Google has identified this campaign and has put out a warning notification to over 14,000 targeted users to stop the attacks in track.

The campaign was detected in late September and accounts for a larger than usual batch of government-backed attack notifications that Google sends to targeted users every month.

Google issued a warning message, indicating these are not compromised notifications but safety measures; the warning was issued after part of the campaign was blocked.

“If we are warning you there’s a very high chance we blocked. The increased numbers this month come from a small number of widely targeted campaigns which were blocked,” said Google.

TAG sent a above average batch of government-backed security warnings yesterday. Some info for people who got the warning and a reminder what it means:https://t.co/ozlRL4SwhG

and also in this

— Shane Huntley (@ShaneHuntley) October 7, 2021

The campaign from APT28 lead to a larger number of warnings for Gmail users across various industries.

Shane Huntley, Google’s Threat Analysis Group, said, “Fancy Bear’s phishing campaign accounts for 86% of all the batch warnings delivered this month. So why do we do these government warnings then? The warning really mostly tells people you are a potential target for the next attack so, now may be a good time to take some security actions.”

Who is APT28 or Fancy Bear?

APT28 has had multiple identities, such as Pawn Storm, Sofacy Group, Tsar Team, and STRONTIUM. However, it is now infamously known as Fancy Bear. The name comes from a coding system security researcher Dmitri Alperovitch uses to identify hackers.

Known to be operational since the mid-2000s, Fancy Bear’s methods are consistent with the capabilities of state actors. It is known to target government, military, and security organizations, especially Transcaucasian and NATO-aligned states for data theft and espionage activity.

Fancy Bear has carried out cyberattacks on the German parliament, the Norwegian parliament, the French television station TV5Monde, the White House, NATO, the Democratic National Committee, the Organization for Security and Co-operation in Europe and the campaign of French presidential candidate Emmanuel Macron.

Classified as an advanced persistent threat (APT), the threat actor uses zero-day exploits, spear phishing and malware to compromise targets.

See also: Russia-based APT28 Linked to Mass Brute-force Attacks Against Cloud Networks

Reference: https://en.wikipedia.org/wiki/Fancy_Bear

The post Russia-linked APT28 Phishes 14,000 Gmail Users in a State-sponsored Phishing Campaign appeared first on CISO MAG | Cyber Security Magazine.

An unknown hacker, who premeditated the attack, permeated the streaming platform with intentions to disrupt the services and cause reputational harm.

The leaked link contains items like Git repository history, subscription rates, payments made to creators, and an unreleased game distribution service from the parent company Amazon.

We can confirm a breach has taken place. Our teams are working with urgency to understand the extent of this. We will update the community as soon as additional information is available. Thank you for bearing with us.

We can confirm a breach has taken place. Our teams are working with urgency to understand the extent of this. We will update the community as soon as additional information is available. Thank you for bearing with us.

— Twitch (@Twitch) October 6, 2021

 Reports revealed that the hack did not include Twitch user information like login details or personal information, the target was the creator community whose pay-out details were made public.

The leak includes:

• Entirety of Twitch, with its Git commit history going all the way back to early beginnings
• Payments for the top Twitch creators
• Every property that Twitch owns, including IGDB and CurseForge
• Mobile, desktop, and video game console Twitch clients
• Proprietary SDKs and internal AWS services used by Twitch
• Every other property owned by Amazon Game Studios
• Twitch internal security tools

#Twitch got leaked with over 120Gbs data on 4chan. Here’s the shortened link for the original 4chan post https://t.co/vWO0P0pKdm pic.twitter.com/jVXwU8w3Rw

— inversecos (@inversecos) October 6, 2021

Precautionary Measures

Though there has been no evidence of user data being abused or leaked, as a preventive measure, all Twitch account users are advised to activate two-factor authentication and change their passwords with immediate effect.

In response, Twitch on its blog shared an update on the incident, “Out of an abundance of caution, we have reset all stream keys. You can get your new stream key here: https://dashboard.twitch.tv/settings/stream.”

Social media platforms and streaming platforms are a source of entertainment, communication, and income to billions of users around the globe. Any kind of disruption has huge ramifications on the service provider and the user community. The recent Facebook outage is an example of the fragility of the virtual world. Sponsored attacks, hate attacks, technical vulnerabilities, and cyber espionage, to name a few, are variables that need to be treated with precaution and a well-thought incidence response approach.

The post Hacker Leaks Twitch Source Code on 4chan appeared first on CISO MAG | Cyber Security Magazine.

By Brian Pereira, Principal Editor, CISO MAG

The chief guest was Satish Chandra Jha, Chairman of India’s NTRO (National Technical Research Organization). In his opening speech, Jha said, “India has a large IT footprint in the Internet domain. India has about 500 mn Internet users and over 1.5 bn IoT devices. All this fuels economic growth and creates new commercial opportunities. It also presents a challenge of securing cyberspace. Cybersecurity and some of the recent attacks like Stuxnet are serious. Cyberthreat vectors are becoming sophisticated and targeting infrastructure that supports essential services like Power & Energy, Banking & Finance, Transport, Information, and Telecommunications. And if these systems are impacted it will paralyze the nation. These sophisticated attacks outpaces our response.”

Jha said there is little coordination among nations to contain these sophisticated attacks. He cited industry data points to quantify the impact of the attacks and the opportunities for startups and cybersecurity professionals.

“Organizations are spending US$120 billion annually on cyber initiatives. Of this, India is expected to spend US$25 bn. This presents a great opportunity for young cybersecurity professionals, startups, and micro, small and medium enterprises to showcase their expertise,” said Jha.

Global estimates indicate the loss due to cyber incidents is around US$5 – 6 trillion, annually. This does not include loss due to disruption of business impact on the reputation of the company.

“We have a collective responsibility to ensure that the attacks do not impact Digital India initiatives or impede our efforts to be a US$5 trillion economy by 2025,” said Jha.

Conference tracks

The conference had two days of research talks, workshops, panel discussions, dedicated tracks (StartVille, macOS/iOS), hacker talks, CTFs (Capture The Flag), and specially designated sessions like Resume Clinic, Red Team Village, and Soldering Village. In addition, there was an exhibition area (titled AMMO) showcasing the latest security tools.

Lots of students and youngsters could be seen participating in CTFs like SCADA CTF (a live demo of attacks against PLCs (programmable logic controllers) and RTUs (remote telemetry units). These are hacking competitions with team participation.

CISO MAG asked Siddhartha Malladi, a second-year undergraduate student why he was participating in the Hardware CTF and what brings him to NULLCON every year.

“This is the second time I am attending NULLCON. I am amazed at all the talks especially those given by the international speakers. This year I am playing in the Hardware CTF since I have a background in electronics and communications engineering. We are team of six students and have come here to meet like-minded people and build our network. Right now, our team is in the seventh position in this competition. We are keen to attend the StartVille (startup track) but we have to be here to participate in the competition,” said an elated Malladi.

The CXO track had some engaging panel discussions with the participation of CXOs from organizations like Bharti Airtel, Adani Group, OLAM International, PayPal, E&Y, NTRO and others.

Speaking to CISO MAG on the sidelines of the event, Venkatesh Subramaniam, Global CISO, OLAM Information Services Pvt. Ltd, said, “I am here in the capacity of a speaker. But I come to NULLCON to network with my peers. It’s also for the technical learning. Events like NULLCON give me an opportunity to understand what my peers are doing and what is happening in their organizations. The platform enables a good informal exchange of information. We discuss each other’s pain points. And we also get an update on where the industry is heading.”

In conclusion, we must mention that NULLCON is an event not to be missed if you are a cybersecurity professional or want to make a career in cybersecurity. There are also recruitment and internship opportunities as the participating startup companies use this event to source talent. There are exciting hacking competitions and bug bounty programs to pursue as well.

It was well worth the three days we spent here, with plenty of networking opportunities and a lot of learning.

Brian Pereira was hosted by NULLCON in Goa for this conference.

The post NULLCON Stresses Need for International Cooperation to Mitigate New Threat Vectors appeared first on CISO MAG | Cyber Security Magazine.

The report, “2019 Internet Crime Report”, exposed that a total of 1,707,618 complaints with US$10.2 billion losses were reported in the last five years. It stressed that phishing and extortion remain the popular ways used by attackers to scam people while adding that hackers are using sophisticated techniques for their malicious activities, making it harder for security pros to detect. The most financially toiling complaints involved business email compromise, confidence fraud, and spoofing. The losses incurred from cyberattacks amounted to over US$54 million while cybercriminals netted over US$8.9 million from ransomware attacks. The FBI notified said that the complaints came from victims from 48 countries.

IC3 has been focused on providing reliable and convenient reporting mechanism for the public to submit information to the FBI concerning suspected Internet-facilitated criminal activity. The officials at both FBI and IC3 also urged individuals and enterprises to continue reporting crimes.

“We encourage everyone to use IC3 and reach out to their local field office to report malicious activity. Cyber is the ultimate team sport. Working together we hope to create a safer, more secure cyber landscape ensuring confidence as we traverse through a digitally-connected world,”  said assistant director of the FBI’s cyber division Matt Gorham in the report.

Recently, the FBI and the U.S. Department of Justice seized the domain “weleakinfo.com” for selling sensitive information that was hacked from other sources for the past three years. According to the official notice, published by the U.S. Attorney Jessie K. Liu of the District of Columbia and Special Agent in Charge Timothy M. Dunham of the FBI’s Washington Field Office, WeLeakInfo sold access data of more than 12 billion user records that included: names, usernames email addresses, phone numbers, and passwords for online accounts.

The post Hackers Made US$3.5 Billion in 2019 from Cyberattacks appeared first on CISO MAG | Cyber Security Magazine.