The Benefits Of Blockchain In The Travel Industry.

 

Blockchain technology advocates say it’s poised to disrupt numerous industries, ranging from finance to supply chain tracking and real estate. Blockchain promises to drastically transform the way data is stored and used, improving the transparency and security of transactions.

For these reasons, multiple industries have begun experimenting with the technology, and one of the most exciting segments is the travel industry, where it could potentially be transformational in many areas. 

First, a quick explainer. Though blockchain seems complicated, it’s quite a simple concept. It’s essentially just a ledger hosted across multiple public nodes that are used to store records of transactions. Each of these transactions is stored in a “block” secured with cryptography.

Because blockchain records are stored on many computers, the data is considered decentralized. Each block contains both transaction information and a time stamp, and they are stored on all of the nodes that make up the network. In this way, blockchain records cannot be altered without agreement across the network, a design that makes it almost impossible for someone to make changes without being noticed. 

Because blockchain originated with Bitcoin, the world's first cryptocurrency, in 2009, many people assume that the technology only has practical applications within finance and related industries. But the truth is that distributed databases can provide benefits in many different kinds of industries. 

Some examples include advertising, which can be used to prevent fraud by providing transparency around ad impressions. Other use cases include elections, which can provide the foundation for a transparent, open, online voting system.

Moreover, the traceability benefits of blockchain could be used to verify the authenticity of things such as educational certificates, qualifications, and licenses, which can be recorded onto a distributed ledger and made unalterable. Because of this, blockchain could eliminate the need for educational institutions to authorize credentials entirely.

How Blockchain Benefits The Travel Sector

There are many reasons why the travel industry might consider the adoption of blockchain. The industry notably relies on the cooperation of multiple players in the business, such as travel agents, airlines, and hotels, all sharing information with one another. For example, travel agents must pass their customers’ information to hotels and airlines.

Meanwhile, the personal belongings of those customers may also be passed on from one organization to another. Blockchain can potentially make it easier to access and store this information, and the data would be more reliable due to its immutable characteristics. 

Financial transactions also play a big role in the travel industry, and blockchain’s ability to simplify and secure payments is well known. After all, payments were the first major use case of the blockchain (think Bitcoin). It’s especially helpful in the case of overseas payments, as cryptocurrency knows no borders. 

Such advantages become all the more compelling when one considers the size of the travel industry. According to Statista, the combined travel industry contributed more than $9 trillion to the global economy in 2019. Though the COVID-19 pandemic severely impacted travel in 2020 and 2021, the sector still generated $4.7 trillion and $5.8 trillion respectively, in those years. 

The travel industry is made up of multiple sectors too, including transportation (airlines, car rental, and public transport), accommodation (hotels, Airbnb, hostels, cruises, and so on), food and beverages (including restaurants, bars, and cafes,) and entertainment (such as theaters, shopping, nightlife, etc.). Each of these segments is a multi-billion dollar industry in its own right, and there are many possibilities to apply blockchain technology to them all. 

While the travel industry was hit hard by the global coronavirus pandemic, the sector has rebounded strongly since the world began reopening. According to the United Nations World Travel Organization, the number of international tourist arrivals globally in January 2022 increased by 130% compared to a year earlier, with the 18 million extra visitors recorded that month equalling the total increase throughout the entirety of 2021.

Having been trapped indoors for the best part of two years, it’s clear that people are desperate to get outside and explore, and 2022 is consequently shaping up to be one of the best years ever for international travel. 

With that in mind, it’s worth exploring some of the more exciting ways in which blockchain can potentially be applied to improve efficiency and transparency in one of the world’s fastest-growing industries. 

New Possibilities With Blockchain Interoperability

One of the most pertinent blockchains for the travel industry is Flare Network, which has created a unique protocol known as the State Connector that makes it possible to connect to any kind of network, including other blockchains and also public APIs. 

Flare’s State connector was built to solve problems around blockchain interoperability. Those familiar with how the technology works understand that there are multiple blockchains in the world – such as Bitcoin, Ethereum, Avalanche, Binance, Solana, and so on – that all operate independently and are unable to communicate with one another due to technological incompatibilities.

In addition, blockchains also have no way to communicate with non-blockchain systems, such as traditional databases and APIs.

The State Connector changes this, providing a trustless way for one blockchain to read the state of transactions on any other chain or system. So, not only does it enable information to be passed from one blockchain to another, but it also allows blockchains to tap into other, real-world data sources in a decentralized way.

In a nutshell, the State Connector is a smart contract that allows decentralized, blockchain-based applications to query information from outside the network they’re running on. This is accomplished via a network of independent attestation providers, which are incentivized to gather the requested information and verify it before delivering it to the Flare Network. The State Connector ensures that enough of these independent attestors agree that the information is correct, and if so, it then publishes it to the network. 

In this way, the State Connector can, for example, check to see if a deposit has been made on another blockchain. So if someone pays for their airline ticket using Bitcoin, it can inform an application on Flare or another network the moment that payment has been confirmed.

The State Connector can also power other kinds of dApps that react to real-world events, such as traditional bank transfers, the outcomes of sports events, home purchases, educational attainments, insurance claims, or anything else that might be accessible via an API. 

For the travel industry, this has a lot of potentially transformational implications. A hotel or an Airbnb could start managing their bookings through the blockchain. At present, when a traveler books a hotel through an aggregator site such as Booking.com or Expedia.com, a significant portion (between 10% and 25%) of the price goes on commissions and other overheads. With blockchain, it becomes possible for hoteliers to cut out the middleman, meaning no commissions and cheaper prices for travelers (or more profit for the hotel). 

Flare’s State Connector can be used to enable dynamic pricing to maximize efficiency. Most hotels usually alter their prices based on demand and availability, using complex APIs and third-parties. Hotels can simplify this by using the State Connector to connect to their website’s API in order to retrieve relevant pricing data at lower costs. 

It’s a similar story for the airline industry, where flight bookings are often made through third-parties like Skyscanner. Once again, airline prices are usually dynamic, with tickets costing more during peak travel times and less when fewer people are traveling. With Flare’s State Connector, airlines can sell flight tickets through dApps that are connected to real-world pricing systems via APIs. 

There are even greater possibilities when we combine blockchain with related technologies such as non-fungible tokens. NFTs, as they’re called, can be used to represent each passenger on a cruise ship for example. They could install an app on their smartphone when they board a ship that contains a wallet plus a utility NFT.

The cruise organizer can then create various games and activities tied to the real world via this app where the passengers can earn points throughout their trip. Points would be distributed via an API powered by the State Connector. Those who make a certain amount of points can be given prizes and benefits, such as a free dinner at a restaurant or a massage. These points would be linked to the passenger’s NFT for verification purposes. 

A Winning Combination.

Blockchain technology and the travel industry promise to be a winning combination. It has the potential to put forward-thinking travel service providers at the forefront of innovation while enabling them to build greater trust with their customers through reduced costs and more efficient systems. 

One of the significant challenges in the way of blockchain adoption is the lack of standardization. Using multiple blockchain networks can cause major headaches for an industry heavily reliant on data exchange. This is where innovations like Flare’s State Connector can pave the way forward, providing a simple way for blockchains and other systems to communicate with high trust and transparency. 

Blockchain will have so many positive implications that its implementation in the travel industry is undoubtedly only a matter of time. Industry participants will benefit from lower costs and more efficient systems, but the real winners will be travelers, as blockchain enables a more secure and trustworthy way to travel.

 

Akamai Mitigated Record-Breaking DDoS Attack Against European Customer.

 

On Monday, 12th September 2022, cybersecurity firm Akamai mitigated a distributed denial of service attack (DDos Attack), which has been declared a record-breaking attack in terms of packets-per-second compared to the attack Akamai recorded in July.

For your information, cybercriminals bombard servers with fake requests and traffic to prevent legit visitors from accessing their services in a DDoS attack.

The primary targets of the attack Akamai recorded recently were European companies. It peaked at 704.8 million packets per second, marking the second attack on such a massive scale against the same customer within a short span of three months.

According to Akamai’s Craig Sparling, prior to June 2022, this customer only saw attack traffic against its primary data center. However, unexpectedly, the attack campaign expanded, hitting six different global locations, from Europe to North America.

The attack was thwarted on the same day it was identified. Though not the largest DDoS attack ever, this one raised eyebrows because it was the largest attack against European organizations. The attackers used UDP as their DDoS vector and ICMP, SYN, RESET floods, TCP anomaly, PUSH flood, etc.

Attackers managed to target more than 1,800 IP addresses of a single organization, and the attack was dispersed at six different locations. Akamai noted that this attack originated from the same threat actor that targeted it previously, while the target is also the same unnamed customer based in Eastern Europe.

Previously, the attacker targeted the company’s primary data; this time, they could target 6 data center locations in North America and Europe.

Akamai recorded a humongous 659.6 MPPS DDoS attack back in July. The latest attack was 7% higher than the one in July. The company received 74 DDoS attacks before July, and around 200 attacks afterward. The company stated that this campaign indicates attackers continuously improve their attack techniques to evade detection.

 

Uber Hack – Ride-hailing Giant Investigating Large-Scale Data Breach.

 

Uber Inc. is investigating a cybersecurity incident where a hacker claimed to have breached its internal network and took down multiple engineering and communications systems. Initially discussed on social media the incident affected Uber’s internal Slack messaging, which was shut down after a cybersecurity breach and compromised the company’s data.

What Happened?

Reportedly, on Thursday, Uber employees received a Slack message from someone claiming to be a hacker. The attacker also urged that the company increase its drivers’ pay.

“I announce I am a hacker and Uber has suffered a data breach,” the message read.

For your information, Uber uses Slack for its internal communications system.

After accessing one of the company’s staff member’s Slack accounts, the hacker could compromise Uber’s internal databases, after which they posted an explicit photo on the company’s internal information page for its employees after getting control of its internal systems.

The breach was discovered shortly after, and resultantly, Uber’s IT security team took most of its internal engineering and communications systems offline. An investigation into the incident was also promptly launched.

Data Breach Details.

The unknown hacker claims to have stolen Uber’s exclusive data and shared images of cloud storage, email, and code repositories with cybersecurity experts. As per Yuga Labs security engineer Sam Curry, the hacker seems to have gained full access to Uber’s internal computer systems and carried out a “total compromise.

Meanwhile, Uber has instructed its employees to avoid using Slack, whereas its other internal systems are also inaccessible. Curry also shared a message apparently from an Uber employee which unofficially confirms the breach.

From another Uber employee:

Instead of doing anything, a good portion of the staff was interacting and mocking the hacker thinking someone was playing a joke. After being told to stop going on slack, people kept going on for the jokes.

According to malware analysis platform vx-underground on Twitter, additional screenshots leaked by the threat actor show they allegedly have access to Uber’s AWS instance, vSphere, Google workplace, HackerOne administration panel, and several other platforms used by the San Francisco, California-based ride-hailing giant.

 

Social Engineering at Work.

 According to the New York Times, the hacker used social engineering tactics to infiltrate Uber’s communications system. He sent a text message to a worker at Uber claiming to be a corporate information technology personnel and persuaded the employee to hand over their Slack password.

Afterward, accessing Uber’s systems was pretty easy. The hacker claims that he is eighteen years old and was able to breach the ride-hailing company’s systems because of weak security.

Scammers Leveraging Microsoft Team GIFs In Phishing Attacks.

 

Cybersecurity consultant Bobby Rauch has discovered a new attack tactic in which threat actors exploit Microsoft Team vulnerabilities. According to Rauch, attackers can easily leverage Microsoft Teams GIFs through these vulnerabilities to launch phishing, command execution, and data filtration schemes.

What is GIFShell?

Rauch has named the newly discovered attack technique involving MS Teams GIFs as GIFShell. The technique allows attackers to create a reverse shell to facilitate malicious command delivery via base64-encoded GIFs in MS Teams.

Using a malicious stager executable, the attackers can establish their dedicated MS Teams tenant and start the attack using the GIFShell Python script.

GIFShell installs malware on the device and can sneakily extract data under the guise of harmless GIF images. Rauch noted that the attack entails the exploitation of multiple vulnerabilities in MS Teams to create a chain of command executions.

Furthermore, attackers only need to infiltrate MS Teams and any of the GIFs. Utilizing Microsoft’s web infrastructure, they can unpack commands and install them directly on computers.

Microsoft’s Response

In a blog post, Rauch stated that he notified Microsoft in May 2022. However, Microsoft claims that immediately releasing fixes for the attack is impossible. Moreover, the tech giant stated that the attack techniques “reported” by Rauch don’t meet the requisites for developing an urgent security fix.

Therefore, the best line of defense for you is not to open any GIFs shared by someone on MS Teams.

 

 

WT1SHOP Cybercrime Market Seized by US And Portuguese Authorities.

 

The UD Department of Justice (DoJ) has confirmed that the notorious cybercrime marketplace WT1SHOP has been taken down by the US and Portuguese authorities for its involvement in nefarious activities.

According to the federal criminal complaint against the marketplace, it made millions of dollars by selling PII (personally identifiable information) over the years. This was one of the largest cybercrime marketplaces and offered around 6 million records for sale.

Complaint Details.

According to the complaint filed on 21 April 2022, WT1SHOP was operated by a 36-year-old national of the Republic of Moldova identified as Nicolai Colesnicov. The marketplace offered vendors stolen information including around 1.7 million login credentials like PII, approx. 25,000 scanned passports, driver’s licenses, 108,000 bank accounts, and 21,800 credit cards – Buyers could buy the records using Bitcoin. 

The website had 106,273 registered users and 94 registered sellers as of December 2021. By June 2020, WT1SHOP had sold 2.4 million credentials for $4 million. This included retailers’ and financial institutions’ login credentials, email credentials, PayPal accounts, and ID card details. Moreover, it also sold credentials for remote access and control of computers, network devices, and servers.

Shutting Down of WT1SHOP.

Authorities traced Bitcoin sales on the marketplace, and payments were made to its web host and email IDs. The login information was identified to be linked to Colesnicov. WT1SHOP was seized by Portuguese authorities, and four domains (wt1shop.net, wt1store.cc, wt1store.com, and wt1store.net) were taken down by their counterparts in the USA.

After the website and its domains were seized, the DoJ unsealed the website seizure and criminal complaint. It was announced by the US Attorney for the District of Maryland, Erek L. Barron, and FBI’s Washington Field Office, Criminal Division’s Special Agent in Charge, Wayne Jacobs. 

Colesnicov has been charged with trafficking in unauthorized access devices and conspiracy. He could get a maximum penalty of ten years in federal prison if convicted.

 

 

Samsung Data Breach Exposed Private Data of US Customers.

 

Samsung has announced that it suffered a data breach in July 2022 involving the personal data of US customers. The incident happened in late July this year and was discovered on August 4th, 2022.

According to the South Korean technology giant, the incident resulted in the breach of private user data such as names, dates of birth, product registration data, demographic information, and contact numbers.

Samsun sent out an email alert to its users after a hacker managed to breach the security of the tech giant’s US systems and stole customers’ data.

The company assured that the breach didn’t impact its customers’ credit card numbers and social security data, which was also stored in the system. The company has yet to disclose the number of affected customers but has notified them through an email sent on Friday.

Samsung noted that the breached data may vary according to relevant customers and that none of the consumer devices were hacked by this breach. It also stated that its business operations or customers stayed unaffected.

Nevertheless, the company claims to have implemented necessary measures to prevent similar incidents and offers uninterrupted services to its customers. Samsung has also hired a private cybersecurity and law enforcement agency to investigate the latest incident.

Those impacted in this breach are advised to remain cautious of phishing scams, track their credit profiles, and check Samsung’s privacy policy and FAQs section.

Second Data Breach in 2022

It is currently unclear who perpetrated this attack. But, it is certainly not the first time the tech vendor has suffered a data breach. In fact, Samsung has been a victim of several data breaches in the recent past. In March 2022, the company confirmed suffering a data breach after the Lapsus hackers leaked 189 GB worth of sensitive data online.

 

The Lessons To Learn From Nomad Crypto Hack.

 

In what sounds like a case of gross negligence, Nomad, a new start-up in the cryptocurrency space, lost $190 million in a series of hacks. But in this instance, calling it hacks is being too nice. Usually, hackers require skills and strategies that take time and effort to execute. 

Apparently, in Nomad’s case, the attacks were a “free-for-all” crypto spree where anyone, even people with no prior IT skills, could seize on the platform’s shortcomings and withdraw crypto from its accounts. To make matters worse, the hackers could even withdraw more that was available in the accounts. 

If you’re baffled like we are, grab onto your socks and keep reading to learn more about what might have transpired at Nomad.

What is Nomad Crypto Startup?

Nomad is a crypto wallet or bridge that lets you transfer crypto from one blockchain network to another safely and conveniently. Obviously, not. But crypto bridges work by wrapping tokens on one network to an equivalent amount on another. This might sound complicated, but it’s really not. Think of wrapped tokens as representations of the value of the original token on other platforms. 

Furthermore, Nomad is a blockchain messaging platform that allows players such as developers to share arbitrary data across chains and even make smart contracts. The service makes online collaborations when developing blockchain applications while working from different regions much more convenient.

What Safety Considerations Should You Have When Buying Crypto?

It’s unfortunate, but the world of cryptocurrency is cutthroat in every sense of the word. On the business side, hundreds of currencies exist, and more are joining the market every day, driving up the competition. There are also hundreds of different crypto products at various stages of their development process. Furthermore, we are also only starting to understand the real implications of blockchain technology and cryptocurrencies.

Unfortunately, this has also created the perfect storm for scammers and players with malicious intent to thrive. For instance, in the case of Nomad, even though we still maintain that this is a case of gross negligence, it also reflects the prevalent evils in this space. However, vulnerabilities, where anyone can just walk into a platform and withdraw more than there is, should not exist in the first place. 

The pill is easier to swallow when you hear hackers went on a phishing expedition or discovered a system flaw that moves the industry’s security forward. As such, you should be very keen with any dealings or transactions you make with crypto to avoid being one of the victims. 

One way to protect yourself is to buy crypto with a prepaid card that does not link back to your primary accounts or personal information. This will limit your risk of losing more than is on the prepaid card if you get hacked or compromised somehow. 

You should also only sign on to crypto services like bridges, wallets, exchanges, and currencies on reputable platforms with a proven safety record. As important as first adapters are to the product introduction cycle, we can all agree it’s safer to step back from new ones in the crypto scene. This will ensure you’re not one of the people who lose their investments from hacks like the one witnessed at Nomad.

A problem to Solve

The truth is that stories of people invested in a new crypto venture losing their money are common in the news today, and we have all but grown numb and accustomed to them. But it should not be this way. 

For far too long, hackers and ill-prepared crypto platforms have cost far too many their crypto investments and confidence in the system. And even though, in Nomad’s case, they have attempted to recover the lost funds, we think it’s time authorities take a hard look at the crypto industry and provide ulasting solutions to the problems that plague it.

 

 

Worok Hackers Targeting Orgs, Govts In Asia, Middle East And Africa.

 

ESET telemetry has discovered a new malware campaign targeting local governments and high-profile organizations in Asia, the Middle East, and Africa.

In the recently discovered targeted attacks, undocumented tools are being used by a lesser-known cyberespionage group identified as Worok discovered by ESET researcher Thibaut Passilly.

This group has been active since 2020, when it targeted governments and organizations in multiple countries, including a telecom firm in East Asia, a bank in Central Asia, and a Southeast Asian maritime sector firm.

Worok is primarily targeting organizations in banking, telecommunication, marine, military, energy, public sectors, and government in its current campaign. The group claims to be a cyberespionage collective that develops its own tools and uses existing tools to compromise the target. Its custom toolset in 2021 included:

• CLRoad (a first-stage loader).
• PNGLoad (a second-stage loader).
• A full-featured PowHeartBeat backdoor written in PowerShell.

The backdoor can command and process execution and perform file manipulation. 

Campaign Details

According to ESET’s research, attackers sometimes exploited the infamous ProxyShell vulnerability (CVE-2021-34523) discovered in 2021 to gain initial access. Malware operators are looking to obtain sensitive information from their targets as their focus has been on “high-profile entities in Asia and Africa,” and they have targeted both public and private sector firms. Besides, they are also focusing on government entities.

After gaining initial access, the operators deploy numerous publicly available tools for further infiltration, including EarthWorm, Mimikatz, NBTscan, and ReGeorg. Then they deploy their custom implants, including a first-stage loader followed by a second-stage .NET loader. The researchers could not identify the final payloads.

After observing the Worok group’s activity in 2020, ESET noticed a break between May 2021 and January 2022, and then it resurfaced in February 2020, during which it targeted an energy firm in Central Asia and a public sector organization in Southeast Asia.

Twitter Confirms Data Breach as 5.4M Accounts Sold On Hacker Forum.

 

Twitter was forced to investigate the incident when a hacker offered the personal details of 5.4 million Twitter users on a hacker forum for $30,000 last month.

On Friday, Twitter confirmed that a threat actor exploited a vulnerability that risked user privacy on the platform. The company revealed that this breach had a “global impact,” and it is yet unclear exactly how many Twitter accounts got impacted.

Details of the Breach.

According to Twitter’s press blog, the vulnerability was exploited to match private data with pseudonymous Twitter accounts. Reportedly, the vulnerability lets a bad actor match phone numbers or email IDs to any Twitter account linked to that information and identify the user.

A Twitter spokesperson explained that passwords weren’t compromised in this breach that occurred in January 2022.

It is worth noting that around two weeks back, a hacker named “Devil” was offering email IDs and phone numbers linked to the impacted accounts on a hacker forum which surfaced as an alternative to popular and now-sized Raidforums. The hacker was selling the data for no less than $30,000. 

The post was connected to a vulnerability in Twitter, which was discovered in January 2022 by a security researcher. The flaw was discovered via HackerOne’s bug bounty platform used by Twitter. Twitter paid HackerOne bug bounty worth $5,040 for the issue.

The bug that caused the breach originated from an update to Twitter’s code in June 2021 and was fixed quickly, said Twitter.

On the other hand, according to the hacker, the impacted accounts were of “celebrities, OGs, and companies, among others.” On 22 July 2022, Twitter announced to investigate the information posted by Devil.

On Friday, it confirmed that the data was legitimate and was stolen by exploiting the same bug that was fixed. 

The Nation-State Hacker Connection.

The social media giant urges users to avoid adding information like a publicly known email ID or contact number to their Twitter accounts if they want to protect their identity from nation-state actors and other hackers. 

Twitter further added that people with anonymous accounts could be easy targets for state-backed hackers. The data could be valuable for countries like China, Russia, North Korea, Iran, or Saudi Arabia as state actors are always looking for private accounts and often employ social engineering to reveal personal information.

Affected users will be notified accordingly. The company has decided to publish the update as it cannot confirm every account impacted by this breach. Although passwords weren’t exposed, the company asked users to enable 2FA and other security measures. It is, however, unclear if the hacker sold the data or not.

 

 

 

LockBit Ransomware Gang Blames Victim For DDoS Attack On Its Website.

 

LockBit Ransomware Gang claims its leak site was hit by a massive DDoS attack allegedly carried out by security company Entrust.

The LockBit ransomware gang’s data leak website has been taken offline through a DDoS attack (distributed denial of service attack). The attack seems to respond to the group’s exposure of data stolen from security firm Entrust.

Entrust Breach Details.

Security firm Entrust was targeted in a cyberattack on 18 June 2022. The firm notified its customers regarding the data breach on July 6th. The intrusion was publicly disclosed on 21 July after a security researcher accessed a copy of the company’s data breach notification sent to its customers. A ransomware attack was suspected of targeting Entrust, but the operators weren’t named.

On August 18th, the LockBit ransomware gang took responsibility for Entrust data breach. It threatened the firm to leak the entire trove of data, approximately 30GB if the company refused to pay the ransom within 24 hours.

Per researcher Soufiane Tahiri, who accessed a copy of the communication between the LockBit gang and Entrust, the attackers initially demanded $8 million in ransom. They later reduced it to $6.8 million, while Entrust claimed it could only pay $1 million.

DDoS Attack Details.

As soon as LockBit ransomware operators started publishing data stolen from Entrust, their Tor-based leak site received a DDoS attack. Cisco Talos researcher Azim Shukuhi revealed that the LockBit group claimed to receive 400 requests per second from over 1,000 servers.

The requests included a string forcing the ransomware operators to delete the data. It is currently unclear who launched this DDoS attack. Their website (LockBit 3.0) is currently offline.

According to LockBit, Entrust is responsible for DDoSing its website, but the company is least likely to admit it even if it is actually involved because of being a legit cybersecurity-oriented firm. It could also be the work of a rival ransomware group that wanted to target LockBit operators and blame Entrust.

LockBit Operators Hit Back After Website Taken Offline.

The gang has vowed to employ aggressive tactics in retaliation to a DDoS attack on its website. In a tweet, the group claimed it would attack its targets with a triple extortion model instead of their previously preferred double extortion model. The group announced that it is recruiting new members as part of its modified strategy.

For your information, triple extortion is a recently devised method to target victims. This technique was recently used in attacks by the REvil group. This method adds an additional layer of threat, such as a DDoS attack against the victim to force them to pay. 

Conversely, in the double extortion technique, hackers steal data and encrypt it on their targeted device before asking for ransom. Additionally, LockBit will start including randomized payment links in its ransom notes to make it difficult for countering tactics like DDoS to affect their payment site.

 

 

 

 

LastPass Security Breach – Hackers Steal Company’s Source Code.

 

World-leading password manager, LastPass, is the latest victim of a security breach. In an advisory, the company confirmed the stealing of its internal source code and technical documents. LastPass is owned by GoTo and boasts over 25 million users and serves around 80,000 businesses worldwide.

Incident Details.

On 25 August 2022, LastPass’s CEO Karim Toubba confirmed that an unauthorized party stole some portions of its internal source code and proprietary technical information. The company revealed that an attacker broke into one of its developers’ accounts and gained access to proprietary data.

The company stressed on the breach occurred through a “single compromised developer account. It noted that all of its products and services are “operating normally,” and that the situation is under control. The breach took place around two weeks back.

How the Breach was Detected?

The break-in was detected after unusual activity was noticed in the LastPass computer network’s development area. The security breach was promptly contained and the company took necessary steps to prevent another intrusion from happening. 

According to LastPass’ blog post, the company also outsourced infosec experts to investigate the incident. An investigation was launched and it was later confirmed that the cybercrook couldn’t access customer data. Per LastPass CEO, the company will ramp up its network defenses. 

What About User Passwords?

For your information, LastPass provides a software vault where usernames and passwords are stored in pairs to allow users to log in to websites. This makes it tougher to crack passwords. 

After the breach, a lot of speculations emerged about the safety of passwords. The company addressed these concerns by explaining that master passwords are safe and weren’t compromised or accessed by the hacker. LastPass also added that vault contents also remained untouched.

LastPass noted that it doesn’t keep a copy of users’ master passwords as that’s for the user to memorize and protect. The Massachusetts-based company insisted that encrypted user passwords are safe due to the zero-knowledge architecture it has implemented.

 

 

 

5 Signs Your WordPress Site Is Hacked (And How to Fix It).

 

Currently, there are over 455 million websites powered by WordPress which highlights the fact that this open-source content management system is a lucrative target for cybercriminals and why security should be the top priority of WP users.

Yes, there are signs that your WordPress or any website has been hacked, and yes there are ways to fix it. This article offers five ways you can tell if your website has been hacked, and then offers a few ways to solve the hack.

Remember that a malicious attacker has several ways of gaining access. It may be malware or a nefarious plugin, but it may be something more sinister like your email has been hacked or your smartphone/computer has spyware. Here are a few signs that your website has been hacked.

1 – You Are Unable to Log Into Your Account

If you are unable to log into your account, then that is a classic sign that you have been hacked. Yet, despite being a classic sign, it is one of the least common issues. Many hackers don’t want you to notice that you have been hacked. This allows them to keep gathering your customer information and/or keeps you working on your website so they can keep exploiting it. 

There are some great WordPress hacks where you have to log in two or three times. It will say that your password is incorrect the first one or two times, and the third time it will let you in. This is because the WordPress hack is actually processing your request. By your third attempt at your real password, you are allowed access and any trace of the hacker has disappeared.

2 – Unknown Files and Scripts

For those of you who know about programming, you may be able to scrub your own website clean of any malware and security risks. If you have the skills, you can look over your WordPress code, you may notice unknown scripts and possibly unknown files in your WordPress. This is often because of nefarious plugins leaving their files behind that may be used by hackers or other malware at a later date.

3 – Your Website Started Going Slow

This is a signal that somebody is using your website for nefarious reasons. It can be anything, from people hotlinking from your images and using up your bandwidth, to spammed people being redirected from your Google safe website to one of their nefarious ones.

Another reason your website may take a lot longer to load than is normal is that it may be compromised and used as part of a botnet on a larger scale. In 2018, researchers identified 20,000 compromised WordPress websites working as a botnet to carry out cyber attacks.

4 – Odd Additions to Your Website

A silly trick is to add pop-ups to your website. It is silly because it alerts you to the hack and causes you to react. In reality, they will add links to spam websites where your innocent viewers will be ripped off. After a while, you will be banned by search engines for being a suspicious website.

5 – Your Traffic or Affiliate Revenue is Down

This is another classic sign that your website has been hacked. The attacker is using your traffic and maybe even your affiliate money for his or her own ends. Often, it is odd behavior in your analytics that alerts you to a WordPress hack.

How to Fix it

First things first, you’ll need to identify the source of the attack. If not, you can check your server access logs. Once you know where the attack came from, you can take steps to block that IP address.

Then you need to start changing your passwords – for your WordPress account, as well as any FTP or hosting accounts associated with your site. Be sure to use strong passwords that are difficult to guess.

In addition, you could change the primary email for WordPress just in case that is the problem. You need to go through your plugins to figure out if any of those have caused the problem. If you have a security plugin installed, check its logs to see if there are any clues.

You need to go through the people you have given permission to because they may have fallen for a WordPress scam or a fake website and unknowingly given their information away.

You may also need to suspect your web host too because they are often hacked or expose customer data online without any security authentication.

If you are still unsure get in touch with a website security company like Sucuri or a service like WP-Masters to let them run through your website, fix it up, remove the hackers, remove the malware, and regain full control over your website. It is often the only definitive way to regain full control of your website. Finally, you’ll need to clean up any malicious code that may have been injected into your site.

 

 

 

 

 

 

Anonymous Hacked Russian Yandex Taxi App Causing A Massive Traffic Jam.

 

Russia has been one of the prime target of hackers since the country waged war against Ukraine. The latest attack was targeted against a ride-hailing service Yandex Taxi.

For your information, Yandex Taxi is owned by Yandex, Russia’s leading IT corporation, also called Russian Google. It is worth noting that the EU sanctioned the company’s co-founder Arkady Volozh for “de-ranking and removing” content related to Russian aggression against Ukraine.

Incident Details.

After hacking the Yandex Taxi app, the unknown hackers created a massive traffic jam in Moscow, Russia. On September 1st, 2022, motorist complaints emerged after they witnessed an unusual accumulation of taxis in the Russian capital’s western area. 

What happened was that the attackers ordered all available taxis to a particular address, and an unprecedented traffic jam ensued as dozens of Yandex drivers were stuck due to being in the exact location.

According to Forbes Russia, the cabs were directed to one of the main avenues in Moscow, Kutuzovsky Prospekt, which is widely known for the Stalinist-era building called Hotel Ukraina (Hotel Ukraine).

The traffic jam lasted three hours. Yandex’s security team quickly addressed the standstill and promised to improve the algorithm to prevent such attacks in the future.

Who’s Responsible for the Hack?

The online hacktivist collective Anonymous has taken the responsibility for the cyber attack.

 

 

Important Notification Phishing Scam Targeting American Express Customers.

 

In this phishing scam, the email is designed to appear as an authentic American Express notification. The email subject reads: “Important Notification About Your Account.” 

Armorblox security researchers have uncovered a new phishing campaign in which attackers are targeting American Express customers.

As per researchers, in this phishing scam, scammers lure American Express cardholders into opening an attachment and try to steal confidential data to access their accounts.

In this financially motivated campaign, attackers first send a spoofed email of the much-recognized card brand and ask the customers to click on the link included in the email attachment. 

Using social engineering and brand impersonation, the attackers lure their targets onto fake and malicious landing pages.

When the victim clicks on this link, they are redirected to a fake American Express landing page. This page is also crafted smartly to resemble the original American Express login page, including the company’s genuine logo, navigational links, and a link to download the American Express app.

In reality, scammers are using a customised domain for this attack. Once there, victims are prompted to sign in to verify their accounts. They enter their user ID and password.

The Legit-looking Phishing Email

In this phishing scam, the email is designed to appear as an authentic American Express notification. The email subject, according to Armorblox’s blog post, reads: “Important Notification About Your Account.”

It informs the recipient to verify their account. Otherwise, the company will suspend it.   The phrase “This is your last chance to confirm it before we suspend it” is included to create a sense of urgency. Victims are requested to complete a one-time verification process to update their credentials and prevent suspension of their accounts.

The email content is created wisely so that a sense of trust is evoked in the recipient.   For instance, it includes the American Express logo on the top left, and a signature is featured at the end to deceive the users into believing that the company’s customer service team sent the email.

Prime Targets

Armorblox co-founder and CEO DJ Sampath stated that financial firms are more frequently targeted with credential phishing scams. The main targets of this scam are holders of American Express charge cards.

What’s note worthy is that the phishing scam has bypassed Google Workplace Security successfully, and so far, the email has been sent to around 16,000 email addresses of American Express employees. 

How to Identify a Phishing Scam?

Most people are familiar with the term “phishing” but may not know how to identify a phishing scam. Phishing is a type of online fraud that involves tricking someone into giving personal information such as passwords, credit card numbers, or banking information. Scammers do this by sending fake emails or setting up fake websites that look like the real thing.

Here are some tips to help you spot a phishing scam:

• Be suspicious of any email or website that asks for personal information such as your password, Social Security number, or credit card number. Legitimate companies will never ask for this information via email or an online form.
  
• Phishing attempts almost always contain a link, downloadable attachment, or directive telling people to do something ASAP.
  
• There are often a lot of spelling mistakes, but not always.
  
• The email or message can instill a sense of urgency to get people to act quickly without thinking.
  
• It may be a threat or even blackmail, as is the case with sextortion phishing scams.
  
• The email signature will usually look strange or different from normal.
  
• Phishing emails or messages aren’t always from strangers. Sometimes they’re sent from the compromised accounts of friends, coworkers, or other contacts.
  
• Inspect the URL of any website you’re directed to from an email before entering any information on it.

 

 

 

 

Sephora Fined $1.2 Million For Breaching CCPA And Selling User Data.

 

Sephora claims it respects consumer privacy and “strives to be transparent about how their personal information is used” to improve customer experience.

The world’s leading cosmetics and beauty products manufacturer Sephora will pay a fine of $1.2 million to settle claims with a California district court.

The fine was brought under the California Consumer Privacy Act (CCPA) 2018 after more than a hundred retailers were examined for compliance with the act. The law was implemented primarily to ensure consumers can control the kind of data businesses can collect.

The Accusation

The company allegedly breached the California Consumer Privacy Act by ignoring to inform its customers that it sold their data. The company also failed to honor consumer requests to avoid selling their data by using the opting-out feature on its website.

Furthermore, Sephora ignored customers’ requests who signed through a Global Privacy Control supporting browser/extension and didn’t want to sell their private data. Instead, it allowed third-party firms, including marketing, advertising, and data analytics companies, to access its customers’ online activities in exchange for their services.

To do so, third parties created profiles of customers and accessed personal data like their shopping cart items, device details, and location, court documents revealed. The court was further informed of the following:

 “Consumers are constantly tracked when they go online. Sephora, like many online retailers, installs third-party companies’ tracking software on its website and in its app so that these third parties can monitor consumers as they shop. Third parties track all types of data; in Sephora’s case, third parties can track whether a consumer is using a MacBook or a Dell, the brand of eyeliner that a consumer puts in their “shopping cart,” and even the precise location of the consumer.”

“Some of these third-party companies create entire profiles of users who visit Sephora’s website, which the third parties then use for Sephora’s benefit. For example, the third party might provide detailed analytics information about Sephora’s customers and provide that to Sephora, or offer Sephora the opportunity to purchase online ads targeting specific consumers, such as those who left eyeliner in their shopping cart after leaving Sephora’s website. This data about consumers is frequently kept by companies and used for the benefit of other businesses, without the knowledge or consent of the consumer.”

Sephora’s Response

However, Sephora claims it respects consumer privacy and “strives to be transparent about how their personal information is used” to improve customer experience.

“Sephora was not the target or victim of a data breach, and this agreement with the California Office of the Attorney General (“OAG”) does not constitute an admission of liability or fault by Sephora. We have always cooperated fully with the OAG and Sephora’s practices are already in compliance with the CCPA.”

Furthermore, Sephora explained that it uses data “strictly for Sephora experiences” and that the CCPA doesn’t define SALE in its conventional sense. That’s because traditionally, Sale entails industry-wide implemented standard practices like cookies that allow the company to provide its customers “more relevant Sephora product recommendations,” customized shopping experiences, and advertisements.

Consumers can simply opt-out of this by “CA- Do Not Sell My Personal Information. The link is available on the Sephora website footer, the company said.

According to Segev, “Business leaders are tasked with finding ways to leverage data to create new revenue streams. Especially with the shift to remote work, permissive access and applications like Google Drive or Slack make it easy to access and spread information across a business.”

“The people or teams involved may have believed they were permitted to monetize this data. How many businesses are prepared for this kind of action? Security and risk teams need a simple way to answer basic questions like What data do I have? Where is it now? Who is accessing it? How should it be governed and secured? Those are questions you need answers to at your fingertips, not something to be found after a lengthy audit process following a security incident,” Segev emphasized.

CCPA Details

The law entails that Californian consumers are entitled to know what information a business can collect, how they can use it, and the option to delete the data a company collected from them.

For your information, the act applies to for-profit retailers doing business in California earning gross annual revenue of more than $25 million and also to companies that buy, sell, or receive the personal data of 50,000+ devices, residents, and households in California and derive over 50% of their annual revenues from selling the residents’ private data.

The settlement resulted from a year-long Enforcement Sweep channeled by California Attorney General Rob Bonta. He investigated Sephora and many other businesses to check if any of them breached the CCPA.

 

 

 

 

European Spyware Vendor Offering Android And IOS Device Exploits.

 

The proposal documents were leaked on a Russian hacking forum showing Intellexa is offering remote data extraction from Android and iOS devices in exchange for $8 million. 

Intellexa is a spyware firm based and regulated in Europe. The company has six offices and R&D Labs spread across the EU. It has emerged as the rival of NSO Group, the company behind the infamous Pegasus Spyware since, reportedly, the company is offering Android and iOS hacking services for $8 million. 

The company, founded by entrepreneur Tal Dilian, claims that it helps intelligence and law enforcement agencies across the globe with its “best-in-class Nebula platform.” Last year, Citizen Lab published a report on Cytrox's Predator iPhone Spyware, in which Intellexa was mentioned. The spyware was used to target a lawmaker in Greece, and reportedly, Cytrox was linked to the Intellexa Alliance.

The same firm also made headlines in November 2019 when authorities in Cyprus confiscated a surveillance van belonging to Intellexa. The surveillance van was equipped with hacking tools capable of hacking, cracking, and tracking any smartphone.

On August 24th, 2022, malware source code providing platform Vx-Underground came across some undated leaked documents containing details of a proposal by Intellexa to offer remote data extraction from Android and iOS devices in exchange for money. In its tweet followed by leaked documents screenshots, Vx-Underground noted that: “Leaked Documents Online Show $8,000,000 iOS Remote Code Execution Zero Day Exploit.”

Intellexa’s offer includes ten infections for Android and IOS devices and The Magazine of 100 Successful Infections. The documents are titled Proprietary and Confidential, which revealed that the exploits work on iOS 15.4.1 and Android 12 updates.

It is worth noting that iOS 15.4.1 was released in March 2022, and this offer includes exploits for this version, so Intellexa must have offered this package recently.

So far, Apple has released three security updates since the mobile operating system release, so presumably, the iPhone maker has patched multiple o-day vulnerabilities possibly exploited by Intellexa. However, it is also possible that the exploits it is offering may remain unpatched.

Researchers say that Intellexa is asking for $8 million for an iOS exploit. The offer is valid for a platform including stolen data analysis and a 12-month warranty.

As per Vx-Underground, although the documents have no date, the screenshots it received were posted on a Russian hacking forum on 14th July 2022.

 

 

Hackers Spreading Malware Through Images Taken By James Webb Space Telescope.

 

 

Researchers have identified a new Golang-based malware campaign leveraging deep field images from the James Webb Space Telescope to deploy malware on infected devices. 

National Aeronautics and Space Administration’s (NASA) James Webb Space Telescope is known for the stunning images from space that it has been delivering us since its launching. Given its superior technology, the telescope can capture the earliest galaxies created shortly after the Big Bang.

Reportedly, hackers are also aware of their popularity and have decided to monetize from it.

Beware of Images Containing Malware

Securonix security researchers have identified a new Golang-based malware campaign leveraging deep field images from the James Webb Space Telescope to deploy malware on infected devices.

Dubbed GO#WEBBFUSCATOR, this persistent campaign highlights the increasing preference of malware operators for the Go programming language, probably because of its cross-platform support that lets hackers target different operating systems through a common codebase.

Attack Details

In their report, researchers D. Iuzvyk, T. Peck, and O. Kolesnikov explained that this campaign involves sending phishing emails that contain a Microsoft Office attachment named Geos-Rates.docx. The file is downloaded as a template.

 These emails are the attack chain’s entry point. When the attachment is opened, an obfuscated VBA macro is auto-executed if the recipient has enabled macros. When executed, the macro downloads an image file titled OxB36F8GEEC634.jpg. 

This appears to be the image of the First Deep Field sent from the telescope, but in reality, it is a Base64-encoded payload. The Windows 64-bit executable binary is 1.7MB in size. It can easily evade antimalware solutions and uses a technique called gobfuscation to utilize a Golang obfuscation tool, which is publicly available on GitHub.

According to researchers, crooks are using encrypted DNS queries/responses to communicate with the C2 server through which the malware can accept and run commands sent via the server through Windows Command Prompt.