Share This

Showing posts with label Cybersecurity. Show all posts
Showing posts with label Cybersecurity. Show all posts

Wednesday, 11 December 2024

Beef up cybersecurity now

 

Cyberattacks likely if action not taken, says bukit aman



KUALA LUMPUR: Companies and organisations must beef up cybersecurity to prevent breaches and cyberattacks, says Bukit Aman.

Bukit Aman Commercial Crime Investigation Department (CCID) director Comm Datuk Seri Ramli Mohamed Yoosuf (pic) said cyber attacks are quite prevalent worldwide with millions of attacks per year and tens of thousands daily.

“Thus, it is imperative for companies and organisations to beef up their cybersecurity systems such as firewalls to prevent breaches.

“If it is not done, sooner or later, an organisation or entity might face a cyberattack,” he told The Star recently.

Comm Ramli said the CCID is working closely with other agencies such as Cyber Security Malaysia and the Malaysian Communications and Multimedia Commission to take action on data breaches.

He said the CCID managed to bust a syndicate that attempted to sell stolen data in September.

“We detained five men, including a Pakistani, in an operation codenamed Ops Kapas, with other agencies, including Cyber Security Malaysia.

“The syndicate stole 400 million pieces of data of Malaysians, including names, MyKad, addresses, bank accounts and phone numbers.

ALSO READ: Smaller firms lack budget for cybersecurity

“They had hacked systems used by companies and agencies to obtain the data.

“Those who want access to the data are charged between RM200 and RM800 per month,” he said.

(Click To Enlarge)(Click To Enlarge)

Investigations showed the syndicate was operating for about a year.

“Two of those detained – a Malaysian and a Pakistani – were a web portal designer and a hacker.

“Three other individuals were agents and unlicensed debt collectors, who bought the stolen data,” he said.

Investigations showed the Pakistani man as the syndicate’s mastermind due to his hacking skills.

“We believe he entered Malaysia as a general worker 10 years ago,” he said.

Comm Ramli said syndicates are using the “shadow world” of the Internet to look for potential customers of the stolen data.

ALSO READ: Shields up around Malaysia’s cyberspace

“The syndicate would sell the stolen data on the dark web to other syndicates such as scammers as well as unlicensed debt collectors,” he said.

Meanwhile, checks by The Star on the dark web showed that transactions are made using cryptocurrency, particularly bitcoin, which makes following the money trail difficult.

Among the finds on the dark web was the alleged sale of staff members’ and customers’ data of a low-cost airline.

Another search result showed that hackers have sourced the login ID of users of different banks from different countries and were promoting their service which includes transferring any amount of money for a fee.

“We have gathered bank logins of different banks and countries as a result of automated Malware/Trojan we spread online once the individual logs into his/her online banking account, it grabs the person’s banking details, it is very powerful and can get access to accounts, bank database and bank server,” the promotional literature of the service read.

(Click To Enlarge)(Click To Enlarge)

“With these services, you just place an order to get any amount you need and we will look up the bank login we have available and make transfers to any account you provide.

Our services are efficient, reliable and safe,” it said, adding that bank transfers are available to countries such as Malaysia, the United States, the United Kingdom, the United Arab Emirates, Canada, Australia, Netherlands, China and Switzerland.

These hackers are charging US$450 (RM1,990) for bank transfers amounting to US$2,000-US$4,000 (RM8,848-RM17,696); US$750 (RM3,318) for bank transfers amounting to US$5,000-US$7,000 (RM22,122-RM30,969) and US$1,050 (RM4,645) for bank transfers amounting to US$8,000-US$10,000 (RM35,393 - RM44,241).

Source link

Related stories:

Smaller firms lack budget for cybersecurity

Shields up around Malaysia’s cyberspace

Make clear who’s in charge now, say stakeholders

Related posts:

Expert calls for NSRC overhaul as millions lost to scammers posing as NSRC officials

 


OTHERS:

Mohammed al-Bashir officially takes over Syrian ...




Sunday, 11 August 2024

No banking on hacked phones

 


PETALING JAYA: Customers with compromised devices will be temporarily restricted from accessing banking apps as banks in Malaysia roll out a feature that detects high-risk malware and suspicious remote access.

In a statement yesterday, the Association of Banks Malaysia (ABM) and Association of Islamic Banking and Financial Institutions Malaysia (Aibim) said the feature, called malware shielding, will be embedded within the banks’ native mobile banking apps.

Both organisations stated that the feature is designed to prevent unauthorised transactions, protect customers’ funds, and shield them from malware scams.

“It will essentially alert or block customers from conducting banking activities on compromised devices,” said the statement. 

Banks that have enabled the feature on their mobile banking apps include Alliance Bank, AmBank, Bank Muamalat, Bank Simpanan Nasional, CIMB Bank, HSBC Bank, Maybank, MBSB Bank, OCBC Bank, Public Bank, RHB Bank, Standard Chartered, and UOB Bank.

“Emphasising customer privacy, malware shielding is only activated upon the customer launching the mobile banking app and does not run in the background 24/7,” said ABM chairman Datuk Khairussaleh Ramli in the statement.

He added that customers’ banking information and personal data will remain confidential.

Bank Negara governor Datuk Seri Abdul Rasheed Ghaffour said the fight against online scams is a shared responsibility, welcoming the move by banks to enhance online banking apps with added security features.

“This helps to create a more secure banking environment for all Malaysians. We also urge members of the public to remain vigilant against requests to download apps from unofficial sources,” he added.

Customers are advised to reach out to their banks’ 24/7 fraud hotline for assistance should they encounter a temporary restriction.

When contacted, National Cyber Security Agency (Nacsa) chief executive Dr Megat Zuhairy Megat Tajuddin said the measure is well-suited to address specific challenges faced by users in Malaysia as cyber threats are becoming increasingly sophisticated and prevalent.

“In 2023, 40% of the total incidents monitored by the National Cyber Coordination and Command Centre (NC4) were malware-related. In 2024, up until June, the NC4 handled 34% of incidents related to malware,” Megat Zuhairy said.

While the temporary restriction is regarded as an important preventive step, Megat Zuhairy said its effectiveness is also dependent on users.

“They need to adhere to recommended cyber hygiene practices such as to only download apps from official platforms and avoid performing online activities through unsecured WiFi networks,” he said.

Malaysia Cybersecurity Community rawSEC chairman Ts Tahrizi Tahreb said the malware shielding technology could potentially prevent several types of banking malware that are used by hackers to infiltrate devices and perform unauthorised financial transactions.

“Some of them include Cerberus which can mimic legitimate banking app interfaces to capture user credentials and one-time passwords through overlays and screenshots,” he said.

Tahrizi added that another type of malware called Gustuff has been known to target over 100 banking apps and can automate bank transactions on compromised devices.

“These malware types often exploit vulnerabilities in mobile banking applications, making them prime targets for shielding technologies,” he said.

Malaysia Cyber Consumer Association (MCCA) said the initiative represents a proactive approach to addressing the growing threat of cyberattacks on financial systems.

“However, MCCA also emphasises the importance of implementing this feature with caution, transparency, and a strong focus on user education,” its chairman Siraj Jalil said.

He added that the criteria used to define a “compromised device” must be transparent and precise.

“The effectiveness of such a solution hinges on its ability to accurately identify compromised devices without generating false positives. A significant number of false positives could lead to legitimate users being locked out of their banking apps, causing unnecessary frustration and potential financial disruption.

“If users find themselves frequently locked out of their apps, they might resort to using web-based banking solutions, which may not be as secure as the mobile apps, or they could turn to unofficial methods to bypass the restrictions, further exposing themselves to risks,” said Siraj.

Tahrizi said banks can further enhance security and customer protection by implementing some additional measures.

“Banks should regularly test their apps through application security testing (AST) and infrastructure security testing (IST). All identified issues should be tracked, with priority given to remediating critical and high vulnerabilities,” he added.

Customers also need to be constantly reminded of the latest potential online scam attempts.

“Ongoing education and awareness of safe mobile banking practices, such as recognising phishing attempts and avoiding suspicious downloads, can empower customers to protect themselves, and this is a very effective first line of defence,” he said.

Source link 

Related posts:

THE FIGHT AGAINST CYBERCRIME IN FINANCIAL SERVICES


EXCLUSIVE On top of the scams list: Beating the cheats

 


Wednesday, 10 July 2024

Hackers grow more sinister and brazen in hunt for bigger ransoms

 

Cybercrime crews are increasingly turning to more sinister techniques to try to bend major companies to their will, abetted by new technology. — Image by freepik

A hack on a London hospital has left hundreds of millions of health records exposed and forced doctors to reschedule life-altering cancer treatments. In North America, a gang tried auctioning off data about LendingTree Inc customers after finding credentials in another breach. And in the recent compromise of car-dealership software provider CDK Global, hackers took the brazen approach of attacking not just once, but twice.

These recent high-profile incidents show how cybercrime crews are increasingly turning to more sinister techniques to try to bend major companies to their will, abetted by new technology.

"They’re becoming more aggressive in the ways they try to make money,” said Kevin Mandia, co-founder of Ballistic Ventures and the former chief executive officer of Google’s threat intelligence firm Mandiant. "It’s trying to create more pain so they get paid more, or they cause more disruption.”

The one-two punch approach used in the CDK incident indeed delivered a blow to its customers: Auto dealerships throughout the US were slowed for days. If a ransomware victim isn’t quick to pay an extortion fee, the logic goes, a second hit could be crippling enough to blackmail them into paying up.

Tactics like leaking sensitive records and double-hacks aren’t completely new, but have become more common and represent an evolution from traditional ransomware attacks, when scammers simply would encrypt data, demand a payment and then move to the next victim.

These days, when hackers ask for money, they’re sometimes refusing to negotiate ransom demands, according to one expert not authorised to speak about the matter, and they are insisting on extraordinary sums. The Russian-speaking hackers in the London hospital attack demanded US$50mil (RM235.92mil). UnitedHealth Group Inc made a US$22mil (RM103.80mil) payment to a cybercrime group after a February hack on the insurance giant’s subsidiary Change Healthcare.

Those kinds of demands point to hackers putting significantly more pressure on victims. The average ransom payment was US$381,980 (RM1.80mil) in the first quarter of this year, according to the incident response firm Coveware. 

Another reason hackers are growing more demanding: They’re getting smarter about picking their targets, homing in more often on victims whose systems are critical to entire supply chains. The so-called ransomware-as-a-service model has made this strategy easier. A core hacking group will develop and lend its malware to other scammers, known as affiliates, in exchange for a cut of their ransom proceeds.

This is a favourite technique of the group known as BlackCat, according to the blockchain analysis firm Chainalysis Inc. That’s one reason known ransomware payments exceeded US$1bil (RM4.71bil) in 2023, a new record, Chainalysis determined.

Harassing researchers

Hackers have also started to harass the researchers who investigate them.

One especially ruthless group is generating fake nude photos of them with artificial intelligence, said Austin Larsen, a senior threat analyst at Mandiant, a unit of Google Cloud. Similar groups have been alerting police to false emergencies at researchers’ addresses and publishing private information about them online, he added.

Recently, Larsen said his colleagues have taken what was for them an unprecedented step of removing their names from research reports they have written about some of the nastiest gangs.

Some extortionists make phone calls to executives who work at victimised organisations to try coaxing them into paying a fee. In other cases, attackers have called executives by spoofing the numbers of their children – a new tack that Charles Carmakal, chief technology officer at Google’s Mandiant.

"As these tactics get bigger and more aggressive, they’re going to be more disruptive to people’s ordinary lives,” said Allan Liska, an analyst at Recorded Future Inc, who compared the extortion methods to real-world violence like the kind in mafia movies.

"If you send somebody a finger, they’re more likely to pay a ransom,” he said. "This is the equivalent of that.”

Health-sector attacks

The attacks in the health sector show that some of hackers’ increased brazenness is apparent in the types of targets they’ve put in their sights.

Hospitals in London for weeks have struggled to overcome a hack that forced doctors to turn away patients. Seeking to further maximise their leverage, the gang behind the breach threatened to publish data stolen in the incident, ultimately making good on that promise.

In the Change Healthcare hack, thieves from the BlackCat cybercrime group caused outages and delayed payments at pharmacies and health-care organisations for weeks. Even after UnitedHealth made a payment to BlackCat, it had little visibility into whether patient data was safe.

A 2022 attack on Medibank, one of the largest health insurers in Australia, represented a transformative moment in digital crime tactics, said Carmakal of Mandiant. In that case, scammers demanded roughly US$15mil (RM70.78mil) in exchange for not going public with patients’ most sensitive health records. When Medibank declined to pay, extortionists leaked information about Australians who had undergone abortion procedures, and hackers called patients in hospitals in a coordinated harassment campaign.

Cybercrime campaigns have continued despite more action from international law enforcement. The problem is that hackers often work from countries that protect them from extradition to the West, Liska said. "They don’t fear retaliation,” he said.

US President Joe Biden has vowed to take on ransomware, and the Department of Justice has created its own ransomware task force to tackle such aggressive attackers. That effort has led to more arrests, Liska said, but not enough to keep pace with the proliferation of new groups.

That’s in part because it has become easier to conduct such campaigns. Hackers can find pre-made ransomware kits on the Internet, paying as little as US$10,000 (RM47,190) to attack US companies, according to Liska.

"Go mow the lawn for the summer and you'll make enough money to start your first attack,” Liska said. – Bloomberg

Related stories:

US offers $10 million bounty for info on 'Blackcat' hackers who hit UnitedHealth

Hackers roil entire industries with attacks on IT supply chain

Monday, 8 January 2024

Balancing between data’s potential and its security

IN an era where data is king, the launch of Malaysia’s Central Database Hub (Padu) marks a significant milestone.

For the first time, the government will be collecting personal data on an unprecedented scale – everything from IC numbers and addresses to bank details and property ownership – into a single repository.

While revolutionary in its potential to streamline government services and target subsidies effectively, this initiative raises profound concerns about the security and privacy of our data.

Currently, we have the Personal Data Protection Act on the books. However, under Section 3(1) of the Act, this law does not apply to the government. 

Personal Data Protection Act 2010

Does this mean the extensive data collected through Padu is not afforded the same protections as it would if it was collected by private entities?

Previous data misuse and breaches in government systems only exacerbate our fear.

Cybersecurity firm Surfshark has listed Malaysia as the eighth most breached country globally in Q3 2023, with 494,699 leaked accounts. This represents a 144% increase in breach rate compared to Q2 2023.

According to its midyear threat landscape report, leaks from the government sector constituted 22% of total security breaches from January to June 2023.

The fundamental questions cannot be avoided: Can we trust the government with so much of our personal information? What assurances are there that it will be protected against misuse and theft?

The answers, according to most analysts and experts, lie in reforming the Personal Data Protection Act (PDPA) to encompass government data handling.

Amending the PDPA to include the government and all its agencies would be a significant step toward securing public confidence.

It would ensure the same rigorous data protection standards applied to private entities are also binding upon the government.

Such an amendment would not just be a legal formality; it would be the government’s commitment to the people, a reassurance that our personal information is valued and protected with the highest standards of security and privacy.

It would demonstrate a recognition of the principle that with great power comes great responsibility, especially when that power involves access to the extensive details of one’s financial and personal life.

While Padu presents an opportunity for public administration in Malaysia to take a huge leap forward, it also poses a significant risk to personal privacy if not appropriately managed.

The need to amend the PDPA to apply to data collected by the government is not just a regulatory necessity but a critical step in building trust between the citizens and the state.

Only with such legislative safeguards can the government assure its people that their data, their most personal and sensitive information, is in safe hands.

.  Source link

Related posts:

PADU to help govt identify eligible targeted subsidy

Thursday, 16 June 2022

Exclusive: Report reveals how US spy agencies stole 97b global internet data, 124b phone records in just 30 days

 

Photo: headquarter of NSA in Maryland

 

The US military and government cyber agencies have remotely stolen more than 97 billion pieces of global internet data and 124 billion phone records in the last 30 days, which are becoming a major source of intelligence for the US and other "Five Eyes" countries, a latest cybersecurity report showed.

The report the Global Times obtained from Anzer, a cybersecurity information platform, on Monday, once again revealed the "black hand" operations of Tailored Access Operations (TAO), the cyber warfare intelligence agency under the US National Security Agency (NSA), which has been using advanced cyberattack weapons to indiscriminately "grab" data from internet users around the world.

An exclusive report published by the Global Times in May  disclosed that China captured a spy tool deployed by the NSA, which is capable of lurking in a victim's computer to access sensitive information and was found to have controlled global internet equipment and stole large amounts of user information. The Trojan horse, "NOPEN," is a remote control tool for Unix/Linux computer systems. It is mainly used for stealing files, accessing systems, redirecting network communication, and viewing a target device's information.

According to internal NSA documents leaked by hacking group Shadow Brokers, "NOPEN" is one of the powerful weapons used by the TAO to attack and steal secrets.

Anzer's report revealed another weapon platform, "boundless informant," which is the NSA's exclusive big data summary analysis and data visualization tool system capable of colleting, managing and analyzing data around the world illegally obtained by NSA's remote control system.

According to terminal screenshots from the platform, the NSA has remotely stolen more than 97 billion pieces of global internet data and 124 billion phone records in the last 30 days.

A cybersecurity analyst told the Global Times on condition of anonymity on Monday that TAO is the largest and most important part of the intelligence division of the NSA.

Founded in 1998, the main responsibility of the TAO is to use the internet to secretly access insider information of its competitors, including secretly invading target countries' key information infrastructure to steal account codes, break or destroy computer security systems, monitor network traffic, steal privacy and sensitive data, and access to phone calls, emails, network communications and messages.

TAO also assumes an important role. When US president issues an order to disable or destroy communications networks or information systems in other countries, TAO will provide relevant cyberattack weapons, and the attacks will be carried out by the US Cyber Warfare Command, the report revealed.

According to the report, the various departments of TAO are composed of more than 1,000 active military personnel, network hackers, intelligence analysts, academics, computer hardware and software designers, and electronics engineers. The entire organizational structure consists of one "center" and four "divisions."

The "center" employs more than 600 people and is responsible for receiving, sorting and summarizing account passwords and important sensitive information stolen from around the world by network information systems controlled remotely by TAO.

"The NSA's global indiscriminate intrusion has long been supported by a vast and sophisticated network of weapons platforms, of which TAO is an important weapon maker. Some of these weapons are dedicated to the products of US internet giants such as Apple, Cisco and Dell, and have been developed with the support and full participation of these internet giants," the expert said.

Media reports showed some US internet giants have set up a special government affairs department to cooperate with the NSA in developing cyber attack weapons and provide the NSA with special backdoors and vulnerabilities. Internal information leaked by Edward Snowden showed these weapons could be used to conduct mass traffic monitoring and hacking on any internet user around the world.

According to publicly available information, most of the cyber attack weapons have already been handed over to the US and other "Five Eyes" countries.

The report also showed more than 500 code names for cyber attacks and data theft operations conducted by TAO have been disclosed, which proves that the US is a developed internet country in the world, as well as a major country in cyber intelligence collection and data theft.

In 2013, the US spent $52.6 billion on global intelligence gathering programs, of which two-thirds went to cyber security operations to carry out cyber attacks on foreign countries and domestic targets in the US.

A large number of TAO's cyber attack weapons have also been shared with some allied countries. Media reports showed that GCHQ, the UK's security and intelligence agency, has used NSA's cyberattack weapons to conduct long-term attack control and communications monitoring in the European Union.

"The US is taking highly engineered cyber weapons as the winning advantage in future cyber warfare, and is investing resources and increasing chips regardless of cost, bringing endless hidden dangers to global cyber security," the expert said. 

 Source link

RELATED ARTICLES

It's a threat to national security | The Star

 https://www.thestar.com.my/opinion/letters/2022/06/14/its-a-threat-to-national-security


Related posts:

China captures powerful US NSA cyberspy tool

 

 

 

 

SOURCE: Data protection dept not doing its job

Act swiftly to prevent data breaches

 

 

 

 

Remain vigilant against financial fraud

 


Friday, 29 January 2021

Watch out for WhatsApp scammers

MCMC: Beware of scammers trying to take over your WhatsApp account 

 MCMC issued a warning to alert the public to increasing reports of WhatsApp accounts being hijacked


MCMC said scammers often pose as friends or family members, using accounts that scammers had already successfully hacked into, to try to trick them into revealing their six-digit WhatsApp verification codes. — Bloomberg


The Malaysian Communications and Multimedia Commission (MCMC) has issued a  statement warning the public to be wary of increasingly inventive tactics employed by scammers trying to hijack a user’s WhatsApp account, due to increasing reports of fraud cases being committed through the app.

MCMC said scammers usually manage to take over victims’ WhatsApp accounts by tricking them into divulging their six-digit verification codes, which users will usually receive when there is an attempt to change the phone number associated to their account.

To do this, scammers have been known to contact potential victims while posing as a hapless individual or business claiming to have mistakenly keyed in the victim’s phone number while trying to complete an online transaction, explaining that as a result the authorisation code for the transaction had been sent to the victim’s phone and imploring them for help retrieving the code.

These appeals could even come from the victim’s family members or friends via accounts that scammers had already hijacked, said MCMC.

This tactic commonly misleads the victim into thinking they would be sending the scammer an unrelated TAC (transaction authorisation code) when in fact they would be handing over the six-digit verification code to the victim’s own WhatsApp account.

Those who have been duped into giving up their codes could end up having their accounts stolen by scammers, added MCMC.

MCMC said scammers have also impersonated WhatsApp employees to fool users into sharing their verification code, adding that there have also been instances where the scammer would deliberately fail at keying in the code several times in order to force an automated system by WhatsApp to call the user about their verification code.

In this instance, the scammer would also contact the user to ask for the code while pretending to be someone else. If the user did not answer the automated call by WhatsApp and it goes into the user’s voice mailbox, then the scammer would try to randomly guess at or ask for the user’s voice mailbox PIN code to access the recording, according to MCMC.

The regulatory body advised WhatsApp users to be suspicious of any attempts to procure their six-digit verification code, adding that it is absolutely imperative that users never reveal the code to anyone else to prevent their accounts from being hijacked.

It added that users should also enable two-factor verification on WhatsApp and utilise more complicated PIN numbers for their voice mailbox as additional security measures.

According to an  FAQ by WhatsApp, a user may be sent the verification code via SMS – even when one wasn’t requested – for a number of reasons.

WhatsApp said this could happen due to someone mistyping their own number, or a hacker attempting to take over the person’s account.

Without the code, the hacker will not be able to complete the verification process, which would prevent the account from being hijacked.

If your account has been stolen, you will have to sign into WhatsApp with your phone number and verify your phone number by entering the six-digit code you receive via SMS.

Once you enter the six-digit SMS code, the individual using your account will be automatically logged out.

You might also be asked to provide a two-step verification code. If you don’t know this code, the hijacker using your account could have enabled two-step verification.

You must wait seven days before you can sign in without the two-step verification code, according to WhatsApp.

Regardless of whether you know this verification code, the other person will be logged out of your account once you entered the six-digit code received via SMS.

In a separate FAQ about  stolen accounts, WhatsApp also advised the victim to inform family and friends if they suspect someone is impersonating them in chats.

Users whose WhatsApp accounts have been stolen are encouraged to file a complaint with MCMC or lodge a report at the nearest police station.

Source link

 

 

Related post:

 

WhatsApp Tips: How to clear WhatsApp cache when you are running low on phone memory