#malwareattack — Public Fediverse posts

17.5M Instagram accounts exposed in a major data breach. Learn what information is leaked and how to secure your account immediately. https://english.mathrubhumi.com/technology/major-instagram-data-breach-affects-175-million-accounts-heres-what-you-need-to-do-now-oa101a3u?utm_source=dlvr.it&utm_medium=mastodon #InstagramBreach #DataLeak #CyberSecurity #HackAlert #MalwareAttack

17.5M Instagram accounts exposed in a major data breach. Learn what information is leaked and how to secure your account immediately. https://english.mathrubhumi.com/technology/major-instagram-data-breach-affects-175-million-accounts-heres-what-you-need-to-do-now-oa101a3u?utm_source=dlvr.it&utm_medium=mastodon #InstagramBreach #DataLeak #CyberSecurity #HackAlert #MalwareAttack

17.5M Instagram accounts exposed in a major data breach. Learn what information is leaked and how to secure your account immediately. https://english.mathrubhumi.com/technology/major-instagram-data-breach-affects-175-million-accounts-heres-what-you-need-to-do-now-oa101a3u?utm_source=dlvr.it&utm_medium=mastodon #InstagramBreach #DataLeak #CyberSecurity #HackAlert #MalwareAttack

17.5M Instagram accounts exposed in a major data breach. Learn what information is leaked and how to secure your account immediately. https://english.mathrubhumi.com/technology/major-instagram-data-breach-affects-175-million-accounts-heres-what-you-need-to-do-now-oa101a3u?utm_source=dlvr.it&utm_medium=mastodon #InstagramBreach #DataLeak #CyberSecurity #HackAlert #MalwareAttack

17.5M Instagram accounts exposed in a major data breach. Learn what information is leaked and how to secure your account immediately. https://english.mathrubhumi.com/technology/major-instagram-data-breach-affects-175-million-accounts-heres-what-you-need-to-do-now-oa101a3u?utm_source=dlvr.it&utm_medium=mastodon #InstagramBreach #DataLeak #CyberSecurity #HackAlert #MalwareAttack

Crypto scammers hard shift to Telegram, and ‘it’s working’ — Scam Sniffer - Scam Sniffer initially raised the alarm about Telegram malware scams in ... - https://cointelegraph.com/news/malicious-telegram-group-scams-have-increased-2000-since-november-scam-sniffer #socialengineeringcryptoscams #malwareintelegramgroups #cryptophishingattacks #cybersecurityincrypto #telegrammalwarescams #fakeverificationbots #malwareattack. #scamsniffer

Crypto scammers hard shift to Telegram, and ‘it’s working’ — Scam Sniffer - Scam Sniffer initially raised the alarm about Telegram malware scams in ... - https://cointelegraph.com/news/malicious-telegram-group-scams-have-increased-2000-since-november-scam-sniffer #socialengineeringcryptoscams #malwareintelegramgroups #cryptophishingattacks #cybersecurityincrypto #telegrammalwarescams #fakeverificationbots #malwareattack. #scamsniffer

Crypto scammers hard shift to Telegram, and ‘it’s working’ — Scam Sniffer - Scam Sniffer initially raised the alarm about Telegram malware scams in ... - https://cointelegraph.com/news/malicious-telegram-group-scams-have-increased-2000-since-november-scam-sniffer #socialengineeringcryptoscams #malwareintelegramgroups #cryptophishingattacks #cybersecurityincrypto #telegrammalwarescams #fakeverificationbots #malwareattack. #scamsniffer

Crypto scammers hard shift to Telegram, and ‘it’s working’ — Scam Sniffer - Scam Sniffer initially raised the alarm about Telegram malware scams in ... - https://cointelegraph.com/news/malicious-telegram-group-scams-have-increased-2000-since-november-scam-sniffer #socialengineeringcryptoscams #malwareintelegramgroups #cryptophishingattacks #cybersecurityincrypto #telegrammalwarescams #fakeverificationbots #malwareattack. #scamsniffer

Radiant Capital says North Korea posed as ex-contractor to carry out $50M hack - A North Korean threat actor was behind the $50 million attack on Radiant... - https://cointelegraph.com/news/radiant-capital-north-korean-impersonated-ex-contractor-50-million-hack #cybersecuritybestpractices #northkoreahackinggroup #cryptocurrencysecurity #blockchainsecurity #radiantcapital #malwareattack #cryptoattack. #lazarusgroup #citrinesleet #defihack

Radiant Capital says North Korea posed as ex-contractor to carry out $50M hack - A North Korean threat actor was behind the $50 million attack on Radiant... - https://cointelegraph.com/news/radiant-capital-north-korean-impersonated-ex-contractor-50-million-hack #cybersecuritybestpractices #northkoreahackinggroup #cryptocurrencysecurity #blockchainsecurity #radiantcapital #malwareattack #cryptoattack. #lazarusgroup #citrinesleet #defihack

Radiant Capital says North Korea posed as ex-contractor to carry out $50M hack - A North Korean threat actor was behind the $50 million attack on Radiant... - https://cointelegraph.com/news/radiant-capital-north-korean-impersonated-ex-contractor-50-million-hack #cybersecuritybestpractices #northkoreahackinggroup #cryptocurrencysecurity #blockchainsecurity #radiantcapital #malwareattack #cryptoattack. #lazarusgroup #citrinesleet #defihack

Radiant Capital says North Korea posed as ex-contractor to carry out $50M hack - A North Korean threat actor was behind the $50 million attack on Radiant... - https://cointelegraph.com/news/radiant-capital-north-korean-impersonated-ex-contractor-50-million-hack #cybersecuritybestpractices #northkoreahackinggroup #cryptocurrencysecurity #blockchainsecurity #radiantcapital #malwareattack #cryptoattack. #lazarusgroup #citrinesleet #defihack

Ransomware Gang Strikes With Stolen Microsoft Entra ID Credentials
In a recent cyber attack that has sent shockwaves through the tech world, a ransomware gang has struck with stolen Microsoft Entra ID credentials.
#Ransomware #CyberSecurity #DataBreach #MicrosoftEntra #IdentityTheft #HackerAlert #CyberAttack #ITSecurity #CredentialTheft #MalwareAttack #news #tech #hackers
https://cloudhosting.evostrix.eu/ransomware-gang-strikes-with-stolen-microsoft-entra-id-credentials/

Email auto-reply vulnerability allows hackers to mine cryptocurrency - Hackers exploit email auto-replies to spread crypto-mining malware, hija... - https://cointelegraph.com/news/email-auto-reply-malware-cryptocurrency-mining #crypto-miningmalware #emailauto-replies #malwareprevention #cryptocurrency #cybersecurity #malwareattack #cryptomining #emailexploit #phishing #hackers

Email auto-reply vulnerability allows hackers to mine cryptocurrency - Hackers exploit email auto-replies to spread crypto-mining malware, hija... - https://cointelegraph.com/news/email-auto-reply-malware-cryptocurrency-mining #crypto-miningmalware #emailauto-replies #malwareprevention #cryptocurrency #cybersecurity #malwareattack #cryptomining #emailexploit #phishing #hackers

Email auto-reply vulnerability allows hackers to mine cryptocurrency - Hackers exploit email auto-replies to spread crypto-mining malware, hija... - https://cointelegraph.com/news/email-auto-reply-malware-cryptocurrency-mining #crypto-miningmalware #emailauto-replies #malwareprevention #cryptocurrency #cybersecurity #malwareattack #cryptomining #emailexploit #phishing #hackers

Email auto-reply vulnerability allows hackers to mine cryptocurrency - Hackers exploit email auto-replies to spread crypto-mining malware, hija... - https://cointelegraph.com/news/email-auto-reply-malware-cryptocurrency-mining #crypto-miningmalware #emailauto-replies #malwareprevention #cryptocurrency #cybersecurity #malwareattack #cryptomining #emailexploit #phishing #hackers

Threat Actors Forcing Victims Into Entering Login Credentials For Stealing https://cybersecuritynews.com/forcing-victims-into-enter-login-credentials/ #CyberSecurityResearch #CybersecurityThreats #CredentialTheft #CyberSecurity #malwareattack #Malware

Of course, now we know who was behind #Stuxnet -- #Israel and the #CIA -- thanks!

Why the #StuxnetWorm is like nothing seen before

By Paul Marks
27 September 2010

"Stuxnet is the first worm of its type capable of attacking #CriticalInfrastructure like #PowerStations and #ElectricityGrids: those in the know have been expecting it for years. On 26 September, #Iran’s state news agency reported that computers at its #Bushehr #NuclearPowerPlant had been infected.

Why the fuss over Stuxnet?

"#ComputerViruses, worms and #trojans have until now mainly infected PCs or the servers that keep e-businesses running. They may delete key system files or documents, or perhaps prevent website access, but they do not threaten life and limb.

"The Stuxnet worm is different. It is the first piece of #malware so far able to break into the types of computer that control machinery at the heart of industry, allowing an attacker to assume control of critical systems like #pumps, #motors, #alarms and #valves in an industrial plant.

"In the worst case scenarios, safety systems could be switched off at a nuclear power plant; fresh water #contaminated with effluent at a #SewageTreatmentPlant, or the valves in an #OilPipeline opened, contaminating the land or sea.

“'Giving an attacker control of industrial systems like a #dam, a sewage plant or a power station is extremely unusual and makes this a serious threat with huge real world implications,' says Patrick Fitzgerald, senior threat intelligence officer with Symantec. 'It has changed everything.'

Why is a different type of worm needed to attack an industrial plant?

"Industrial machinery is not controlled directly by the kind of computers we all use. Instead, the equipment used in an industrial process is controlled by a separate, dedicated system called a programmable logic controller (#PLC) which runs supervisory control and data acquisition software (#SCADA).

"Running the SCADA software, the PLC controls the process at hand within strict safety limits, switching motors on and off, say, and emptying vessels, and feeding back data which may safely modify the process without the need for human intervention – the whole point of industrial automation.

So how does a worm get into the system?

"It is not easy because they do not run regular PC, Mac or Linux software. Instead, the firms who sell PLCs each have their own programming language – and that has made it tricky for hackers to break it.

"However there is a way in via the Windows PC that oversees the PLC’s operations. Stuxnet exploited four vulnerabilities in Microsoft Windows to give a remote hacker the ability to inject malicious code into a market-leading PLC made by German electronics conglomerate Siemens.

"That’s possible because PLCs are not well-defended devices. They operate for many years in situ and electronic access to them is granted via well-known passwords that are rarely changed. Even when Stuxnet was identified, Siemens opposed password changes on the grounds that it could cause chaos as older systems tried to communicate using old passwords.

Where did the initial Stuxnet infection come from?

"It appears to have first arrived in Iran on a simple #USBMemoryStick, says Fitzgerald. His team in Dublin, Ireland has been analysing Stuxnet since it was first identified by a security team in Belarus in June.

"The first of the four Windows vulnerabilities allowed executable code on a USB stick to spread to a PC. The USB may have been given to an Iranian plant operative – or simply left somewhere for an inquisitive person to insert into their terminal.

"Says Fitzgerald: 'It then spreads from machine to machine on the network, exploiting a second vulnerability to do so, and reports back to the attacker on the internet when it finds a PC that’s running Siemens SCADA software. The attacker can then download a diagram of the industrial system set-up the SCADA controls.'

"The next two Windows vulnerabilities lets the worm escalate its privilege levels to allow the attacker to inject Siemens PLC format computer code – written in a language called STL – into the PLC. It’s that code which is capable of performing the skulduggery: perhaps turning off alarms, or resetting safe temperature levels.

How do we know where Stuxnet is active?

"Symantec monitored communications with the two internet domains that the worm swaps data with. By geotagging the IP addresses of Stuxnet-infected computers in communication with the attacker, Fitzgerald’s team found that 58.8 per cent of infections were in Iran, 18.2 per cent in #Indonesia, 8.3 per cent in #India, 2.6 per cent in #Azerbaijan and 1.6 per cent in the US.

Who is behind the worm?

"No one knows. It is however very professionally written, requiring what Fitzgerald calls 'a broad spectrum of skills' to exploit four new vulnerabilities and develop their own SCADA/PLC set-up to test it on.

"This has some commentators suggesting that a #NationState with plenty of technical resources may have been behind Stuxnet. But computer crime is a billion dollar business so such an effort is not beyond extortionists.

"Stuxnet comprises a 600-kilobyte file and it has not yet been fully analysed."

Read more:
https://www.newscientist.com/article/dn19504-why-the-stuxnet-worm-is-like-nothing-seen-before/

#StuxnetVirus #MalwareAttack #Cyberattack #CyberWarfare

Of course, now we know who was behind #Stuxnet -- #Israel and the #CIA -- thanks!

Why the #StuxnetWorm is like nothing seen before

By Paul Marks
27 September 2010

"Stuxnet is the first worm of its type capable of attacking #CriticalInfrastructure like #PowerStations and #ElectricityGrids: those in the know have been expecting it for years. On 26 September, #Iran’s state news agency reported that computers at its #Bushehr #NuclearPowerPlant had been infected.

Why the fuss over Stuxnet?

"#ComputerViruses, worms and #trojans have until now mainly infected PCs or the servers that keep e-businesses running. They may delete key system files or documents, or perhaps prevent website access, but they do not threaten life and limb.

"The Stuxnet worm is different. It is the first piece of #malware so far able to break into the types of computer that control machinery at the heart of industry, allowing an attacker to assume control of critical systems like #pumps, #motors, #alarms and #valves in an industrial plant.

"In the worst case scenarios, safety systems could be switched off at a nuclear power plant; fresh water #contaminated with effluent at a #SewageTreatmentPlant, or the valves in an #OilPipeline opened, contaminating the land or sea.

“'Giving an attacker control of industrial systems like a #dam, a sewage plant or a power station is extremely unusual and makes this a serious threat with huge real world implications,' says Patrick Fitzgerald, senior threat intelligence officer with Symantec. 'It has changed everything.'

Why is a different type of worm needed to attack an industrial plant?

"Industrial machinery is not controlled directly by the kind of computers we all use. Instead, the equipment used in an industrial process is controlled by a separate, dedicated system called a programmable logic controller (#PLC) which runs supervisory control and data acquisition software (#SCADA).

"Running the SCADA software, the PLC controls the process at hand within strict safety limits, switching motors on and off, say, and emptying vessels, and feeding back data which may safely modify the process without the need for human intervention – the whole point of industrial automation.

So how does a worm get into the system?

"It is not easy because they do not run regular PC, Mac or Linux software. Instead, the firms who sell PLCs each have their own programming language – and that has made it tricky for hackers to break it.

"However there is a way in via the Windows PC that oversees the PLC’s operations. Stuxnet exploited four vulnerabilities in Microsoft Windows to give a remote hacker the ability to inject malicious code into a market-leading PLC made by German electronics conglomerate Siemens.

"That’s possible because PLCs are not well-defended devices. They operate for many years in situ and electronic access to them is granted via well-known passwords that are rarely changed. Even when Stuxnet was identified, Siemens opposed password changes on the grounds that it could cause chaos as older systems tried to communicate using old passwords.

Where did the initial Stuxnet infection come from?

"It appears to have first arrived in Iran on a simple #USBMemoryStick, says Fitzgerald. His team in Dublin, Ireland has been analysing Stuxnet since it was first identified by a security team in Belarus in June.

"The first of the four Windows vulnerabilities allowed executable code on a USB stick to spread to a PC. The USB may have been given to an Iranian plant operative – or simply left somewhere for an inquisitive person to insert into their terminal.

"Says Fitzgerald: 'It then spreads from machine to machine on the network, exploiting a second vulnerability to do so, and reports back to the attacker on the internet when it finds a PC that’s running Siemens SCADA software. The attacker can then download a diagram of the industrial system set-up the SCADA controls.'

"The next two Windows vulnerabilities lets the worm escalate its privilege levels to allow the attacker to inject Siemens PLC format computer code – written in a language called STL – into the PLC. It’s that code which is capable of performing the skulduggery: perhaps turning off alarms, or resetting safe temperature levels.

How do we know where Stuxnet is active?

"Symantec monitored communications with the two internet domains that the worm swaps data with. By geotagging the IP addresses of Stuxnet-infected computers in communication with the attacker, Fitzgerald’s team found that 58.8 per cent of infections were in Iran, 18.2 per cent in #Indonesia, 8.3 per cent in #India, 2.6 per cent in #Azerbaijan and 1.6 per cent in the US.

Who is behind the worm?

"No one knows. It is however very professionally written, requiring what Fitzgerald calls 'a broad spectrum of skills' to exploit four new vulnerabilities and develop their own SCADA/PLC set-up to test it on.

"This has some commentators suggesting that a #NationState with plenty of technical resources may have been behind Stuxnet. But computer crime is a billion dollar business so such an effort is not beyond extortionists.

"Stuxnet comprises a 600-kilobyte file and it has not yet been fully analysed."

Read more:
https://www.newscientist.com/article/dn19504-why-the-stuxnet-worm-is-like-nothing-seen-before/

#StuxnetVirus #MalwareAttack #Cyberattack #CyberWarfare

Of course, now we know who was behind #Stuxnet -- #Israel and the #CIA -- thanks!

Why the #StuxnetWorm is like nothing seen before

By Paul Marks
27 September 2010

"Stuxnet is the first worm of its type capable of attacking #CriticalInfrastructure like #PowerStations and #ElectricityGrids: those in the know have been expecting it for years. On 26 September, #Iran’s state news agency reported that computers at its #Bushehr #NuclearPowerPlant had been infected.

Why the fuss over Stuxnet?

"#ComputerViruses, worms and #trojans have until now mainly infected PCs or the servers that keep e-businesses running. They may delete key system files or documents, or perhaps prevent website access, but they do not threaten life and limb.

"The Stuxnet worm is different. It is the first piece of #malware so far able to break into the types of computer that control machinery at the heart of industry, allowing an attacker to assume control of critical systems like #pumps, #motors, #alarms and #valves in an industrial plant.

"In the worst case scenarios, safety systems could be switched off at a nuclear power plant; fresh water #contaminated with effluent at a #SewageTreatmentPlant, or the valves in an #OilPipeline opened, contaminating the land or sea.

“'Giving an attacker control of industrial systems like a #dam, a sewage plant or a power station is extremely unusual and makes this a serious threat with huge real world implications,' says Patrick Fitzgerald, senior threat intelligence officer with Symantec. 'It has changed everything.'

Why is a different type of worm needed to attack an industrial plant?

"Industrial machinery is not controlled directly by the kind of computers we all use. Instead, the equipment used in an industrial process is controlled by a separate, dedicated system called a programmable logic controller (#PLC) which runs supervisory control and data acquisition software (#SCADA).

"Running the SCADA software, the PLC controls the process at hand within strict safety limits, switching motors on and off, say, and emptying vessels, and feeding back data which may safely modify the process without the need for human intervention – the whole point of industrial automation.

So how does a worm get into the system?

"It is not easy because they do not run regular PC, Mac or Linux software. Instead, the firms who sell PLCs each have their own programming language – and that has made it tricky for hackers to break it.

"However there is a way in via the Windows PC that oversees the PLC’s operations. Stuxnet exploited four vulnerabilities in Microsoft Windows to give a remote hacker the ability to inject malicious code into a market-leading PLC made by German electronics conglomerate Siemens.

"That’s possible because PLCs are not well-defended devices. They operate for many years in situ and electronic access to them is granted via well-known passwords that are rarely changed. Even when Stuxnet was identified, Siemens opposed password changes on the grounds that it could cause chaos as older systems tried to communicate using old passwords.

Where did the initial Stuxnet infection come from?

"It appears to have first arrived in Iran on a simple #USBMemoryStick, says Fitzgerald. His team in Dublin, Ireland has been analysing Stuxnet since it was first identified by a security team in Belarus in June.

"The first of the four Windows vulnerabilities allowed executable code on a USB stick to spread to a PC. The USB may have been given to an Iranian plant operative – or simply left somewhere for an inquisitive person to insert into their terminal.

"Says Fitzgerald: 'It then spreads from machine to machine on the network, exploiting a second vulnerability to do so, and reports back to the attacker on the internet when it finds a PC that’s running Siemens SCADA software. The attacker can then download a diagram of the industrial system set-up the SCADA controls.'

"The next two Windows vulnerabilities lets the worm escalate its privilege levels to allow the attacker to inject Siemens PLC format computer code – written in a language called STL – into the PLC. It’s that code which is capable of performing the skulduggery: perhaps turning off alarms, or resetting safe temperature levels.

How do we know where Stuxnet is active?

"Symantec monitored communications with the two internet domains that the worm swaps data with. By geotagging the IP addresses of Stuxnet-infected computers in communication with the attacker, Fitzgerald’s team found that 58.8 per cent of infections were in Iran, 18.2 per cent in #Indonesia, 8.3 per cent in #India, 2.6 per cent in #Azerbaijan and 1.6 per cent in the US.

Who is behind the worm?

"No one knows. It is however very professionally written, requiring what Fitzgerald calls 'a broad spectrum of skills' to exploit four new vulnerabilities and develop their own SCADA/PLC set-up to test it on.

"This has some commentators suggesting that a #NationState with plenty of technical resources may have been behind Stuxnet. But computer crime is a billion dollar business so such an effort is not beyond extortionists.

"Stuxnet comprises a 600-kilobyte file and it has not yet been fully analysed."

Read more:
https://www.newscientist.com/article/dn19504-why-the-stuxnet-worm-is-like-nothing-seen-before/

#StuxnetVirus #MalwareAttack #Cyberattack #CyberWarfare

Of course, now we know who was behind #Stuxnet -- #Israel and the #CIA -- thanks!

Why the #StuxnetWorm is like nothing seen before

By Paul Marks
27 September 2010

"Stuxnet is the first worm of its type capable of attacking #CriticalInfrastructure like #PowerStations and #ElectricityGrids: those in the know have been expecting it for years. On 26 September, #Iran’s state news agency reported that computers at its #Bushehr #NuclearPowerPlant had been infected.

Why the fuss over Stuxnet?

"#ComputerViruses, worms and #trojans have until now mainly infected PCs or the servers that keep e-businesses running. They may delete key system files or documents, or perhaps prevent website access, but they do not threaten life and limb.

"The Stuxnet worm is different. It is the first piece of #malware so far able to break into the types of computer that control machinery at the heart of industry, allowing an attacker to assume control of critical systems like #pumps, #motors, #alarms and #valves in an industrial plant.

"In the worst case scenarios, safety systems could be switched off at a nuclear power plant; fresh water #contaminated with effluent at a #SewageTreatmentPlant, or the valves in an #OilPipeline opened, contaminating the land or sea.

“'Giving an attacker control of industrial systems like a #dam, a sewage plant or a power station is extremely unusual and makes this a serious threat with huge real world implications,' says Patrick Fitzgerald, senior threat intelligence officer with Symantec. 'It has changed everything.'

Why is a different type of worm needed to attack an industrial plant?

"Industrial machinery is not controlled directly by the kind of computers we all use. Instead, the equipment used in an industrial process is controlled by a separate, dedicated system called a programmable logic controller (#PLC) which runs supervisory control and data acquisition software (#SCADA).

"Running the SCADA software, the PLC controls the process at hand within strict safety limits, switching motors on and off, say, and emptying vessels, and feeding back data which may safely modify the process without the need for human intervention – the whole point of industrial automation.

So how does a worm get into the system?

"It is not easy because they do not run regular PC, Mac or Linux software. Instead, the firms who sell PLCs each have their own programming language – and that has made it tricky for hackers to break it.

"However there is a way in via the Windows PC that oversees the PLC’s operations. Stuxnet exploited four vulnerabilities in Microsoft Windows to give a remote hacker the ability to inject malicious code into a market-leading PLC made by German electronics conglomerate Siemens.

"That’s possible because PLCs are not well-defended devices. They operate for many years in situ and electronic access to them is granted via well-known passwords that are rarely changed. Even when Stuxnet was identified, Siemens opposed password changes on the grounds that it could cause chaos as older systems tried to communicate using old passwords.

Where did the initial Stuxnet infection come from?

"It appears to have first arrived in Iran on a simple #USBMemoryStick, says Fitzgerald. His team in Dublin, Ireland has been analysing Stuxnet since it was first identified by a security team in Belarus in June.

"The first of the four Windows vulnerabilities allowed executable code on a USB stick to spread to a PC. The USB may have been given to an Iranian plant operative – or simply left somewhere for an inquisitive person to insert into their terminal.

"Says Fitzgerald: 'It then spreads from machine to machine on the network, exploiting a second vulnerability to do so, and reports back to the attacker on the internet when it finds a PC that’s running Siemens SCADA software. The attacker can then download a diagram of the industrial system set-up the SCADA controls.'

"The next two Windows vulnerabilities lets the worm escalate its privilege levels to allow the attacker to inject Siemens PLC format computer code – written in a language called STL – into the PLC. It’s that code which is capable of performing the skulduggery: perhaps turning off alarms, or resetting safe temperature levels.

How do we know where Stuxnet is active?

"Symantec monitored communications with the two internet domains that the worm swaps data with. By geotagging the IP addresses of Stuxnet-infected computers in communication with the attacker, Fitzgerald’s team found that 58.8 per cent of infections were in Iran, 18.2 per cent in #Indonesia, 8.3 per cent in #India, 2.6 per cent in #Azerbaijan and 1.6 per cent in the US.

Who is behind the worm?

"No one knows. It is however very professionally written, requiring what Fitzgerald calls 'a broad spectrum of skills' to exploit four new vulnerabilities and develop their own SCADA/PLC set-up to test it on.

"This has some commentators suggesting that a #NationState with plenty of technical resources may have been behind Stuxnet. But computer crime is a billion dollar business so such an effort is not beyond extortionists.

"Stuxnet comprises a 600-kilobyte file and it has not yet been fully analysed."

Read more:
https://www.newscientist.com/article/dn19504-why-the-stuxnet-worm-is-like-nothing-seen-before/

#StuxnetVirus #MalwareAttack #Cyberattack #CyberWarfare

Of course, now we know who was behind #Stuxnet -- #Israel and the #CIA -- thanks!

Why the #StuxnetWorm is like nothing seen before

By Paul Marks
27 September 2010

"Stuxnet is the first worm of its type capable of attacking #CriticalInfrastructure like #PowerStations and #ElectricityGrids: those in the know have been expecting it for years. On 26 September, #Iran’s state news agency reported that computers at its #Bushehr #NuclearPowerPlant had been infected.

Why the fuss over Stuxnet?

"#ComputerViruses, worms and #trojans have until now mainly infected PCs or the servers that keep e-businesses running. They may delete key system files or documents, or perhaps prevent website access, but they do not threaten life and limb.

"The Stuxnet worm is different. It is the first piece of #malware so far able to break into the types of computer that control machinery at the heart of industry, allowing an attacker to assume control of critical systems like #pumps, #motors, #alarms and #valves in an industrial plant.

"In the worst case scenarios, safety systems could be switched off at a nuclear power plant; fresh water #contaminated with effluent at a #SewageTreatmentPlant, or the valves in an #OilPipeline opened, contaminating the land or sea.

“'Giving an attacker control of industrial systems like a #dam, a sewage plant or a power station is extremely unusual and makes this a serious threat with huge real world implications,' says Patrick Fitzgerald, senior threat intelligence officer with Symantec. 'It has changed everything.'

Why is a different type of worm needed to attack an industrial plant?

"Industrial machinery is not controlled directly by the kind of computers we all use. Instead, the equipment used in an industrial process is controlled by a separate, dedicated system called a programmable logic controller (#PLC) which runs supervisory control and data acquisition software (#SCADA).

"Running the SCADA software, the PLC controls the process at hand within strict safety limits, switching motors on and off, say, and emptying vessels, and feeding back data which may safely modify the process without the need for human intervention – the whole point of industrial automation.

So how does a worm get into the system?

"It is not easy because they do not run regular PC, Mac or Linux software. Instead, the firms who sell PLCs each have their own programming language – and that has made it tricky for hackers to break it.

"However there is a way in via the Windows PC that oversees the PLC’s operations. Stuxnet exploited four vulnerabilities in Microsoft Windows to give a remote hacker the ability to inject malicious code into a market-leading PLC made by German electronics conglomerate Siemens.

"That’s possible because PLCs are not well-defended devices. They operate for many years in situ and electronic access to them is granted via well-known passwords that are rarely changed. Even when Stuxnet was identified, Siemens opposed password changes on the grounds that it could cause chaos as older systems tried to communicate using old passwords.

Where did the initial Stuxnet infection come from?

"It appears to have first arrived in Iran on a simple #USBMemoryStick, says Fitzgerald. His team in Dublin, Ireland has been analysing Stuxnet since it was first identified by a security team in Belarus in June.

"The first of the four Windows vulnerabilities allowed executable code on a USB stick to spread to a PC. The USB may have been given to an Iranian plant operative – or simply left somewhere for an inquisitive person to insert into their terminal.

"Says Fitzgerald: 'It then spreads from machine to machine on the network, exploiting a second vulnerability to do so, and reports back to the attacker on the internet when it finds a PC that’s running Siemens SCADA software. The attacker can then download a diagram of the industrial system set-up the SCADA controls.'

"The next two Windows vulnerabilities lets the worm escalate its privilege levels to allow the attacker to inject Siemens PLC format computer code – written in a language called STL – into the PLC. It’s that code which is capable of performing the skulduggery: perhaps turning off alarms, or resetting safe temperature levels.

How do we know where Stuxnet is active?

"Symantec monitored communications with the two internet domains that the worm swaps data with. By geotagging the IP addresses of Stuxnet-infected computers in communication with the attacker, Fitzgerald’s team found that 58.8 per cent of infections were in Iran, 18.2 per cent in #Indonesia, 8.3 per cent in #India, 2.6 per cent in #Azerbaijan and 1.6 per cent in the US.

Who is behind the worm?

"No one knows. It is however very professionally written, requiring what Fitzgerald calls 'a broad spectrum of skills' to exploit four new vulnerabilities and develop their own SCADA/PLC set-up to test it on.

"This has some commentators suggesting that a #NationState with plenty of technical resources may have been behind Stuxnet. But computer crime is a billion dollar business so such an effort is not beyond extortionists.

"Stuxnet comprises a 600-kilobyte file and it has not yet been fully analysed."

Read more:
https://www.newscientist.com/article/dn19504-why-the-stuxnet-worm-is-like-nothing-seen-before/

#StuxnetVirus #MalwareAttack #Cyberattack #CyberWarfare

✔Global SMS Stealer Campaign Exploits Android Devices via Telegram Bots
A massive global SMS Stealer Campaign targeting Android devices through a sophisticated network of Telegram bots has recently been uncovered.
For more information
📕Read - https://cybrpro.com/global-sms-stealer-campaign/
and get insights
#GlobalSMSStealer #SMSStealerCampaign #ExploitsAndroid #AndroidSecurity #TelegramBots #Cyberpromagazine #CyberSecurity #MalwareAttack #PhoneSecurity #MobileThreats #DataProtection #InformationStealing

✔Global SMS Stealer Campaign Exploits Android Devices via Telegram Bots
A massive global SMS Stealer Campaign targeting Android devices through a sophisticated network of Telegram bots has recently been uncovered.
For more information
📕Read - https://cybrpro.com/global-sms-stealer-campaign/
and get insights
#GlobalSMSStealer #SMSStealerCampaign #ExploitsAndroid #AndroidSecurity #TelegramBots #Cyberpromagazine #CyberSecurity #MalwareAttack #PhoneSecurity #MobileThreats #DataProtection #InformationStealing

🤖 Mystery malware destroys 600,000 routers! 🔥
An unknown threat actor forces ISP to replace routers in 72 hours. 🕰️
What could be the motive behind this massive attack? 🤔

#MalwareAttack #RouterDestruction #CyberSecurity #ISPIncident

https://arstechnica.com/security/2024/05/mystery-malware-destroys-600000-routers-from-a-single-isp-during-72-hour-span/

🤖 Mystery malware destroys 600,000 routers! 🔥
An unknown threat actor forces ISP to replace routers in 72 hours. 🕰️
What could be the motive behind this massive attack? 🤔

#MalwareAttack #RouterDestruction #CyberSecurity #ISPIncident

https://arstechnica.com/security/2024/05/mystery-malware-destroys-600000-routers-from-a-single-isp-during-72-hour-span/

🤖 Mystery malware destroys 600,000 routers! 🔥
An unknown threat actor forces ISP to replace routers in 72 hours. 🕰️
What could be the motive behind this massive attack? 🤔

#MalwareAttack #RouterDestruction #CyberSecurity #ISPIncident

https://arstechnica.com/security/2024/05/mystery-malware-destroys-600000-routers-from-a-single-isp-during-72-hour-span/

🤖 Mystery malware destroys 600,000 routers! 🔥
An unknown threat actor forces ISP to replace routers in 72 hours. 🕰️
What could be the motive behind this massive attack? 🤔

#MalwareAttack #RouterDestruction #CyberSecurity #ISPIncident

https://arstechnica.com/security/2024/05/mystery-malware-destroys-600000-routers-from-a-single-isp-during-72-hour-span/

🤖 Mystery malware destroys 600,000 routers! 🔥
An unknown threat actor forces ISP to replace routers in 72 hours. 🕰️
What could be the motive behind this massive attack? 🤔

#MalwareAttack #RouterDestruction #CyberSecurity #ISPIncident

https://arstechnica.com/security/2024/05/mystery-malware-destroys-600000-routers-from-a-single-isp-during-72-hour-span/

A new scam that takes over existing Facebook accounts is doing the rounds. It turns the profiles into AI-themed accounts and offers free trials of popular AI apps, which turn out to be malware. Warn your team

#MalwareAttack #Facebook #CyberSecurity https://www.tomsguide.com/computing/malware-adware/12-million-people-fooled-by-fake-midjourney-facebook-page-used-to-spread-malware-dont-fall-for-this

🛡️ #CyberSecurity Update: Socks5Systemz Proxy Botnet 🛡️

The Socks5Systemz Proxy Botnet, propagated through PrivateLoader and Amadey malware loaders, has managed to infiltrate roughly 10,000 systems worldwide. Researchers have unveiled that this botnet has been operational since 2016, maintaining a low profile until its recent discovery.

https://www.accessystem.com/it-solutions/cyber-security-solution-and-services/cyber-security.html

#CyberSecurity #Socks5Systemz #Malware #PrivateLoader #ProxyBotnet #MalwareAttack #ACCESSYSTEM #Dubai #Doha #Qatar #UAE #India

🛡️ #CyberSecurity Update: Socks5Systemz Proxy Botnet 🛡️

The Socks5Systemz Proxy Botnet, propagated through PrivateLoader and Amadey malware loaders, has managed to infiltrate roughly 10,000 systems worldwide. Researchers have unveiled that this botnet has been operational since 2016, maintaining a low profile until its recent discovery.

https://www.accessystem.com/it-solutions/cyber-security-solution-and-services/cyber-security.html

#CyberSecurity #Socks5Systemz #Malware #PrivateLoader #ProxyBotnet #MalwareAttack #ACCESSYSTEM #Dubai #Doha #Qatar #UAE #India

🛡️ #CyberSecurity Update: Android DaaS ( Dropper-as-a-Service ) Bypasses Google's Defenses ! 🛡️

Security experts have uncovered a novel Android dropper service known as SecuriDropper, which effectively circumvents the latest security constraints imposed by Google.

Get the best Cybersecurity Solutions with ACCESSYSTEM [email protected]
Website : https://www.accessystem.com/it-solutions/cyber-security-solution-and-services/cyber-security.html

#CyberSecurity #AndroidSecurity #Malware #MalwareAttack #ThreatActors #ACCESSYSTEM

🛡️ #CyberSecurity Update: Android DaaS ( Dropper-as-a-Service ) Bypasses Google's Defenses ! 🛡️

Security experts have uncovered a novel Android dropper service known as SecuriDropper, which effectively circumvents the latest security constraints imposed by Google.

Get the best Cybersecurity Solutions with ACCESSYSTEM [email protected]
Website : https://www.accessystem.com/it-solutions/cyber-security-solution-and-services/cyber-security.html

#CyberSecurity #AndroidSecurity #Malware #MalwareAttack #ThreatActors #ACCESSYSTEM

Spyware Targeting Signal and Telegram Users Linked to China: Beware of Malicious Android Apps

Researchers find China-Linked Spyware in Android Apps for Signal and Telegram

Security experts have found harmful apps on the Google Play Store and Samsung Galaxy Store that aim to install the BadBazaar spyware on Android phones used for Signal and Telegram.

#MaliciousAndroidApps #AndroidApps #Android #MalwareAlert #Malware #MalwareAttack #CloudSecurity #ThreatIntelligence #ACCESSYSTEM #NCSC #NCSA

#ActuLibre WARNING: Hackers Install Secret Backdoor on Thousands of Microsoft SQL Servers -> http://feedproxy.google.com/~r/TheHackersNews/~3/AaO1rKvJ0qM/backdoor-.html #databasesecurity #databasehacking #cryptocurrency #windowsmalware #Malwareattack #MSSQLhacking #CyberAttack #hackingnews #MySQL

#ActuLibre Multiple DDoS Botnets Exploited 0-Day Flaws in LILIN DVR Surveillance Systems -> http://feedproxy.google.com/~r/TheHackersNews/~3/TrfteovCQsw/ddos-botnets-lilin-dvr.html #surveillanceprogram #Malwareattack #Botnetattack #Malware #botnet

#ActuLibre Mukashi: A New Mirai IoT Botnet Variant Targeting Zyxel NAS Devices -> http://feedproxy.google.com/~r/TheHackersNews/~3/HrG2O-6pj04/zyxel-mukashi-mirai-iot-botnet.html #bruteforceattack #Malwareattack #Vulnerability #CyberAttack #miraibotnet #NASdevices #Firewall #botnet #mirai

#ActuLibre How CISOs Should Prepare for Coronavirus Related Cybersecurity Threats -> http://feedproxy.google.com/~r/TheHackersNews/~3/8ub8woGLdps/coronavirus-cybersecurity-ciso.html #phishingattack #cybersecurity #Malwareattack #Coronavirus #databreach #healthcare #datatheft #COVID-19

#ActuLibre Hackers Created Thousands of Coronavirus (COVID-19) Related Sites As Bait -> http://feedproxy.google.com/~r/TheHackersNews/~3/hoEVIeJ6sCw/covid-19-coronavirus-hacker-malware.html #hackingsoftware #phishingattack #domainhosting #Malwareattack #Coronavirus #CyberAttack #hackingtool #exploitkit #COVID-19

#ActuLibre TrickBot Now Exploits Infected PCs to Launch RDP Brute Force Attacks -> http://feedproxy.google.com/~r/TheHackersNews/~3/1qXOqDBT0VU/trickbot-malware-rdp-bruteforce.html #TrickBotBankingMalware #RDPVulnerability #ComputerMalware #bankingTrojan #Malwareattack #Bruteforce #RDPexploit

#ActuLibre Beware of 'Coronavirus Maps' – It's a malware infecting PCs to steal passwords -> http://feedproxy.google.com/~r/TheHackersNews/~3/eV1tKt-2FJY/coronavirus-maps-covid-19.html #computersecurity #ComputerMalware #computervirus #cybersecurity #Malwareattack #Coronavirus

#ActuLibre US Govt Warns Critical Industries After Ransomware Hits Gas Pipeline Facility -> http://feedproxy.google.com/~r/TheHackersNews/~3/E3_LgbWPEHA/critical-infrastructure-ransomware-attack.html #criticalinfrastructure #scadaransomware #computervirus #Malwareattack #SpearPhishing #CyberAttack #CyberCrime #ransomware #cyberwar

#ActuLibre Iranian Hackers Exploiting VPN Flaws to Backdoor Organizations Worldwide -> http://feedproxy.google.com/~r/TheHackersNews/~3/7XVBn0UzKZ0/iranian-hackers-vpn-vulnerabilities.html #Iraniancomputers #VPNVulnerability #securevpnserver #cyberespionage #IranianHackers #cybersecurity #Malwareattack #hackingnews #VPNhacking

#ActuLibre Emotet Malware Now Hacks Nearby Wi-Fi Networks to Infect New Victims -> http://feedproxy.google.com/~r/TheHackersNews/~3/NBA8E4_ecTE/emotet-malware-wifi-hacking.html #hackingWi-Fipassword #computervirus #cybersecurity #EMOTETMalware #Malwareattack #emotettrojan #CyberAttack #wifihacking

#ActuLibre Landry's Restaurant Chain Suffers Payment Card Theft Via PoS Malware -> http://feedproxy.google.com/~r/TheHackersNews/~3/IFnt28Puyyo/landry-pos-malware-attack.html #posmachinehacking #Malwareattack #CyberAttack #PaymentCard #creditcard #databreach #POSMalware

#ActuLibre New Zeppelin Ransomware Targeting Tech and Health Companies -> http://feedproxy.google.com/~r/TheHackersNews/~3/Er78UnmGkao/zeppelin-ransomware-attacks.html #2018midtermelections #Vegaransomware #Malwareattack #CyberAttack #ransomware #VegaLocker #Zeppelin

#ActuLibre Louisiana State Government Hit by Ransomware Attack Forcing Server Shutdowns -> http://feedproxy.google.com/~r/TheHackersNews/~3/CSqaYmIYmQM/louisiana-ransomware-attack.html #malwareprotection #ransomwaremalware #ransomwareattack #Malwareattack #serverhacking #CyberAttack #hackingnews #ransomware