Recent Cyber Attacks - Latest News, Breaking Stories and Much More

1.   TRITON Malware

Security researchers have uncovered another nasty piece of malware designed specifically to target industrial control systems (ICS) with a potential to cause health and life-threatening accidents.

Dubbed Triton, also known as Trisis, the ICS malware has been designed to target Triconex Safety Instrumented System (SIS) controllers made by Schneider Electric—an autonomous control system that independently monitors the performance of critical systems and takes immediate actions automatically, if a dangerous state is detected.
Neither the targeted organization name has been disclosed by the researchers nor they have linked the attack to any known nation-state hacking group.
According to separate research conducted by ICS cybersecurity firm Dragos, which calls this malware "TRISIS," the attack was launched against an industrial organization in the Middle East.
The hackers deployed Triton on an SIS engineering workstation running Windows operating system by masquerading it as the legitimate Triconex Trilog application.


The current version of TRITON malware that researchers analyzed was built with many features, “including the ability to read and write programs, read and write individual functions and query the state of the SIS controller.”
"During the incident, some SIS controllers entered a failed safe state, which automatically shut down the industrial process and prompted the asset owner to initiate an investigation," the researchers said.

Using TRITON, an attacker can typically reprogram the SIS logic to falsely shut down a process that is actuality in a safe state. Though such scenario would not cause any physical damage, organizations can face financial losses due to process downtime.




THIS IS FOR EDUCATIONAL PURPOSE ONLY, I AM NOT RESPONSIBLE FOR ANY 

ILLEGAL ACTIVITIES DONE BY VISITORS, THIS IS FOR ETHICAL PURPOSE ONLY



2.  
FaceXWorm Virus

Cybersecurity researchers from Trend Micro are warning users of a malicious Chrome extension which is spreading through Facebook Messenger and targeting users of cryptocurrency trading platforms to steal their accounts’ credentials.
Dubbed FacexWorm, the attack technique used by the malicious extension first emerged in August last year, but researchers noticed the malware re-packed a few new malicious capabilities earlier this month.
New capabilities include stealing account credentials from websites, like Google and cryptocurrency sites, redirecting victims to cryptocurrency scams, injecting miners on the web page for mining cryptocurrency, and redirecting victims to the attacker's referral link for cryptocurrency-related referral programs.
It is not the first malware to abuse Facebook Messenger to spread itself like a worm.
Late last year, Trend Micro researchers discovered a Monero-cryptocurrency mining bot, dubbed Digmine, that spreads through Facebook messenger and targets Windows computers, as well as Google Chrome for cryptocurrency mining.
It should be noted that FacexWorm extension has only been designed to target Chrome users. If the malware detects any other web browser on the victim's computer, it redirects the user to an innocuous-looking advertisement.

How Does the FacexWorm Malware Work

If the malicious video link is opened using Chrome browser, FacexWorm redirects the victim to a fake YouTube page, where the user is encouraged to download a malicious Chrome extension as a codec extension to continue playing the video.
Once installed, FacexWorm Chrome extension downloads more modules from its command and control server to perform various malicious tasks.


3.   NHS hack: Cyber attack takes 16 hospitals offline


At least 16 hospitals are having to reject patients after their systems were taken offline.A huge cyber-attack has infected NHS trusts across the country and has led to all digital systems being pulled down.
The ransomware threatens hospitals that they will lose access to patient records and other files if they don't pay money to the hackers.
NHS Digital, which oversees hospital cybersecurity, says the attack used the Wanna Decryptor variant of malware, which holds affected computers hostage while the attackers demand a ransom.
Spain, meanwhile, said several Spanish companies had been targeted in ransomware cyberattack that affected the Windows operating system of employees' computers. It did not say which companies were targeted but telecommunications company Telefonica said it had detected a cybersecurity incident that had affected computers of some employees. 

4.   New Mirai Botnet Variant Found


 While tracking botnet activity on their honeypot traffic, security researchers at Chinese IT security firm Qihoo 360 Netlab discovered a new variant of Mirai—the well known IoT botnet malware that wreaked havoc last year.
The targeted port scans are actively looking for vulnerable internet-connected devices manufactured by ZyXEL Communications using two default telnet credential combinations—admin/CentryL1nk and admin/QwestM0dem—to gain root privileges on the targeted devices.

Researchers believe (instead "quite confident") this ongoing campaign is part of a new Mirai variant that has been upgraded to exploit a newly released vulnerability (identified as CVE-2016-10401) in ZyXEL PK5001Z modems.
"ZyXEL PK5001Z devices have zyad5001 as the su (superuser) password, which makes it easier for remote attackers to obtain root access if a non-root account password is known (or a non-root default account exists within an ISP’s deployment of these devices)," the vulnerability description reads.
This is not the very first time when the Mirai botnet targeted internet-connected devices manufactured by ZyXEL. Exactly a year before, millions of Zyxel routers were found vulnerable to a critical remote code execution flaw, which was exploited by Mirai.


5.   FBI seizes control of a massive botnet

Shortly after Cisco's released its early report on a large-scale hacking campaign that infected over half a million routers and network storage devices worldwide, the United States government announced the takedown of a key internet domain used for the attack.
The hacking group has been in operation since at least 2007 and has been credited with a long list of attacks over the past years, including the 2016 hack of the Democratic National Committee (DNC) and Clinton Campaign to influence the U.S. presidential election.
The malware has already infected over 500,000 devices in at least 54 countries, most of which are small and home offices routers and internet-connected storage devices from Linksys, MikroTik, NETGEAR, and TP-Link. Some network-attached storage (NAS) devices known to have been targeted as well.
VPNFilter is a multi-stage, modular malware that can steal website credentials and monitor industrial controls or SCADA systems, such as those used in electric grids, other infrastructure and factories.

The malware communicates over Tor anonymizing network and even contains a killswitch for routers, where the malware deliberately kills itself.

Unlike most other malware that targets internet-of-things (IoT) devices, the first stage of VPNFilter persists through a reboot, gaining a persistent foothold on the infected device and enabling the deployment of the second stage malware.

VPNFilter is named after a directory (/var/run/vpnfilterw) the malware creates to hide its files on an infected device.

Since the research is still ongoing, Talos researchers "do not have definitive proof on how the threat actor is exploiting the affected devices," but they strongly believe that VPNFilter does not exploit any zero-day vulnerability to infect its victims.

Instead, the malware targets devices still exposed to well-known, public vulnerabilities or have default credentials, making compromise relatively straightforward.

6.   Equifax


Cybercriminals penetrated Equifax (EFX), one of the largest credit bureaus, in July and stole the personal data of 145 million people. It was considered among the worst breaches of all time because of the amount of sensitive information exposed, including Social Security numbers.
The company only revealed the hack two months later. It could have an impact for years because the stolen data could be used for identity theft.
The Equifax breach raised concerns over the amount of information data brokers collect on consumers, which can range from public records to mailing addresses, birth dates and other personal details.
Firms like Equifax, TransUnion and Experian sell that data to customers, such as banks, landlords and employers, so they can learn more about you. Whether data brokers do enough to keep that private information secure is under scrutiny.
Former Equifax CEO Richard Smith, who stepped down after the breach was revealed, testified to Congress and blamed the security failure on one person who had since been fired.
The public still doesn't know who is responsible for the hack.

7.   NotPetya

In June, the computer virus NotPetya targeted Ukrainian businesses using compromised tax software. The malware spread to major global businesses, including FedEx, the British advertising agency WPP, the Russian oil and gas giant Rosneft, and the Danish shipping firm Maersk.
This virus also spread by leveraging a vulnerability leaked by the Shadow Brokers.
In September, FedEx attributed a $300 million loss to the attack. The company's subsidiary TNT Express had to suspend business.

8.   Bad Rabbit

Another major ransomware campaign, called Bad Rabbit, infiltrated computers by posing as an Adobe Flash installer on news and media websites that hackers had compromised.
Once the ransomware infected a machine, it scanned the network for shared folders with common names and attempted to steal user credentials to get on other computers.
The ransomware, which hit in October, mostly affected Russia, but experts saw infections in Ukraine, Turkey and Germany.
It served as a reminder that people should never download apps or software from pop-up advertisements or sites that don't belong to the software company.

9.   Voter records exposed

In June, a security researcher discovered almost 200 million voter records exposed online after a GOP data firm misconfigured a security setting in its Amazon cloud storage service.
It was the latest in a string of major breaches stemming from insecure Amazon servers where data is stored. They are secure by default, but Chris Vickery, a researcher at cybersecurity firm UpGuard, regularly finds that companies set it up wrong.

10.WannaCry

WannaCry was a ransomware attack that spread rapidly in May of 2017. Like all ransomware, it took over infected computers and encrypted the contents of their hard drives, then demanded a payment in Bitcoin in order to decrypt them. The malware took particular root in computers at facilities run by the United Kingdom's NHS.
Malware isn't anything new, though. What made WannaCry significant and scarywas the means it used to propagate: it exploited a vulnerability in Microsoft Windows using code that had been secretly developed by the United States National Security Agency. Called EternalBlue, the exploit had been stolen and leaked by a hacking group called the Shadow Brokers. Microsoft had already patched the vulnerability a few weeks before, but many systems hadn't upgraded. Microsoft was furious that the U.S. government had built a weapon to exploit the vulnerability rather than share information about the hole with the infosec community.

11.  Ethereum
While this one might not have been as high-profile as some of the others on this list, it deserves a spot here due to the sheer amount of money involved. Ether is a Bitcoin-style cryptocurrency, and $7.4 million in Ether was stolen from the Ethereum app platform in a manner of minutes in July. Then, just weeks later came a $32 million heist. The whole incident raised questions about the security of blockchain-based currencies.
12. Yahoo (revised)
This massive hack of Yahoo's email system gets an honorable mention because it actually happened way back in 2013 — but the severity of it, with all 3 billion Yahoo email addresses affected, only became clear in October 2017. Stolen information included passwords and backup email addresses, encrypted using outdated, easy-to-crack techniques, which is the sort of information attackers can use to breach other accounts. In addition to the effect on the account owners, the breach could spawn a revisiting of the deal by which Verizon bought Yahoo, even though that deal had already closed.
The truly scary thing about this breach is that the culture of secrecy that kept it under wraps means that there's more like it out there. "No one is excited to share a breach, for obvious PR reasons," says Mitch Lieberman, director of research at G2 Crowd. "But the truth eventually comes out. What else do we not know?"

13.         Github

On February 28, 2018, the version control hosting service GitHub was hit with a massive denial of service attack, with 1.35 TB per second of traffic hitting the popular site. Although GitHub was only knocked offline intermittently and managed to beat the attack back entirely after less than 20 minutes, the sheer scale of the assault was worrying; it outpaced the huge attack on Dyn in late 2016, which peaked at 1.2 TB per second.
More troubling still was the infrastructure that drove the attack. While the Dyn attack was the product of the Mirai botnet, which required malware to infest thousands of IoT devices, the GitHub attack exploited servers running the Memcached memory caching system, which can return very large chunks of data in response to simple requests.
Memcached is meant to be used only on protected servers running on internal networks, and generally has little by way of security to prevent malicious attackers from spoofing IP addresses and sending huge amounts of data at unsuspecting victims. Unfortunately, thousands of Memcached servers are sitting on the open internet, and there has been a huge upsurge in their use in DDoS attacks. Saying that the servers are "hijacked" is barely fair, as they'll cheerfully send packets wherever they're told without asking questions.
Just days after the GitHub attack, another Memecached-based DDoS assault slammed into an unnamed U.S. service provider with 1.7 TB per second of data

14.        Double spend attack :

Hackers have stolen around $18 Million worth of BTG (Bitcoin Gold) from Bitcoin Gold Network using a new attack method called “Double Spend”. Double spend attack is a type of an attempt where attack using the same coin twice and send the same coin into different Exchange wallet at the same time.
This method allows attackers to control the blockchain transactions, and they have an ability to exclude and modify the ordering of transactions.

15.  myPersonality app attack:

Sensitive data that collected from Facebook by personality app, called myPersonality Exposed 3 million Facebook users data online that can be accessed by anyone on the Internet.
myPersonality App conducted various psychological tests around 3 million Facebook users and it stored the result that has been marked as highly sensitive data.
Researchers collected user information with consent through a personality app and then later they made it available to access for other researchers through a Poorly designed web portal.

16.  Mortgage Company Fuzzing attack:

  A Team of 4 Hackers who are resided in San Diego Infiltrated the Mortgage Company Computer Servers to steal the sensitive data. The Stolen information including loan application information from thousands of customers such as Social Security numbers, addresses, dates of birth, and driver’s license numbers and use it for various malicious activities.

Hackers Used Fuzzing Technique

John Bade, A chief Hacker and one of the masterminds of this hacking Group compromise the mortgage companies using a well-known common hacking technique called Fuzzing.
Fuzzing helps to overload a web server with massive amounts of data that can lead to the server revealing security loopholes.

17.  Twitter Bug:

 Twitter urges all of its 330 Million users to change the password immediately after a Twitter bug identified in their internal system that exposed the passwords in plain text.
To mask the password twitter uses the hashing function “bcrypt” that replaces the actual password to a random number and stored in the Twitter system. Due to this the Twitter bug that password are were added to their system before hashing process completed.

18. WinstarNssmMiner attack:

Newly discovered Dangerous CryptoMiner called WinstarNssmMiner rapidly spreading and generate huge revenue via mining Monero on infected computers.It Brutally Hijacking Computers intercepted its attack over 500 thousand times within 3 days. Researchers named it WinstarNssmMiner since it mainly attacking Windows-based computers.This malware is difficult to evacuate since victim’s PCs crash when they found and terminate the malware.WinstarNssmMiner is capable of evading the detection when it facing the Antivirus scanning and it turns off antivirus protection. After the infection, victims will face a lot if an issue such as slow down the computer the blue screens of their computers

19.Employees Provident Fund Organization(EPFO)   attack:

 A cyber Attack launch into Indian Provident Fund Portal called “Employees  Provident Fund Organization(EPFO)” and hackers may have been stolen around 27 Million registered peoples sensitive data.The personal and professional details of about 27 Million Indian Peoples registered with the retirement fund body Employees Provident Fund Organisation (EPFO).A hacked website (Aadhaar.epfoservices.com)provides an Aadhaar Seeding Service for EPFO that has been managed under Indian Government infrastructure called Information and Communication Technology (ICT).Attackers Exploiting two critical vulnerabilities called “Struct Vulnerability  &  Backdoor shell”  which exists on the hacked website that allow an attacker to successfully compromise the website and gave access to stolen the million of Peoples Sensitive Data.“backdoor shells” allows hackers gaining control of a portal’s administrator privileges and “Apache Struts”, a widely used Java application that contains a critical vulnerability.

20. ROWHAMMER GPU Attack:

Rowhammer is a problem with recent generation DRAM chips in which repeatedly accessing a row of memory can cause "bit flipping" in an adjacent row which could allow anyone to change the value of contents stored in computer memory.

WHAT IS ROWHAMMER BUG:

DDR memory is arranged in an array of rows and columns, which are assigned to various services, applications and OS resources in large blocks. In order to prevent each application from accessing the memory of other application, they are kept in a "sandbox" protection layer.

HOW DOES THIS ATTACK WORK?

GLitch exploits a series of microarchitectural flaws of the system in order to leak and corrupt data.  The attack can be divided in two stages:
     1)  In the first stage of the attack we take advantage of a timing side channel to gain a better understanding of the (physical) memory layout of the system.
     2)  In the second stage we use the information extracted from the previous part to carry out a more reliable Rowhammer attack against the browser – in our case Firefox. For more details about the exploitation go down.

21.LeakerLocker  attack:

Mobile Ransomware called LeakerLocker Found in Google Playstore which infect the Android Mobile user and steals the information such as contact Phone numbers, Phone call History, personal images and Email texts etc.This Ransomware will be Encrypt the file instead of that, this malware Demand a payment to prevent the attacker from spreading a victim’s private information.Once LeakerLocker Ransomware attacks the Victims, it takes unauthorized backup of the victims personal information and that could be leaked if victims denied paying the demanded ransom Payment. Once Victim infected, its asks to inputs a credit card number and clicks “Pay,” the code send a request to the payment URL with the card number as a parameter.After payment successfully initiated it gives a reply that,“our [sic] personal data has been deleted from our servers and your privacy is secured.” If not successful, it shows “No payment has been made yet. Your privacy is in danger.” 

22.        HBO’s Game of Hacks:


Think of this as ransomware without the “ware”. In May, 1.5 terabytes of data were stolen from HBO, including yet-unreleased episodes and scripts from their hit show “Game of Thrones”. Recently, an indictment for an Iranian man by the name of Bezad Mesri was unveiled in a Manhattan U.S. District Court, facing charges for computer fraud, wire fraud, extortion and identity theft. The reason being that he effectively held the data ransom for $6 million worth of Bitcoin from HBO – when HBO balked at the breach, Mr. Mesri released episodes, scripts and more. The breach didn’t have too much of an effect on the GoT season finale, however, which clocked in 16.5 million viewers when including streaming services.
23.    Crypto Currency Website Bitstanp Hacked
Founded in 2011, Bitstamp is one of the oldest exchanges still in operation today. But like several major crypto trading platforms, Bitstamp has experienced a hacking incident. In mid-2015, Coindesk reported that several hackers targeted Bitstamp’s employees via email and Skype, sending them documents that contained malware.
In a classic phishing incident, one of the targeted employees downloaded a compromised document, opening a malware that compromised the exchange’s hot wallets. The result was that nearly 19,000 Bitcoins were lost in late December 2014. The Bitcoins were valued at $5 million at the time. Bitstamp became aware of the incident on 4th January 2015. They quickly mitigated the situation but kept crucial details about the hack private.

24.Expedia Hacked, which exposed 80,000 payment card numbers

 Chicago-based online travel booking company Orbitz, a subsidiary of Expedia, reveals that one of its old websites has been hacked, exposing nearly 880,000 payment card numbers of the people who made purchases online.

The data breach incident, which was detected earlier this month, likely took place somewhere between October 2016 and December 2017, potentially exposing customers' information to hackers.

According to the company, hackers may have accessed payment card information stored on a consumer and business partner platform, along with customers' personal information, including name, address, date of birth, phone number, email address and gender.

25.  Finland Largest Data Breach

 Over 130,000 Finnish citizens have had their credentials compromised in what appears to be third largest data breach ever faced by the country, local media reports.
Finnish Communications Regulatory Authority (FICORA) is warning users of a large-scale data breach in a website maintained by the New Business Center in Helsinki ("Helsingin Uusyrityskeskus"), a company that provides business advice to entrepreneurs and help them create right business plans.
Unknown attackers managed to hack the website (http://liiketoimintasuunnitelma.com) and stole over 130,000 users’ login usernames and passwords, which were stored on the site in plain-text without using any cryptographic hash.
The company also ensures that the detailed information of its customers was stored on a different system, which was not affected by the data breach.


 ==========     Hacking Don't Need Agreements     ==========
Just Remember One Thing You Don't Need To Seek Anyone's  To Hack Anything Or Anyone As Long As It Is Ethical, This Is The Main Principle Of Hacking Dream
    Thank You for Reading My Post, I Hope It Will Be Useful For You

I Will Be Very Happy To Help You So For Queries or Any Problem Comment Below Or You Can Mail Me At Bhanu@HackingDream.net

Bhanu Namikaze

Bhanu Namikaze is an Ethical Hacker, Security Analyst, Blogger, Web Developer and a Mechanical Engineer. He Enjoys writing articles, Blogging, Debugging Errors and Capture the Flags. Enjoy Learning; There is Nothing Like Absolute Defeat - Try and try until you Succeed.

No comments:

Post a Comment