1.
TRITON
Malware
Security researchers have uncovered another nasty piece of malware
designed specifically to target industrial control systems (ICS) with a
potential to cause health and life-threatening accidents.
Dubbed Triton, also known as Trisis, the ICS malware has been designed to target Triconex Safety Instrumented System (SIS) controllers made by Schneider Electric—an autonomous control system that independently monitors the performance of critical systems and takes immediate actions automatically, if a dangerous state is detected.
Dubbed Triton, also known as Trisis, the ICS malware has been designed to target Triconex Safety Instrumented System (SIS) controllers made by Schneider Electric—an autonomous control system that independently monitors the performance of critical systems and takes immediate actions automatically, if a dangerous state is detected.
Neither the targeted organization name has been disclosed by the
researchers nor they have linked the attack to any known nation-state hacking
group.
According
to separate research conducted by ICS cybersecurity firm Dragos, which calls
this malware "TRISIS," the attack was launched against an industrial
organization in the Middle East.
The hackers deployed Triton on an SIS engineering workstation running
Windows operating system by masquerading it as the legitimate Triconex Trilog
application.
The current version of TRITON malware that researchers analyzed was built with many features, “including the ability to read and write programs, read and write individual functions and query the state of the SIS controller.”
The current version of TRITON malware that researchers analyzed was built with many features, “including the ability to read and write programs, read and write individual functions and query the state of the SIS controller.”
"During the incident, some SIS controllers
entered a failed safe state, which automatically shut down the industrial
process and prompted the asset owner to initiate an investigation," the
researchers said.
Using TRITON, an attacker can typically reprogram the SIS logic to falsely shut down a process that is actuality in a safe state. Though such scenario would not cause any physical damage, organizations can face financial losses due to process downtime.
THIS IS FOR EDUCATIONAL PURPOSE ONLY, I AM NOT RESPONSIBLE FOR ANY
2.
FaceXWorm
Virus
Cybersecurity researchers from Trend
Micro are warning users of a malicious Chrome extension which is spreading
through Facebook Messenger and targeting users of cryptocurrency trading
platforms to steal their accounts’ credentials.
Dubbed FacexWorm, the attack technique
used by the malicious extension first emerged in August last year, but
researchers noticed the malware re-packed a few new malicious capabilities
earlier this month.
New capabilities include stealing
account credentials from websites, like Google and cryptocurrency sites,
redirecting victims to cryptocurrency scams, injecting miners on the web page
for mining cryptocurrency, and redirecting victims to the attacker's referral
link for cryptocurrency-related referral programs.
It is not the first malware to abuse
Facebook Messenger to spread itself like a worm.
Late last year, Trend Micro
researchers discovered a Monero-cryptocurrency mining bot, dubbed Digmine, that
spreads through Facebook messenger and targets Windows computers, as well as Google
Chrome for cryptocurrency mining.
It should be noted that FacexWorm
extension has only been designed to target Chrome users. If the malware detects
any other web browser on the victim's computer, it redirects the user to an
innocuous-looking advertisement.
How Does
the FacexWorm Malware Work
If the malicious video link is opened
using Chrome browser, FacexWorm redirects the victim to a fake YouTube page,
where the user is encouraged to download a malicious Chrome extension as a
codec extension to continue playing the video.
Once installed, FacexWorm Chrome
extension downloads more modules from its command and control server to perform
various malicious tasks.
3. NHS hack: Cyber attack
takes 16 hospitals offline
At
least 16 hospitals are having to reject patients after their systems were taken
offline.A huge cyber-attack has infected NHS trusts across the country and has
led to all digital systems being pulled down.
The
ransomware threatens hospitals that they will lose access to patient records
and other files if they don't pay money to the hackers.
NHS Digital, which
oversees hospital cybersecurity, says the attack used the Wanna Decryptor
variant of malware, which holds affected computers hostage while the attackers
demand a ransom.
Spain, meanwhile,
said several Spanish companies had been targeted in ransomware cyberattack that
affected the Windows operating system of employees' computers. It did not say
which companies were targeted but telecommunications company Telefonica said it
had detected a cybersecurity incident that had affected computers of some
employees.
4.
New Mirai Botnet
Variant Found
While tracking botnet activity on their
honeypot traffic, security researchers at Chinese IT security firm Qihoo 360
Netlab discovered a new variant of Mirai—the well known IoT botnet malware that
wreaked havoc last year.
The targeted port scans are actively looking for vulnerable
internet-connected devices manufactured by ZyXEL Communications using two
default telnet credential combinations—admin/CentryL1nk and admin/QwestM0dem—to gain root privileges on the
targeted devices.
Researchers believe (instead "quite confident") this ongoing campaign is part of a new Mirai variant that has been upgraded to exploit a newly released vulnerability (identified as CVE-2016-10401) in ZyXEL PK5001Z modems.
"ZyXEL PK5001Z devices have zyad5001 as the su (superuser)
password, which makes it easier for remote attackers to obtain root access if a
non-root account password is known (or a non-root default account exists within
an ISP’s deployment of these devices)," the vulnerability description reads.
This is not the very first time when the Mirai botnet targeted
internet-connected devices manufactured by ZyXEL. Exactly a year before,
millions of Zyxel routers were found vulnerable to a critical remote code
execution flaw, which was exploited by Mirai.
Shortly after Cisco's released its early report on a large-scale hacking
campaign that infected over half a million routers and network storage devices
worldwide, the United States government announced the takedown of a key
internet domain used for the attack.
The hacking group has been in operation since at least 2007 and has been
credited with a long list of attacks over the past years, including the 2016
hack of the Democratic National Committee (DNC) and Clinton Campaign to
influence the U.S. presidential election.
The malware has already infected over 500,000 devices in at least 54
countries, most of which are small and home offices routers and
internet-connected storage devices from Linksys, MikroTik, NETGEAR, and
TP-Link. Some network-attached storage (NAS) devices known to have been
targeted as well.
VPNFilter is a multi-stage, modular malware that can steal website
credentials and monitor industrial controls or SCADA systems, such as those
used in electric grids, other infrastructure and factories.
The malware communicates over Tor anonymizing network and even contains a killswitch for routers, where the malware deliberately kills itself.
Unlike most other malware that targets internet-of-things (IoT) devices, the first stage of VPNFilter persists through a reboot, gaining a persistent foothold on the infected device and enabling the deployment of the second stage malware.
VPNFilter is named after a directory (/var/run/vpnfilterw) the malware creates to hide its files on an infected device.
Since the research is still ongoing, Talos researchers "do not have definitive proof on how the threat actor is exploiting the affected devices," but they strongly believe that VPNFilter does not exploit any zero-day vulnerability to infect its victims.
Instead, the malware targets devices still exposed to well-known, public vulnerabilities or have default credentials, making compromise relatively straightforward.
The malware communicates over Tor anonymizing network and even contains a killswitch for routers, where the malware deliberately kills itself.
Unlike most other malware that targets internet-of-things (IoT) devices, the first stage of VPNFilter persists through a reboot, gaining a persistent foothold on the infected device and enabling the deployment of the second stage malware.
VPNFilter is named after a directory (/var/run/vpnfilterw) the malware creates to hide its files on an infected device.
Since the research is still ongoing, Talos researchers "do not have definitive proof on how the threat actor is exploiting the affected devices," but they strongly believe that VPNFilter does not exploit any zero-day vulnerability to infect its victims.
Instead, the malware targets devices still exposed to well-known, public vulnerabilities or have default credentials, making compromise relatively straightforward.
6. Equifax
Cybercriminals
penetrated Equifax (EFX), one of the largest credit bureaus, in July and stole
the personal data of 145 million people. It was considered among the worst
breaches of all time because of the amount of sensitive information exposed,
including Social Security numbers.
The company only
revealed the hack two months later. It could have an impact for years because
the stolen data could be used for identity theft.
The Equifax breach
raised concerns over the amount of information data brokers collect on
consumers, which can range from public records to mailing addresses, birth
dates and other personal details.
Firms like Equifax,
TransUnion and Experian sell that data to customers, such as banks, landlords
and employers, so they can learn more about you. Whether data brokers do enough
to keep that private information secure is under scrutiny.
Former Equifax CEO
Richard Smith, who stepped down after the breach was revealed, testified to
Congress and blamed the security failure on one person who had since been
fired.
The public still
doesn't know who is responsible for the hack.
7. NotPetya
In June, the computer virus
NotPetya targeted Ukrainian businesses using compromised tax
software. The malware spread to major global businesses, including FedEx, the
British advertising agency WPP, the Russian oil and gas giant Rosneft, and the
Danish shipping firm Maersk.
This virus also spread by leveraging a
vulnerability leaked by the Shadow Brokers.
In September, FedEx attributed a $300 million loss
to the attack. The company's subsidiary TNT Express had to suspend business.
8. Bad Rabbit
Another major ransomware campaign, called Bad
Rabbit, infiltrated computers by posing as an Adobe Flash installer on news and
media websites that hackers had compromised.
Once the ransomware infected a machine, it scanned
the network for shared folders with common names and attempted to steal user
credentials to get on other computers.
The ransomware, which hit in October, mostly
affected Russia, but experts saw infections in Ukraine, Turkey and Germany.
It served as a reminder that people should never
download apps or software from pop-up advertisements or sites that don't belong
to the software company.
9. Voter records exposed
In June, a security researcher discovered almost
200 million voter records exposed online after a GOP data firm
misconfigured a security setting in its Amazon cloud storage service.
It was the latest in a string of major breaches
stemming from insecure Amazon servers where data is stored. They are secure by
default, but Chris Vickery, a researcher at cybersecurity firm UpGuard,
regularly finds that companies set it up wrong.
10.WannaCry
WannaCry was a ransomware attack that spread
rapidly in May of 2017. Like all ransomware, it took over infected computers
and encrypted the contents of their hard drives, then demanded a payment in
Bitcoin in order to decrypt them. The malware took particular root in computers
at facilities run by the United Kingdom's NHS.
Malware isn't anything new, though. What made
WannaCry significant and scarywas the means it used to propagate: it exploited
a vulnerability in Microsoft Windows using code that had been secretly
developed by the United States National Security Agency. Called EternalBlue, the
exploit had been stolen and leaked by a hacking group called the Shadow
Brokers. Microsoft had already patched the vulnerability a few weeks before,
but many systems hadn't upgraded. Microsoft was furious that the U.S.
government had built a weapon to exploit the vulnerability rather than share
information about the hole with the infosec community.
11. Ethereum
While this one might not have been as high-profile as
some of the others on this list, it deserves a spot here due to the sheer
amount of money involved. Ether is a Bitcoin-style cryptocurrency, and $7.4
million in Ether was stolen from the Ethereum app platform in a manner of
minutes in July. Then, just weeks later came a $32 million heist. The
whole incident raised questions about the security of blockchain-based
currencies.
12. Yahoo (revised)
This massive hack of Yahoo's email system gets an
honorable mention because it actually happened way back in 2013 — but the severity
of it, with all 3 billion Yahoo email addresses affected, only became
clear in October 2017. Stolen information included passwords and backup email
addresses, encrypted using outdated, easy-to-crack techniques, which is the
sort of information attackers can use to breach other accounts. In addition to
the effect on the account owners, the breach could spawn a revisiting of the
deal by which Verizon bought Yahoo, even though that deal had already closed.
The truly scary thing about this breach is that the
culture of secrecy that kept it under wraps means that there's more like it out
there. "No one is excited to share a breach, for obvious PR reasons,"
says Mitch Lieberman, director of research at G2 Crowd. "But the
truth eventually comes out. What else do we not know?"
13.
Github
On February 28, 2018, the version control hosting
service GitHub was hit with a massive denial of service attack, with 1.35
TB per second of traffic hitting the popular site. Although GitHub was only
knocked offline intermittently and managed to beat the attack back entirely
after less than 20 minutes, the sheer scale of the assault was worrying;
it outpaced the huge attack on Dyn in late 2016, which peaked at 1.2 TB
per second.
More troubling still was the infrastructure that drove
the attack. While the Dyn attack was the product of the Mirai botnet,
which required malware to infest thousands of IoT devices, the GitHub attack
exploited servers running the Memcached memory caching system, which can return
very large chunks of data in response to simple requests.
Memcached is meant to be used only on protected servers
running on internal networks, and generally has little by way of security to
prevent malicious attackers from spoofing IP addresses and sending huge amounts
of data at unsuspecting victims. Unfortunately, thousands of Memcached
servers are sitting on the open internet, and there has been a huge upsurge in
their use in DDoS attacks. Saying that the servers are "hijacked" is
barely fair, as they'll cheerfully send packets wherever they're told without
asking questions.
Just days after the GitHub attack, another
Memecached-based DDoS assault slammed into an unnamed U.S. service provider
with 1.7 TB per second of data
14.
Double
spend attack :
Hackers have stolen around $18 Million worth of BTG (Bitcoin Gold) from Bitcoin Gold Network using a
new attack method called “Double Spend”. Double spend attack is a
type of an attempt where attack using the same coin twice and send the same
coin into different Exchange wallet at the same time.
This
method allows attackers to control the blockchain transactions, and they have an
ability to exclude and modify the ordering of transactions.
15. myPersonality app attack:
Sensitive data that collected from Facebook by personality
app, called myPersonality Exposed 3 million Facebook users data online that can
be accessed by anyone on the Internet.
myPersonality App conducted various psychological tests
around 3 million Facebook users and it stored the result that has been marked
as highly sensitive data.
Researchers collected user information with consent through a
personality app and then later they made it available to access for other
researchers through a Poorly designed web portal.
16. Mortgage Company Fuzzing attack:
A Team of 4 Hackers
who are resided in San Diego Infiltrated the Mortgage Company Computer Servers
to steal the sensitive data. The Stolen information including loan application
information from thousands of customers such as Social Security numbers,
addresses, dates of birth, and driver’s license numbers and use it for various
malicious activities.
Hackers Used Fuzzing Technique
John
Bade, A chief Hacker and one of the masterminds of this hacking Group
compromise the mortgage companies using a well-known common hacking technique
called Fuzzing.
Fuzzing
helps to overload a web server with massive amounts of data that can lead to
the server revealing security loopholes.
17. Twitter
Bug:
Twitter urges all of its 330 Million users to
change the password immediately after a Twitter bug identified in their
internal system that exposed the passwords in plain text.
To
mask the password twitter uses the hashing function “bcrypt” that replaces the
actual password to a random number and stored in the Twitter system. Due to
this the Twitter bug that password are were added to their system before
hashing process completed.
18. WinstarNssmMiner attack:
Newly
discovered Dangerous CryptoMiner called WinstarNssmMiner rapidly
spreading and generate huge revenue via mining Monero on infected computers.It
Brutally Hijacking
Computers intercepted its attack over 500 thousand times
within 3 days. Researchers named it WinstarNssmMiner since
it mainly attacking Windows-based computers.This malware is difficult to
evacuate since victim’s PCs crash when they found and terminate the
malware.WinstarNssmMiner is capable of evading the detection when it facing
the Antivirus scanning and it turns off antivirus protection. After the
infection, victims will face a lot if an issue such as slow down the computer
the blue screens of their computers
19.Employees Provident
Fund Organization(EPFO) attack:
A cyber Attack launch into Indian
Provident Fund Portal called “Employees
Provident Fund Organization(EPFO)” and hackers may have
been stolen around 27 Million registered peoples sensitive data.The
personal and professional details of about 27 Million Indian Peoples registered
with the retirement fund body Employees Provident Fund Organisation (EPFO).A
hacked website (Aadhaar.epfoservices.com)provides
an Aadhaar Seeding Service for EPFO that has been managed under Indian
Government infrastructure called Information and Communication Technology (ICT).Attackers
Exploiting two critical vulnerabilities called “Struct Vulnerability & Backdoor shell” which
exists on the hacked website that allow an attacker to successfully
compromise the website and gave access to stolen the million of Peoples
Sensitive Data.“backdoor shells” allows hackers gaining control of a portal’s
administrator privileges and “Apache Struts”, a widely used Java
application that contains a critical vulnerability.
20. ROWHAMMER
GPU Attack:
Rowhammer is a problem with recent generation
DRAM chips in which repeatedly accessing a row of memory can cause "bit
flipping" in an adjacent row which could allow anyone to change the value
of contents stored in computer memory.
WHAT IS ROWHAMMER BUG:
DDR memory is arranged in an array of rows and
columns, which are assigned to various services, applications and OS resources
in large blocks. In order to prevent each application from accessing the memory
of other application, they are kept in a "sandbox" protection layer.
HOW DOES THIS ATTACK WORK?
GLitch exploits a series of microarchitectural
flaws of the system in order to leak and corrupt data. The attack can be
divided in two stages:
1) In the first stage of the attack we take advantage of a timing
side channel to gain a better understanding of the (physical) memory layout of
the system.
2) In
the second stage we use the information extracted from the previous part to
carry out a more reliable Rowhammer attack against the browser – in our case
Firefox. For more details about the exploitation go down.
21.LeakerLocker attack:
Mobile
Ransomware called LeakerLocker Found
in Google Playstore which infect the Android Mobile user and steals the
information such as contact Phone numbers, Phone call History, personal images
and Email texts etc.This Ransomware will be Encrypt the file instead of that,
this malware Demand a payment to prevent the attacker from spreading a victim’s
private information.Once LeakerLocker Ransomware
attacks the Victims, it takes unauthorized backup of the victims personal
information and that could be leaked if victims denied paying the demanded
ransom Payment. Once Victim infected, its asks to inputs a credit card number
and clicks “Pay,” the code send a request to the payment URL with the card
number as a parameter.After payment successfully initiated it gives a
reply that,“our [sic] personal data has been deleted from our servers and
your privacy is secured.” If not successful, it shows “No payment has been made
yet. Your privacy is in danger.”
22.
HBO’s
Game of Hacks:
Think
of this as ransomware without the “ware”. In May, 1.5 terabytes of data were
stolen from HBO, including yet-unreleased episodes and scripts from their hit
show “Game of Thrones”. Recently, an indictment for an Iranian man by the name
of Bezad Mesri was unveiled in a Manhattan U.S. District Court,
facing charges for computer fraud, wire fraud, extortion and identity
theft. The reason being that he effectively held the data ransom for $6 million
worth of Bitcoin from HBO – when HBO balked at the breach, Mr. Mesri released
episodes, scripts and more. The breach didn’t have too much of an effect on the
GoT season finale, however, which clocked in 16.5 million viewers when
including streaming services.
23. Crypto
Currency Website Bitstanp Hacked
Founded in 2011, Bitstamp is one of the oldest
exchanges still in operation today. But like several major crypto trading
platforms, Bitstamp has experienced a hacking incident. In mid-2015, Coindesk
reported that several hackers targeted Bitstamp’s employees via email and
Skype, sending them documents that contained malware.
In a classic phishing incident, one of the targeted
employees downloaded a compromised document, opening a malware that compromised
the exchange’s hot wallets. The result was that nearly 19,000 Bitcoins were
lost in late December 2014. The Bitcoins were valued at $5 million at the time.
Bitstamp became aware of the incident on 4th January 2015. They quickly mitigated the situation
but kept crucial details about the hack private.
24.Expedia
Hacked, which exposed 80,000 payment card numbers
Chicago-based online travel
booking company Orbitz, a subsidiary of Expedia, reveals that one of its old
websites has been hacked, exposing nearly 880,000 payment card numbers of the
people who made purchases online.
The data breach incident, which was detected earlier this month, likely took place somewhere between October 2016 and December 2017, potentially exposing customers' information to hackers.
The data breach incident, which was detected earlier this month, likely took place somewhere between October 2016 and December 2017, potentially exposing customers' information to hackers.
According to the company, hackers may have accessed payment card information stored on a consumer and business partner platform, along with customers' personal information, including name, address, date of birth, phone number, email address and gender.
25. Finland
Largest Data Breach
Over 130,000 Finnish citizens have had their
credentials compromised in what appears to be third largest data breach ever
faced by the country, local media reports.
Finnish
Communications Regulatory Authority (FICORA) is warning users of a large-scale
data breach in a website maintained by the New Business Center in Helsinki
("Helsingin Uusyrityskeskus"), a company that provides business advice
to entrepreneurs and help them create right business plans.
Unknown
attackers managed to hack the website (http://liiketoimintasuunnitelma.com) and
stole over 130,000 users’ login usernames and passwords, which were stored on
the site in plain-text without using any cryptographic hash.
The company also ensures that the
detailed information of its customers was stored on a different system, which
was not affected by the data breach.
Just Remember One Thing You Don't Need To Seek Anyone's To Hack Anything Or Anyone As Long As It Is Ethical, This Is The Main Principle Of Hacking Dream
Thank You for Reading My Post, I Hope It Will Be Useful For You
I Will Be Very Happy To Help You So For Queries or Any Problem Comment Below Or You Can Mail Me At Bhanu@HackingDream.net
No comments:
Post a Comment