Tag Archive | "cyber attacks"

Tags: , , , ,

Anonymous Hacker Group Vows to Wipe ISIS off of the Internet

Posted on 18 November 2015 by GranTorinoGuy

The recent terrorist attacks in Paris France has been very unfortunate and sad accounting for the deaths of over 100 people. Just after the identification of the perpetrators being the well-known ISIS terrorist group, hackers from the infamous Anonymous group set out to attack ISIS on the internet front and now have vowed to wipe ISIS off of the internet.

The Anonymous hacker group has long been known for their efforts to attack companies or organizations that do something against their personal morals or beliefs. As it turns out, aggressive terrorism carried out by ISIS in the recent Paris, France killings has Anonymous angered and pushed them to take action to take well-over 5,500 of ISIS-owned Twitter accounts down, release a “How to Hack ISIS” guide, and perform other actions to essentially attack and dismantle ISIS over the Internet.

In a YouTube video posted recently (below), Anonymous makes a threat directly at ISIS saying “Expect massive cyber-attacks. War is declared, Get prepared.”

In the normal fashion of Anonymous, the video above makes their threat known to the public using their customary signatures.

Through the use of an #OpParis effort and website, Anonymous its targeting ISIS with everything they have all over the Internet. Through these efforts, Anonymous may somehow become an ally among law enforcement agencies around the world who also look to take ISIS down and put an end to their terror.

Do you think Anonymous will have any luck in helping with the take-down of ISIS or disrupt them in any way other than what has already been done with ISIS-member Twitter accounts?

Popularity: 25%

Comments (0)

Tags: , , , , ,

US Requiring HTTPS for all Public Government Websites

Posted on 09 June 2015 by GranTorinoGuy

Lately U.S. government websites have been the brunt of attacks where hackers found ways to deface some of them and collect sensitive data in other cases. To put a stop to this chaos, it is being mandated by the U.S. government that all public government websites utilizing the HTTPS security protocol.

HTTPS deployment is an assurance of a website having authenticated communications with the data sent back and forth over the internet. With HTTPS, which is known as HTTP over SSL or HTTP Secure, websites are encrypted and decrypted with the information that they transmit. Basically, use of HTTPS will make the data transmitted to and from government websites encrypted where attackers could not compromise the information or use it to wage an attack against the sites.

Computer users who often surf the web visiting financial sites or make purchases on legitimate shopping sites are accustomed to seeing a HTTPS site load where the URL field of most web browsers is highlighted green or shows a lock icon. In such cases of using HTTPS, the site prevents eavesdropping and will ultimately ensure the U.S. government of information transmitted over the vast internet being secure.

With the actions of the government making all publicly accessible sites use HTTPS, it will be difficult for third parties to intercept communications. In the end, this will fortify the U.S. government and make the sites secure for all users, not use those outside of the U.S. government.

The U.S. CIO, Tony Scott, said, “With this new requirement, the Federal web community seeks to drive faster internet-wide adoption of HTTPS and promote better privacy standards for the entire browsing public.”

With Edward Snowden’s many revelations about the U.S. government and their alleged snooping on the public, the irony gets thick as attackers and hacker activist groups wage war on many U.S. government sites that have proven to be vulnerable.

In March, the proposal of mandatory use of HTTPS was issued after the government started accepting comments on its plans from the security community and public. As it turns out, the consideration is a real thing and is in process of being deployed.

Popularity: 12%

Comments (0)

Tags: , , , , ,

DDoS Attacks on Rivals of Facebook & WhatsApp

Posted on 30 September 2014 by SlimboCA

In the last weekend of September two of the technology companies, believed to be more secure alternatives of the giants Facebook and WhatsApp, fell victims of severe DDoS attacks. Recently Telegram and Ello were pronounced to be the latest rivals of the social media company Facebook and the recently acquired WhatsApp app for instant messaging.

The Nature of Ello

Ello is a social network with anti-Facebook nature, which is an ad-free platform that accepts new members only if they have an invitation. The new network does not sell data to third parties. The data that is collected by the new social network is aggregated and anonymous, which makes it useless to Google and the companies’ advertising purposes.

The Nature of Telegram

Telegram is an application for instant messaging, which is based in Russia and is famous for its privacy. The users consider it a great alternative to the WhatsApp platform. Telegram is based on a custom MTProto encryption protocol and applies end-to-end encryption for the secret chats. Telegram became even more popular after Facebook acquired WhatsApp since the company has been strongly criticized for lack of data privacy.
Telegram application is available for Google Android and Apple’s iOS.

DDoS Attack

Both Ello and Telegram were hit by independent distributed denial of service on the last weekend of September. The DDoS attack against Telegram lasted for two days. During the attack, the service was normal in most of the countries, though in some places people lost connections and were not able to send outgoing messages. The user data had not been compromised despite the attack.

There were speculations by some of the social media users that the DDoS attacks and the disruption of service might be associated with the situation in China, since these attacks coincided with the reports that the government of China has hacked WhatsApp as it believed that activists are exchanging messages through that application.

On the same day, Ello also reported that it underwent a DDoS attack that lasted for 45 minutes. The situation was fixed when Ello blocked the IP addresses that were associated with the attack.

The Security Experts

The security expert Martin McKeay from Akamai Technologies stated in front of the SCMagazineUK.com that both Telegram and Ello are targets for two main reasons: they have limited security support and they are growing in popularity. These two reasons make Telegram and Ello the perfect targets for the DDoS attacks.

The security professionals further pointed the fact that the popularity of the communication channel Ello increased overnight, and that brought negative attention as well. The experts further say that the volumetric attacks are now becoming the norm, and they advise all organizations that do business on the Internet to be prepared for such attacks.

The cyber criminals find it easy to carry out DDoS attacks up to 100Gbps, 200Gbps, 300Gbps. That is why the companies have to be active in defending their data from the malicious attacks using mitigation and real-time detection.

Popularity: 30%

Comments (0)

Tags: , , ,

Beware: Scam Designed to Steal Gmail Info Is Difficult to Catch

Posted on 25 March 2014 by GranTorinoGuy

Hackers and cybercrooks are always on the leading edge of exploiting computer users and one of the latest scams is one that is almost impossible to catch where it pretends to be a Google document leading to a Gmail login interface that steals your login information.

Many of us use Google in some shape or form and there is a large population that utilizes actual Google services including Gmail and Google Docs. Scammers are sending out spam emails that contain an alleged Google doc that directs you to a webpage that resembles a Google Drive login and sign-up page. This Google Drive page is rather clever in that it is almost identical to the legitimate login page, which is part of why this scam is difficult to detect or catch.

The fake pages created by hackers in this scam is yet another extension of how cybercrooks are crafty in creating phishing sites that closely resemble the legitimate form that it is attempting to mimic. In the case of the Google Drive login phishing page, most computer users will not be able to decipher the real one and the phishing page as shown in figure 1 and 2 respectfully.

Figure 1. Fake Google Drive sign-in page

Figure 2. Legitimate Google Drive sign-in page

Using the fake login page will collect your login details providing hackers with unadulterated access to your Google account, which could allow cybercrooks to pilfer your personal life by accessing items within your Gmail account and others.

As an answer to this massive scam, Google has taken action to remove the fake pages. “We’ve removed the fake pages and our abuse team is working to prevent this kind of spoofing from happening again,” a representative from Google explained to the press. “If you think you may have accidentally given out your account information, please reset your password.”

In some cases, this scam is customized for different users where some systems may load a different version of the Google Drive phishing page. For now, computer users should still be on the lookout for phishing scams like this one even though Google is cracking down on them. Remember, hackers are relentless in their actions to continually attack unsuspecting computer users. In the case of this recent Google Drive phishing attack, the unsuspecting can be anyone as this clever scam is difficult to catch even for so-called computer experts.


Popularity: 9%

Comments (0)

Tags: , , , ,

Over 60% of Malware Analysts Report Investigations of Undisclosed Security Breaches

Posted on 22 November 2013 by GranTorinoGuy

Security breaches are almost a common expected thing to take place in today’s massively technology-intrigued world. In a new ThreatTrack Security study, it was revealed that security breaches are occurring at a much higher rate than initially reported by many security researchers.

ThreatTrack has found that about 6 out of 10 of US-based malware analysts interviewed about security breaches failed to disclose breach incidents that their own company experienced in the past. This very detail, had led to further investigations uncovering IT security works as the main problem when it come to protecting their company against attacks.

In about 35% of cases where security breaches occur, the security professionals or staff responsible for securing the attacked network was the ones initially responsible for clicking on a malicious link in shady emails or mobile apps.

ThreatTrack CEO Julian Waits Sr said, “While it is discouraging that so many malware analysts are aware of security breaches that enterprises have not disclosed, it is no surprise that the breaches are occurring. Every day, malware becomes more sophisticated, and US enterprises are constantly targeted for cyber espionage campaigns from overseas competitors and foreign governments.” Basically, the study has revealed the idea that malware analysts are aware of the threats they face, but many of them may fail to report their inability to fight the given cyber-attacks. Additionally, they will commonly point out their lack of proper resources and tools to protect their own company from attacks.

About 40% of the 200 professionals taking part in the survey, originally conducted by Opinion Matters on behalf of ThreatTrack Security, are deemed as the main culprit in cyber-attacks against their own company. By knowing this bit of information, the rates and numbers of security breaches actually reported is totally skewed in the broad scope of finding out how many security breaches actually take place. Essentially, it makes everyone’s job a little more difficult, but the attackers are basking in their glory in knowing how they can take advantage of some companies.

Bottom line is that over 60% of security researchers are now reporting cases of undisclosed breaches from surveys and simple inquiries among US-based companies who have at one time been suspected to be a vulnerable asset in a security breach. That is rather scary in the full scope of things when you consider some of these companies may harbor your personal information or banking data.

Popularity: 19%

Comments (0)

Tags: , , , ,

Average Time It Takes Cybercriminals to Start Exploiting Breaking News Decreases to 22 Hours

Posted on 28 September 2013 by GranTorinoGuy

It is almost a daily occurrence that cybercrooks find the most popular news stories or breaking news events to exploit. Researchers from Commtouch Security have now made the conclusion for the time it takes for cybercriminals to start exploiting breaking news is now around 22 hours, the lowest we have ever seen.

Cybercrooks waste no time in their efforts to ramp up actions for exploiting some popular news story. It is almost as expected as you are to take your next breath of air. Cybercriminals in their malware distribution campaigns commonly utilize a popular news subject or breaking news to get traction on search engines. Naturally, popular search engines like Google, Bing and Yahoo will quickly pick up a breaking news story. Hackers thrive on this idea and virtually waste no time in rehashing a version of the story on either a hacked website or one specifically designed to exploit computer users through news stories eventually spreading malware.

Over the past few months, experts have taken notice to the start time of a breaking news event and how long it takes cybercrooks to react to the news by posting their malware-laced stories related to the news. It was found that, in April of this year, the average time was 27 hours when examining the Boston Marathon bombings. In recent events, such as the Royal Baby, Syrian conflict, NSA leaks and even the U.S. government shutdown, the start-time has shrunk to just 22 hours.

In retrospect, 22 hours is a short amount of time for getting breaking news stories out where the posts or pages have malware linked in one way or another. Just think, a breaking news story floods the media at 9am this morning, and the hackers have their own version of the story, only laced with malware by 7am the next morning. In some instances, this is faster than some reputable news outlets are able to confirm and relay a breaking news story on their website.

Do you think cybercrooks will eventually break popular news stories to us laced with malware faster than the top news websites in the near future? After-all, what is stopping them from doing that?

Popularity: 19%

Comments (0)

Tags: , , , , , , , , ,

More Hacking Threats Are Expected to Spread As Mobile Phones Continue to Evolve

Posted on 21 December 2009 by admin

Mobile phones are like computers these days. So if you can do with a phone what could only be done on a computer before, then hackers can to.

Mobile phones have become more vulnerable to traditional computer menaces like hackers and viruses. Russian anti-virus company Kaspersky Lab has reported on a new malicious program that stole money by taking over Nokia phones and making small charges to the owners’ wireless accounts. Recently, an Australian student created a worm that spread through “jailbroken” (altered to run software Apple has not authorized) iPhones. The worm did not cause any damage, it uploaded a photo of ’80s pop star Rick Astley. To security experts, this suggested that cyber attacks on iPhones are possible. Where there are security threats, there are always money-hungry cyber crooks looking to capitalize on the innocent.

Earlier in December, Khosla Ventures, a prominent Silicon Valley venture capital firm, led an investment group that injected $5.5 million into a fledgling security start-up called Lookout. Lookout is set to introduce security applications for the BlackBerry and iPhone after testing security software for phones running the Windows Mobile and Android operating systems. The software protects phones against rogue programs and gives phone owners the ability to remotely back up and erase the data on their phones.

A basic version of the software is free, while the company plans to charge a monthly subscription for a version with more features. It feels a lot like it did in 1999 in desktop security, according to John Hering, Lookout’s 26-year-old chief executive, who for years has done research demonstrating security vulnerabilities in phones. Hering says people are using the mobile Web and downloading applications more than ever before and there are threats that come with that.

Lookout represents the latest attempt to build a new business that capitalizes on the surge of smartphones. Thousands of companies making mobile games, shopping tools and other programs have sprung up in the last two years as the iPhone, in particular, has taken off. Lookout and its investors believe this is the right time to get into the market. The rules of mobile are different, says Vinod Khosla, founder of Khosla Ventures, which also recently invested in Square, a mobile payments start-up. He says phones are people’s most personal computer, and needs to be protected.

Companies like Research In Motion, who made the BlackBerry, and Good Technology, a Silicon Valley-based mobile messaging firm, already offer mobile security tools, but their systems are aimed at businesses. Security firms like Symantec also have mobile security divisions, and a five-year-old company, Trust Digital, based in McLean, Va., has set its sights on this market.

Lookout says it can address the unique challenges of protecting cellphones, like preserving battery life. While the company will not give details, it says it has figured out how to get its software to work on the iPhone, which does not allow non-Apple programs to operate in the background, as security software typically does. Hering and his co-founder, Kevin Mahaffey, have been publicly demonstrating the weaknesses of mobile phones for some time.

In 2005, they camped outside the Academy Awards ceremony in Hollywood and scanned the phones of stars walking the red carpet, using a short-range Bluetooth wireless connection. They found that as many as 100 of the phones were vulnerable to hacking over such a connection. That year, at the Black Hat security conference in Las Vegas, they hacked into a phone over a mile away using Bluetooth.

Lookout’s founders and backers concede that for now, snoops and bad guys pose much less of a threat to cellphones than to PCs. But they believe there is an immediate need for software that preserves and protects a phone’s data, from email to corporate information, and they say current systems do not work when a family or business has multiple types of cellphones on various wireless networks. For instance, a small business could install the Lookout software on many different types of devices, back up all the data and remotely erase a phone if, say, an employee leaves it in a cab.

Jeff Moss, a security expert and organizer of the Black Hat conference, said mobile security had historically been a solution in search of a problem. But he said that mobile viruses had recently become more common in Asia. His own Nokia N97 phone even caught a bug recently, but the software he was running from F-Secure, a Finnish security company, caught it in time. Moss says the tipping point will be when we start using phone to shop and conduct banking, because the more we do with a phone, the more valuable a target it will become.

Popularity: 28%

Comments (0)