Home

Reading Time: 2 minutes

Ransomware is a one of category in malware that encrypts the victim’s data and demands for payment in exchange for the decryption key. Now a days ransomware attacks have become increasingly common and sophisticated, causing significant financial and reputational damage to businesses and individuals alike.

Evolution:

Ransomware has been around for more than a decade, but it wasn’t until the rise of Bitcoin and other cryptocurrencies that it became a more popular tool for cybercriminals. Cryptocurrencies allow for anonymous payments, which makes it difficult for law enforcement agencies to track the funds.

In the early days, ransomware attacks were relatively simple and unsophisticated. They often relied on social engineering tactics such as phishing emails to trick users into downloading the malware. Once installed, the malware would encrypt the victim’s files and display a ransom note demanding payment in exchange for the decryption key.

Over time, ransomware attacks have become more sophisticated and harder to detect. Many ransomware strains now use advanced encryption techniques and are capable of spreading quickly through a network, infecting multiple devices at once.

Impact:

The impact of ransomware attacks can be devastating, both for individuals and businesses. In addition to the direct cost of paying the ransom (which can range from a few hundred to millions of dollars), there are other costs to consider, including:

Lost productivity: Ransomware attacks can cause significant disruption to business operations, resulting in lost productivity and revenue.

Damage to reputation: A ransomware attack can damage a business’s reputation and erode customer trust.

Legal and regulatory costs: Businesses may face legal and regulatory costs if they fail to adequately protect their data or if customer data is compromised.

Recovery costs: Even if a business pays the ransom, there is no guarantee that they will receive the decryption key. In some cases, the victim may need to hire a cybersecurity expert to help recover their data, which can be costly.

Prevention:

Preventing ransomware attacks requires a multiple approach that includes:

Employee education: Employees should be trained to recognize phishing emails and other social engineering tactics.

Patch management: Keeping software up-to-date with the latest security patches can help prevent vulnerabilities from being exploited.

Endpoint protection: Endpoint protection software can help detect and block ransomware attacks.

Data backup: Regularly backing up data to an offsite location can help mitigate the impact of a ransomware attack.

Incident response plan: Businesses should have an incident response plan in place to help them respond quickly and effectively to a ransomware attack.

Conclusion:

Ransomware attacks are on the rise, and the threat is only likely to grow in the coming years. Businesses and individuals must take proactive steps to protect themselves against this threat, including investing in cybersecurity education, technology, and planning. With the right approach, it is possible to minimize the impact of ransomware attacks and keep your data safe from cybercriminals.

Found this article interesting? Follow HackersIdentity on Facebook, Twitter and LinkedIn to read more exclusive content we post.

Reading Time: < 1 minutes

Marketing automation company Mailchimp has reported that it has been the victim of a social engineering attack-related data breach. that enabled threat actors to access an internal support and account admin tool to obtain information about 133 customers.

“The unauthorized actor conducted a social engineering attack on Mailchimp employees and contractors, and obtained access to select Mailchimp accounts using employee credentials compromised in that attack,” the Intuit-owned company said in a disclosure.

Mailchimp identified the lapse on January 11, 2023, and noted that there is no evidence the unauthorized party breached Intuit systems or other customer information beyond the 133 accounts. And all those affected accounts were notified within 24 hours. however, did not reveal the duration for which the intruder remained on its systems.

The marketing automation company has been the victim of its second hack within 12 months.

The objective of social engineering attack is to influence, manipulate or trick users into releasing sensitive information or access within an organization.

Found this article interesting? Follow HackersIdentity on Facebook, Twitter and LinkedIn to read more exclusive content we post.

 

Reading Time: 2 minutes

After a massive response from security community at NullCon Goa, India event shows offline participation of security researchers has been increased immensely in cyber security events. Here is the list few of upcoming events that every security researcher in the community should know:

1. Texas Cyber Summit | September 22-24 | Austin, Texas

Texas cyber summit conference is with vision to increase the number of persons of all demographics entering the cybersecurity field, particularly those of the underserved and women communities. Facilitate a place where attendees can build a social network that brings mentors and inspiration to them in a positive and re-enforcing manner.

To get more details visit https://texascyber.com/

2. RomHack 2022 | September 23 | Rome, Italy

The event is organized by Cyber Saiyan and gives to anyone the opportunity to meet and exchange ideas in three days of learning, entertainment, knowledge sharing through cutting-edge talks, workshops and interactive labs.

To get more details visit https://romhack.camp/

3. International Cyber Expo | September 27-28 | London, UK

International Cyber Expo will be perfect meeting place for CISOs, CTOs, Managing Directors, business owners, cyber security specialists, government officials and end-users to connect and source products from the thriving cyber security market.

To get more details visit https://www.internationalcyberexpo.com/

4. VB2022 Prague | September 28-30 | Prague, Czech Republic

Virus Bulletin, the venerable malware-focused publication, has been running its annual conference for more than 30 years, and returns to an in-person format after two years online.

To get more details visit https://www.virusbulletin.com/conference/vb2022/

5. (ISC)² Security Congress 2022 | October 08-12 | Las Vegas and online

Dozens of sessions around professional development, with topics including cloud security; Deepfakes; Effective Cybersecurity Board Reporting Zero Trust for Cloud; governance, risk, and compliance (GRC); and career development.

To get more details visit https://congress.isc2.org/event/ddd188c4-b9cd-4eb0-bd9a-2c7810df496e/summary

6. Authenticate 2022 | October 17-19 | Seattle, US

Hosted by the FIDO Alliance, the event is dedicated to the who, what, why and how of user authentication – with a focus on the FIDO standards-based approach.

To get more details visit  https://authenticatecon.com/event/authenticate-2022-conference/

7. Web Summit 2022 | November 1-4 | Lisbon, Portugal

Web Summit is “where the future goes to be born” . Web Summit 2022 will bring together 70,000+ people, and the companies redefining the tech industry.

To get more details visit https://websummit.com/

8. 2022 FIRST Cyber Threat Intelligence Symposium | November 2-4 | Berlin, Germany

FIRST (Forum of Incident Response and Security Teams) runs technical colloquia for discussing vulnerabilities, incidents, and tools impacting security/incident response teams, plus less technical, sometimes more hands-on, regional symposia.

To get more details visit https://www.first.org/events/colloquia/

9. HITB + CyberWeek | 17th – 21st April 2023 | TBC, Amsterdam

HITBSecConf – short for Hack In The Box Security Conference – has multiple events featuring trainings, multi-track conferences, and CTFs throughout 2022.

To get more details visit https://conference.hitb.org/

10. Black Hat Europe 2022 | December 5-8 | London, UK and online

Black Hat’s final major event of the year will as usual feature a stellar range of speakers speaking about hacking tools and techniques, security vulnerabilities, and cybercrime trends.

To get more details visit https://www.blackhat.com/upcoming.html#europe

Found this article interesting? Follow HackersIdentity on Facebook, Twitter and LinkedIn to read more exclusive content we post.

Reading Time: < 1 minutes

Customer engagement platform Twilio on Monday, August 4, 2022 announced of unauthorized access to information related to a limited number of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials.

The attack used SMS phishing messages looks like come from Twilio’s IT department, suggesting that the employees’ password had expired or that their schedule had changed, and advised the target to log in using a spoofed web address that the attacker controls.

Twilio said that the attackers sent these messages to look legitimate, including words such as “Okta” and “SSO,” referring to single sign-on, which many companies use to secure access to their internal apps.

Also they worked with U.S. carriers to stop the malicious messages, as well as registrars and hosting providers to shut down the malicious URLs used in the campaign.

The objective of social engineering attack is to influence, manipulate or trick users into releasing sensitive information or access within an organization.

Found this article interesting? Follow HackersIdentity on Facebook, Twitter and LinkedIn to read more exclusive content we post.

Reading Time: < 1 minutes
PDP bill 2019
PDP bill 2019

The Indian Govt on Wednesday 3rd Aug 2022 withdrew the long-awaited Personal Data Protection (PDP) Bill, 2019. Centre told the members of the Joint Parliamentary Committee that it will bring a set of new legislation for a comprehensive legal framework for the digital economy.

The withdrawn Bill had proposed restrictions on the use of personal data without the explicit consent of citizens. It had also sought to provide the government with powers to give exemptions to its probe agencies from the provisions of the Act. The bill was criticized by privacy experts as it was seen as being more in favor of the government rather than protecting privacy, which the Supreme Court held as a fundamental right in 2017.

Looking forward, this is also a great opportunity to look into certain key issues relating to lack of independence of data protection authority, restrictive cross border data flow and state exemption. The new framework should foster growth and innovation, help the start-up ecosystem and enable ease of doing business while ensuring that the data rights of citizens are at the heart of the legislation.

Found this article interesting? Follow HackersIdentity on Facebook, Twitter and LinkedIn to read more exclusive content we post.

Reading Time: < 1 minutes

The backbone of the web has received a major upgrade. The HTTP/3 protocol has received RFC 9114 standardization – a boost for internet security, but not one without hurdles for web developers.

This week, the Internet Engineering Task Force (IETF) released HTTP/3, published as RFC 9114.

The Hypertext Transfer Protocol (HTTP) acts as an application layer for facilitating communication between servers and browsers, fetching resources, and transferring data. HTTPS is HTTP with additional security via encryption.

HTTP/3 is the latest revision of the HTTP protocol, taking over from 2015’s HTTP/2. HTTP/3 is designed to address some of the performance issues inherent in HTTP/2, improving the user experience, decreasing the impact of packet loss without head-of-line blocking, speeding up handshake requirements, and enabling encryption by default.

The protocol utilizes space congestion control over User Datagram Protocol (UDP).One of the major differences in HTTP/3 is QUIC. Developed by Google, Quick UDP Internet Connections (QUIC) was adopted by the IETF, and a tailored version provides a cornerstone of HTTP/3.

Cloudflare predicts that 8% of internet traffic is HTTP/1-based, followed by HTTP/2 at 67%, and HTTP/3 at 25%.

Found this article interesting? Follow HackersIdentity on Facebook, Twitter and LinkedIn to read more exclusive content we post.

Reading Time: < 1 minutes

The Centre for Threat Informed Defence releases mappings between MITRE ATT&CK® and NIST Special Publication 800-53 with supporting documentation and resources.

These mappings provide a critically important resource for organizations to assess their security control coverage against real-world threats as described in the ATT&CK knowledge base and provide a foundation for integrating ATT&CK-based threat information into the risk management process.

With over 6,300 individual mappings between NIST 800-53 and ATT&CK, this resource greatly reduces the burden on the community to do their own baseline mappings– allowing organizations to focus their limited time and resources on understanding how controls map to threats in their specific environment.

For more details NIST 800-53 Control Mappings – CTID (mitre-engenuity.org

Log4j CVE-2021-44228
Reading Time: 2 minutes

Log4j CVE-2021-44228

Log4j is popular java library used as logging framework in most of the application. This framework is vulnerable to remote code execution (RCE) vulnerability in Apache Log4j 2. It is also known as log4shell: 0 day exploit.

All versions of Log4j2 versions >= 2.0-beta9 and <= 2.14.1 are affected by this vulnerability.

Attacker will send the specially crafted request and a log statement to  endpoint with protocol (HTTP, TCP, etc) that logs out the string from that request. The log4j vulnerability is triggered by this payload and the server makes a request to hacker controlled website via “Java Naming and Directory Interface” (JNDI)

This response contains a path to a remote Java class file which is injected into the server process, this injected payload triggers a second stage, and allows an attacker to execute arbitrary code. The important thing to understand is that the vulnerability gets triggered if the logged string contains any untrusted strings in any part of the logged data.

This way Unauthenticated, remote hacker could exploit this vulnerability and achieve RCE to a server running a vulnerable version of log4j. Many applications use Log4j for logging functionality, Many services are vulnerable to this exploit. Cloud services like Apple iCloud, have already been found to be vulnerable.

MitigationThe simplest and most effective protection method is to install the most recent version of the library, 2.15.0.

If for some reason updating the library is not possible, Apache Foundation recommends using one of the mitigation methods. In case of Log4J versions from 2.10 to 2.14.1, they advise setting  the log4j2.formatMsgNoLookups system property, or setting  the LOG4J_FORMAT_MSG_NO_LOOKUPS environment variable to true.

To protect earlier releases of Log4j (from 2.0-beta9 to 2.10.0), the library developers recommend removing the JndiLookup class from the classpath: zip -q -d log4j-core – *. Jar org / apache / logging / log4j / core / lookup / JndiLookup .class.

Found this article interesting? Follow HackersIdentity on Facebook, Twitter and LinkedIn to read more exclusive content we post.

Reading Time: < 1 minutes

Industry’s first comprehensive cybersecurity skilling program to empower India’s workforce for a career in security. This initiative aims to skill 1 lakh learners by 2022.

As digital adoption continue to rise, the need of cybersecurity landscape has evolved significantly, and huge demand for skilled security professionals. To address this skills gap and empower India’s workforce for a career in cybersecurity, Microsoft launched a first of its kind cybersecurity skilling program that aims to skill over 1 lakh learners by 2022.

The program is designed to give learners hands-on experience in the fundamentals of security, compliance, and identity. Microsoft will conduct these courses along with its strategic consortium of partners including Cloudthat, Koenig, RPS, and Synergetics Learning. The course modules are designed to support all levels of learners, regardless of where they are in their cybersecurity journey.

Microsoft has introduced four new security, compliance, and identity certifications, of which the accredited certification for Fundamentals will be offered at zero-cost for any individual who attends the associated training through this initiative. Additionally, in collaboration with its partners, Microsoft, offers learners deeply discounted offers on the rest of the advanced role-based certifications to drive deep skills for addressing cybersecurity challenges.

Learners can apply for the course: https://www.microsoft.com/en-in/campaign/MS-IndiaSkillingInitiative/SecuritySkilling.aspx

Found this article interesting? Follow HackersIdentity on Facebook, Twitter and LinkedIn to read more exclusive content we post.

Reading Time: < 1 minutes
Go Daddy data breach 2021
Go Daddy data breach 2021

Web-hosting giant GoDaddy has confirmed another data breach, this time affecting at least 1.2 million of its customers.

In an official statement it says On November 17, 2021, they discovered unauthorized third-party access to our Managed WordPress hosting environment.

They identified suspicious activity in their  Managed WordPress hosting environment and after that  they immediately began an investigation with the help of an IT forensics firm and contacted law enforcement.

Go Daddy immediately blocked the unauthorized third party from their system and  investigation is ongoing, but they have determined that, beginning on September 6, 2021, the unauthorized third party used the vulnerability to gain access to the following customer information:

  • Up to 1.2 million active and inactive Managed WordPress customers had their email address and customer number exposed. The exposure of email addresses presents risk of phishing attacks.
  • The original WordPress Admin password that was set at the time of provisioning was exposed. If those credentials were still in use, then reset those passwords.
  • For active customers, sFTP and database usernames and passwords were exposed. Then reset both passwords.
  • For a subset of active customers, the SSL private key was exposed. Go Daddy will be issuing and installing new certificates for those customers.

Found this article interesting? Follow HackersIdentity on Facebook, Twitter  and LinkedIn to read more exclusive content we post.