X/Twitter Crypto Scams From Verified Accounts

Today, we are witnessing an unpleasant trend: hackers increasingly target verified Twitter accounts. To be more specific, this refers to individuals who are part of government or business organizations. Usually, these accounts are distinguished by ‘gold’ and ‘gray’ checkmarks, which indicates that this account belongs to a reputable company or person. Crooks hijack such accounts to promote cryptocurrency scams, phishing websites, and platforms equipped with crypto drainers.

Just yesterday, we wrote about the incident with the Mandiant X/Twitter account, a Google subsidiary and a prominent player in cyber threat intelligence. Thing is – they are not alone. With just a bit of difference, the same hacks-and-scams were happening to dozens of verified accounts on X. Within the 5 days of the new year alone, researchers have reported hacking three public accounts. We are talking about the nonprofit consortium “The Green Grid”, Canadian senator Amina Gerba and Brazilian politician Ubiratan Sanderson. Despite the absolute incoherence of the victims, they were united by one thing – a sudden ardent interest in cryptocurrency.

How Does Twitter Crypto Scams Work?

To start, scammers create a fake profile of a famous person. Most often, it is Elon Musk, as it is his style to promote dubious things. Next, the fake account tries convincing users to click the link. The further scenario depends on the type of fraud – either a crypto draining scam, an investment fraud, or a fake airdrop scheme. Let’s briefly check each one out.

Fake investment is an attempt by fraudsters to trick the victim into investing money. It can be a dubious cryptocurrency, artificially inflated and then dumped, thanks to which the value falls sharply. As a result, the victim loses his investment and is left with worthless coins.

Another method of fraud is crypto drainers. In short, the victim is tricked into agreeing to fraudulent transactions. The peculiarity of this method is that the victim signs a transaction that looks legitimate but allows fraudsters to withdraw money from the victim’s wallet without confirmation.

Fake airdrop scams are designed for those who want easy money. The scammers offer users the option to send any money to the specified wallet and promise to send double the amount in return. However, no one will send anything in return after the victim sends money.

Eligibility and Trust Undermined

Initially, a blue check mark was the sign of a verified Twitter account. It was obtained by providing a document proving the user’s identity. Later, anyone could get a checkmark for $8 a month, leading to a flood of scammers creating fake celebrity accounts and successful cryptocurrency scams. These days, the division of the ticks into gold, gray, and blue. The gold checkmark is given to the accounts of large companies—and the gray tick is to government organizations. The blue checkmark is given to individuals, regardless of their fame. Obviously, the first two options have caused a stir among cybercriminals.

The Black Business for Verified Twitter Accounts

According to a report from CloudSEK, a digital risk monitoring platform, a black market is thriving where compromised gray and gold X accounts are being sold. This illicit market is based on selling high-profile accounts marked with gold and gray checkmarks, indicating their verified status. Although these accounts should symbolize trust and authenticity, they are sold for $1,200 to $2,500. For example, one such account, inactive since 2016, has 28k subscribers and sold for 2500 dollars.

The process often involves hijacking dormant accounts with the potential for high follower counts and converting them into verified profiles using dubious means. In some cases, the hackers offer additional services by attaching scam accounts as affiliates to these verified profiles. This lends the scam accounts an aura of legitimacy and allows them to bypass more stringent verification processes, facilitating easier manipulation of unsuspecting victims.

Recommendations for Account Security

It is concerning that many well-known companies’ Twitter profiles have been hacked recently to spread crypto scams. This poses a risk of falling victim to such scams and the possibility of misinformation or more severe scams. Thus, knowing how to respond when encountering a hacked account and spreading questionable links is essential.

Firstly, avoiding following any links posted by such accounts is advisable. Whether they lead to a crypto drainer, fake airdrop, or investment scam page, it is best to avoid visiting them.

Secondly, you can report the hacked account to moderators. The reports menu has an option called Deceptive Identities, which will allow the system to take the necessary action.

Lastly, spread the word about the hack with your friends and subscribers. The more people are aware of this type of scam, the lower the chances they fall victim to it now or in the future.

The post Verified X/Twitter Accounts Hacked to Spread Cryptoscams appeared first on Gridinsoft Blog.

Who are Moneris and Medusa?

Moneris, a joint venture between the Royal Bank of Canada and the Bank of Montreal, is Canada’s largest payment processor. They were handling over 3.5 billion credit and debit card transactions annually. The company serves as a critical intermediary for businesses of all sizes, making its compromise a significant threat to the country’s economic stability. Sure enough, any cybersecurity incidents, as companies prefer to call ransomware attacks, will set the community abuzz.

The Medusa ransomware group is a relatively new cybercrime gang that has gained notoriety for its ruthless strategies. Criminals operate under a ransomware-as-a-service (RaaS) model, providing its hacking tools and expertise to affiliates in exchange for a share of the ransom proceeds. This approach has enabled the group to expand its reach and inflict damage on a wide range of victims.

Medusa Ransomware attempt to compromise Moneris

Moneris has confirmed the attempted ransomware attack but has assured its customers that no critical data has been compromised. The company has also stated that it has implemented measures to restore its systems and continue operations.

In response to the Medusa ransomware attack, Moneris has taken steps to mitigate the damage and protect its customers. The company has engaged cybersecurity experts to investigate the incident. It also implemented additional security protocols and communicated regularly with its customers to keep them informed.

The fallout from this breach extends beyond Moneris itself. A disruption in Moneris services lasting 90 minutes in late September caused widespread issues across the country. The company’s extensive contracts with the US military raise additional concerns. Considering the potential compromise of sensitive information related to military equipment and weapons.

Critical Financial Institutions Under Attack

Attack on Moneris seems to be one more element of a chain of attacks on critical financial infrastructure. Just a couple of days ago, another infamous ransomware group – LockBit – successfully hacked ICBS – the biggest commercial bank in the world. Such an interest in financial companies is obvious, though the trend is not less concerning.

Huge money flow, probability of handling sensitive information, having tremendous amounts of statistics – this is what attracts the hackers, and what makes these two breaches so dangerous. Even though attacks are most likely unrelated, crooks may start targeting them much more often. And while Moneris hack is mostly about disruptions of money transactions, hacks of institutional orgs like ICBS puts the global financial system at risk.

How to Protect Against Ransomware?

The incident highlights the growing sophistication and severity of ransomware attacks, targeting not just individual users but also large, well-established corporations like Moneris. The financial and reputational implications of such attacks can be devastating, making it crucial for businesses to invest in robust cybersecurity measures and maintain vigilance against evolving cyber threats. Here are some tips on how to protect against ransomware:

• Regularly backing up your data is crucial for its safety. Create an offline backup of your hard disk-stored files to protect your data. This is a copy of your data saved on a separate device not connected to your computer or network. If ransomware attacks your computer, the backup files will not be affected, and you can restore them without paying a ransom.
• It is important to keep your software up to date as software updates include crucial security patches that protect against ransomware attacks. Most software programs offer the option for automatic updates which will ensure that your software is always updated with the latest security patches.
• Train your employees. Conduct regular cybersecurity awareness training for employees to educate them about ransomware threats and safe online practices.
• Use reliable software. Install reputable antivirus and anti-malware software on your devices. Consider using additional security tools that offer real-time protection against ransomware.
• Be careful with user privileges. Follow the principle of least privilege (PoLP) to restrict user access to the minimum necessary for their roles.

The post Moneris Hacked, Medusa Ransomware Claims appeared first on Gridinsoft Blog.

What are cryptocurrency scams?

Crypto scams are investment frauds that can take many forms, from phishing scams to rug pulls. Since a central authority like a bank doesn’t regulate crypto’s blockchain technology, bad actors can easily exploit hopeful investors. That, actually, has made cryptocurrencies and all related topics an ideal harbor for different scams. Due to the lack of experience, people were prone to falling victims even to the least complicated schemes – leave alone tricky ones.

With time, cybercriminals become more sophisticated in their phishing techniques. Primary reason for that is the uprising of average folks’ knowledge – it just became not that easy to scam someone. They impersonate legitimate exchanges and wallets and use convincing social engineering tactics to gain unauthorized access to digital assets. These scammers use various social engineering methods to manipulate users’ emotions and create a sense of trust and urgency. It’s essential to be aware of these tactics and take the necessary measures to protect yourself.

Hot and Cold Wallets Difference

To assess the risks, let’s review the different types of wallets. First, it’s important to note that wallets do not hold the actual crypto assets. Instead, the blockchain records information about the support, while the wallet provides secure storage for the private (secret) key.

The “Hot” wallets.

A hot wallet is a cryptocurrency wallet that has constant internet access. It includes any online service that offers cryptocurrency storage, such as crypto exchanges and specialized apps. The keys in a hot wallet are stored encrypted on the server. These are online or custodial wallets offered by popular exchanges, including Binance and Coinbase.
The key can be used to sign a transaction on the blockchain anytime.

The “Cold” wallets.

In the case of a cold wallet, the keys are stored on a standalone device or as an alphanumeric sequence written on a piece of paper. A device solely for storing keys is known as a hardware wallet, while software wallets are applications designed to store keys on regular computers and smartphones.

Attack on “Hot” wallets

Many people use hot wallets to store their cryptocurrency because they are easy to create and convenient. However, cybercriminals often target hot wallets because they are frequently online and popular. Storing large amounts in hot wallets is not recommended due to their susceptibility to attacks. Although cybercriminals may use phishing techniques to attack hot wallets, their tactics are often simple and aimed at less experienced users.

A standard method in crypto phishing scams is impersonating trusted entities, like cryptocurrency exchanges or wallet providers. The scammers send emails or messages that look like they come from these legitimate organizations, using similar branding, logos, and email addresses. Their goal is to trick people into thinking they are receiving a message from a trustworthy source.

One common phishing scam targets users of hot wallets. Scammers will send emails posing as a well-known crypto exchange, asking users to confirm a transaction or verify their purse. Once the user clicks the link, they are taken to a page. Then they are asked to enter their seed phrase. A seed phrase consisting of either 12 or 24 words is required to regain access to a crypto wallet. This is the primary password for the wallet and should be kept secure. If the seed phrase is lost or given to scammers, the user risks permanently losing access to their wallet and compromising their account.

Scams that are straightforward and don’t involve software or social engineering tactics are usually aimed at people who are not tech-savvy. The form for entering a seed phrase usually looks simple, with just an input field and a logo for a cryptocurrency exchange.

Phishing attacks targeting cold wallets

Cold wallets seem to be more safe because they are not always connected to the Internet. However, it would be a mistake to assume that a hardware wallet can only be hacked by stealing or physically accessing it. As with hot wallets, scammers use social engineering techniques to access users’ funds. Recently, experts noticed an email campaign explicitly targeting hardware cold wallet owners.

A typical attack involves a crypto email campaign where the user is sent an email from a cryptocurrency exchange inviting them to participate in a giveaway of XRP tokens, the platform’s internal cryptocurrency. When the user clicks on the link, they will be directed to a blog page with a post outlining the “giveaway” rules. This post also includes a direct link for registration. Where scammers are already finding sophisticated methods to trick the user.

Fake support requests

Beware of crypto phishing scams where scammers pretend to be customer support reps from real cryptocurrency exchanges or wallet providers. They may send messages or emails to users, tricking them into believing there’s a problem with their account or a transaction that needs urgent attention. These scammers often provide a link to a fake support website or contact method, where users are asked to provide their login credentials or sensitive information. Stay vigilant, and avoid falling for these tactics.

Scammers exploit users’ trust in legitimate customer support channels by pretending to be support personnel. They also capitalize on users’ eagerness to resolve issues promptly, which leads them to reveal their private information willingly. Scammers can then use this information for malicious purposes.

How to protect users from crypto-phishing

To stay safe while using cryptocurrency, there are measures users can take. One is enabling two-factor authentication, a helpful tool to prevent phishing scams from compromising their crypto accounts.

• Use of hardware or software authenticators. Hardware authenticators, or security keys, are physical devices that generate one-time passwords and provide an extra layer of security. Software-based authenticators, such as Google Authenticator, generate time-based codes on users’ smartphones.
• Be careful with links and attachments. Phishing scammers use a trick where they display a different URL text to what the actual destination is. To avoid falling for this, users can hover over the link to check for inconsistencies and suspicious URLs that may indicate a phishing attempt.
• Scanning attachments with antivirus. To protect your device and cryptocurrency accounts from malware, always be careful when downloading and opening attachments, particularly from unknown or suspicious sources. Attachments may contain harmful software, such as keyloggers or trojans, which can jeopardize security. To reduce this risk, scanning all attachments with trustworthy antivirus software is advisable before opening them.
• Keep software updated. It is crucial to keep the operating systems, web browsers, devices, and other software up to date to ensure the security of the user’s devices. These updates may contain security patches to address known vulnerabilities and protect against new threats.

As crypto phishing scams constantly change, users must stay current on the latest tactics and scams targeting the cryptocurrency community. Educating yourself on these techniques and staying informed about recent phishing incidents and security best practices can help keep you safe. To stay informed about phishing scams, security vulnerabilities, and how to protect your crypto assets, it’s essential to follow trustworthy sources that provide accurate information and alerts.

The post Hot and Cold Crypto Wallets Hacking appeared first on Gridinsoft Blog.

Windows Kernel Driver Signature Hacks

Microsoft has a long history of protecting its operating system from being exploited with malicious drivers. In fact, they have a continuous battle going since early 2007 – the release date of Windows Vista. In this patch, the developers implemented a mechanism that forbids unsigned drivers from running. Kernel-level drivers have access to any possible functionality of both the OS and hardware components. Further, in 2016, Microsoft created a centralised driver signature authority – Developer Portal – which is the only place to sign Windows drivers since Windows 10 1607 release. All this was done to decrease the possibility of malicious use of a signed driver.

This, however, was not suitable for all developers of benevolent software. Similar to pretty much any centralised authority, Developer Portal has a lag between sending the driver, its review, and receiving a signature. As a result, urgent processes like real-world tests or even simple debugging have become impossible. Another industry where cert forging is in use is game cheats, that circumvent anti-cheat engine protection by implementing on the same, kernel level. Once again – the system simply refuses to run the driver once it is not signed. The only way here was creating a detour, and in this case such was a free open-source utilities called HookSignTool and FuckCertVerifyTimeValidity.

How do driver certificate hacktools work?

Both of these programs have pretty much the same mechanism. They exploit one of three rules of backward compatibility for legacy drivers. Microsoft left them to make drivers signed prior to July 29, 2015 possible to use – which is essential for old programs and hardware. Those rules are:

1. System was upgraded from an earlier Windows version to Windows 10 1607
2. Drivers was signed with an end-entity cert by the cross-signed certificate authority before July 29, 2015
3. System has the Secure Boot option disabled in the BIOS.

Actually, utilities aim at exploiting the second rule. They simply spoof the driver signature with the one issued by a legit CA before the date. And while it is useful for software developers that urgently need to test something and have no time to wait for DevPortal’s reaction, it is similarly useful to cybercriminals.

During the first half of 2023, security analysts have noticed numerous examples of these utilities exploitation for signing malware that integrates into the system as kernel-level drivers. Such a deep integration, especially considering the total system acceptance of that driver, grants malicious programs with unlimited capabilities. Such malware is hard to detect with anti-malware software and, what’s even worse, particularly hard to remove without wiping the disk out.

Microsoft Keeps Dozens of Expired Certificates

To operate properly, the mentioned utilities require an expired, but non-revoked certificate installed in the system. HookSignTool offers its own one, FuckCertVerify uses a pack of leaked certs to forge the signature. And these exact certs were detected during recent cyberattacks. Deeper analysis reveals that Windows carries over a hundred exploitable certs that were expired long ago. Among them, analysts name several that were actively used in cyberattacks:

High number of Chinese certs is explained by the fact that the HookSignTool utility is made by Chinese programmers. As it carries certificates for signature forging inside of its installation package, their location is to be expected. Another interesting element there is that hackers who use these utilities appear to be Chinese as well. Such a guess comes from the language code of the malware samples from the attacks that used certificate forging utilities.

How to protect against malware with forged certificates?

Fortunately, there is a particularly easy advice, though some people may hate its very essence. Update your Windows – new patches have the certificates that appear in these attacks marked as untrusted. Microsoft cooperates with cybersecurity researchers and vendors, and any certs used in such circumstances are reported instantly. Well, delivering updates can take some time, but be sure to check your Update tab, if you want to avoid such an unpleasant thing to run on your PC.

The problem here is the fact that antivirus system can have problems with detecting such a threat. Classic antivirus programs, that does not have behaviour analysis features, will simply miss an item that has been legitimized in such a way. For that reason, an advanced solution is a must-have. For corporations, those are EDR/XDR solutions, which have behaviour analysis as their primary source of information. Home users can try GridinSoft Anti-Malware to detect and remove malicious programs even before they’re active.

The post Forged Driver Signatures Exploited In The Wild appeared first on Gridinsoft Blog.

How Attackers Hack Someone’s Snapchat Account

Snapchat does not seem to be the place where something important and unremarkable for hacking is stored. But still Snapchat accounts are under threat of various hacks. The main motives of intruders are espionage, obtaining personal information (passwords, phone numbers, etc.), blackmail, etc. Here is a list of the main methods of hacking that cybercriminals use for their attack.

1. Downloading Spyware and Keylogger Apps

People use spyware tools called spyware to monitor someone else’s Snapchat account. This is the most popular way that people monitor someone else’s social media account.

The apps covertly install spyware on the smartphone of the intended victim, continuously recording their every move and accessing them remotely at any time. This information is accessible to the invader, who uses it to view and archive Snapchat messages from the victim. These apps store messages, photos, and videos, as well as screenshots. Some also include location tracking.

There are numerous ways to enter someone else’s account. Keyloggers are a common tool that record every keystroke a person makes. This allows anyone to track what text a person enters on their keyboard. A keylogger is a software program installed on someone’s device that records their password. If a person doesn’t use a password manager, manually entering their password can cause trouble. Because of this, hackers can set up keyloggers on the victim’s devices and quickly obtain their account ID and password.

2. Third-Party Data Leaks

Monitoring apps can record Snapchat data and store it, even after the content is deleted by the user. When these apps uncover data leaks, including the username and password they contain, all of that information becomes publicly available on the internet. Anyone can access your account information through third-party data leaks. It’s wise to check for possible data leaks from other sources.

3. Phishing

Also known as phishing pages, fake websites created by hackers use deceptive methods to trick people. For example, one could be a seemingly identical copy of the official Snapchat website. After logging in with their username and password, people are hacked. They mistakenly provide the password to the hackers when they enter the credentials on the official website. If someone has been phished, they should know what to do after a hacking attack.

When evaluating a website’s URL, always consider the information it contains for phishing purposes. Any words or ending in a .com domain that appears suspicious should be noted and avoided.

4. Brute Force Attacks

Brute force attack is one of the common methods of intruders, thanks to which they manage to bombard login pages with thousands of different passwords and the duration of this method occurs until one of the accounts is hacked, after which the user will not be able to login to his account.

For testing take easy and common passwords such as 12345 or qwerty 123. Because users use such easy passwords, hackers can decrypt them in just a few seconds. It’s a method of entry that looks like a burglar who cracks safes and uses every number in the lock.

5. Using Wireless Sniffing

Most of us prefer to use public WiFi, but sometimes we need to be more careful. Hackers can gain access to a wireless network such as B. public Wi-Fi and start intercepting every bit of data sent over the network to get your Snapchat password. Of course, this isn’t just limited to passwords. Hackers can also target your private information, such as credit card numbers, addresses, dates of birth, social security numbers, and more.

How to Protect Your Snapchat Account

You will hardly find a man who will do nothing to dig into other people’s accounts and even more to hack them. This means that behind all of the above hacking methods are hackers who have a specific purpose and will do everything to achieve it. But, there is another side to all this, users can on their own prevent attackers and protect their data. Here is a list of the most suitable methods that you will need if you use social media, including Snapchat.

• Keep your smartphone password private. Likewise, if you’re an iPhone user, do this for accounts associated with numerous devices, such as your Apple ID and password.
• Confirm your Snapchat account phone number and email address to keep it safe.
• Choose a secure password for your Snapchat. It should be a combination of characters that does not contain any personal information; it must be different from your other accounts, and you should keep it private.
• Check your account privacy settings. This lets you control who can see your stories, send you Snaps, and see where you are. This prevents others from finding your username.
• You should only add real friends to your contact list. Don’t associate with strangers. Yes, it may seem fun and frivolous, but it’s not worth risking your security and privacy.
• Enable two-factor authentication to protect yourself from others trying to log into your account. This feature ensures that the person signing up is actually you, as you need to verify it twice.

The post Beware Snapchat Hacker Attacks: How to Stop Them appeared first on Gridinsoft Blog.

Paige Thompson, 36, a resident of Seattle, who worked as an engineer in Amazon Web Services, has been charged with seven felonies. She has been found guilty of five cases of unauthorized access to protected systems, damaging a protected computer, and wire fraud. For fraud alone, she faces up to 20 years in jail.

US Attorney Nick Brown noted that Paige Thompson had used her hacking skills to steal the personal information of more than 100 million people and hack computer servers for cryptocurrency mining. She was nothing like an ethical hacker: her intrusions were never a tool for protection improvements, which they could be. She exploited vulnerabilities she knew about to collect sensitive data and use it for her beneficiation.

Thompson was arrested in July 2019 after Capital One made a complaint to the FBI about a hack. Ms. Thompson has created a tool to seek incorrectly configured Amazon Web Services accounts. She managed to obtain data of more than 30 clients of the service, among whom there was Capital One bank. Upon finding a victim, Thompson went on with theft of personal data and installation of coin-mining malware. As a result, she collected data from over 100 million US clients of Capital One. Thompson even boasted about it on Internet chats and forums.

The court scheduled sentencing for September 15. Thompson faces up to 20 years for fraud and up to ten years altogether for two other charges: damage to a protected computer and unauthorized access.

The post A Former Amazon Employee Charged for Digital Fraud. Sentencing in September appeared first on Gridinsoft Blog.

The Nintendo Hacker keeps going

As reported by SecurityLab in February of this year, Gary Bowser was sentenced to three years in prison for participating in the Team Xecuter hacker group, which sold hacked Nintendo consoles that can play pirated games. However, Bowser’s partner, group leader Max Louarn, is still at large. Despite legal troubles and even an arrest in Tanzania, the 50-year-old Frenchman is enjoying life with his girlfriend, a former model from Russia, in the picturesque town of Avignon in southern France.

Louarn became interested in hacking in the 1980s. At first, he hacked into his Commodore 64 home computer for fun, but a harmless hobby eventually grew into a good source of income. “I wasn’t going to be an engineer with a salary of 5,000 euros a month when I realized at the age of 18 that hacking is not only fun but also brings a lot of money. Steal from companies that earn billions, why not? The hacker admitted to Le Monde in a recent interview.

MAXiMiLiEN (Luarne’s hacker alias from the 1990s) sold hacked games, key generators and software until 1993 when he was arrested on piracy charges…by Nintendo! The hacker flew to Spain, but law enforcement lured him to the US by sending a fake invitation to a birthday party on behalf of his friend. As soon as Luarne got off the plane, he was immediately arrested.

The court pleaded the Frenchman guilty and made him serve five years in an American prison. In 2005, Sony sued the hacker, accusing him of piracy and demanding $5 million in damages. As Luarne says, Nintendo considers him a sworn enemy.

“They hate me. I bet they have a photo of me nailed in their office in Tokyo,” — the hacker laughs.

Bowser is not going to deny his ideas

However, he himself considers himself not a villain, but rather a rebel. “We have always stood for freedom. This is our way of thinking: to do whatever we want with the machines, and that everyone has access to them, ”Luarne said.

It is noteworthy that the hacker himself denies his connection with Team Xecuter, although, as part of an agreement on cooperation with the investigation, Gary Bowser called him his accomplice. Now the Frenchman is hunted not only by Nintendo, but also the US Department of Justice. As mentioned, Luarne was arrested in Tanzania in 2020 but was released after a court found his arrest illegal. On a private jet, the hacker managed to escape from the FBI and fly to France.

NEW: Gary Bowser agrees to pay Nintendo $10 million in video game piracy civil lawsuit. This follows Bowser's guilty plea in October in the federal criminal case against him (where he agreed pay Nintendo $4.5 million in restitution.) https://t.co/zohn0SPHnH pic.twitter.com/KMJro3l8Zw

— Rob Romano (@2Aupdates) December 6, 2021

Although Luarne lives a comparatively free life at home, his overseas bank accounts and cryptocurrency wallets are frozen, and the legal vise is tightening. Be that as it may, the hacker does not intend to give up. According to him, US laws protect the interests of large corporations and are “ready to destroy competitors by covering simple commercial disputes with criminal law. Now it would be more difficult to serve the sentence, because I have to take care of my father. I have a 16-year-old daughter and will soon have a second child,” notes Luarn.

Ideological hackers are pretty rare nowadays. The crooks you will likely spectate these days come into this profession chasing for money, and having no clue about the ideas like the ones which guided Mr. Bowser. Sure, you still can spectate the gangs like LockBit – that have a list of the companies they will never attack, and practice the methods of so-called “ethical hacking”. Still, there are much more groups that attack whoever and even apply the sliest ways of money extortion.

The post Team Xecuter’s life. How hackers leave after the arrest? appeared first on Gridinsoft Blog.

Penetration testing is a method by which the security of computer systems and networks can be assessed by simulating a hacker’s attack.

It is possible to attempt cracking systems and applications via penetration testing. It allows identifying vulnerabilities in applications’ interfaces, application programming interfaces, or elsewhere in the system. If such vulnerabilities are not fixed on time, they are most likely to be attacked later through code penetration. That justifies penetration testing, which is also called ethical hacking.

Penetration testing stages

1. Planning and reconnaissance
   this step includes the following items:
   
   • Defining the purpose and scope of testing. The same applies to systems that require solutions, and include testing methods in the process.
   • In order to better understand how the target works and its possible vulnerabilities, it is necessary to collect information about the mail service, network domains and other related things.
2. Scanning
   Scanning will be the next step. This will help to understand how the targeted application reacts to intrusion attempts. It is important to do this by:
   • Static analysis – this code check helps to determine its behavior during operation. In one pass, these tools can scan the entire code.
   • Dynamic analysis – this method is more practical, as it provides the application with real-time performance representation.
3. Gaining Access
   Intersite scripting, backdoors and SQL injections are used to identify vulnerabilities in this attack on websites. To understand what the underlying damage can be, you should use vulnerabilities, by stealing data, intercepting traffic, increasing privileges and more.
4. Maintaining access
   This phase aims to determine whether vulnerabilities can be used to allow an intruder to be present in the exploited system and to gain full access to the device. The ultimate goal, of course, is to steal confidential data by imitating persistent threats.
5. Analysis
   As a result of Penetration testing, it is possible to obtain:
   • Specific vulnerability
   • Confidential data
   • The time during which Penetration testing could go unnoticed.

The whole above described process is analyzed by the security system to decide how to fix the vulnerabilities in the system, configure the WAF (Web Application Firewall) parameters, and recognize similar attacks in the future.

Penetration testing methods

External testing

An act of ethical hacking as it is. Through this method, external tester can access domain names, email servers, company websites, web applications and eventually extract all relevant information from them.

Internal testing

This method is simulated. An hacker imitates an attack that seems to have access to an application behind a firewall. It starts with the fact that the attacker, thanks to a phishing attack, steals the employee’s credentials, and then, thanks to this data, imitates subsequent attacks.

Blind testing

In carrying out this attack, the tester knows only what will be his target company. But there’s an advantage for the security team: they are expecting some sort of attack, and they can watch it in real time.

Double-blind testing

In this case, the security service will not be able to construct a defense before the hack, as it will not have advanced information about the attack.

Targeted testing

This method involves the work of the tester and security personnel together. It is a kind of an exercise wherein the security team receives a feedback from a hacker’s point of view.

Penetration testing and Web Application Firewalls

Penetration testing and WAF can be considered some mutually beneficial security measures. The employer of many testing methods will use just WAF data (use and detection of weaknesses, logs..) But this data is also beneficial for WAF administrators too, considering the right feedback is established. They can update the WAF after completion of the test and thus protect against weaknesses that were detected during the test itself.

Penetration testing can also be useful for security audit procedures such as SOC 2 and PCI-DSS. In the case of PCI-DSS 6.6, this can only happen when using a certified WAF. But this characteristic does not make Penetration testing less useful and does not reduce all of its above-mentioned abilities and benefits.

The post Penetration Testing: Stages and Methods appeared first on Gridinsoft Blog.

How Does Fake Hacking Work?

Below we will present to you several ways fake hackers, after reading which you will understand how these intruders work:

After all the above-mentioned ways of influencing the victim, hackers are diligently trying to offer their help to eliminate hacking and save their personal data. And in return, they offer to buy a remedy from them for this threat or to transfer a specific amount to the account of the bitcoin wallet.

How To Recognize Fake Hacking

How To Deal With a Fake Hacking Attack

Check Before You Act. Before you panic, give your data and pay the hacker, you need to figure out if it’s fake. Check first your system, which is supposedly hacked. It will have to malfunction and you will understand what is wrong with it. If you notice something obviously strange – then there is reason to think. The second point is to look at the sender’s address, if you received this warning by mail, and if this address is not legitimate or you notice it is just a set of characters, then this is the address of the fake hacker. If you have been blackmailed, then look at the videos or photos that are trying to compromise you and if you are not on them, then again it is a fake hacker.

Employ An Ex-hacker. Use the help of an ex-hacker who knows everything about this case. They will help you determine whether this is a real break-in and even tell you about attacks you may have overlooked on your device. Get Clued Up. If you work for an organization and have been exposed to this kind of deception, then inform your organization that you have been compromised. If you have your own organization then train your employees to respond to such messages and warnings. Teach them to distinguish between real and fake hacks to avoid data leaks.

How Gridinsoft Can Help

GridinSoft has developed Anti-Malware which has plenty of options to protect your device and your data from hackers who want to compromise you and steal your data. This software includes a wide range of malware such as adware, spyware, viruses, trojans, rootkits, and other threats that the Anti Malware scanner can detect and prevent.

If you have been or want to be prevented from being hacked, then you should install Gridinsoft Anti-Malware. which is capable of making your browser work after the damage done by the attacker. This product can work not only as antivirus software but also as additional protection to your antivirus.

The post Tips For You To Recognize Fake Hacking appeared first on Gridinsoft Blog.

Knowing about cybersecurity threats is crucial because it livens up the safety measures. In addition, when you’re aware of what is up against you on the Internet, you understand the meaning of cybersecurity.

The following article is not a list of cybersecurity threats in a strictly scientific sense. Instead, we have gathered some of the trending phenomena from modern cyber-warfare (some of them are threats indeed) to present them in the form of an explanatory dictionary.

#1. Hacking Attacks

Any activity toward getting unauthorized access to and control over computers, data storage, online servers, websites, etc., is called “hacking”. The term is old, and hacking computer systems does not necessarily imply going online, although it mostly happens on the Internet nowadays.

Hacking cybersecurity threats may involve malicious software (malware¹) but not necessarily, since social engineering, i.e., trespassing digital security by deception, using human and not computer vulnerabilities, can be seen as a form of hacking.

Hacking started as idle entertainment but evolved into a lucrative cybercriminal industry. Counteracting potential crooks and developing anti-malware software is now an indispensable element of modern computer technology.

#2. Malware Attacks

“Malware” is a portmanteau for malicious software. There are different ways to classify unwanted programs. Some security specialists distinguish between software that does actual harm and annoying applications that can be easily detected and removed from a device by a standard procedure. Other experts consider unwanted programs and malware synonyms.

Harmful software can itself be classified according to different criteria. For example, Malware may be a file or non-file entity executed via scripts when no code is saved on the targeted device.

Malware files can be the ones that trespass the defenses of the victim system, or they can be downloaded later by the former. As for the infectious agents, these can be viruses, worms, or Trojans. Other types might emerge too, but these three are the most widespread. Besides, viruses ², which gave malware its first collective name, are obsolete nowadays. But do you know the difference between malware and virus?

The functions of malware are immense. It can collect data, destroy or tamper with it, flood users with unwanted advertising, etc. However, the vilest malware these days is arguably ransomware.

Trojan Horse (Cybersecurity Threat)

Trojan horse, or just Trojan³ is a term that describes the way malware ends up on the victim’s device. It is incorrect to say “Trojan virus,” as Trojans are essentially not computer viruses; the latter are self-replicating pieces of code. Trojans, unlike that, are shaped as “normal” files, and they do not clone themselves. What is specific about them is that users install Trojans themselves, mistaking them for what this malware tries to seem. This disguising is what gave Trojans their name (remember Odyssey’s clever way to get beyond the walls of Troy.)

When the Trojan is already “behind the enemy lines,” it can execute one of many possible functions. It can either deliver its malicious payload or download additional malware, and one doesn’t exclude the other.

#3. Ransomware Attacks

Ransomware⁴ are a kind of malware that encrypts data on the victim’s device. It provides instructions on how to pay ransom in cryptocurrency to the crooks, who promise to deliver a decryption key to the injured side in return.

Trojans usually deliver ransomware. Victims often catch this infection from email attachments, malicious links in messages, or unchecked downloads from dangerous websites. Ransomware encodes data files, such as text documents, images, and videos, after which all the encrypted files get an additional extension to their names. As a result, the user cannot read the files until they are decrypted.

Ransomware attacks have become a functioning business model for crooks within the last several years. State governments have started a real war on ransomware. The US authorities have started shutting down black markets where hackers have been selling ransomware as a service.

MedusaLocker Ransomware

MedusaLocker is classic ransomware with one mean peculiarity. Unlike the majority of ransomware operators, who would love to have the publicity of “trustworthy thieves,” racketeers behind MedusaLocker don’t give the decryption key to the victims, who pay ransom to them. Jeopardizing the whole business scheme, MedusaLocker developers are another illustration of the advice not to negotiate with the terrorist.

#4. Formjacking Cybersecurity Threat

A modern way of stealing money is to get a copy of the credit card details an unaware user inputs in a payment form, let us say, at an online shop. As the shopper confirms the credit card details, a copy of the entered data immediately goes right to the crooks. This vile procedure requires injecting a malicious JavaScript code into the third party’s payment form, usually not the website itself. Hackers can use the same technique to steal logins and passwords with the subsequent identity theft.

#5. Password Attacks

Password attacks are the sum of measures hackers may undertake to pick a password to a password-protected account or device, considering that they do not have that password and do not have any software to obtain it precisely. Therefore, password attacks are attempts to guess the password using computer powers to do it as fast as possible. The most “fair” method is a brute force attack when the machine bluntly tries all possible password variants until it guesses it.

A strong password might take thousands of years to break. But, of course, it is not about trying every value without any relation to what is being hacked. For example, There are usually sets of words and numbers that are more likely to be the correct password in every particular case. That is what the machine does: it realistically varies the entered values.

#6. Cryptojacking Malware

Since cryptocurrency strengthened its position in the world economy, hackers have been developing ways to benefit from other people’s resources. Bitcoins and other tokens are produced via mining – solving the cryptographic problems by the obtaining machine. Thus, criminals sought to enslave as many computers on the Web as possible for their remote mining farms. They found different methods for crypto-jacking (that’s what this process is called.)

The two most common ways to exploit remote machines for cryptocurrency mining are infecting them with so-called coin miners (mostly Trojans) or making them run coin-mining scripts. Precaution measures against these cybersecurity threats are known and familiar – be careful around questionable email attachments and links.

#7. Man-in-the-middle attack (MITM)

Spoofing a wi-fi networkname allows crooks to lure their victims into a network fitted with data-collecting software or even hardware. The user’s incoming and outbound traffic gets into the crooks’ possession. This spying scheme is called man-in-the-middle. It can equally serve criminals to attack a specific target or conduct identity theft of random persons, unlucky to fall into their trap.

#8. Cloud Vulnerabilities

Users consider cloud storage an excellent and convenient place to keep their data and have their hard drives back up there. That is true! But is the cloud safe? People seldom care about cloud data security because they do not expect anyone to hunt for their information. However, any company with competitors or an influential person should know that there are vulnerabilities in cloud services.

Some of them are trivial, like the absence of two-factor authentication, which can allow someone to get someone to benefit from a logged-in machine. Others involve commands written in inner script languages of the cloud services, DDoS attacks, compromising APIs, and other vulnerabilities that raise questions about the security of cloud services.

#9. Botnet Cybersecurity Threat

A botnet⁵ is a network of compromised computers that act in concert to perform various possible actions. Each botnet host is a computer with specialized software installed and running on it, usually unbeknownst to the user. Regardless of what the botnet does, the botnets, in general, are mostly vile. These networks are used for posting commentaries on social media, creating DDoS attacks, mining cryptocurrency, distributing malware, etc.

#10. Denial of Service (Dos) Attack

Denial of service Dos attack happens to a resource that is supposed to provide said service but gets overloaded by the enormous number of requests or receives crafted data that triggers the crash. This type of attack is usually undertaken against websites of business competitors, political opponents, ideological enemies, or other states’ critical resources by the cybersecurity threats from the opposing countries.

If a DoS assault involves multiple attackers (real people or a botnet), it is called distributed denial of service (DDoS.) An international hacktivist group Anonymous is well known for its capacity for quick organization of massive DDoS attacks. However, the usage of VPNs and onion routing makes tracking of attackers virtually impossible.

#11. Spam Cybersecurity Threat

Spam is a well-known practice of throwing unwanted and unneeded advertising at random users. However, if earlier spam was a type of advertising and fraud, the hackers later caught on and started using spam to spread malware. The combination of spam and malware distribution is called malspam. The difference between malspam and hacking attacks involving email is that the former is a wild distribution of dangerous attachments in random mailing sprees.

#12. Phishing Attack

Phishing is a hacking technique that does not necessarily involve malware at all! The attack’s name comes from the word “fishing,” with letters changed to distinguish it from real fishing. But the point is similar. Hackers use social engineering, in other words – skillful deception, to make victims think that people who address them are some trustworthy company or person. But it is very important not to confuse the difference between phishing and pharming!

After such a connection is established, criminals lure unaware users into providing their credentials (login, password, credit card details, etc.) Without knowing the real identity of the asker, victims can bear considerable losses up to identity theft. Therefore, education and vigilance are the best countermeasures to such attacks.

#13. Spoofing Cybersecurity Threats

Spoofing is undividable from phishing. For example, imagine someone who impersonates a police officer to make you lend him your car. That person says there is phishing, while his fake uniform and the policeman’s badge are spoofing. Likewise, email letterhead, email address, web page appearance, website address, wi-fi network name, browser shortcut and interface, and whatnot can be an object of spoofing.

Experienced users are likely to distinguish a genuine webpage from a spoofed one. There are also basic rules of Internet communication that can safeguard users from buying into deceptive baits. However, the problem is that phishing generally targets inexperienced users.

#14. SQL Injection (SQLi) Cybersecurity Threats

SQL code injection is one of the common ways of hacking websites and data-driven software. It exploits software vulnerabilities that allow a specially crafted piece of SQL code to override the intended principles of the program and grant hackers access to the data from a database to which they don’t have legal access.

The vulnerability emerges because the flaws in programming may result in SQL requests being read and executed as commands out of correct context in certain conditions. Knowing these conditions and how to exploit them makes SQL injection attack possible.

#15. Rootkit Malware Attack

Rootkits are the programs that perfectly fit the definition and popular idea of a hacking tool. Rootkits are strongly associated with malware. Cybercriminals use them to reach the data closed for the user with the current level of access. As the tool’s name reveals, it aims to provide its user with access to the very core of the system, its root.

This kind of software grants evil-doers a broad scope of opportunities: collecting information from the system, controlling the system, and masking the objects within it. Modern security software automatically clears the known rootkits attack, but it will be a problem for an average user to detect and delete.

#16. Advanced Persistent Threat (APT)

Nation-state threat actors gaining unauthorized access to computer systems and remaining undetected for a long time are designated as advanced persistent cybersecurity threats. APTs are among the most disturbing menaces in the modern digital world because they target countries’ vital industries like banks, electronic election systems, electric energy supply, etc. Moreover, being legalized in their own countries, nation-state threat actors are well-equipped, and they aim to harm , not make money like the ransomware operators. That radically distinguishes APTs from the other threats.

#17. Backdoor Attacks

A backdoor is a way of bypassing standard authentication or encryption processes in a device or a program. The item’s name in question speaks for itself; it is a vulnerability of a program, but it is left there on purpose. It allows hackers (who are, in the case of a backdoor, the very developers of the software containing it) to get quick and free access to data or even control over the system.

A backdoor is not necessarily a hacking instrument; it might be a tool for emergency troubleshooting. However, hackers use backdoors introduced via seemingly ordinary applications (in fact – Trojans) to fetch additional malware beyond the security perimeter of the operating system. Luckily, backdoors are recognizable, and anti-malware systems manage to detect them.

#18. Darknet Cybersecurity Threats

Darknet is not a cybersecurity threat, but it sounds menacing. However, it would be false to say that the darknet has no relation to cybersecurity threats. It is more of a place where designers and users of malware meet and communicate. Darknet is an anonymous overlay peer-to-peer file-sharing network (existing within the Internet) wherein connections are only established between trusted peers and via non-standard ports and protocols. Access to the darknet is only possible via special software, like Tor Browser. While the dark web is associated with illegal activity, accessing and browsing the dark web is legal. We recommend interesting useful tips for the darknet from Gridinsoft.

Darknet is associated with black markets, cybercrime, and terrorism, well-protected privacy, freedom of thought, and liberty from governmental control. Beware of these dangerous cybersecurity threats!

The post 20 Dangerous Types of Cybersecurity Threats appeared first on Gridinsoft Blog.