Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: cybercrime/malcode – Page 47

The United States government said today that a multinational law enforcement operation has destroyed Qakbot, also known as QBot, an infamous botnet and malware loader that was responsible for losses that amounted to hundreds of millions of dollars all over the globe, and that they have confiscated more than $8.6 million in illegal cryptocurrencies.

During a news conference held on Tuesday to announce the takedown of the botnet, United States Attorney Martin Estrada referred to the investigation as “the most significant technological and financial operation ever led by the Department of Justice against a botnet.” Duck Hunt was headed by the FBI. For one thing, the federal government developed some software that, when installed on computers that were infected with Qbot, would make the virus useless.

Law enforcement agencies in the United States and other countries have worked together over the last three days to confiscate 52 servers that were being used to sustain the QBot network. With assistance from France, Germany, the Netherlands, the United Kingdom, Romania, and Latvia, these agencies were successful in “preventing Qakbot from resurrecting to cause further additional harm,” as stated in the report.

Read more | >

Sending an email with a forged address is easier than previously thought, due to flaws in the process that allows email forwarding, according to a research team led by computer scientists at the University of California San Diego.

The issues researchers uncovered have a broad impact, affecting the integrity of sent from tens of thousands of domains, including those representing organizations in the U.S. government—such as the majority of U.S. cabinet email domains, including state.gov, as well as . Key financial service companies, such as Mastercard, and major news organizations, such as The Washington Post and the Associated Press, are also vulnerable.

It’s called forwarding-based spoofing and researchers found that they can send impersonating these organizations, bypassing the safeguards deployed by email providers such as Gmail and Outlook. Once recipients get the spoofed email, they are more likely to open attachments that deploy malware, or to click on links that install spyware on their machine.

Read more | >

North Korea-linked hackers have stolen hundreds of millions of crypto to fund the regime’s nuclear weapons programs, research shows.

So far this year, from January to Aug. 18, North Korea-affiliated hackers stole $200 million worth of crypto — accounting for over 20% of all stolen crypto this year, according to blockchain intelligence firm TRM Labs.

“In recent years, there has been a marked rise in the size and scale of cyber attacks against cryptocurrency-related businesses by North Korea. This has coincided with an apparent acceleration in the country’s nuclear and ballistic missile programs,” said TRM Labs in a June discussion with North Korea experts.

Read more | >

O.o!!!

Polymorphic malware leverages an encryption key to alter its shape, signature, and behavioral pattern. Using a mutation engine and a self-propagated code strain, it encrypts its code and changes how physical files are created. Many traditional cybersecurity solutions that rely on signature-based detection—a technique in which security systems identify a malware based on its known characteristics—fail to recognize or detect polymorphic threats.

A polymorphic attack typically involves the following stages.

Read more | >

This post is also available in: he עברית (Hebrew)

Ukraine’s security agency claims that the Russian military intelligence service GRU can access compromised Android devices with a new malware called Infamous Chisel, which is associated with the threat actor Sandworm, previously attributed to the Russian GRU’s Main Centre for Special Technologies (GTsST).

Sandworm uses this new malware to target Android devices used by the Ukrainian military, enables unauthorized access to compromised devices, and is designed to scan files, monitor traffic, and steal information.

Read more | >

Digital information exchange can be safer, cheaper and more environmentally friendly with the help of a new type of random number generator for encryption developed at Linköping University, Sweden. The researchers behind the study believe that the new technology paves the way for a new type of quantum communication.

In an increasingly connected world, cybersecurity is becoming increasingly important to protect not just the individual, but also, for example, national infrastructure and banking systems. And there is an ongoing race between hackers and those trying to protect information. The most common way to protect information is through encryption. So when we send emails, pay bills and shop online, the information is digitally encrypted.

To encrypt information, a is used, which can either be a computer program or the hardware itself. The random number generator provides keys that are used to both encrypt and unlock the information at the receiving end.

Read more | >

Please see my new FORBES article:

Thanks and please follow me on Linkedin for more tech and cybersecurity insights.

More remarkably, the advent of artificial intelligence (AI) and machine learning-based computers in the next century may alter how we relate to ourselves.

The digital ecosystem’s networked computer components, which are made possible by machine learning and artificial intelligence, will have a significant impact on practically every sector of the economy. These integrated AI and computing capabilities could pave the way for new frontiers in fields as diverse as genetic engineering, augmented reality, robotics, renewable energy, big data, and more.

Continue reading “Artificial Intelligence: Transforming Healthcare, Cybersecurity, and Communications” | >

An emerging China-backed advanced persistent threat (APT) group targeted organizations in Hong Kong in a supply chain attack that leveraged a legitimate software to deploy the PlugX/Korplug backdoor, researchers have found.

During the attack, the group leveraged as its PlugX installer malware signed with another legitimate entity, a Microsoft certificate, in an abuse of Microsoft’s Windows Hardware Developer Program, a vulnerability already known to the software vendor.

Read more | >

A malicious campaign targeting MacOS, Linux, and Windows systems has been attributed to the North Korean threat group Lazarus. Cybersecurity researchers at ReversingLabs made the disclosure after tracking VMConnect for about a month.

ReversingLabs first spotted the VMConnect campaign in early August. Cybersecurity researcher and blogger Karlo Zanki described it as consisting of two dozen “malicious Python packages” posted on the openly accessible PyPI software repository.

After keeping beady eyes on PyPI for a few weeks, ReversingLabs reckons it has detected three more packages — tableditor, request-plus, and requestspro — that belong to the VMConnect family.

Read more | >

Infamous Chisel is described as a collection of multiple components that’s designed with the intent to enable remote access and exfiltrate information from Android phones.

Besides scanning the devices for information and files matching a predefined set of file extensions, the malware also contains functionality to periodically scan the local network and offer SSH access.

“Infamous Chisel also provides remote access by configuring and executing TOR with a hidden service which forwards to a modified Dropbear binary providing a SSH connection,” the Five Eyes (FVEY) intelligence alliance said.

Read more | >