypto watchers and those with a libertarian persuasion can follow him on twitter at @hsbourgi




Feedback or Requests?

Continue Reading

Recent Posts

A part of CCN

Hacked.com is Neutral and Unbiased

Hacked.com and its team members have pledged to reject any form of advertisement or sponsorships from 3rd parties. We will always be neutral and we strive towards a fully unbiased view on all topics. Whenever an author has a conflicting interest, that should be clearly stated in the post itself with a disclaimer. If you suspect that one of our team members are biased, please notify me immediately at jonas.borchgrevink(at)hacked.com.

Trending