Hacker Ring Stole $1B from Banks in 30 Countries, Says Report

Again a hacker group has stolen more than $1 billion from different banks in all over the world and till now it is one of the biggest banking breaches, as per the reports of cyber-security firm.

According to Kaspersky Lab, which is one of the Russian security companies, “One of the hackers ring is active from last quarter of 2013 and they have infiltrated more than 100 different banks in 30 countries, including four banks in Canada.

They are using phishing schemes and other techniques to gain access banks computer and after that they lurk form one month to two month, to learn the banks' systems and in taking the screen shots or video of employees using their computers, the report says. As soon hackers become familiar with the banks' operations than they use their knowledge to steal money without raising any kind of suspicious activity, by setting up their fake accounts and transferring a lot of cash into them or programming ATMs to dispense money at their choice of time and more, according to Kaspersky.

This report was prepared to present in a security conference at Cancun, Mexico, but it was first reported by The New York Times.

It seems that hackers limit their theft $10 million before moving to another bank and this is why their fraud was not detected earlier, Vicente Diaz, Principal security researcher of Kaspersky said to The Associated Press in a telephone interview. These attacks were unusual because this time hackers target the banks rather than targeting any individual customers.

It seems that their goal is financial gain rather than espionage, Diaz said. This time hackers are not interested in any kind of personal information, they are only interested in financial gain. These hackers are flexible and quite aggressive as well because they have special tool for doing whatever they want to do. The most targeted countries are the U.S., Germany, Russia, Ukraine and China as attackers are expanding throughout Asia, Africa, the Middle East and Europe, Kaspersky says.

One of the bank lost more than $7.3 million through ATM fraud, whereas; in another case one of the financial institution lost $10 million because attackers exploit the bank’s online banking platform. Till now the name of banks are not clear and still Kaspersky is working with law-enforcement agencies to investigate these attacks.

These days, White House is putting a lot of focus on cyber-security due to many data breaches in national security agencies and companies, which are ranging from mass retailers to financial institutions such as; Home Depot and Target to Sony Pictures Entertainment and other insurance companies.

Now U.S. administration wants Congress to replace the all existing patchwork of national and state laws by giving a 30 days’ notice to companies that consumer’s personal information has been compromised. “As a officials at this point of time we cannot disclose the actions of individuals, but we believe that our officials are taking an appropriate actions to prevent these attacks and minimize any effects on customers”, one of the national security agency of U.S. said in a statement.

FBI: Email Scam Nets $214 Million in 14 Months

If you will check the spam folder in your e-mail account than you will know that why these e-mails known as spam’s and why your e-mail service provider is dropping these e-mails in spam folder, but in present you can easily find few fraud e-mails (e-mails which make fake promises) in inbox folder. Recently, the nonprofit National White Collar Crime Center and the Internet Crime Complaint Center with a joint effort of FBI release a report on the basis of calculation from Oct 1, 2013 to Dec 1, 2014.

In e-mail scams fake invoices delivered to different business that deals with international suppliers, asking for the payment of millions of dollars by wire transfer. According to recent reports of research team, “The victims love to use wire transfer payments method for money transaction to foreign banks, which can be transferred many times, but they tend to disperse faster”. Most of the American and Asian banks, which are located in Hong Kong or China, are the most preferred commonly reported last destination for more than 80 per cent fraudulent transfers.

Data in reports: 

As per the reports of National White Collar Crime Center and the Internet Crime Complaint Center in an association of FBI, “All of the scams has claimed more than 1,198 US victims and 928 victims in other countries has witness the these kinds of scams and U.S. firms have lost more than $179 million in total. According to FBI, “We believe that the number of victims and the total loss in dollar will continue to increase”.

In general if you will analyze your spam folder, so over there you will find few of the e-mails are promising or taking about reward, job of senior level in premium companies, lucky draw and more. Some of us are lucky because we know that these e-mails are fraud whereas; some of us believe in those e-mails and start to follow their instructions.

In other version of scheme, some of the businesses which work on international level of with international clients and suppliers are contacted through fax, phone, email or post asking for payments. These e-mails are spoofed and they seems like genuine and authentic as they are coming from reliable or legitimate supplier and fax or phone requests also appears authentic and genuine. Whereas; in other version e-mail accounts of high level management executives compromised form criminals for requesting a wire transfer through fake promises regarding to business opportunity and they include the instructions to reply or send funds on urgent basis.

However; the third version of fraud schemes involves the hacking of an employee's e-mail account, which sends the duplicate or fake invoices to suppliers or vendors.

According to task force of FBI, “Now it’s time when vulnerable businesses should avoid using free e-mails for executives or official accounts and they should exercise caution for posting the company information on social media or on public websites. You can also include additional security steps like; or digital signatures and two-step verification process.

The Real Cybercrime Geography

According to cyber experts, the recent cyber attack on Sony Pictures was due to digital infiltration of North Korea. In digital world things change very rapidly and due to that spin doctors of North Korea stated in quick response that they didn’t hack the server of Sony Pictures and some of cybercrime experts from U.S. also telling the same that North Korean propagandists can be right. As per the evidence, which represented by FBI, it’s clear that incriminate hackers were working for the government organizations, communist, but still U.S experts stated that these proof are not just enough to blame Pyongyang.


According to Sam Glines, CEO of Norse (a cyber security firm), “According to data collection which was based on forensic evidence, it’s clear that North Korea is not accountable for any type of hacking activity or on initiating the attack on Sony Pictures”. All the hackers must be busy because thousands of information gathered from Sony Picture’s servers, which they released after few hours. All the leaked information was related to cast salaries, film’s budget, taxes of actors and actresses with little known fact that Kevin Federline act for a cameo appearance in $5,000. We all know that country North Korea is still on war with America, but America was never on the radar for computer attacks. So, who was responsible for cyber attack on Sony Picture’s? India? Russia? or Iran and Iraq? In future the answer can be the surprise.

According to Symantec there are 20 countries in world that can responsible for cyber attacks and the list was generated on following factors; malicious code rank, malicious computer activity, phishing, spam zombies rank, attack origin and bot rank. The top five countries according to survey were the U.S.A., China, Germany, Britain and Brazil, whereas; the in the list bottom three are Argentina, Australia and Israel, however; South Korea came in at No. 14, Russia at No. 12, and the fact is that North Korea didn’t make it to enter into top 20.

If you will say just gather 10 American computer experts on coffee table and soon the talk will turn into hacking and cybercrime, but it’s not true, however the Russians have been active in cybercrime and cyber-hacking from past few decades as they are also playing the vital role in cybercriminal world. In present if you own money, and want to hack into PC or mobile, so all you need to place an order or buy a program for a cyberattack to get someone’s personal information or swipe financial or banking information. IN western firms the online banking fraud and credit card information theft is normal, now the main question is “If the Russians are so good, so why they just landed up on rank at No. 12?

Hacker Clones a Politician’s Fingerprint Using Normal, Long-Distance Public Photos

Something of this magnitude can’t expected to have happened in past couple of years but now, according to a member of the Chaos Computer Club, which is a European hacker association (on the similar lines of Cult of the Dead Cow in the united states of America) it is possible.

They have successfully shown that it is quite possible to clone or reproduce anyone’s fingerprints. This clone can be used to break into anyone’s system, which is protected by the biometric fingerprint scanners. They just need the photo of someone’s fingers. According to the club, they do not need any close up photos; any photos with the celebrity waving the hands even from a far distance will do the trick.

Considering this case, the CCC was able to get their hands on the fingerprint of Germany’s defense minister Ursula von der Leyen through a photo, which was taken during a press conference. This could easily be considered as a security breach if the German government uses biometric access control systems.

The findings: 

The findings were presented by Jan “Starbug” Krissler, the hacker at the Chaos communication congress. He was able to recreate the thumbprint of the minister by using a photo of the minister, which was taken at the press conference, and some other photos, which have take the picture of her thumb from multiple angles. He used one of the commercially available software called Verifinger Software.

Jan created a real world dummy by using this thumbprint. He started by printing it on a mask and then exposing the same to create a negative print on a substrate. Then he filled the negative with wood clue and created a new positive fingerprint. In case of testing, this technique can pose serious threat to Apple’s TouchID sensor and just in case the minister has Apple iphone then the company can seriously get her into trouble. By this, the company is hoping that the German government is not relying on fingerprints to control their military systems.

What is the drawback? 

With the digital fingerprint readers becoming very common now and it is being on laptops to high-end expensive smartphones. The biggest problem with fingerprints is that they can give false positive, negative and even multiple readings of the same print and give out different results. Even though fingerprints are the best means of identification, still security and forensic communities are looking forwards towards more techniques that are reliable.

DNA sequencing is being considered a one of the best means of forensic identification, and vein matching and gait analysis are best options for control access. This technique is called living biometrics and as the name suggest it is only valid until the person is alive. This technique is already in use in Poland and Japan at some of their ATM’s.

If you are among the people who are using fingerprints for access control, it might be a good time to switch over to something more reliable.



 

Sony Malware May Be Linked To Other Damaging Attacks

Identification of Technical Evidence at Sony Corp’s Hollywood Studio

Researchers of Cyber security have identified what according to them is technical evidence linking massive breach at Sony Corp’s Hollywood studio with the attacks in South Korea and the Middle East. Kaspersky Lab, a Moscow based security software maker stated that it has uncovered evidence that all the three campaigns could have been launched by one group or it could have been facilitated by an individual organisation who are well versed in working with destructive malware.

Cyber attackers had damaged thousands of computers at Saudi Arabia’s national oil company as well as Qatar’s RasGas with virus known as Shamoon in 2012, which is one of the most destructive campaigns till date and Iran has been blamed by the U.S. officials.

A year ago, over 30,000 PCs were affected at South Korean banks as well as broadcasting companies by similar attack that cyber security researchers were of the belief that it was launched from North Korea. Kurt Baumgartner, Kaspersky researcher informed Reuters that there are `unusually striking similarities’ which are related to the malicious software and techniques in both the campaigns and the Sony attack on Nov. 24 in which a malware was dubbed `Destover’, was used.

Perpetrator Access to Confidential Information 

The attack had crippled the computer systems giving the perpetrator access to confidential employee information which also included the executive salaries. The attack is said to have used a so called wiper virus which can erase data and has the capabilities of bringing down networks with thousands of computers thereby preventing companies in conducting their business.Similarities were described by Baumgartner in depth in a technical blog which was published recently on Kaspersky’s website.

He stated in an interview that `it could be a single actor or it could be that there are trainers or individuals who float across groups’. According to him he states that the evidence indicate that the hackers from North Korea were the cause of the attack on Sony though it is unclear whether they work directly for the government.

Several of the cyber security researchers are not in agreement with Kaspersky’s interpretation of the technical evidence. Symantec Corp. a California based company had stated in a blog post that it also sees similarities between the attacks against Sony and the Shamoon campaign and attributes it to being copied stating that there does not seem to be any evidence that the same group is behind both attacks.

Critical Infrastructure At Risk

Chertoff co-founder and executive chairman of The Chertoff Group, which is a global security consultancy based in Washington commented in an interview that `either for political or economic reasons at some point, sophisticated actors are going to be more willing to use destructive malware.

He adds further that Sony attack shows that critical infrastructure is at risk and the potential for cyber weapons to be deployed continues to increase. Cyber security companies fear for more destructive attacks in the forthcoming months.

Chief executive officer, Ron Gula, for Tenable Network Security Inc., which is based in Columbia, Maryland comments, `if attacks like those against Sony continue against other U.S. companies, 2015 could be a year of disrupted services’.

Researcher Put Their Focus on the Masque Attack on OS X/iOS

According to the reports released to public by the researchers working at FireEye on 17 November, Mac OS X and iOS operating systems have threat from Masque Attack, which has already come into existence. This report was published within a gap of a week post the discovery of WireLurker by the Palo Alto Networks.

What is Masque Attack? 

Masque attack can easily utilize a drawback in the operating system of Apple, which allows the user to replace one app by another app, as long as both these apps are using the same bundle identifier. One of the threatening issues is that through this attack, all the preinstalled apps on the operating systems (example Mobile Safari) can be easily replaced.

The duplicate apps will be able to track the local data of the original apps, which includes the login details like user id and password. Through this attack, an attacker can easily login into anyone’s account and make transactions from their bank accounts.

These attacks become more easy, has the iOS usually does not put in force certificate matching for apps that come with the same bundle identifier. FireEye researchers were able to verify and identify the vulnerability on both regular iOS and jailbroken. The regular iOS includes iOS 7.1.1, iOS 7.1.2, iOS 8.0, iOS 8.1, and iOS 8.1.1 beta. Attackers can influence the vulnerability through USB ports and even wireless networks.

According to the blog post of FireEye researchers Tao Wei, Hui Xue and Yulong Zhang, Apple is unable to prevent such attacks due to the existing standard interfaces and protections. They are requesting the Company to develop interfaces that are more powerful and give it to professional security vendors.

This way these vendors will be able to protect their enterprise users from all these advanced attacks. This attack will prompt the users to download malicious apps with new names like for example, the new angry bird.

The users of these operating systems are more susceptible to these attacks when they download any app from third party source or by ignoring the un-trusted app message popping on their phones. Users, who have set the Gatekeeping feature on “Anywhere”, actually nullify their protection.

As per FireEye's researchers, WireLurker utilizes very limited form of the attack when hitting the iOS through USB ports.

According to director of software engineering at Arxan, Joe Abbey, WireLurker will be able to deliver the workload only if the user has installed any un-trusted app on MAC, on the other hand for the Masque attack to occur, the user must have downloaded enterprise-provisioning profile.

Companies who have the BYOD policies are more susceptible to Masque attack. According to Abbey, it is recommended that the owners of BYOD policies disable the provisioning profiles, till Apple comes out with a solution.

Masque attacks and WireLurker are additional examples of highly sophisticated and automated attacks, which are growly rapidly. These attacks highlights that we are in serious need of automotive proactive protection and prevention methods.

Researchers Identified Sophisticated Chinese Cyber Espionage Team

Collaboration between various security firms has thwarted one of the biggest and most sophisticated cyber espionage crew called the Axiom which is thought to be linked to China. This Axiom Threat Actor Group mostly targeted NGO and pro-democratic along with other individuals who are perceived as potential threat to China.

The Axiom Group

The group mostly targets pro-democratic NGOs in Asia along with industrial espionage by targeting organizations with influential energy policy and environmental policies. Also on the list is IT giants, chip makers, telecom companies and infrastructure providers.

The group mostly used phishing attack and malwares to get the job done. The typical attack seems more like a state-sponsored attack yet again. Their prime is the Hikit tool linked to an attack referred to as Deputy-dog attack, which famously used an IE zero day bug to attack Asian firms mostly.

The group seems to work relatively quietly and is thought to be more heavily funded than say APT1 crew (Shanghai based and PLA affiliated). According to Novetta, the group is active for 6 years, is highly disciplined and is well-resourced. The suspect that Chinese government is related is most certainly true.

The Collaboration and Solution

The attacks performed did not go unnoticed however and sooner rather than later, security firms started collaborating to bring it down. The coalition among the partner is led by Novetta along with Bit9, Cisco, F-Secure, ThreatTrack Security, iSIGHT Partners, Microsoft, FireEye, Tenable, ThreatConnect, Volexity and other unnamed partners. Via Microsoft’s coordinated malware removal campaign, the coalition took its first public action called operation SMN.

Over 43k machines with Axiom tool installations have been removed from machines. Among them 180 were clear examples of Hikit – the last stage persistent and data exfiltration tool that is the peak of the Axiom victim’s lifecycle. This was perhaps the first of its kind from security firms to fight off potentially deadly state-sponsored threats to the whole world.

The Diplomacy 

China has clearly denied any involvement in Axiom. According to Chinese Embassy spokesman, such events and allegations judging from the past are fictitious and China has itself been on the wrong end of cyber espionage according to revelations by Snowden.

With 2 weeks to go before President Barrack Obama gives Beijing a visit, cyber security will be a high priority agenda to discuss. Washington has previously tried hard enough to pressurize China over issues of possible state-sponsored cyber warfare against the US but has failed to sustain it after the Snowden revelations.

Novetta however hopes that the example set by the coalition will be followed in future to fight cyber terrorism. However, it will be very stupid to think that Axiom is gone for good. The operation was more of a remediation than knock-out blow and chances are that Axiom will be back soon though with probably different tools and strategies this time around.

The group has amassed lots of technical data regarding the threat and its workings which will help in future in fighting against such groups.

1.2 Billion Passwords Snipped: Secure Your Online Account with a Strong Password

Technology represents a new identity with the extensive improvement and thus you can easily acknowledge the optimistic features helping you to set up a new identity online. However, along with the advanced attributes also you may be the victim of a negative impact such as hacking. Nowadays it appears as one of the biggest concerns that you need to take care of maintaining a suitable profile online. Manifold users complain that they have been hacked and the passwords are stolen, which lead to lose the confidential and important data.

The newspapers and the online news channels reveal the entire fact specifying the dark side of technology. According to the authenticated information, a particular Russian group hacked about 1.2 billion passwords from nearly 500 accounts. Therefore, all the users using the accounts faced serious problems recovering the entire set of data.

How to maintain the privacy of your account? 

From the above fact, it emerges as the essential feature to sustain a suitable privacy that blocks the hackers stealing your password. You need to set a password that is really difficult to retrieve. The passwords accumulating the common characters or figures can be easily tracked by the hackers that may be threatening for your account.

Incorporate other security features such as the secret questions that protect your account from the unauthorized access. So, all your information remains safe and you would not have to worry regarding the spamming activities. Furthermore, nowadays the webmail providers and the other social sites are implementing multiple security attributes to safeguard their users from the unruly bustles. Follow the regular news and other technical periodicals that depict useful information helping you to know how you can incorporate more safety measures to your account. Hence, you can prevent the leaking out of the data that may bring a tragic episode in your life.

Cyber Security to safeguard the Online Users

Furthermore, the administration employs a specific cyber security feature that protects the privacy of the users and thus you can carry out the online activities without any worry. The entire society is therefore convinced that they attain the ultimate safety over the web that leads to the flawless execution of the operations. Browse the various online sites that consist of other information revealing the particular facets for the cyber security. Acknowledge certain software and other equipment installing which you can increase the safety of your account online.

Eliminate the Negative Technical Brunt

Once, you are able to put a complete barrier to the hackers and other unqualified persons entering your personal account the overall theft will decrease to the large extent. It comes out as a significant feature that is really useful to affix a strict blockade to your top secret data. Employ the feasible security measures and ensure the effective account free from the spamming activities that destroy your useful information. Make sure that you are on the safe hands protecting your account from every type of unscrupulous bustle. Finally, you are able to set up a complete well-organized online account that achieves the ultimate safety.

Why Internet Security is Important to Small Businesses

Online security isn’t just important to businesses – it’s important to every user of the Internet. We all have something to lose when we’re online; we are all vulnerable. As an individual, knowing that your emails have been hacked is enough of a breach of privacy, let alone if you’re a business which has a lot more to lose.
Whether we like it or not, the increasing dominance of the Internet has brought with it a rise in hackers and cybercrime. The best way in which we can deal with the prevalence is by ensuring that we’re safe and secure, at home and at work.

Small businesses are becoming increasingly targeted. According to a part one of an infographic, targeted attacks on small businesses have risen by 13% between 2011 and 2012. The Symantec infographic, found in two parts, exposes some web threat trends that may be of interest to you and your business and may help you to understand the importance of internet security for small businesses.
The fact of the matter is, cybercrime can happen to anyone. Small businesses may not think that they’re vulnerable but the infographic shows that they are. It’s important the business owners don’t become complacent with an “it won’t happen to me” attitude. If suitable security measures are in place and updated regularly, the chance of a malicious attack is substantially smaller. Protecting yourself online isn’t just a technical measure though; it’s also down to you and the policies you implement so that every employee knows how to be as secure as possible while online.

Something as easy to install as reliable anti-virus software can help to maintain a high level of security for your business network. This sort of software is well worth the investment and, on the grand scale of things, is inexpensive too. Once it’s installed, it will help to spot any malicious activity, by warning you before opening attachments that it may deem suspicious, and also scanning the websites you visit and flagging up any that are vulnerable or are potential phishing sites.

As a business, your efforts shouldn’t stop at your online activity. You should also ensure that your business network is protected, too. Most small businesses that use more than one computer are connected to a network which can be targeted by unscrupulous third parties. According to the infographic mentioned, the vast majority of security breaches came from outside business networks, meaning that strong user passwords, wireless passwords and private SSIDs are essential.

By implementing some simple measures, your business will be as safe as possible and should, hopefully, be able to avoid any prolific security attack. Unfortunately, nothing you do will make you completely invincible, but ensuring that some element of protection is in place will mean that chances of your business being caught out are much less.

Your employees need to understand the importance of online security so that they don’t unwittingly cause your business to be victimised. Appropriate training and business policies should be put into place so that every working day can run smoothly.

Being aware of online security issues is the first step towards protecting yourself from cybercrime. Educate yourself and your staff to minimise the risk to your business.

by Roxanne