A coordinated Chinese intelligence network has been linked to the increasing sighting of the malware that was said to be used to attack a Vietnamese gaming company previously, and other links to different attacks have been concluded to be part of Chinese state intelligence operations from 2009 to 2018, cybersecurity researcher said.
In May 2018, Tom Hegel from AT&T Alien Lab, a cybersecurity research firm have established a connection between the different previously unconnected publicly disclosed cyber attacks using the Winnti malware and said that it was part of a coordinated intelligence effort originating from China.
“The purpose of this report is to make public previously unreported links that exist between several Chinese state intelligence operations. These operations and the groups that perform them are all linked to the Winnti umbrella and operate under the Chinese state intelligence apparatus. Contained in this report are details about previously unknown attacks against organizations and how these attacks are linked to the evolution of the Chinese intelligence apparatus over the past decade,” the study reads about the purpose of the research.
Results of the study reveal that initial attacks software and gaming organizations in United States, Japan, South Korea, and China but later, albeit bigger, attacks were said to be politically motivated and are targeted towards high-profile technology companies.
While the organization experiment with other forms of break-in, new tooling, and attack methodologies often, the study suggested that the use of the Winnti umbrella has been very consistent throughout the attacks linked to the Chinese organization.
“The theft of code signing certificates is a primary objective of the Winnti umbrella’s initial attacks, with potential secondary objectives based around financial gain,” the researcher said in the publication of his results.
According to the study, the Winnti umbrella has been used in different cyber attacks since 2009, with some reports stating that it could originate in 2007. The researcher was very specific to calling the malware as an “umbrella” as it refers explicitly to the “overarching entity consists of multiple teams/actors whose tactics, techniques, and procedures align, and whose infrastructure and operations overlap.”
One of the most alarming results about the study is how they were able to build connections among the different attacks. The research showed that while the primary goal of the said attacks was economic, their long-term objective is politically motivated; thus linking the umbrella to the Chinese intelligence network.
“It’s important to note that not all publicly reported operations related to Chinese intelligence are tracked or linked to this group of actors. However, TTPs, infrastructure, and tooling show some overlap with other Chinese-speaking threat actors, suggesting that the Chinese intelligence community shares human and technological resources across organizations,” the study reads.
According to the Twitter post of Hegel, the attacks associated with the malware umbrella starts with an email phishing attack. Once in, theft of internal technical docs, theft of code signing certs, and sometimes source code modification, and even seeking cryptocurrency, happen.
Recent Winnti Sighting
A week ago, researchers also found a Linux version of the Winnti malware. The discovery was made by researchers from the Chronicle, Alphabet’s cybersecurity department. The researchers revealed that they found a Linux variant of the Winnti malware that works as a backdoor on infected hosts, granting attackers access to compromised systems. It was the malware used by Chinese hackers in the high-profile cybercrime against a Vietnamese game company in 2015.
Chronicle researchers said that they discovered the malware following the news that Bayer, one of the biggest pharma company in the world, had been hit by Chinese hackers, and the Winnti malware was discovered on its servers.
After the team scanned Bayer’s system using its VirusTotal platform, they found what appeared to be a Linux variant of the Winnti, dating back to 2015 when it was first used by Chinese hackers to attack a Vietnamese gaming company.
“As with other versions of Winnti, the core component of the malware doesn’t natively provide the operators with distinct functionality. This component is primarily designed to handle communications and the deployment of modules directly from the command-and-control servers. During our analysis, we were unable to recover any active plugins. However, prior reporting suggests that the operators commonly deploy plugins for remote command execution, file exfiltration, and socks5 proxying on the infected host. We expect similar functionality to be leveraged via additional modules for Linux,” said the researchers in their comprehensive report.
These Series Of Ransomware Attacks Is More Than Just For Ransom — And The Government Should Listen And Investigate
The ransomware epidemic is growing stronger, and researchers and tech experts warn that it will get much worse. Many ransomware attacks have been launched against city governments, private businesses, and have effectively shut down the system and social services in different states across the U.S.
According to a report by a cybersecurity firm Recorded Future, the recorded attacks rose from 38 in 2017 to 53 in 2018, and researchers noted that those numbers are expected to rise in the next few years.
Ransomware is not a new phenomenon. While malware remains to be the biggest threat in cybersecurity, ransomware is gaining traction in notoriety. In a typical ransomware attack, the attacker will send a Trojan, a worm, or malware to a system — to demand payment in exchange for the remedy to the ransomware. Sometimes, attackers threaten to publish the victim’s database or other secured information hidden within its system in exchange for a ransom.
Starting from around 2012, the use of ransomware scams grown internationally. There were 181.5 million ransomware attacks in the first six months of 2018. This result marks a 229% increase over the same time in 2017.
In June 2014, vendor McAfee released data showing that it had collected more than double the number of samples of ransomware that quarter than it had in the same quarter of the previous year. CryptoLocker was particularly successful, procuring an estimated $3 million before it was taken down by authorities, and CryptoWall was determined by the US Federal Bureau of Investigation (FBI) to have accrued over the $18 million by June 2015.
Atlanta ransomware attack
Probably one of the most significant and most damaging ransomware attacks in recent U.S. history, Atlanta had become one of the latest victims of ransomware attacks back in March 2018. The offense has knocked almost all of the city’s agencies offline, causing most of the social services to freeze including scheduling court cases and paying utility bills online. Furthermore, the ransomware has effectively caused decades worth of official correspondence to disappear in thin air.
Reports reveal that it took the city more than $17 million in costs to recover from the devastating effects of the ransomware.
Several tech experts have said that other cities should take the case of Atlanta to be a “wake-up” call for how vulnerable local and state governments were to these types of cyber crimes – and how underprepared they are to resist them. However, it seems like these calls have fallen to deaf ears.
More and more cities are being attacked
Just over 12 months later, Baltimore is in the throes of its costly ransomware attack. Now in its sixth week, the attack has left officials unable to process payments and even respond to emails. And Baltimore is not alone. In just the last two months, there have been ransomware attacks in Greenville, North Carolina; Imperial County, California; Stuart, Florida; Cleveland, Ohio; Augusta, Maine; Lynn, Massachusetts; and Cartersville, Georgia.
Increasing security defenses in companies shifted the target to government agencies
As corporations improve their security firewalls to prevent attacks like malware and ransomware against their systems from happening, hackers have found new ways to infiltrate vulnerable municipal and city systems whose defenses are much weaker. Add to that the fact that many cities and states are starting to digitize their records and services in recent years, making their juvenile systems vulnerable to all sorts of cyber crimes.
“The government knows it needs to change, but they move slowly compared to how quickly private business can pivot to manage their exposure to a new threat,” Gary Hayslip, a cybersecurity expert who previously acted as a chief information security officer for San Diego, said. “Until it is mandated that cities, counties, and states meet a specific level of security and have to demonstrate it as is done in business for compliance periodically, government entities will continue to be low-hanging fruit and cybercriminals don’t mind eating them for lunch.”
Moreover, because of improvements in technology and the availability of information online, it has become easier for cybercriminals to launch an attack. “On the dark web, there are lots of available tools for relative novices to craft together pretty effective pieces of ransomware technology,” said Chris Kennedy, chief information security officers at cybersecurity company AttackIQ. “It’s the ‘Idiots Guide to Hacking.’”
But with the growing number of cities and state agencies falling victims to ransomware attacks, will the government now listen? Maybe.
A New Strain Of ‘Houdini’ Malware Is On Sale For $50 Per Month In The Black Market
The new Houdini malware targets financial institutions and their customers.
When someone mentions Houdini, it is almost instantly recalled to the world’s greatest magician and escape artist. But, cybercriminals have found a way to transform the man’s legacy into something feared and unwanted. A new strain of the Houdini worm has been detected by security researchers and has launched a new series of campaigns against financial institutions and their customers.
A few days ago, a report from cybersecurity researchers from Cofense confirmed that a new strain of the Houdini malware – also known as Hworm – was released by its creators on June 2, 2019.
The new Houdini malware only took five days to start wreaking havoc and seek out victims via malicious phishing campaigns. According to the report, the main goal of the malware is to steal online banking credentials which the culprits could later use to make fraudulent online purchases. It uses a tool dubbed as WSH Remote Access Tool (RAT).
How does it work?
The cybercriminals masqueraded the phishing campaign as legitimate emails from various financial institutions and banks. One particular bank used by hackers is HSBC. The fraudulent emails contain .MHT web archive files which act the same way as HTML files.
“The email attachment contained an MHT file that is used by threat operators in the same way as HTML files. In this case, the MHT file contained an href link which when opened, directed victims to a .zip archive containing a version of WSH RAT,” they added.
When the MHT file, which contains a web address link, was executed, it directs the victims towards a .zip archive containing the WSH RAT payload. WSH RAT uses the same configuration structure that Hworm uses for this process.
The Trojan first communicates with a command and control server, controlled by the cybercriminal, request three additional .tar.gz files. These files, however, are PE32 executables which provide the Trojan with a Windows keylogger, a mail credential viewer, and a browser credential viewer module.
It is also noteworthy that these modules were developed by other third parties and cannot be attributed to the original creator of the Houdini worm. Furthermore, reports reveal that the malware is being actively sold in underground forums and the black market. The price point for the infection is said to be at $50 per month subscription basis. Sellers are marketing their product by waxing eloquent about WSH Rat’s Windows XP and Windows 10 compatibility, evasion techniques, credentials-stealing capabilities, among others.
New malware variants are sprouting
Only recently, researchers from Google has discovered a Linux-based strain of another prevalent malware, Winnti, which was attributed to the high-value attack against a Vietnamese gaming company a few years back by some Chinese hackers.
Researchers made the discovery from the Chronicle, Alphabet’s cybersecurity department. The researchers revealed that they found a Linux variant of the Winnti malware that works as a backdoor on infected hosts, granting attackers access to compromised systems.
According to the Chronicle, the malware that they have discovered comes in two parts: a rootkit to disguise the malware in the infected host and the actual backdoor Trojan. Further analysis the discovered Linux variant of the Winnti malware bears a lot of similarities to the malware’s Windows version. Other connections with the Windows version also included the similar way in which the Linux variant handled outbound communications with its command-and-control (C&C) server — which was a mixture of multiple protocols (ICMP, HTTP, and custom TCP and UDP protocols).
‘Pavlok’ SmartTech Bracelet Stops Bad Habits With Electric Shocks
Studies suggest that it takes 21 days to make or break habits. The truth is, it’s not the longevity that most people struggle with — it’s the consistency. Enter Pavlok, a wearable tech that uses aversive conditioning — a kind of negative reinforcement — to keep you from your bad habits is now available in Amazon.
How does it work?
Pavlok is made of two parts: a one-size-fits-all wristband and an app that is available in Android and iOS. The band uses electric shocks, ranging from low to high setting, to enforce negative stimuli when you engage in your bad habits. It is the digital form of snapping your wrist with a rubber band when you bite your nails or sneak a quick cigarette break.
According to its Amazon webpage, Pavlok has sold more than 50,000 units since its official launch in 2015. Behavioral Technology Group Inc., the company responsible for the product, has since released two versions of Pavlok. It has also released a new product called Shock Clock, an alarm clock that zaps its user awake.
History of Pavlok
Maneesh Sethi, the CEO, and founder of Behavioral Technology Group, Inc. claims to have the idea for Pavlok when he created an experiment back in 2014. He shared in a blog post that he hired a girl from Craiglist to slap him whenever he went on Facebook. Based on his experiment, he increased his productivity and concluded that aversive conditioning worked for him.
In 2014, Sethi put up Pavlok on crowdfunding website Indiegogo to create their initial prototype. It targeted to get funding of $50,000 and walked away with more than $250,000 with a total of 1,763 backers.
Despite success in crowdfunding, Pavlok’s popularity soared only on May 20, 2016, when it was featured on the last episode of Shark Tank‘s season 7. Sethi refused Kevin O’ Leary’s offer because he doesn’t want to work with him. Even though Sethi’s venture on the popular hit show was amiss, he continued working on his digital aversive conditioning technique.
Users on Amazon and blogs have mixed reviews with this unconventional wearable tech. Testimonials are available on Pavlok’s website, boasting success on breaking bad habits like nail biting, stopping cookie addiction, and eating too many sugary snacks.
While others swear by the results, others felt that Pavlok’s expectations fell short. With Pavlok 1, users have to manually zap themselves when they engage in a bad habit. Users reported that after some time, they learned to ignore the electric shocks or forget to zap themselves.
As an improvement, Pavlok included a feature which would allow your friends to zap you when they caught you red-handed. Aside from that, they integrated an IFTTT feature, which would allow users to input conditions for when they will receive their shocks. For example, if you are trying to remove your nail biting habit, you can simply input Pavlok to zap you when you lift your hand to your mouth. Of course, it only works when you use the hand which has the Pavlok device.
Future of Wearable Tech
Pavlok is just one of the hundreds of wearable tech designed to improve users’ quality of life. Apple is set to release Apple Watch OS 6, which includes a menstrual cycle tracker. It is a much-awaited update after the launching of Apple Watch Series 4 last September 2018.
Starkey, a company focused on producing hearing aids, launched Livio AI last year as well. It is a hearing aid marketed for people who do not need any hearing aids. It features integrated sensors to detect noisy environments and lessen them, thereby reducing the user’s exposure to noise pollution. It also boasts an almost perfect language translation app that lets you understand 27 languages.
With the rise in popularity of these products, wearable tech has a bright future.
Science2 weeks ago
Norway’s Celebrity Beluga Whale ‘Hvaldimir’; A Russian Spy Or Child Therapist?
Automotive3 weeks ago
Ferrari’s Fastest Car: SF90 Stradale
Health2 weeks ago
‘Pokémon Sleep’ and ‘Pokémon Go Plus Plus’: From Walking More To Sleeping More
Advertising1 month ago
MailChimp Updates Pricing Policy, Now Charging Unsubscribed Emails In The Mailing List
Offbeat3 weeks ago
Send A Baby To Mars, And Other Funny AI Generated Petitions
Arts & Entertainment1 month ago
The CW And Netflix Break Up Means No More Riverdale?
Arts & Entertainment1 month ago
‘Young Sheldon’ Season 2 Finale: What’s Meant To Be Will Always Find Its Way To You
Technology1 month ago
Apple, Google, And Microsoft Started Protecting You From ZombieLoad Threat