Get subscribed to our newsletter
Get interesting updates to your email inbox.
The US has warned that ransomware hacking groups are now targeting companies involved in "significant, time-sensitive financial events" and people whose private financial information they have gained access to. In a latest advisory to private firms, the Federal Bureau of Investigation (FBI) said that ransomware actors are very likely using significant financial events, such as mergers and acquisitions, to target and leverage victimcompanies for ransomware infections.
"Prior to an attack, ransomware actors research publicly available information, such as a victim's stock valuation, as well as material nonpublic information. If victims do not pay a ransom quickly, ransomware actors will threaten to disclose this information publicly, causing potential investor backlash," the FBI said in its report. During the initial reconnaissance phase, cyber criminals identify non-publicly available information, which they threaten to release or use as leverage during the extortion to entice victims to comply with ransom demands.
If victims do not pay a ransom quickly, ransomware actors will threaten to disclose this information publicly, causing potential investor backlash. The FBI said it has identified several cases of ransomware groups using information on an ongoing merger or acquisition negotiation to put pressure on the firms to pay up. In early 2020, a ransomware actor using the moniker "Unknown" made a post on the Russian hacking forum "Exploit" that encouraged using the NASDAQ stock exchange to influence the extortion process.
The US has warned that ransomware hacking groups are now targeting companies involved in "significant, time-sensitive financial events" and people whose private financial information they have gained access to. | Photo by Michael Geiger on Unsplash
Following this, unidentified ransomware actors negotiating a payment with a victim during a March 2020 ransomware event stated: "We have also noticed that you have stocks. If you will not engage us for negotiation we will leak your data to the nasdaq and we will see what's gonna (sic) happen with your stocks." Between March and July 2020, at least three publicly traded US companies actively involved in mergers and acquisitions were victims of ransomware during their respective negotiations.
In April this year, Darkside ransomware actors posted a message on their blog site to show their interest in impacting a victim's share price. The message stated: "Now our team and partners encrypt many companies that are trading on Nasdaq and other stock exchanges. If the company refuses to pay, we are ready to provide information before the publication, so that it would be possible to earn a reduction in the price of shares. Write to us in 'Contact Us' and we will provide you with detailed information."
The FBI said that paying a ransom emboldens adversaries to target additional organisations, encourages other criminal actors to engage in the distribution of ransomware, and/or may fund illicit activities. Paying the ransom also does not guarantee that a victim's files will be recovered. "However, the FBI understands that when businesses are faced with an inability to function, executives will evaluate all options to protect their shareholders, employees, and customers," it said. (IANS/ MBI)
Keywords: Hackers, private, financial, information, ransomware, FBI, extrort
By Tharini Ilanchezhian
Poly Network, a crypto currency platform had lost whooping amount of $610 million because of this heist. Sources say that it had offered the hackers an amount of $500,000.
As a meagerly known name in the world of crypto, Poly Network is a decentralized Finance (DeFi) platform working on enabling a peer-to-peer transaction by allowing users to make use of tokens across different block chains. In a statement, the firm thanked the hacker jargoned as 'White Hat' saying that he had helped them improve the poly network securities. The hacker had earlier claimed that the heist was 'Just For Fun' and to expose the vulnerabilities of crypto cyber world.
Poly Network had in terms of appreciation, rewarded the hacker with $500,000 on account of returning the digital coins. The statement has not disclosed the medium of payment of the $500,000. It said that the hacker had responded to the offer but did not reveal that if it was accepted or rejected.
The blockchain security firm Snowmist stated that the hackers were able to rob the $619 million worth of Ethereum, Binance, Smart chain and USDC (USD coin) from the crypto currency platform. This biggest hack in history of Decentralized Finance (DeFi) has alarmed the world of crypto currency.
According to the Blockchain analysis company Chainalysis, the unidentified hacker has exploited and made use of the vulnerabilities of digital contracts used by Poly Network, to move assets across different blockchains.
According to a statement released on Friday, the hacker returned crypto worth of $340 million to the firm whereas the bulk rest of the assets were combined controlled by them and Poly Network. Poly Network has announced the heist by Tuesday, but the immediate day after this occurred, the hackers started returning money to the firm.
The hackers claimed that the planned attack of the digital coins was for 'Fun' and the plan was to return them anyway. Blockchain analysts have stated that the hackers would have found it challenging to launder such a huge scale amount of stolen crypto currency.
Poly Network had also written a note on its twitter warning the hackers about the legal consequences of the action saying that the law enactments of any country will take this heist into consideration as a huge economic crime and the hacker would have had to face severe trials.
With most people working from home, due to the Coronavirus pandemic, there has been a surge in cybercrime. The year 2021 saw 5,258 data breaches across the globe, a third more breaches analyzed than last year, according to a report on Thursday. The 14th edition of the Data Breach Investigations Report (2021 DBIR) by US-based Verizon Business, analyzed 29,207 security incidents from data collected from 83 contributors, with victims spanning 88 countries; 12 industries, and three world regions.
The report showed that with an unprecedented number of people working remotely, phishing and ransomware attacks increased by 11 percent and 6 percent respectively, with instances of misrepresentation increasing by 15 times compared to last year. Additionally, breached data showed that 61 percent of breaches involved credential data. About 95 percent of organizations suffering credential stuffing attacks had between 637 and 3.3 billion malicious login attempts through the year.
Follow NewsGram on Twitter to stay updated about the World news.
“The Covid-19 pandemic has had a profound impact on many of the security challenges organizations are currently facing,” said Tami Erwin, CEO, Verizon Business, in a statement. “As the number of companies switching business-critical functions to the cloud increases, the potential threat to their operations may become more pronounced, as malicious actors look to exploit human vulnerabilities and leverage an increased dependency on digital infrastructures” Erwin added.
Among Financial and insurance industries, 83 percent of data compromised in breaches was personal data, while in Professional, Scientific, and Technical Services industries only 49 percent was personal. Further, the 2021 DBIR report also revealed many breaches that took place in Asia Pacific regions were caused by financially motivated attackers — phishing employees for credentials, and then using those stolen credentials to gain access to mail accounts and web application servers.
Europe, Middle East, and Africa regions saw basic cybercrime in web application attacks, system intrusion, and social engineering, while Northern America was the target of financially-motivated cybercriminals searching for money or easily monetizable data. Social engineering, hacking, and malware continued to be the favored tools utilized by cybercriminals in this region. (IANS/SP)
An Indian-origin researcher has warned that billions of computers and other devices across the globe are vulnerable today owing to a vulnerability named ‘Spectre’ that was first discovered in 2018 but is open to hackers again. Since ‘Spectre’ was discovered, the world’s most talented computer scientists from industry and academia have worked on software patches and hardware defenses, confident they’ve been able to protect the most vulnerable points in the speculative execution process without slowing down computing speeds too much.
However, researchers, led by Ashish Venkat at the University of Virginia’s School of Engineering and Applied Science, UVA Engineering, discovered that computer processors are open to hackers again. They found a whole new way for hackers to exploit something called a “micro-op cache,” which speeds up computing by storing simple commands and allowing the processor to fetch them quickly and early in the speculative execution process.
Follow NewsGram on Facebook to stay updated.
Micro-op caches have been built into Intel computers manufactured since 2011. Venkat’s team discovered that hackers could steal data when a processor fetches commands from the micro-op cache. “Think about a hypothetical airport security scenario where TSA lets you in without checking your boarding pass because (1) it is fast and efficient, and (2) you will be checked for your boarding pass at the gate anyway,” Venkat said.
A computers processor does something similar. It predicts that the check will pass and could let instructions into the pipeline. “Ultimately, if the prediction is incorrect, it will throw those instructions out of the pipeline, but this might be too late because those instructions could leave side-effects while waiting in the pipeline that an attacker could later exploit to infer secrets such as a password,” he elaborated.
Because all current ‘Spectre’ defenses protect the processor in a later stage of speculative execution, they are useless in the face of Venkat’s team’s new attacks. Two variants of the attacks the team discovered can steal speculatively accessed information from Intel and AMD processors. “Intel’s suggested defense against Spectre, which is called LFENCE, places sensitive code in a waiting area until the security checks are executed, and only then is the sensitive code allowed to execute,” Venkat informed.
“But it turns out the walls of this waiting area have ears, which our attack exploits. We show how an attacker can smuggle secrets through the micro-op cache by using it as a covert channel.” This newly discovered vulnerability will be much harder to fix. In the case of the previous ‘Spectre’ attacks, developers have come up with a relatively easy way to prevent any sort of attack without a major performance penalty for computing.
“The difference with this attack is you take a much greater performance penalty than those previous attacks,” said Ph.D. student Logan Moody. Venkat’s team has disclosed the vulnerability to the product security teams at Intel and AMD. The team’s paper has been accepted by the highly competitive International Symposium on Computer Architecture or ISCA. (IANS/JC)