source: darkreading.com

From lengthy email signatures to employees' social media posts, we look at the many ways organizations make it easier for attackers to break in.

The most common slipup Snow sees in her research is companies oversharing online, especially on social media. Examples include human resources sharing photos and videos to attract job applicants, interns posting photos of new badges, and employees sharing photos at office functions.

"What they don't realize is that in those pictures or videos could be employees with their badges or information on whiteboards … a lot of things attackers could use to their advantage," she explains.

When Snow does a security assessment for a client, she looks for pictures of employee badges so she can create her own and bring it on-site. A quick Internet search for the company and its employees usually yields a photo of someone's office badge.

"It doesn't need to work," she says. "As long as it looks like everyone else's, I'm not questioned."

Of course, badge photos are only one example of content that shouldn't be shared on social media. Office pictures can also show an attacker how desks and cubicles are laid out, what type of computers employees use, and the programs, email clients, and browsers they're running. When companies participate in online trends and challenges – Snow points to the viral Ice Bucket Challenge as an example – they're not thinking of what they may accidentally reveal: close-up pictures of the building, access control systems, or Post-its with login credentials.

"They make it easy to duplicate and impersonate and have knowledge an outsider shouldn't have," says Hadnagy about the data companies unintentionally share online.

Out of Office: Watch What You Say

When asked about the most common ways companies make themselves vulnerable, Hadnagy first points to automatic replies, or out-of-office emails. Employees often include a precious amount of detail – enough for an intruder to take advantage, he says.

An example: "Hey, this is Chris, I'm away in Hawaii on my honeymoon. For project X, contact X person at X email address; for project Y, contact Y person at Y email address."

In writing full names, project names, and contact details in an automatic reply, employees not only tell attackers where they are but other people they can target. With this information, someone could email another employee with the company and pretend to be working with Chris on a project, obtain sensitive data, or request a wire transfer.

"It's something people don't often think about when they're doing out-of-office," Hadnagy says.

 source: cyware.com

  • Hackers who go by the online name ‘Lab Dookhtegan’ had revealed details about the inner working of an Iran-based hacker group OilRig.
  • Malware like Readtup and Gootkit were tracked down due to flaws in the design of their C2 infrastructures.

The area of the cyber threat landscape is vast and varied. It witnesses several attacks from cybercriminals that includes malware, exploitation of vulnerabilities, phishing emails, or unauthorized access.

Different threat actor groups specialized in their attack techniques and the use of malware target specific industries to steal more data or generate revenue. However, these bad actors often leave back a major security loophole which makes it easy for security experts and analysts to crack down their activities.

Many times, rival hacker groups are also involved in the major revelation related to the work and operations of hacking groups.

Here’s a look at some instances where cybercriminals and their malicious operations were tracked down by centering their security lapses.

Major incidents

Hackers who go by the online name ‘Lab Dookhtegan’ revealed details about the inner working of an Iran-based hacker group OilRig, also known as APT34 and HelixKitten. Lan Dookhtegan had used a Telegram channel to dump information about threat actor group’s infrastructure, hacking tools, members and victims.

Apart from OilRig, cyber-espionage operations related to MuddyWater hacking group and Rana Institute were also published online via Telegram channels and websites on the Dark Web and the public internet.

Avast researchers along with French law enforcement agencies took down the backend infrastructure of the Readtup malware gang after discovering a design flaw in the C2 server communications protocol. The malware had effectively disinfected over 850,000 Windows systems.

A bunch of cybercrooks had left exposed a database that contained a huge of stolen data. The stolen data belonged to customers of Neuroticket, Ticketmaster, TickPick, Groupon and more. The criminals were using the details to conduct identity fraud before the database was taken offline.

In another major mistake, a criminal gang behind the Gootkit malware had left MongoDB databases open to the internet, thus giving a security researcher Bob Diachenko an opportunity to gain an insight into their operations. These databases contained a total of 38,653 infected hosts aggregated by three Gootkit sub-botnets.

Avast researchers also took down the notorious campaign of Geost botnet that had been active since 2016. They were able to bring down the botnet as the attackers using botnet had failed to encrypt C2 servers and their chat sessions. With the botnet, 13 C2 servers that ran hundreds of malicious domains were brought down.

The bottom line

It is safe to say that cybercriminals are not immune from the same errors in judgement and threats that are faced by organizations across the world.

 source: cyberdefensemagazine.com

Where the onset of the internet has been a blessing for almost everyone, it has also proved to be a curse for many of us. Hackers are improvising new ways to burst the privacy bubble of people. Security experts warn us that most cyber-attacks initiate from our smartphones. And despite the alarming number of hacking incidents in the last decade, an average person doesn’t know how to protect his smartphones from these attacks.

In addition to getting personal information of people, these hackers target company employees to hack into a business smartphone to obtain vital information. Therefore, taking appropriate precautions to protect your phone is more important than it has ever been.

Here are 5 simple ways to keep your smartphone’s data secured.

Use Trusted Wi-Fi and Bluetooth

Most people connect to public Wi-Fi without giving it a second thought. What they don’t know is that this public Wi-Fi can be used to obtain sensitive information from the connected devices. Most hotels and event venues have their security protocols in place, but free public Wi-Fis in areas like shopping centers, cafes, airports and parks and far less secure and should be used wisely.

Whenever you are in a public place, it is best to keep your Wi-Fi turned off or use it through a VPN which re-routes your network traffic through an encrypted connection.

Use Two-Factor Authentication

You should take benefit of every possible security procedure available to make your device as secure as it can be. A two-factor authentication (2FA) is a solid barrier that prevents unwarranted access of your personal data and information.

Most people don’t use this feature because it requires an extra step for verification but imagine all your information that is put on stake if you skip 2FA. Nowadays, due to fingerprint technology and save-password options, this feature is much easier to use.

October is National Cyber Security Awareness Month (NCSAM), and one of the prongs in the three-part theme is for all computer users to "Own IT." This means staying safe on social media, updating privacy settings, and keeping tabs on apps. Simply put, users need to take better ownership of their data and their online presence as part of daily safe cyber practices.

It is all too easy simply to click the wrong link, share the wrong thing on social media, or download the wrong app. One of the biggest risks today is ransomware, a type of malware that can lock a user or even an organization out of a computer or network. Cities such as Atlanta and Baltimore have suffered from ransomware attacks that resulted in millions of dollars in recovery costs.

The insidious ransomware threat is getting worse. The global damage from ransomware could cost US$11.5 billion this year, according to data from cybersecurity researchers at KnowBe4. The average ransom payment increased by 184 percent, while the average downtime for organizations was 9.6 days!

"The threat of ransomware continues to grow," warned Kelvin Coleman, executive director of the National Cyber Security Alliance.

"For the average consumer, phishing -- when someone poses as a legitimate entity to try to access your data -- also remains a big problem," he told TechNewsWorld. "As the Internet of Things expands, this will also expose more of our data through the sheer number of interconnected devices we own."