Home » Agency Blog JAIALA » cyber


cyber crime posts

Hackers could have access photos, videos without unlocking your phone

The vulnerability existed in the Facebook Messenger Rooms video chat feature and exposed Android smartphone users to intrusion. Nepalese security researcher Samip Aryal has identified a security vulnerability in the Facebook Messenger Rooms video chat feature that lets attackers access any user’s private Facebook photos and videos or submit posts on their… Read More »Hackers could have access photos, videos without unlocking
your phone

Kaspersky Details Iranian Domestic Cyber-Surveillance Operation

Threat hunters at Kaspersky are sounding a warning for an Iranian APT actor that has been silently conducting domestic cyber-surveillance operations for the last six years.
The newly discovered APT, which Kaspersky calls Ferocious Kitten, has been active since at least 2015 and has used clever computer infection tricks to hijack Telegram and Chrome installations to deploy a malicious payload.
The Russian cybersecurity vendor said it also observed signs that Android implants have been used to target mobile users in Iran. 
Ferocious Kitten stayed under the radar for at least six years until Kaspersky researchers flagged a pair of maliciously rigged Microsoft Word .docs that were uploaded to Google’s VirusTotal malware scanning utility. 
One of the documents was booby-trapped with a malware called ‘MarkiRAT’ that Kaspersky says is capable of recording keystrokes and clipboard contents, hijacking file download and upload capabilities, and the execution of arbitrary commands on the victim machine. 
“We were able to trace the implant back to at least 2015, where it also had variants intended to hijack the execution of the Telegram and Chrome applications as a persistence method,” Kaspersky said in a paper posted on its SecureList website.
The company said it observed code overlap with different cyber-surveillance operators targeting Persian-speaking individuals in Iran.  Specifically, Kaspersky said some of the TTPs used by Ferocious Kitten are reminiscent of an Iran-based actor called Domestic Kitten that targets Iranian citizens.
In a technical analysis, Kasperky said it found several variants of the MarkiRAT malware, including one that was used to intercept the execution and piggy-back on the launching the widely deployed Telegram chat application.
A separate variant was also seen targeting Google’s Chrome browser, using the BITS utility and code to modify the Chrome shortcut to launch the malware whenever the victim runs the Chrome browser.
Kaspersky also documented a pair of domains within the Ferocious Kittle command-and-control infrastructure that suggests the use of Android implants in the cyber-espionage attacks.  The company said it was unable to find a sample of the Android implant. 
“The attack appears to be mainly targeting Iranian victims. In addition to the mostly Persian file names, some of the malicious websites used subdomains impersonating popular services in Iran to appear legitimate,” Kaspersky said, noting that a subset of the attacks even targeted the Psiphon open-source VPN tool that is used by Iranians to bypass internet censorship.
“The targeting of Psiphon and Telegram, both of which are quite popular services in Iran, underlines the fact that the payloads were developed with the purpose of targeting Iranian users,” Kaspersky said, noting that that decoy contents displayed by the malicious files often used political themes and involved images or videos of resistance bases or strikes against the Iranian regime, “suggesting the attack is aimed at potential supporters of such movements within the country.”
Related: Cyberespionage Campaign Targets Android Users in Middle East
Related: Twitter Removes Iran-Linked Accounts Aimed at Disruption
Related: Hackers Collecting Intelligence on Opponents to Iranian Regime

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. Ryan is a journalist and cybersecurity strategist with more than 20 years experience covering IT security and technology trends. He is a regular speaker at cybersecurity conferences around the world.
Ryan has built security engagement programs at major global brands, including Intel Corp., Bishop Fox and Kaspersky GReAT. He is a co-founder of Threatpost and the global SAS conference series. Ryan’s career as a journalist includes bylines at major technology publications including Ziff Davis eWEEK, CBS Interactive’s ZDNet, PCMag and PC World.
Follow Ryan on Twitter @ryanaraine.Previous Columns by Ryan Naraine:Tags:

IKEA Fined $1.2M for Elaborate ‘Spying System’

A French court fined the furniture giant for illegal surveillance on 400 customers and staff.

IKEA’s French subsidiary was just hit with a $1.2 million fine after it was found guilty of a creepy systematic snooping scheme targeting customers, employees and even prospective hires.
Prosecutors said in all, the company illegally surveilled about 400 people in total, according to the BBC.
IKEA France’s former chief executive, Jean-Louis Baillot, was also personally fined €50,000 (around $60,200 at press time) for “storing personal data,” according to Deutsche Welle, and given a two-year suspended sentence by the French court.
More than a dozen others were on trial for the spy scheme, including four police officers accused of handing over confidential records and an additional former CEO of IKEA France, Stefan Vanoverbeke, DW reported.

The furniture seller subsidiary was found guilty of running the illegal operations between 2009 and 2012 that involved hiring a private security firm, Eirspace, to dig up dirt on their employees and perceived adversaries, according to reports. In one instance, the company investigated an employee to find out why they could afford a BMW on their salary.
Another former IKEA France employee, who is also involved in union activism, was accused by the company of robbing a bank after they hired cops to hand over police records, DW said. The employee hadn’t broken any laws, just shared a name with a bank robber.
One store manager, Patrick Soavi, described to the court how he asked a police-officer cousin to “cast an eye” on 49 job applicants, BBC reported. Later he sent on another 68 names over for illegal background checks.
“I recognize that I was very naïve and rather over-zealous, but we were being asked to carry out these checks, and once I’d put a foot inside this system it was too late,” Soavi testified.
Ikea France Denies ‘Generalized Espionage’
Last spring, the former head of IKEA France’s risk-management operations, Jean-Francois Paris, testified that he budgeted between $633,000 and $753,000 every year to outside security firm Eispace for these kinds of investigations.
Eirspace chief Jean-Pierre Fourès was also given a suspended two-year sentence and €20,000 fine ($24,000) by the French court.
In response, IKEA France’s legal team said there wasn’t “generalized espionage” within the organization and that the subsidiary issued the statement that it “takes the protection of its employees’ and customers’ data very seriously,” DW reported.
IKEA France has not responded to Threatpost’s request for comment on the ruling.
Investigative journalists with Canard Enchaine first uncovered the illegal scheme, and a union has also filed a formal complaint against IKEA France.
Join Threatpost for “Tips and Tactics for Better Threat Hunting” — a LIVE event on Wed., June 30 at 2:00 PM ET in partnership with Palo Alto Networks. Learn from Palo Alto’s Unit 42 experts the best way to hunt down threats and how to use automation to help. Register HERE for free!

Ransomware Poll: 80% of Victims Don’t Pay Up

Meanwhile, in a separate survey, 80 percent of organizations that paid the ransom said they were hit by a second attack.

Ransomware is on the rise, but what toll does it take on the real world?
Threatpost set out to answer that question in an exclusive poll aimed at taking the pulse of organizations wrestling with attacks, including looking at mitigations and the defenses organizations have in place. When viewed against the backdrop of complementary reports from Cybereason and Group Salus, a nice picture emerges of how ransomware-related attitudes and security practices are evolving.
As ransomware attacks continue to grow in volume and sophistication – and not to mention profile, thanks to attacks like the one on Colonial Pipeline – organizations are becoming more aware of the risk. However, strategies for addressing ransomware turn out to be quite varied.
Among all 120 respondents to Threatpost’s survey, a little less than a third said they have been a victim of ransomware. In terms of victims, the leading sectors hit the hardest were tech and manufacturing (17 percent and 15 percent of respondents). The next-most-common profiles were evenly distributed among finance, healthcare and critical infrastructure.
A full 80 percent said that they didn’t pay the ransom. The top reason cited, accounting for 42 percent of responses, is that that paying the ransom doesn’t guarantee a decryption key.
This article is based on a much more in-depth piece, available in the free Threatpost Insider eBook, entitled “2021: The Evolution of Ransomware.” Download it today for much more on ransomware trends and the underground economy!
That acknowledgement that cybercriminals aren’t trustworthy (go figure) dovetails with new stats out from Cybereason on Wednesday noting that paying up may actually flag victims as easy pickings. A full 80 percent of organizations that paid the ransom said they were hit by a second attack –– almost half were hit by the same threat group and one-third hit by a different one.
Meanwhile, over in the “yes, let’s pay” camp, about 5 percent of Threatpost respondents felt that paying is easier than dealing with business disruption, lost data and remediation, while another 2 percent said that cybersecurity insurance will cover any ransom and related costs.
Download “The Evolution of Ransomware” to gain valuable insights on emerging trends amidst rapidly growing attack volumes. Click above to hone your defense intelligence!
In Cybereason’s study, about 65 percent of entities hit by a ransomware attack reported revenue loss; and about a quarter had to shut their business down altogether. About half (53 percent) indicated that their brand and reputation were damaged; and a third (32 percent) reported losing C-level talent.
Cybereason found that 35 percent of businesses that paid a ransom shelled out between $350,000 and $1.4 million, while 7 percent paid ransoms exceeding $1.4 million.
In contrast, Threatpost found that more than half of victims (57 percent) suffered less than $50,000 in remediation costs if they did not pay the ransom. Comparatively, about half of victims who did pay the ransom after an attack also paid less than $50,000 in remediation – not counting the ransom payment.
Favored Mitigations for Ransomware
When asked which vital defenses organizations should have in place to protect against ransomware attacks, organization cited backups of critical data (24 percent), user-awareness training (18 percent) and endpoint/device protection (15 percent) as the top “must-haves.”
Source: Threatpost.
But implementing those defenses is easier said than done. Poll respondents cited a range of challenges when it comes to fending off ransomware attacks. These included insider threats, cited as the top challenge, with 29 percent saying a lack of employee awareness (regarding email and social-engineering threats) was a problem. Meanwhile, 19 percent said budget constraints (having no money for deploying or upgrading defensive platforms) were an issue; while 18 percent said a lack of patching and legacy equipment was a top challenge.
Meanwhile though, a national survey of 200 respondents from Group Salus found that just 15 percent of small- and medium-sized business (SMB) executives (defined as leading companies with revenues up to $100 million per year) see ransomware as a top threat  that will result in financial outlay.
This is despite close to 40 percent of the companies experiencing a cyberattack of any kind, with nearly half, 45 percent, reporting they lost customer data and 27 percent saying they lost a significant amount of money because of the attack. The average cost of an attack was $200,000.
The Group Salus survey also found that 30 percent of the SMB executives most feared losing irreplaceable data in a cyber-incident and 25 percent are most concerned about losing customers permanently because of a loss of trust in their organizations. Yet, ransomware was not top of mind.
“Couple this with research that shows ransomware attacks have increased more than 50 percent since 2019 and small business executives who believe they won’t have to pay, one way or another, for a cyber-breach are not being realistic,” said Group Salus CEO Larry Lafferty, in a media statement.
To read the whole article and get more insights, download our exclusive FREE Threatpost Insider eBook, “2021: The Evolution of Ransomware,” to help hone your cyber-defense strategies against this growing scourge. We go beyond the status quo to uncover what’s next for ransomware and the related emerging risks. Get the whole story and DOWNLOAD the eBook now – on us!

Google Rolls out E2EE For Android Messages App

Google has finally enabled end-to-end encryption (E2EE) for the Messages app in Android but the privacy-enhancing tool remains somewhat limited.
Google announced end-to-end encryption is now available in Android, but only for one-on-one conversations between users of the Messages app.
“No matter who you’re messaging with, the information you share is personal. End-to-end encryption in Messages helps keep your conversations more secure while sending. It ensures that no one can read the content of your messages as they travel between your phone and the phone of the person you’re messaging,” Google said.
The encryption feature has been available for beta testers since late 2020 but is now being rolled into the Android operating system for all users with chat features enabled.
Separately, Microsoft announced a new Defender for Endpoint app for Android and iOS with new capabilities around breach protection, mobile risk reduction, and secure access to on-prem resources.  
The Microsoft Defender for Endpoint product offers enterprise protection against phishing coming from browsing, email, apps, and messaging platforms.  Microsoft said it can scan for malware and potentially unwanted apps (on Android), and block unsafe connections as well as access to sensitive data (on Android).
Related: December 2020 Android Updates Patch 46 Vulnerabilities
Related: Google Reveals Work Profile Privacy Features in Android 11
Related: Google Announces Android Partner Vulnerability Initiative

Previous Columns by SecurityWeek News:Tags:

How Zero Trust architecture improves the organization’s network security

[ This article was originally published here ] This blog was written by an independent guest blogger.In the cybersecurity field, Zero Trust is becoming a widely used model. Data breaches taught organizations to stay cautious regarding security, especially when it comes to information protection – and a Zero Trust model… Read More »How Zero Trust architecture improves the organization’s
network security

Ping Identity Wins Best Identity Management Solution From SC Awards Europe 2021

[ This article was originally published here ] DENVER–()– (NYSE: PING), the Intelligent Identity solution for the enterprise, announced its Ping Intelligent Identity™ Platform has been named the Best Identity Management Solution by the . The Ping Intelligent Identity Platform helps enterprises achieve Zero Trust identity-defined security and personalized, streamlined… Read More »Ping Identity Wins Best Identity Management Solution From SC
Awards Europe 2021

CISA suggests using ad blockers to fend off ‘malvertising’ – Securing your browser

At the beginning of 2021 CISA made an important statement [PDF] which many internet users consider so long-awaited: federal and public agencies, along with their expansion in the World Web should as well implement and standardize the usage of ad-blocking software. Public opinion is agreeing on the point that nowadays… Read More »CISA suggests using ad blockers to fend off ‘malvertising’ –
Securing your browser