There have been several victims of this attack, and they all claim to have received the same message from an attacker named “Pumpam”. The message lets the victim know that the hackers have possession of the account, and to email a particular address in order to start the recovery. It also mentions that the account will be deleted within 3 hours if there is no response.

Victims of the attack found that they could not recover the account through Instagram, as the account’s email address had been changed. This frustration and desperation to get possession of their accounts lead some users to pay the ransom. However, this wasn’t always successful, with some victims claiming that their account was still deleted.

Many of the victims feel let down by Instagram after they didn’t play an active role in helping them gain control of their accounts. Victims felt frustrated dealing with Instagram’s customer support when they only received generic responses to the issue, however this changed when vice’s tech arm Motherboard contacted Instagram about the issue and helped the users get possession back.

At present few details are known about the hacking campaign, including the hacker’s identities and where they are from. We urge Instagram users to be vigilant about their account security, make sure you have a secure password, that you back up your content in the event it is deleted, and don’t click on any nefarious looking links.

Photo by Katka Pavlickova on Unsplash

[stackCommerce layout=”2″ count=”5″ sort=”best_sellers”][/stackCommerce]

The post Ransom attacks on high profile Instagram accounts appeared first on Hack Ware News.

The breach was discovered this week, and is the latest controversy surrounding Facebook after British company Cambridge Analytica gained access to information of 87 million users, and the controversy surrounding disinformation in elections. However, this breach has been the largest in the company’s 14-year history.

Facebook has said the attackers exploited two bugs in the site’s “View as” feature. The feature, which was designed to give users a clearer view of their presence and more control over their privacy, allows users to check what information other people can see about them. The flaw allowed users to gain “access tokens” which allow access to accounts, through Facebook’s video-uploading program for birthday celebrations. Although it’s not yet known when the attack happened, it seems to occurred after the video-uploading program was introduced. Attacked attempted to harvest user’s personal identifiable information (PII). After the attack was discovered, Facebook forced 90 million users to log out. Facebook has not announced where in the world the 50 million users are.

There have been some major changes in Facebook’s security teams after its Chief Security Officer, Alex Stamos left in August this year for a teaching position at Stanford University. Facebook decided to split the team members so that security employees work within different teams across the company, in order to make security an innate part of Facebook.

Facebook’s data breach was a trending topic on Friday with users posting the breaking story as news outlets released it. User’s found that some of their posts were removed because Facebook’s algorithm saw them as suspicious activity or spam.

[stackCommerce layout=”2″ count=”5″ sort=”best_sellers”][/stackCommerce]

The post 50 Million accounts exposed after Facebook security breach appeared first on Hack Ware News.

They recently discovered that their servers had been compromised by hackers in an attack that spanned from June 2018 until 22 August 2018 when the threat was recognised. Once SHEIN were away of the threat, they acted immediately, scanning the servers for weaknesses that were exploited and removed all possible back door entry points to the servers.

SHEIN have been selective with what information they have shared with the public; however we do know that email addresses and encrypted password information was obtained from the attack. We recommend that if you have an account with SHEIN, that you change your password as soon as possible, it is also good practise to use different passwords as often as you can, and make them complex, a password manager can help you keep track of your passwords.

The only promising news about this incident is that SHEIN don’t believe any payment card details were obtained by the hackers. However, SHEIN have enlisted an international forensic cyber security team to conduct a thorough investigation into the breach, and as a result will update users on their data if new information comes to light over the coming months.

If you do believe your payment card information has been compromised, the best thing to do is to contact your bank immediately, they will be able to issue a new card and enact any necessary security measures.

[stackCommerce layout=”2″ count=”5″ sort=”best_sellers”][/stackCommerce]

The post US Online Retail Company suffered a data breach affecting 6.5 million customers appeared first on Hack Ware News.

Since the malware’s creation it has been involved in large scale and disruptive distributed denial of service attacks (DDoS), the biggest of which being the September attack on security Journalist Brian Kreb’s website, and also the October 2016 Dyn cyberattack.

The Dyn cyberattack made headlines because of the sheer amount of services that were affected, and the high-profile names whose security you’d expect to be tighter. Services affected by the attack included Amazon, Ancestry.com, Comcast, Fox News, GitHub, CNN, Twitter, Visa, Starbucks, Reddit, and many more huge names. In total it’s estimated that the damages exceeded $100m.

Now while taking down those huge websites garnered them negative attention that would have likely put finding the authors under a spotlight, it was attacking Brian Kreb’s website that cost them their privacy. After the attack on his website, Brian made it his personal mission to track down the perpetrators and bring them to justice.

Brian Kreb outed the three men, Paras Jha (22), Dalton Norman (21) and Josian White (20). Jha and his co-conspirators had begun creating the malware in 2016 and at a later date monetized it by renting it out to other criminals.  So Brian had succeeded in outing the hackers, but what about justice?

This is where the case takes a surprising turn. The 3 men plead guilty to the charges, and it was expected that they would receive the maximum sentence of a $250,000 fine and 5 years prison time. However, the FBI asked for an 85% reduction in their sentence. This lead to them receiving 5 years of probation and 2500 hours of community service. They were also ordered to pay $127,000 in damages and volunteer cryptocurrency they made through the endeavour.

By cooperating with a reduced sentence, law enforcement will benefit from insider hacker knowledge of these types of attacks which will make them better equipped when dealing with future attacks.

The post Mirai botnet authors: From criminals to FBI agents appeared first on Hack Ware News.

The attack and its impacts

The attack itself began on Friday morning, when several computers were compromised in the airport network. These included display screens which were normally used to broadcast details about flight arrivals and departures to passengers, employees and others.

A post from the Bristol Airport’s official Twitter feed claimed,

We are currently experiencing technical problems with our flight information screens. Flights are unaffected and details of check-in desks, boarding gates, and arrival/departure times will be made over the public address system. Additional staff are on hand to assist passengers.

We are currently experiencing technical problems with our flight information screens. Flights are unaffected. Tannoys are assisting with flight info and extra staff are on hand to assist passengers.

— Bristol Airport (@BristolAirport) September 14, 2018

In response, Bristol Airport officials and staff had to resort to using whiteboards and paper posters to share check-in and arrival information, as well as luggage pickup points for all incoming flights. While this was not the most practical experience, it certainly entertained a few individuals who shared photos of this endeavor on Twitter.

Overall, the two days of technical compromise had inevitable effects on the airport staff and customers. There were significant delays in baggage handling, with some customers having to wait over an hour to collect their bags after their flights. Fortunately however, there were no flight delays resulting from the attack.

Refusing to pay the ransom

According to a Bristol Airport spokesman, the information screens went offline as a result of a “ransomware” attack. However, they refused to pay any ransom to anybody, and instead opted to take the entire system offline while they worked to restore it, successfully bringing everything back online on Sunday morning.

So far it’s unclear as to how the ransomware penetrated the airport systems, but Bristol Airport is currently undertaking a thorough investigation to try and learn exactly what happened, and how to prevent something similar from happening again in the future.

The post Bristol Airport Targeted By Ransomware Attack appeared first on Hack Ware News.

Ransomware attack: Alaska town returns to typewriters for a week

That’s what government workers did in tow municipalities in Alaska last week on 24 July 2018.

“Without computers and files, Borough employees acted resourcefully. They re-enlisted typewriters from closets and wrote by hand receipts and lists of library book patrons and landfill fees at some of the 73 different buildings.” – said the director of public affairs at Mat-Su.

The attack was so sophisticated that employees had to do their day to day job using typewriters and hand written receipts.

Some reports advise that this attack was with a intent of a zero-day attack that utilized new exploits. The targetted infrastracture was everything from servers and email exchanges to computer systems and telephones.

The post Ransomware attack: Alaska town returns to typewriters for a week appeared first on Hack Ware News.

The attack took place in 24 July 2018, Tuesday, at the Port of Long Beach where the company’s local email system and network telephone communication were in disarray. COSCO’s staff then isolated the affected servers from other networks to mitigate the damage.

Apparently, the ransomware had resided in some of the company’s servers that hosts the corporate website, www.cosco-usa.com, as well as phone and email systems, and WAN and VPN gateways. However, the shipping firm’s global website is up and running, unaffected from the cyberattack.

System back to normal

A week later, the shipping giant had picked up itself and had restored part of the its US computer network system. So far, its internet phone service and company email system had returned to normalcy except for its public mailbox for customer services which remained inaccessible.

COSCO has set a deadline for the restoration of its public mailbox system by the end of this week with the gradual recovery of its network applications in the US. So far, the shipping firm had announced that its global network is stable and secure at the aftermath of the cyberattack last week.

Slow to adapt to New Technology

Perhaps the burning question in everyone mind is how the attack happened, and the consequences that followed and what is meant for the stakeholders.

More than often, the shipping industry has sometime been stereotyped as ancient behemoth, slow to harness new technology with heavy reliance on big machinery and labor intensive in nature.

It was due to these factors that led Ken Munro, a researcher of Pen Test Partner, to coin that cybersecurity in shipping is still “in its infancy”.

Comparing the shipping cyberattack to doomsday movie scenarios, Munro foresaw hackers in hijacking vessels digitally and changed ships’ courses at the click of a mouse.

“We tested over 20 different Electronic Chart Display and Information System (ECDIS) units and found all sorts of crazy security flaws,” Munro told a local media.

“Most ran old operating systems, including one popular in the military (vessel) that still runs Windows NT.”

In the shipping industry, ECDIS is often used by navigators to autopilot and steering of vessels to destinations.

Upgrade and update are a must

An old and non-updated system is just inviting a break in for hackers to hijack a multi-million assets such as tankers, cruise ships and containerships.

And the consequence can be catastrophic as oil tankers may be used an ‘kamikaze’ or set on suicidal collision course against key military installations by the terrorists or even used to block ports access in ransoming for money.

Indeed, the imagination ran wild for a hijacked ECDIS vessels and often such ‘apocalypse’ scene can be prevented with simple precautionary steps.

Updates and revamp of the whole aging computer and network systems are a must for vessels and onshore operation network. For a start, all that one needed is passwords hygiene like frequent changing of passwords and setting up a strong password to secure the network system.

All these precautionary measures may prevent ransomware outbreak such as the case of shipping line, Maersk which was hit by NotPetya ransomware outbreak in June of 2017 and suffered a $300 million in damages.

The post Ransomware hits shipping lines again appeared first on Hack Ware News.

The island-state local media released the shocking news on Friday, 20 Jul 2018, however, the data breach could have taken place much earlier as some cybersecurity experts traced the breach back to the beginning of the month, at 4 July 2018, which coincidently also known as Independent Day or the US National Day.

Hackers target the “soft belly” of healthcare system

Apparently, the hackers first infected the country’s largest group of healthcare institutions, SingHealth’s front desk with a malware between 27 June and 4 July 2018.

This unauthorised access was then detected on 4 July 2018 at one of SingHealth’s IT databases, then the system administrators undertaken a series of counter-measures to thwart the cyber-attack. According to local media, no further data theft were recorded after 4 July 2018 and later SingHealth made a police report on the 12 July 2018 upon confirming the cyber attack on its system.

It was noteworthy that the hackers had chosen a less secured route in attacking the country’s healthcare system networks rather than highly protected site such as government websites or defence departments.

A organised state Cyber-Attack or political shaming move?

The prized target of the cyber-attack seemed bend on in drawing out the medical information of the country’s top politicians, namely Singapore’s Prime Minister, Lee Hsien Loong and Emeritus Senior Minister Goh Chok Tong.

Thus, the city-state’s authority viewed the cyberattack on the healthcare system as “deliberate, targeted and well-planned” cyberattack, bearing some trademark of state-sponsored hacking. 

For instance, the hacker continued its unauthorised access to the healthcare system even though its action had been detected, showing the confidence, resourcefulness and the capability of the hacker to get away unscathed.

If the cyber-attack is indeed a state-sponsored one, the local media pointed out that there is only a few countries of the world that are capable of such attacks.

Singapore: the Gibraltar of the East for cyber-security

As the investigation of the breaches continued to unfold, one thing is certain that the famed Smart Nation, or the pet project taken by Singapore had been cracked despite boosting a formidable Cyber Security Agency (CSA), touted as one of the bests in the region.

Thus, the aftermath of the data breach may have fallen short of its goals – be its political agendas or simply financial motives of selling confidential patients’ data. However, the attack had afflicted a bigger blow to the country’s aspiration in cyber-space domination.

As the saying goes, ‘what doesn’t kill you makes you stronger’, the Hackwarenews team truly hoped the island-nation will bounce from this setback and lived up to its name of ‘Gibraltar of the East’ in cyber-security.

The post SingHealth under siege appeared first on Hack Ware News.

At the advent of the trade war, probably a war has already been fought and gaining intensity as trade tension worsen between the US and China.

China and its army of hackers

The People Liberation Army of the China boosted the world largest land forces with over 2.1 million military personnel. However, during in peacetime, these forces often act as a deterrent and let their shadowy army of hackers do the attacking for them.

As such, China’s PLA Unit 61398 led the frontline of the cyber war and “blitzed” the cyberspace with many hackings on other countries’ governments, military and commercial information. The size of this army is huge and estimated around 50,000 – 100,000 individuals, and the US allegedly claimed that they are responsible for cyberattacks such as Operation Aurora and Operation Shady RAT.

US Navy’s data breached

In June 2018, US claimed that China’s state sponsored hackers were behind the data breach of a computer contractor working for the Naval Undersea Warfare Centre in Rhode Island. Apparently, a massive 614 gigabytes of sensitive naval and missiles data were stolen by China-linked cyber espionage group known as @Thrip.

The Chinese hackers allegedly skipped the tough cyber-defense of the US Navy and chose an easy, weaker target of a computer contractor employed by US Navy to steal the data. According to US official, the hacking pattern of @Thrip often involved a combination of custom malware as well as legitimate tools, which allowed the hackers to evade detection as they moved through the networks.

Cyber-espionage for all

China is not the only nation on earth that engaged in cyber espionage, in fact most of the countries do it and the US has its own share of “dirty linen” that need to be washed.

Just ask Edward Snowden, the former Central Intelligence Agency (CIA) employee that leaked a series of spying done by US on its own citizens as well as aboard.

Other IT-savvy countries too engaged in cyber espionage on daily basis even though they were at peace with other nations. Thus, it becomes almost a foremost priority for country to set up its cyber-security to protect its cyber-space infrastructure and intellectual properties.

The post Trade war, the pretext for cyber war? appeared first on Hack Ware News.

Hans-Georg Maassen, head of Germany’s domestic intelligence agency told local media on Wednesday that there was “high likelihood” that the Russian government was behind the recent hack of many German foreign and defense ministries.

Maassen identified the cyber-attack as “advanced persistent threat” or (APT). Such cyberattack was considered to be very sophisticated in nature, often needing the concerted effort of a state to commence the operation. During the cyberattack, the hackers targeted the German IVBB computer network which was used to exchange documents labelled “for government use only,” but the spy chief clarified that the network did not carry highly classified documents.

However, the German spy chief cannot be 100% sure that the Russian government was involved the cyber-attack that hacked into network of German foreign and defense ministries on 28 February 2018.

Germany, a Hotbed for “state-sponsored” hackers?

Apparently, the hackers in the February cyber-attack were fishing for data related to EU-UK Brexit talks and negotiations of the European Union with Belarus and Ukraine. Thus, the outcome of the hack is hardly the usual for financial gains but portrayed a darker motive of obtaining information, probably for espionage purposes.

German’s intelligence agency reportedly gotten the wind of the cyber-attack by the time when the hackers started to steal some files. Then, the country’s spy agency believed that the group, Turla was behind the attack, but did not present any proof of the group doing. German investigators then linked the group Turla to the Russian government.

Flashback to a few years back, Germany’s lower house of parliament was a victim of cyber-attack in by the alleged APT28, a notorious Russian hacking group which was also believed to be behind the cyber-attack on U.S. Democratic National Committee ahead of the 2016 U.S. election.

Lesson from Estonia

Probably, Russia is no stranger to alleged state-sponsored attack. Its first victim may be the Baltic nation of Estonia back in 2007, where the country was in a political fight with Russia over proposed plan to remove a Soviet war memorial from a park in Tallinn.

The backlash of the moving a 6-foot-tall bronze statue then triggered a cyber-war on Estonia, where the Baltic nation was hit by three weeks of D-DoS (distributed denial of service) attacks.

At that time, Estonia was the one of the most wired nation on the planet, where virtual everything is done online from paying taxes to getting medical reports. Thus, the country’s government services and economic activity came almost to a standstill for one month.

Estonia then pointed the finger at Russia behind the cyberattack, only for Russia to deny the allegation. The full light of 2007 attack only came two years later in 2009, where a Kremlin-backed youth group Nashi, claimed responsibility for the attack.

Verdict

Cyber-attack is known for the anonymity and tracking the source of attack is sometime as hard as preventing the attack itself. Nowadays, most countries’ government services are made accessible online, therefore it is almost impossible not to suffer any cyber-attacks. The key here is on prevention, investment in cyber-security and stay to date with cyber-security trend.

The post Russia: The Godfather of state hacking? appeared first on Hack Ware News.