Facebook last week filed a lawsuit against a Ukrainian national who allegedly scraped the information of 178 million of its users and then sold the obtained information on hacker forums.

According to the social media giant, Solonchenko, who worked as a freelance computer programmer, abused its Contact Importer tool to scrape the user IDs and phone numbers of millions of Facebook users.

The Contact Importer feature in Facebook Messenger allowed users to upload their contacts from the address book on their mobile devices. Contact Importer included functionality that returned a one-to-one list of users whose phone numbers matched the ones uploaded from a phone’s address book — the purpose was to allow users to identify friends associated with the uploaded phone numbers.

The company said Solonchenko abused this feature between January 2018 and September 2019 to scrape user IDs and phone numbers for approximately 178 million users. The scraping involved automated requests that appeared to be coming from multiple Android devices — these were in fact Android emulators that mimicked real mobile devices.

Facebook took action in 2019 to prevent the tool from being abused for data scraping.

Facebook said the data scraped by Solonchenko was public, but his actions violated the company’s terms of service, which the Ukrainian agreed to since he had at least one Facebook account.

The social media giant also claims that, starting in October 2020, Solonchenko sold the scraped data on RaidForums. In addition, the man allegedly sold stolen or scraped data from a major Ukrainian bank, a major delivery service based in the country, as well as a French data analytics company.

The complaint says Facebook wants an injunction restraining the defendant from accessing Facebook and its products, an injunction to prevent him from selling or distributing the scraped data, and damages “in an amount to be determined at trial.” Facebook is seeking a jury trial.

Earlier this year, after someone made public information belonging to more than 500 millions Facebook users , the company said the same Contact Importer feature had been abused to collect the data, before 2019, when it took action to prevent abuse.

This is not the first time Facebook has has taken legal action against data leaked. In January, it announced a lawsuit filed in Portugal against two individuals who had allegedly harvested Facebook user data via misleading browser extensions.

No Breach Despite 3.1M Email Address Leak

CoinMarketCap says it has found no evidence of a data beach despite the circulation of a list of 3.1 million email addresses that correlates with accounts on its service.

CoinMarketCap is a website that tracks the price movement of cryptocurrency. Binance Capital Management, which runs cryptocurrency exchanges, acquired CoinMarketCap in April 2020.

The data is only email addresses and does not contain password hashes or other information. The data had been posted as far back as August on a well-known data breach forum. It surfaced again on that same forum earlier this month.

Accurate Addresses

CoinMarketCap, however, did not say if the email list correlates 100% with accounts on its platform. But it did say in a previous statement that it has “found a correlation with our subscriber base.”

Hunt says he contacted some of the people the data, and all confirmed they had CoinMarketCap accounts. Also, after the 50,000 notifications were sent, no one responded by saying they did not have a CoinMarketCap account, which sometimes occurs if there is misattribution, Hunt says.

“I’d be really interested to know what percentage of those 3.1M addresses actually exist on @CoinMarketCap and of course that’s something they could easily establish (which I suspect they have) and then communicate in their disclosure notice (which they obviously haven’t),” Hunt tweeted.

Ransomware hackers nervous, allege harassment from U.S.

Several ransomware gangs posted lengthy anti-U.S. screeds, viewed by NBC News, on the dark web. In them, they defended their practice of hacking organizations and holding their computers for ransom. They appear prompted by the news, reported joining by Reuters, that the FBI had successfully hacked and taken down another major ransomware group called REvil.null

While that takedown is the first of its kind made public, it’s not expected to seriously curb ransomware attacks on the U.S. on its own. It has, however, prompted REvil’s fellow hackers to publicly complain far more than they have before.

One of those, Conti, which regularly locks hospital computers and holds them for ransom — often delaying medical procedures — wrote that it would be undeterred by the U.S., and that ransomware hackers are the true victims.

“First, an attack against some servers, which the U.S. security attributes to REvil, is another reminder of what we all know: the unilateral, extraterritorial, and bandit-mugging behavior of the United States in world affairs,” the group wrote. “With all the endless talks in your media about “ransomware-is-bad,” we would like to point out the biggest ransomware group of all time: your Federal Government.”

“Is there a law, even an American one, even a local one in any county of any of the 50 states, that legitimize such indiscriminate offensive action?” the author wrote.

Another group wrote that “only time will tell who the real bad guys are here.”

Five game-changing factors for companies dealing with ransomware attacks

Change #1: Cloud file shares

Many companies have struggled to recover from digital attacks because they have relied on traditional on-premise file sharing infrastructures with system failovers using duplicate infrastructures for disaster recovery (DR)

In contrast, the rise of cloud-based business applications – public cloud is

already predicted for 45% for all IT spend by 2026 – is ensuring simpler collaborations on key information over global networks

Change #2: Immutable data

In the past, firms held off using cloud file storage systems because they were not convinced of their reliability but given the proven performance of these products and the large installed bases around the world, those days are in the past.

Change #3: Targeted file recovery

If the organization’s files are encrypted or damaged by an attack, IT teams can rapidly set up audit trails to do post-attack damage assessment and recovery, rather than having to restore entire volumes of of stored data. The latest cloud file storage tools even have “point-and-click” file restore capabilities for rapid and simple file restoration. Companies with cloud file storage platforms have been surprised at the IT team’s ability to quickly isolate affected files and restore them so daily operations aren’t disrupted.

Change #4: Recovery in minutes

Restoring files has long been the least favorite task, especially for CIOs running hybrid infrastructures .

In contrast, next-generation cloud-based file storage systems can “roll back” business-critical files to the exact time of a ransomware incident.

Change #5: Cloud means simpler DRChange #5: Cloud means simpler DR

There is a fifth element to cloud file storage’s evolution. As businesses reorganized in the pandemic, IT teams’ key task was to keep the lights on. Finding extra internal resources to do business continuity (BC) planning often took second place, and many companies with more complex, hybrid technology stacks have struggled to do it at all.

Bitcoin

Bitcoin is a virtual currency or a digital currency – this is a type of money that is completely virtual.

It’s like an online version of cash. You can use it to buy products and services, but not many shops accept Bitcoin yet and some countries have banned it altogether.

However, some companies are beginning to buy into its growing influence.

In October last year, for example, the online payment service, PayPal, announced that it would be allowing its customers to buy and sell Bitcoin.

How does Bitcoin work?

Each Bitcoin is basically a computer file which is stored in a ‘digital wallet’ app on a smartphone or computer.

People can send Bitcoins (or part of one) to your digital wallet, and you can send Bitcoins to other people.

Why do people want Bitcoins ?

Some people like the fact that Bitcoin is not controlled by the government or banks.

People can also spend their Bitcoins fairly anonymously. Although all transactions are recorded, nobody would know which ‘account number’ was yours unless you told them.

In an online chat with social media users in January 2021, the world’s richest man, Elon Musk, said he was a big supporter of Bitcoin.

He even went as far as to change his Twitter bio to “#bitcoin”.

Is it secure?

Every transaction is recorded publicly so it’s very difficult to copy Bitcoins, make fake ones or spend ones you don’t own.

It is possible to lose your Bitcoin wallet or delete your Bitcoins and lose them forever. There have also been thefts from websites that let you store your Bitcoins remotely.

LightBasin hacking group breaches 13 global telecoms in two years

A group of hackers that security researchers call LightBasin has been compromising mobile telecommunication systems across the world for the past five years.

Since 2019, the group hacked into more than a dozen telecommunication companies and maintained persistence through custom malware, to steal data that would serve intelligence organizations.

In a report today, CrowdStrike cybersecurity company says that the threat actor is a sophisticated group with strong operational security (OPSEC) strategy.

The researchers found evidence of LightBasin brute-forcing their way on the system by trying the default credentials for the targeted system.

Following a successful compromise, the threat actor installed and executed custom malware that is currently tracked as SLAPSTICK – a backdoor for the Solaris Pluggable Authentication Module (PAM) that gives access to the system based on a hardcoded password

Hacker steals government ID database for Argentina’s entire population

A hacker has breached the Argentinian government’s IT network and stolen ID card details for the country’s entire population, data that is now being sold in private circles.

The hack, which took place last month, targeted RENEAPER, which stands for Registro Nacional de las Personas, translated as National Registry of Persons.

The agency is a crucial cog inside the Argentinian Interior Ministry, where it is tasked with issuing national ID cards to all citizens, data that it also stores in digital format as a database accessible to other government agencies, acting as a backbone for most government queries for citizen’s personal information.

Lionel Messi and Sergio Aguero data leaked on Twitter

The first evidence that someone breached RENAPER surfaced earlier this month on Twitter when a newly registered account named @AnibalLeaks published ID card photos and personal details for 44 Argentinian celebrities.

This included details for the country’s president Alberto Fernández, multiple journalists and political figures, and even data for soccer superstars Lionel Messi and Sergio Aguero.

A day after the images and personal details were published on Twitter, the hacker also posted an ad on a well-known hacking forum, offering to look up the personal details of any Argentinian user.

Hacker has a copy of the data, plans to sell and leak it

Maybe in a few days I’m going to publish [the data of] 1 million or 2 millon people,” the RENAPER hacker told The Record earlier today. They also said they plan to continue selling access to this data to all interested buyers.

When The Record shared a link to the government’s press release in which officials blamed the intrusion on a possibly compromised VPN account, the hacker simply replied “careless employees yes,” indirectly confirming the point of entry.

According to a sample provided by the hacker online, the information they have access to right now includes full names, home addresses, birth dates, gender info, ID card issuance and expiration dates, labor identification codes, Trámite numbers, citizen numbers, and government photo IDs.

Argentina currently has an estimated population of more than 45 million, although it’s unclear how many entries are in the database. The hacker claimed to have it all.

This is the second major security breach in the country’s history after the Gorra Leaks in 2017 and 2019 when hacktivists leaked the personal details of Argentinian politicians and police forces.

Israel is country most affected by ransomware since 2020

Cybersecurity firm commissioned by Google says Israel has a near-600% increase in reported ransomware samples during recent period

Cybersecurity firm VirusTotal published the Ransomeware actively report, which entailed reviewing 80 million ransomware samples from 140 countries.

The report added that Windows-based computers accounted for 95% of the ransomware targets, compared to just 2% on Android devices

And earlier this week, Microsoft said that it had identified a group of Iranian hackers targeting Israeli and American defense technology companies using the tech giant’s products, as well as firms running maritime shipping in the Middle East.

The most targeted sectors around the world, including in Israel, are education and research, followed by government and security organizations, and then health institutions, Check Point said.

Recent assaults on a major US oil pipeline, a meatpacking company and the Microsoft Exchange email system drew attention to the vulnerability of US infrastructure

This malware botnet gang has stolen millions with a surprisingly simple trick

Malware researchers reckon this botnet has made millions by exploiting an easy shortcut taken by many.

The long-running botnet known as MyKings is still in business and has raked in at least $24.7 million by using its network of compromised computers to mine for cryptocurrencies. 

MyKings, also known as Smominru and Hexmen, is the world’s  largest botnet dedicated to mining cryptocurrencies by free-riding off its victims desktop and server CPUs. It’s a lucrative business that gained attention in 2017 after infecting more than half a million Windows computers to mine about $2.3 million of Monero in a month. 

Security firm Avast has now confirmed  its operators have acquired at least $24.7 million in various cryptocurrencies that have been transferred to Bitcoin, Ethereum and Dogecoin accounts. 

It contends, however, that the group made most of this through its ‘clipboard stealer module’. When it detects that someone has copied a cryptocurrency wallet address (for example to make a payment) this module then swaps in a different cryptocurrency address controlled by the gang. 

Avast claims to have blocked the MyKings clipboard stealer from 144,000 computers since the beginning of 2020: the clipboard stealer module has existed since 2018. 

Security firm Sophos’s research found that the clipboard stealer, a trojan, monitors PCs for the use of various coin wallet formats. It works because people often use the copy/paste function to insert relatively long wallet IDs when accessing an account. 

“Thus, when they would initiate a payment to a wallet, and copy the address to the clipboard, the Trojan quickly replaces it with the criminals’ own wallet, and the payment is diverted to their account.”

However, Sophos also noted that the coin addresses it identified “hadn’t received more than a few dollars”, suggesting coin stealing was a minor part of the MyKings business. 

The crypto-mining side of the business was doing well in 2019, with Sophos estimating it made about $10,000 a month in October 2019.

Avast now argues that that MyKings is making a lot more money from the clipboard trojan after expanding on the 49 coin addresses identified in Sophos’ research to more than 1,300 coin addresses. Avast suggests the role of the clipboard stealer might be much larger than Sophos discovered.

“This process of swapping is done using functions OpenClipboard, EmptyClipboard, SetClipboardData and CloseClipboard. Even though this functionality is quite simple, it is concerning that attackers could have gained over $24,700,000 using such a simple method.”   

Some circumstantial evidence to back the theory that the clipboard stealer is actually effective include comments from people on etherscan who claimed to have accidentally transferred sums to accounts included in Avast’s research. 

“We highly recommend people always double-check transaction details before sending money,” Avast notes. 

A malware botnet has made more than $24.7 million since 2019

The operators of a malware botnet known as MyKings are believed to have made more than $24.7 million through what security researchers call a “clipboard hijacker.”

First spotted in 2016, the MyKings botnet has been one of the most sprawling malware operations in recent years.

Also known as the Smominru or the DarkCloud botnet, this gang operates by scanning the internet for internet-exposed Windows or Linux systems that run outdated software.

Using exploits for unpatched vulnerabilities, the MyKings gang infects these servers and then moves to move laterally inside their networks.

Reports published across the years by Guardicore, Proofpoint, Quihoo360, VMWare’s Carbon black, and Sophos have described MyKings as one of the largest malware botnets that has been created over the past decade, with the number of infected systems sometimes easily going over more than 500,000 hacked systems.

In its first years, the botnet was primarily known for deploying a hidden Monero cryptocurrency miner on infected hosts in order to generate profits for the botnet’s operators.

A January 2018 report by security firm Proofpoint estimated the group’s profits at the time at around $3.6 million, based on Monero funds they found in some wallets they linked to the group.

But across the years, the MyKings group’s operations and malware evolved. From a simply hack-and-mine operation, the botnet became a Swiss army knife of badness, with all sorts of modules for moving across internal networks, spreading like a worm, and carrying out various attacks.

Rise of the MyKings clipboard hijacker

In 2019, Sophos said that one of the new modules it spotted was a “clipboard hijacker” that worked by watching an infected computer’s clipboard for when users copied (CTRL+C) or cut (CTRL+X) a text string that looked like a cryptocurrency address.

When the user pasted the string, Sophos said the MyKings clipboard hijacker tampered with the paste operation and replaced the user’s address with one controlled by the MyKings gang.

Back in 2019, Sophos said the module wasn’t that successful or widely used, “never received more than a few dollars,” and that stealing cryptocurrency by hijacking the clipboard didn’t look like “the most profitable operation of MyKings.”

But in a report published this week, security firm Avast said that since 2019, MyKings appears to have perfected this module, which now can detect addresses for 20 different cryptocurrencies.

Avast researchers said they analyzed more than 6,700 samples of the MyKings malware and identified and extracted more than 1,300 cryptocurrency addresses used by the gang to collect funds.

In these addresses, researchers said they found more than $24.7 million in Bitcoin, Ether, and Dogecoin.

Design a site like this with WordPress.com
Get started