Since the beginning of 2021, the world has experienced a series of large-scale cyber attacks. (Source: Reuters) In an age where technology is creeping into every aspect of life, the term cyberattack is not new. Many people think simply that a cyber attack is an attempt by a hacker to steal data or money by infiltrating a computer network, databases, network infrastructure, websites, and devices. individual or organization. But now, hackers have found a way to make a lot of money illegally by attacking physical infrastructure targets, disrupting essential services, affecting not only to a person, a company that can spread to an entire city, even a country. Cyberattacks on the rise Over the past time, the US has continuously suffered from ransomware attacks targeting large companies, non-governmental organizations and government agencies. Most recently, on June 2, a ferry terminal operator service in the US state of Massachusetts became the target of a cyber attack, partially disrupting the ferry service payment system. Previously, hackers attacked the world’s leading meat processing group JBS SA, a branch in the US. In early May, the largest US oil pipeline operator Colonial Pipeline was also attacked by ransomware and forced to shut down some systems, disrupting supplies and pushing gasoline prices to record highs. green. Not only the US, the targets of hackers are very diverse. According to data from cybersecurity company BlackFog, from the beginning of 2021 to the present, US organizations and businesses have suffered 52 ransomware attacks, three times higher than the second-ranked country, the UK (16 (16). competition), followed by France (7), Canada (7), Australia (4), the Netherlands (4) and India (3). The rest of the world suffered only 39 attacks by hackers. Danger wave According to CNN, hacker groups have found that attacking critical service infrastructure can easily make them more money, in less time. These types of attacks have the potential to cause chaos in life, which can lead to product scarcity, push prices higher… The bigger the disruption, the quicker the hacked companies pay the hacker to fix the problem soon. The US Cybersecurity and Infrastructure Agency (CISA) has listed 16 industries as critical infrastructure sectors, including energy, healthcare, financial services, water, etc. Attacks, disruption of these industries can have a dramatic impact, undermining the US economy and security. More dangerously, most companies in this industry do not consider themselves technology-focused companies, leaving the operating system defenseless against increasingly sophisticated attacks by hackers. In addition, it is no coincidence that cyber attacks have increased sharply in the context of the raging Covid-19 pandemic. Millions of people move to remote work, including employees with access to critical infrastructure, while ransomware is deployed simply by enticing victims to click a link in an email. . Eric Cole, a former cybersecurity official under President Barack Obama, said that in order to promote automation, the internal networks of critical infrastructures are now networked and make the risk more risky. higher attack. In particular, hospital systems and healthcare providers are often targeted because they are busy dealing with Covid-19 and have little time to update their defenses. In response to this new wave of danger, on June 3, the White House sent an open letter, asking essential service companies to “consider ransomware as a threat to our core business.” themselves, rather than simply risk data theft.” US Commerce Secretary Gina Raimondo on June 6 asked the private sector of the country to be vigilant against the increasing wave of cyber attacks, and said that the threat is always present and even present. may become more severe. In order to protect your safety as well as your wallet, according to CNN , not only the US, companies, organizations and agencies also need to quickly close potential vulnerabilities in the system, update software and ensure that the most important functions are “immune” from damage. network attacks. Individuals also need to be cautious and alert before clicking on any link on the internet.

Google Chrome is one of the most popular browsers today with more than 2 billion users. Photo: EarnGurus Recently, a security researcher from the Project Zero team discovered a critical security vulnerability (CVE-2021-30551) in Google Chrome, affecting many users. Not much is known about this vulnerability, instead, it is only briefly described: “Confusion in V8”. This is a JavaScript engine, used quite commonly on Google Chrome and browsers using Chromium source code (including Microsoft Edge). In a blog post, Google confirmed that the CVE-2021-30551 vulnerability exists in the wild. To limit future attacks, Google Chrome users should update their browser immediately by going to Settings – Help – About Google Chrome (about Google Chrome). When the update to version 91.0.4472.101 is complete, simply press Relaunch to restart the browser. Update Google Chrome browser to the latest version. Photo: Tieu MINH This is the sixth zero day vulnerability found on Google Chrome since the beginning of the year. The latest version of the browser also contains a total of 10 security patches, seven of which are listed as High threat and one is described as Critical. Sharing with BleepingComputer, Kaspersky warned that a new group of hackers calling themselves PuzzleMaker successfully hacked both Chrome and Windows this month, prompting Microsoft to issue an urgent upgrade notice for Windows users. In addition, Kaspersky also recommends that users update their browser and operating system to the latest version to limit future attacks.

Not stopping there, things are even more dangerous when two other vulnerabilities can be exploited by hackers to manipulate arbitrary files with higher permissions. What makes these even scarier is that they can be exploited without any user interaction. Samsung is aware of these security flaws and it may take the company about 2 months to fix. For now, the best defense is to make sure your Samsung phone is up to date with the latest firmware. Toshin said he has found more than a dozen vulnerabilities in Samsung devices since the start of the year, with many of these vulnerabilities already fixed. One of the bugs lies in apps and components like the Secure Folder app and the Knox security software that come pre-installed on Samsung devices. Tohsin told TechCrunch that these may have given attackers access to sensitive user data. Among +Samsung devices, the Galaxy S10+ is verified as affected. Another vulnerability resulted in the deletion of all previously downloaded apps once device admin rights were granted to a newly installed app. Additionally, a vulnerability in the Settings app could grant read/write access to files with system user-level privileges. A security flaw that was resolved in February could have given hackers access to users’ SMS/MMS messages and call details. Toshin also warned Samsung about issues that may have helped bad guys get the SD card content. While Samsung says the vulnerability affects “certain” Galaxy devices, the company appears to be downplaying the scope of the incident. “No issues have been reported globally and users should rest assured that their sensitive information is not at risk. We have addressed the potential vulnerability by developing and releasing security patches through a software update in April and May 2021 as soon as we identify the issue.” Korean company stated. (According to VOV, PhoneArena)

After a hacker attack Meat producer JBS pays ransom

Status: 10.06.2021 7:13 a.m.

The world’s largest meat company JBS has apparently paid a ransom of $ 11 million after a cyber attack by hackers. It was another incident in a series of corporate blackmail cases in the United States. The US subsidiary of the Brazilian meat processor JBS paid the equivalent of eleven million dollars in ransom after a hacker attack. The payment was made to prevent further disruption by the hackers and to restore the smooth operation of the affected locations, said the Dallas-based company. According to the US media, the payment was made in Bitcoin. According to the US government, the company had received a ransom note from a criminal organization likely based in Russia. The attack paralyzed JBS production in Australia and affected Canada and the United States.

“A difficult decision”

“This was a very difficult decision for our company and for me personally,” explained Managing Director Andre Nogueira. “However, we felt that this decision had to be made in order to avoid any potential risk to our customers.” The investigations are still ongoing, but preliminary results have suggested “that no company, customer or employee data has been compromised.”

US investigators suspect Russia is behind it

US President Joe Biden said last week that investigators had linked Russia to the JBS case. “JBS USA was in constant contact with government officials throughout the incident,” the company said. In the USA, the state and business are currently fighting a series of attacks with blackmail software known as “ransomware”. The data of the attacked systems are encrypted. The hackers demand cash payments in cryptocurrency so that they can unlock access again and not publish the data.

Ransom payment in Bitcoin

The US utility company was also last month Colonial pipeline The victim of a hacker attack with a blackmail Trojan that temporarily shut down the entire pipeline network. The US Federal Police FBI blames a hacker group called “Darkside” for the attack and later tracked down the ransom of 75 Bitcoin that Colonial had paid – at the time it was worth $ 4.4 million.

Warning: Hackers take advantage of the Covid-19 epidemic to spread malicious code. Illustration Taking advantage of the complicated development of the Covid-19 epidemic in many countries around the world and even in Vietnam, hacker groups have opened many cyberattack campaigns through fake emails with documents containing malicious code. , with titles and content related to the Covid-19 epidemic to trick users into opening documents. As noted by experts of CyRadar Information Security Joint Stock Company, the hot topic of the Covid-19 epidemic and the Covid-19 vaccine has continued to be exploited by many hacker groups in their campaigns to defraud Vietnamese users. Nam through the form of sending fake emails with attached document files containing malicious code. Specifically, two cyberattack campaigns in the form of sending fake emails with attached documents related to the Covid-19 epidemic, including “Jam Gia Dien dich Covid-19.docx” and “Covid-19– Vaccines.xlsm”. The above docx and xlsm file formats, according to experts’ analysis, have malicious code installed. When the user opens the document file, the malicious code will penetrate the computer, allowing the remote hacker to control the computer through commands. From there, hackers can also order to download many other malicious codes, steal data, passwords, screenshots… Currently, as noted by CyRadar, the number of cases where users are tricked into downloading and opening fake documents related to the Covid-19 epidemic and the Covid-19 vaccine are not many. However, in the context of a complicated epidemic and a growing remote working model, experts predict that in the coming time, there may be more hacker groups that continue to take advantage of the Covid-19 epidemic to attack scams. user island. Therefore, in addition to recommending the use of protection software, experts also recommend that organizations, businesses and users need to be careful and consider carefully when downloading email attachments.

Street link This fake is called “Coca-Cola Welfare Fund”. Furthermore, the user after clicking on website Above, provide personal information, link to Facebook will receive a gift worth 2 million VND from this “fake” brand. Website pretending to be Coca-Cola. The web interface is designed similar to website mainstream Coca-Cola. However, after trying the login steps, the Facebook account will immediately be disabled hacker intrusion, the user loses control of his personal page. Accounts that are disabled hacker Intrusion will continue to send spam links link Go to your friends Facebook account and post continue the way link up newsfeed to attract the attention of those who are curious and want to receive the gift of 2 million VND. Roads link “poison” contains virus could get into the computer or smartphone personal data, stealing important user data such as passwords, pictures even ID numbers, CCCD and bank passwords and many other security information. Coca-Cola denied any connection to this fake website. The Coca-Cola brand has confirmed that this brand currently does not have any Welfare Fund link on the whole is due hacker impersonate. Up to the present time, the road link This fake is still spreading extremely widely on the Facebook platform in Vietnam. Facebook users need to be wary of strange links, not linked by personal accounts and absolutely do not provide information on any website. website any suspicious signs. Ceiling paint According to News TGDD

(Artwork: Presse-citron) Specifically, the Teabot (or Anatsa) malware, which can allow hackers to take over the victim’s Android device completely; steal their banking and other important personal information through tools like keyloggers. The analysis report from Bitdefender researchers said that Teabot malware can perform attacks through Android Accessibility Services, view private messages, steal banking information, steal authentication codes. of Google,… and even take full remote control of the victim’s devices. (Artwork: Unsplash) Distributing malware directly from app stores would be difficult, so hackers use the method of impersonating top-rated apps distributed on third-party websites. . According to research by Bitdefender, fake Android apps include antivirus, media player, health, etc. To deceive users, the fake app’s name and logo will be copied. copy almost or exactly like the real application. (Artwork: Panda Security) Here are 6 malicious apps impersonating famous apps to scam users. If you are using Android devices, please check all the applications on the device. In case your phone has 1 of the 6 applications below, quickly remove them immediately. The main app icon (right) and the fake app (left) have some differences in the 5th and 6th apps. (Image: Bitdefender) Bitdefender emphasizes that the campaign against these malicious applications is still active. For this reason, Android users need to be careful about downloading apps, especially apps from third parties, that aren’t part of the Google app market; Don’t click on strange links and always look carefully at the permission requests of Android apps.

(Artwork. Source: bitcoinexchangeguide.com) Ransomware attacks have been on the rise in South Korea over the past year, paralyzing hospitals and shopping malls amid the COVID-19 pandemic leading to an increase in online shopping activities. . On June 3, a large plastic surgery hospital in the south of Seoul announced on its website that its server had been attacked with ransomware and that hackers appeared to have stolen data. patient’s personal data. This is the latest in a series of recently reported ransomware attacks – a tactic used by cybercriminals to infiltrate businesses’ systems and use their data to demand ransom. ransom. According to the South Korean Ministry of Science and Information Technology, last year there were 127 ransomware attacks, a threefold increase from the previous year. Since the beginning of this year, the country has recorded 65 attacks with ransomware. Malware attacks blackmail was aimed at various businesses in Korea. Last month, food delivery company Super Hero’s operations were paralyzed for hours after an attack that affected 15,000 delivery workers nationwide. Last November, local fashion and retail group E-Land was also “inquired” by hackers, forcing 23 of the 50 branches of the NC Department Store and NewCore Outlet to suspend operations. Mr. Kim Seung-joo, Professor of Cyber ​​Security at University Korea , commented that as companies are forced to choose to increase their reliance on remote work during the pandemic, cyber attacks malicious code Blackmail has become a bigger threat because they can paralyze the entire working system. This has led to many companies paying a ransom and has led hackers to carry out more attacks. He urged businesses to invest in cybersecurity to prevent the threat in the first place. In response to ransomware attacks in the near future, last month, the Korean Ministry of Information and Communications Technology set up a 24-hour monitoring group to support hacked companies. . The government is now providing assistance to affected companies in system recovery.

The entrance to a shopping mall in Seoul, South Korea is closed after a ransomware attack. (Source: Yonhap) On June 3, a large plastic surgery hospital in the south of Seoul announced on its website that its server had been attacked with ransomware and that hackers appeared to have stolen data. patient’s personal data. This is the latest in a series of recently reported ransomware attacks – a tactic used by cybercriminals to infiltrate businesses’ systems and use their data to demand ransom. ransom. According to the Korean Ministry of Science and Information Technology, last year there were 127 ransomware attacks, a threefold increase from the previous year. Since the beginning of this year, the country has recorded 65 attacks with ransomware. Ransomware attacks have targeted various businesses in South Korea. Last month, food delivery company Super Hero’s operations were paralyzed for hours after an attack that affected 15,000 delivery workers nationwide. Last November, local retail and fashion group E-Land was also “inquired” by hackers, forcing 23 of the 50 branches of the NC Department Store and NewCore Outlet to suspend operations. Kim Seung-joo, a professor of cybersecurity at Korea University, said that in the context of companies being forced to choose to increase their reliance on remote working during the pandemic, ransomware attacks Money has become a bigger threat because they can paralyze the whole working system. This has led to many companies paying a ransom and has led hackers to carry out more attacks. Kim Seung-joo urged businesses to invest in cybersecurity to prevent the threat in the first place. In response to ransomware attacks, last month, South Korea’s Ministry of Information and Communications Technology set up a 24-hour monitoring team to assist hacked companies. The government is now providing assistance to affected companies in system recovery. (according to Yonhap)

The move comes after the attack on the US oil and gas shipping company Colonial Pipeline and the growing damage caused by cybercriminals. The US raised the level of investigation into the crime of extortion hackers to the level of ‘terrorists’. Photo: REUTERS In an internal guideline document sent to law offices across the United States on June 3, the US Department of Justice directed that investigations into ransomware should be coordinated with the central government, specifically: A new task force was established in Washington. “This will be a specialized process to ensure we can track all cases of extortion hackers regardless of where they happen in the US, so we can capture the connection between subjects and proceed to break the whole link,” said Deputy Attorney General John Carlin. Previously, in May, the largest US oil pipeline system, the Colonial Pipeline, was crippled by hackers. Colonial Pipeline has decided to pay hackers who have compromised their systems nearly $5 million to regain access. According to the Reuters , the DOJ’s guidance document specifically mentions the Colonial attack as an example of “the growing threat posed by cybercriminals and digital ransomware to the nation.” . “To ensure we can uncover connections between incidents and investigations across the country and globally, and to paint a big picture of national security and economic threats, The economy we face, we must strengthen and focus our internal monitoring,” the guidance document states. Reuters Citing US officials, the decision to include ransomware attacks in a special process by the Department of Justice shows that the issue is being prioritized. “We’ve used this model in the past for counterterrorism, but never with ransomware,” said Carlin, adding that the process typically applies to cases involving direct national security. In practice, this means that investigators at US attorneys’ offices dealing with ransomware cases will have to share both up-to-date case details and technical information with officials in Washington. The guidelines also require offices to review and report other investigations related to the large-scale cybercrime ecology. According to the guidelines, the list of investigations currently required to be reported to the central government includes: anti-virus services, illegal online forums or marketplaces, cryptocurrency exchanges, cybercriminal server services, botnets, and online money laundering services. “We would like to emphasize that prosecutors and criminal investigators need to report and conduct monitoring of cryptocurrency exchanges, illegal online forums or marketplaces for trading hacking tools. , as well as tracking botnets that serve a variety of purposes,” said Carlin. According to Mark Califano, a former US attorney and cybercrime expert, raising the level of investigation could allow the US Justice Department to “deploy resources more effectively” and “identify common exploits” variables” used by cybercriminals.

In a statement on May 31, JBS USA said it detected an organized cyberattack that affected several servers that support the corporation’s information technology systems at its North American facilities. and Australia. JBS is the world’s largest meat processing company, with operations in many countries such as the US, Australia, Canada, Europe, Mexico, New Zealand and the UK. The company said no customer, supplier or employee data was leaked or used for shady purposes following the cyberattack. However, the company said it will take a long time to resolve this issue and as a result, some transactions with customers and suppliers may be disrupted. All US beef processing plants under JBS have stopped production, affecting nearly a quarter of the total supply in the US market. The company’s other meat processing plants were also disrupted to a certain extent. Photo: Visual China Although the company has not publicly stated that it is threatened by ransomware, the White House said the attack was ransomware, possibly from a group based in Russia, although JBS has not made it public. confirm this. White House spokeswoman Karine Jean-Pierre told Reuters the FBI was investigating. Ransomware is malicious software that encrypts a target’s system, preventing users from accessing and using their computer system or document files (mainly detected on Windows operating systems). In some cases, hackers also gain access to the target’s data and demand a ransom if they want to get the data back. Since November last year, a series of ransomware attacks have targeted well-known companies such as the US factory Foxconn, Apple’s Macbook Quanta laptop assembly partner, and the Colonel Pipeline pipeline company. Among them, Quanta has stolen a large number of drawings of the new MacBook, which has a certain effect on Apple. The hacker group asked Apple to pay a ransom of $ 50 million to not publicly publish the data they have, Apple flatly refused. Leading US fuel pipeline operator Colonial Pipeline has shut down its entire network following a ransomware-related cyberattack. According to CNBC, the company Colonial paid $4.4 million in ransom in the form of Bitcoin cryptocurrency to the DarkSide hacker group. For these companies, there are two issues that need to be considered: First, why the security team can’t resist hacker attacks; second, what role does cryptocurrencies play in these transactions? The “fragility” of businesses before a cyber attack When you hear the word “cybersecurity,” you probably think of large companies or government organizations that invest tens of millions of dollars in firewalls, anti-virus software, and other security protocols to protect their systems from potentially malicious attacks or data leaks. Or you would think of the large internal cybersecurity teams who are knowledgeable and know how to deploy the latest technology to fight hackers and protect corporate information. The reality is that security issues affect every company – from the smallest store, fledgling startups to the largest multinationals. Any system is not immune to loopholes, and hackers who have the guts to attack large businesses are organized and premeditated. The security team of a large enterprise cannot avoid negligence, giving hackers the opportunity to take advantage. Hackers take advantage of cryptocurrency to make blackmail transactions Photo: QQ After successful attacks, many hacker groups now demand ransom in the form of cryptocurrencies, namely Bitcoin instead of real money. All transactions are assigned to Bitcoin addresses, but this address is not assigned to a specific person or organization. To increase anonymity, each transaction you can use a Bitcoin address to send and receive money, no one can know who you are. So Bitcoin is definitely the best choice when it comes to making illegal transactions. As the most valuable cryptocurrency today, Bitcoin has become a favorite object of hackers. The market value of cryptocurrencies skyrocketed around October of last year. Since mid-May of this year, this market price has been continuously falling, but it seems that the cryptocurrency still has a chance to explode again. In 2017, a type of malicious code called WannaCry opened a huge cyber attack in 150 countries, causing many users’ files to be locked. If they want the right to unlock, the victim has to pay the hackers 300 USD worth of Bitcoin. In 2019, hackers attacked the city of Baltimore (Maryland state, USA), froze thousands of computers, turned off emails … and demanded the city pay about 100,000 USD in Bitcoin. Ransomware attacks will get stronger and stronger Photo: QQ According to Ekram Ahmed, a spokesman for cybersecurity firm Check Point: “Hackers are pursuing larger and more advanced targets because they know they can succeed. Networks like Colonial paid $4.4 million in ransom, ransomware monetization will attract many new entrants. Things are getting worse, and I firmly believe that ransomware is now a national security threat.” . The consecutive attacks signal a worrying trend in ransomware attacks, especially those that can cause major disruption. Ransomware attacks are becoming more and more common, although hackers often find smaller and more vulnerable targets, less network security, and will pay a ransom to keep their systems normal. usually return as quickly as possible. Cryptocurrencies like Bitcoin have made it much easier for hackers to obtain ransoms. “Ransomware is now a lucrative business for hackers. Since the beginning of 2020, the number of organizations affected by ransomware has increased by 120%.” According to a recent report by cybersecurity firm Sophos, the average cost of recovering from a ransomware attack also appears to have doubled. Software company Chainalysis determined that $350 million was spent on ransomware ransoms in 2020. But it can be difficult to know the full scale of the attacks and the amount of ransom paid, because many the company did not report them in the first place. CNA Financial Corporation, one of the largest insurance companies in the US, paid $40 million in ransom last March, which was revealed only two months later. Law enforcement agencies advise businesses hit by ransomware not to pay the ransom, and say it will encourage hackers to continue demanding increasingly high amounts. However, not every company has the technological capabilities to deal with a group of hackers as sophisticated as Apple.

Appropriate measures should be taken to limit the risk from ransomware. Illustration. With this form of attack, hackers often use tricks to fake websites, extract data of agencies and organizations and demand ransom. Cybercriminals carry out cyberattacks according to a concise strategy that is applicable to many industries. An analysis of recent experts shows that, in 2020 alone, the amount of damage related to ransomware attacks has reached billions of dollars. More dangerously, this behavior also targets the government’s information technology systems, causing serious impact. To protect critical data from attacks, government IT systems need to ensure external layers of security, while having the added responsibility of maintaining the infrastructure if an intrusion occurs. offense. According to studies, despite the development and expansion of the scope, the attacker’s methods still have similarities. Most hackers will illegally exploit the lowest-level vulnerabilities first, through some common and easy-to-implement method. Therefore, experts recommend to prevent ransomware from this initial step through some of the following methods. 1. Secure remote access Remote access is a familiar method often used by attackers, especially through unpatched vulnerabilities of information systems. Accordingly, hackers are constantly scanning the internet, looking for ways to exploit these vulnerabilities to perform attacks. To combat vulnerability scanning, organizations should prioritize patching vulnerabilities first. Along with that, to protect the system, experts recommend that organizations identify remote access systems to their systems by looking up IP addresses. If an attack is suspected, users should block public access to remote desktop protocol services (iRemoteDesktop – RDP), a secure shell that encrypts transmission data (Secure Socket Shell – SSH) ) and file transfer protocol (File Transfer Protocol – FTP). Agencies and organizations need to ensure that systems for remote access such as firewalls, VPN gateways, and email gateways are regularly patched, perform scanning for security holes, and deploy multi-factor authentication. Multi-factor Authentication (MFA) for accounts that are authorized for remote access. Hackers take advantage of security holes to attack the network. Illustration. 2. Email security Many ransomware incidents can start with an email sent to a user. This attack method is gradually becoming popular for hackers to perform blackmail. Experts say it’s safer to prevent unsolicited emails in the first place. The email security system acts as a “fence” to protect the strange messages from the internet and private mailboxes in the intranet system. To avoid email threats, users need to make sure email messages are scanned through a filtering system, and check attachments and links for advanced threats. In addition, account holders should audit or block password-protected documents as hackers often use this method to bypass email data scanning. 3. Keep data backups safe The third most common method for ransomware is to identify the target, encrypt the data, and then completely delete the backups. In addition to the data on the network and the data being used directly, the hacker will search all backups and encrypt them, disabling the data to increase the possibility of ransom from the victim. The victim then has a high probability of paying to buy back these encrypted data. Therefore, individuals, agencies and organizations should have backup plans to ensure the safety of all data. 4. Implement a 3-2-1 . Backup Strategy Without the right protections, backups, and archiving, concurrent copies on the same network are vulnerable to hackers. To avoid network-wide attacks, experts have come up with a safe backup measure for users’ data systems. For all important files, users should store 3 copies, including 1 primary backup for daily use and 2 backup copies. In it, the files will be saved on 2 different media environments to reduce the possibility of mass attacks. These copies must be in place so that data can be accessed and restored easily and quickly in the event of a failure. At the same time, users should save 1 copy outside the work network or home network, in case of force majeure situations due to natural disasters, unexpected disasters.

The report found that as many as 23 apps are available on Google Play, each with between 50,000 and 10 million downloads, violating privacy guidelines in the collection and storage of user information. Some applications are less secure, leaving users vulnerable to personal data leakage. (Photo: Check Point) Of these, there are 13 applications that store user data in the cloud but are not secure. This means hackers can easily access data from the outside. Hackers can even modify the developer’s notice, and replace it with malicious links or misleading content. Users’ personal information is easily leaked when using these applications. (Photo: Check Point) These vulnerabilities put at least 100 million Android users at risk of phishing, identity theft, and malware attacks. 13 out of 23 apps have extremely poor security, allowing hackers to access public data, but Check Point only lists 5 applications that need attention: This Screen Recoder app was found to be storing users’ passwords on an unsecured cloud service, leaving the data vulnerable to leaks. (Photo: Check Point) – Astro Guru : Horoscope app with over 10 million downloads. Astro Guru stores each user’s name, date of birth, gender, GPS location, email address, and payment information. – iFax : Mobile fax application, stores all documents sent by more than 500,000 users in a cloud database. – Logo Maker : Logo design app with over 170,000 users. The user’s full name, account ID, email and password are all accessible. (Artwork: Crystal Cox/Business Insider) – Screen Recorder : This app has more than 10 million downloads. The developer stored the user’s password on an unsecured cloud service, making the data vulnerable to leaks. – T’Leva : Taxi hailing app from Angola with over 50,000 downloads. This application saves the history between the driver and the rider, the location data, name and phone number are accessible. Check Point said it notified the app developers, but only Astro Guru responded, and some of the apps are still available on Google Play.

“After information was spread online about the image of artist Hoai Linh’s account statement, the Bank checked and verified the incident and discovered that an employee intentionally copied the screen and leaked it. Currently, MB has suspended this person’s work and will take disciplinary action at the highest level; at the same time, transfer the entire case file to the investigating agency for handling in accordance with the law.” , the statement said. MB Bank also confirmed that the disclosure of information on the air was caused by a breakdown in the bank’s information technology system or a hacker attack. Because this system is built on the most advanced technology and security platforms in the world today, the bank’s online transaction rate reaches 90% with hundreds of millions of safe transactions. The MB representative also said that in the spirit of respecting the law, the Bank is committed to taking strict measures to ensure absolute compliance with the provisions of the law on protecting customer information throughout the system. The Bank will take appropriate disciplinary measures for all individuals who disclose/leave information, do not comply with professional ethics regulations, do not comply with legal regulations, industry and MB. It is known that a week ago, on social networks, a “controversial” case appeared, artist Hoai Linh was more than 6 months late paying over 14 billion VND in relief money for flood victims in the Central region, transferred by benefactors. come. Just a few days later, the online community released photos of dozens of statements showing the transactions of comedian Hoai Linh’s account opened at MB bank. Immediately, a wave of protests against MB’s disclosure/passage of confidential customer account information. After about 3 days of actively researching, until today, May 27, MB has an official feedback.

After the investigation process, the Military Bank (MB) said that MB discovered an individual working at this bank to leak customer information, this individual had seriously violated the regulations of the Bank. Bank. MB’s announcement emphasized that, in the spirit of respecting the law, the Bank is committed to taking strict measures to ensure absolute compliance with the provisions of the law on protecting customer information. MB transferred the profile of the person who leaked Hoai Linh’s account information to the investigating agency At the same time, there will be appropriate disciplinary measures for individuals who disclose/leave information, fail to comply with professional ethics regulations, and do not comply with Laws and regulations of the bank. Currently, MB has suspended the work of the above violator and will organize disciplinary action with the highest form of the violator, and at the same time, the bank has transferred the file to the investigation agency for handling. MB confirmed that the above information disclosure was not caused by a breakdown in the bank’s information technology system or a hacker attack. Because the bank’s IT system is built on the most advanced technology and security platforms in the world today, the bank’s online transaction rate reaches 90% with 100 million safe transactions. For example, for the APP MB product, the bank has brought financial experiences beyond expectations to customers. MB’s representative also emphasized that transaction information at MB is protected by 3 layers of fences, including: First, the eMB application protection system with the feature of refusing to install with unsafe devices; anti-decompile and lock protect sensitive data; The second layer of encryption protects when the application transmits information to the service server at the bank, ensuring data integrity and inviolability; The final barrier of protection is built on each feature provided by Ebank (when applying Smart eKYC technology to identify customers, additional AI is used for face and voice authentication; using Generation Digital OTP. 3.0 with the addition of Dynamic Key security technology being used by the Singapore government…). Along with that, “In order not to let similar incidents happen again, in order to secure information and transaction data of customers, MB has also reviewed the working processes, strictly decentralized and tightened more work discipline” – MB representative confirmed.

In the spirit of respecting the law, the Bank commits to take strict measures to ensure absolute compliance with the provisions of the law on protecting customer information; take appropriate disciplinary measures for individuals who disclose/leave information, do not comply with professional ethics regulations, do not comply with the provisions of law, regulations of the bank. Specifically, the Bank has suspended the work of individual violators and will organize disciplinary action with the highest form of violators, and at the same time transfer the file to the investigating agency for handling. Information to the press, MB confirmed that the disclosure of information was not due to a breakdown in the bank’s information technology (IT) system or a hacker attack. The bank’s IT system is built on the most advanced technology and security platforms in the world today, the bank’s online transaction rate reaches 90% with 100 million safe transactions. For example, for the APP MB product, the bank has brought financial experiences beyond expectations to customers. Transaction information is protected by 3 layers of fences including: The first is the eMB application protection system with the feature of refusing to install with unsafe devices; anti-decompile and lock protect sensitive data; The second layer of encryption protects when the application transmits information to the service server at the bank, ensuring data integrity and inviolability; The final barrier of protection is built on each feature provided by Ebank (when applying Smart eKYC technology to identify customers, additional AI is used for face and voice authentication; using Generation Digital OTP. 3.0 with the addition of Dynamic Key security technology being used by the Singapore government…). “In order not to let similar incidents happen again, in order to secure the information and transaction data of our customers, we have also reviewed the working processes, strictly decentralized and tightened the working discipline. more work”- MB emphasized.

Regarding this incident, MB Bank said that after receiving information from public opinion that the artist Hoai Linh’s account was spread on the social network that was supposed to be opened at MB, the Bank checked and verify the facts. And MB has discovered an individual working at the Bank to leak customer information. This individual has seriously violated the Bank’s regulations. In the spirit of respecting the law, MB is committed to taking strict measures to ensure absolute compliance with the provisions of the law on protecting customer information. The Bank will take appropriate disciplinary measures for individuals who disclose/leave information, fail to comply with professional ethics regulations, and do not comply with laws and regulations of the bank. Regarding MB’s handling method for violators, the Bank has suspended the violators’ work and will organize disciplinary action with the highest form of violators, and the bank has transferred the files to the violators. to the investigating agency for handling. In addition, the Bank confirmed that the above information disclosure was not caused by a breakdown in the bank’s information technology system or a hacker attack. The bank’s IT system is built on the most advanced technology and security platforms in the world today, the bank’s online transaction rate reaches 90% with 100 million safe transactions. For example, for the App MB product, transaction information is protected by three layers of fences, including: The first is the eMB application protection system with the feature of refusing to install with unsafe devices; anti-decompile and lock protect sensitive data; the second is an encryption layer that protects when the application transmits information to the service server at the bank, ensuring data integrity and inviolability; third, the ultimate protective barrier is built on each feature that Ebank offers… In order not to let similar incidents happen again, in order to secure information and transaction data of customers, MB’s representative said that the Bank has reviewed the working processes, strictly decentralized and tightened stricter work discipline.

MB confirmed that this information disclosure was not caused by a breakdown in the bank’s IT system or a hacker attack The Bank’s handling method for violators: The Bank has suspended the violator’s work and will organize disciplinary action with the highest form of violators, and the bank has transferred the file to to the investigating agency for handling. MB confirmed that the above information disclosure was not caused by a breakdown in the bank’s information technology system or a hacker attack. The bank’s IT system is built on the most advanced technology and security platforms in the world today, the bank’s online transaction rate reaches 90% with 100 million safe transactions. For example, for the APP MB product, the bank has brought financial experiences beyond expectations to customers. Transaction information is protected by 3 layers of fences including: First, the eMB application protection system with the feature of refusing to install with unsafe devices; anti-decompile and lock protect sensitive data; The second layer of encryption protects when the application transmits information to the service server at the bank, ensuring data integrity and inviolability; The final barrier of protection is built on each feature provided by Ebank (when applying Smart eKYC technology to identify customers, additional AI is used for face and voice authentication; using Generation Digital OTP. 3.0 with the addition of Dynamic Key security technology being used by the Singapore government…). “In order not to let similar incidents happen again, in order to secure the information and transaction data of our customers, we have also reviewed the working processes, strictly decentralized, and tightened the working discipline. more work” – MB representative confirmed.

The form of attack and distribution of malware via email is quite common. Photo: Yahoo Recently, Microsoft’s security research team discovered a new attack via email. When the victim downloads and opens the attached PDF files, the Trojan will access the device and steal login information, passwords, etc. In addition, the malware also takes control of the system and disguises itself as fake ransomware. “Version 1.5 of the malware has quite a few changes compared to the previous version, but their functionality remains largely the same, including collecting browser passwords, running remote commands and PowerShell, remembering operations. keyboard operation… and some other features”. Malicious PDF file attached to email. Photo: Microsoft According to the report of Threatpost , malware is being distributed by attackers by email, users can identify their signs through messages like “Outgoing Payments”, “Accounts Payable Department” … Microsoft said that Microsoft 365 Defender software can detect and prevent malware from attacking computers based on machine learning.

Ransomware is a type of malware that encrypts the victim’s data. Cybercriminals using ransomware also often steal data. The hackers then demanded a payment to unlock the files and promised not to leak the stolen data. In recent years, hackers have targeted victims with cyber insurance policies, and large volumes of sensitive consumer data make them more likely to pay ransoms, according to cybersecurity experts. According to the unnamed source, CNA paid the hackers about two weeks after a bunch of company data was stolen and CNA officials were locked out of its own network. CNA does not comment on the ransom, with a CNA spokesperson saying CNA followed all laws, regulations and guidelines, including OFAC’s 2020 ransomware guide, in handling the matter. CAN also shares attack intelligence and hackers’ identities with the FBI and the Treasury Department’s Office of Foreign Assets Control because facilitating ransom payments to hackers can cause punishment risk. The largest ransom amount Ransomware attacks – and payments in particular – are rarely disclosed so it’s difficult to know what the largest ransom is. The $40 million payout is larger than any previously disclosed payments to hackers. The hackers attacking CNA used malware called Phoenix Locker, a variant of ransomware called ‘Hades.’ According to cybersecurity experts, Hades was created by a Russian cybercrime organization called Evil Corp. Evil Corp. was sanctioned by the United States in 2019. However, identifying attacks can be difficult because hacking groups can share code or sell malware to each other. CNA, which provides cyber insurance, said its investigation concluded that the Phoenix hacker group was not on the US sanctions list. The disclosure of the payment is likely to draw outrage from lawmakers and regulators who are unhappy that US companies are paying large sums of money to criminal hackers who over the past year have targeted hospitals, drug manufacturers, police forces and other entities critical to public safety. The FBI discourages organizations from paying ransoms because it encourages additional attacks and does not guarantee data will be returned. Last year was a standout year for ransomware groups, with a task force made up of security experts and law enforcement agencies estimating that victims paid around $350 million in ransom last year, up 311% compared to 2019. The Task Force suggested 48 actions the Biden administration and the private sector could take to mitigate such attacks, including better regulation of money markets. digital currency used to make ransom payments. The report, prepared by the Institute for Security and Technology, was delivered to the White House days before the Colonial Pipeline Company was compromised in a ransomware attack that resulted in fuel shortages and long lines at stores. gas stations along the US East Coast Bloomberg reported that Colonial paid hackers nearly $5 million shortly after the attack. Colonial CEO Joseph Blount, in an interview with the Wall Street Journal published Wednesday, confirmed that the company paid the hackers – $4.4 million in ransom. According to two people familiar with the CNA attack, the company initially ignored the hacker’s request and attempted to recover the data without negotiating with the criminals. But within a week, the company decided to start negotiating with the hackers, who were demanding $60 million. Residents said the payment was made a week later. According to Barry Hensley, chief intelligence officer at cybersecurity firm Secureworks Corp. then the Phoenix Locker seems to be a variation of Hades based on the overlap of the code used in each. He said they have not yet identified which hackers used the Hades variant to attack CNA. Cybersecurity firm CrowdStrike Holdings Inc believes Hades was created by Evil Corp. to bypass US sanctions against the hacking group. In December 2019, the Treasury Department announced sanctions against 17 individuals and six entities associated with Evil Corp. At the time, the Treasury Department said Evil Corp used malware “to infect computers and collect login information from hundreds of banks and financial institutions in more than 40 countries, causing more than 100 million dollars of theft. “It is illegal for any U.S. company to knowingly pay a ransom to Evil Corp. According to Melissa Hathaway, President of Hathaway Global Strategies and a former cybersecurity adviser to Presidents George W. Bush and Barack Obama, demand for ransomware has grown exponentially over the past six months. Hathaway said the average hacker’s ransom demand is between $50 million and $70 million. Those claims are often negotiable, and companies often pay ransoms in the tens of millions of dollars, in part because cyber insurance policies cover some or all of the costs. Hathaway estimates that the average payout is between $10 and $15 million. Ngoc Linh – According to Insurance Journal

Illustration. The cybersecurity situation has undergone drastic changes in recent times, especially in the context of the Covid-19 epidemic and the trend of remote working. This manifests itself in large-scale and increasingly complex attacks. Hackers perform an average of 50 million password attacks per day, 579 attacks per second. AGAINST MALWARE AND RAMSOMWARE WITH DEVELOPMENT Microsoft’s telemetry results released over the weekend showed that the prevalence of malware and ransomware infections in Asia-Pacific has been increasing over the past 18 months, stretching back to before the Covid-19 pandemic. -19 outbreak to date. Specifically, in Australia it is 23%; China is 80%; India 15%; Japan 16%; New Zealand 19%, Singapore 43%, Hong Kong 38%, South Korea 22%, Malaysia 2%, Philippines 15%, Taiwan 16%, Thailand 3% and Vietnam 7%. Among them, Indonesia alone has a 24% decrease in malware infection rate. The number of cyber attacks and the number of Vietnamese IP addresses in botnets increased in March 2021 due to hackers taking advantage of the increasing demand for Internet use by users as well as people’s interest in translation information. Covid-19. During the same period, the number of ransomware infections (a subset of malware) also increased by 453% in Australia; China (463%); India (100%); Japan (541%); New Zealand (825%); Singapore (296%), Hong Kong (179%), Indonesia (31%), South Korea (64%), Malaysia (72%), Philippines (70%), Taiwan (407%), Thailand (6%) ). This figure in Vietnam is recorded at 15%. In Vietnam, in March 2021 alone, the Information Security Administration recorded 491 incidents of cyber attacks on information systems, an increase of 8.15% compared to February 2021. In which, the number of Malware attacks is 180, while Phishing and Deface attacks are 164 and 147, respectively. In the first quarter of 2021, although compared to the same period in 2020, the number of cyberattacks causing problems on information systems decreased by 20%, but from the beginning of 2021 to now, the number of cyberattack incidents has decreased by 20%. is still in an uptrend. Experts believe that the reason for the increase in the number of cyberattacks and the number of Vietnamese IP addresses in botnets in March 2021 was because hackers took advantage of users’ increasing demand for Internet use as well as the interest People’s attention to information about Covid-19 epidemic. Therefore, the number of Phishing and Malware attacks on systems has increased to cheat, destroy and steal information illegally… It can be seen that, in the context of complicated epidemic developments, when more and more organizations, businesses and individual users work remotely, work from home, they are creating an environment for bad guys to exploit vulnerabilities, Attacks, information theft, large-scale cyberattacks take place in Vietnam and around the world. ABOUT 3.5 MILLION SECURITY PROFESSIONALS IN 2021 Experts say that even as more people begin returning to the office, hybrid work is forecast to remain the norm in the future. According to Forrester, as people gradually settle into a new working model after the pandemic, we will still see an increase in the proportion of employees working remotely compared to before the pandemic, at 300%. And the current Job Trends Index report shows that 53% of respondents in Asia plan to move to a new place because they can work remotely, compared to 46 percent globally. %. That change has been demanding an urgent need for new security solutions to meet the way of working, especially when the network of organizations is no longer limited to the “office wall”. This requires a very different mindset from the traditional “network is the border” and “device protection” approaches. Organizations and businesses need to take data and authentication as the center. While there are many other ways to secure these days, addressing identity, authentication, and information management issues is still critical. Experts have pointed out 4 main pillars to protect users against new work era cyber threats, including: identity protection, Zero Trust mindset, cloud application, and resource investment. security personnel. The network of organizations is no longer limited to the “office wall”. This requires a very different mindset from the traditional “network is the border” and “device protection” approaches. As recent attacks have shown, identity will be the “battlefield” for future attacks. Microsoft Vice President of Security, Compliance, and Identity Vasu Jakkal said that, in a world where identity is the new battleground, adopting a Zero Trust strategy has become a must for businesses. Karma. The hybrid workplace is virtually borderless, so it’s important to establish protective “barriers” around identities and devices. As part of his journey to building a Zero Trust mindset, the expert emphasized that “passwordless authentication will be the trend of the future and that transformation will be seen this year”. Besides the application of technology, experts also emphasize the special importance of people and skills in ensuring information security of each business organization. However, the lack of security professionals and the lack of diversity in security teams are two weaknesses that attackers will find to hit next year, the expert said. It is estimated that the information security industry will be short of about 3.5 million security professionals this year.

First, US President Biden announced $20 billion in funding to modernize the energy system and address digital security breaches. Other international and regional companies around the world also come up with their own strategies to mitigate this threat. Saudi Arabia’s oil giant Aramco, Siemens Energy and the World Economic Forum (WEF) have announced they will be releasing a joint report on cyber resilience in the oil and gas industry. The report will establish a blueprint for assessing how best to manage the various risks and threats associated with cyberattacks. The report brings together the experiences of 40 energy experts, who will provide their experience and expertise to outline some of the key cyber threats facing the industry and how best to mitigate those. this threat to improve energy security worldwide. The report comes after years of the oil and gas industry suffering from digital security breaches not only in the United States, which saw the Colonial Pipeline attack this month and a hack in February 2020 for a compressed air facility that caused a two-day power outage. Other oil and gas facilities around the world have also suffered similar losses. In 2012, Saudi Arabia experienced a cyber attack that resulted in more than 30,000 computers being hacked. In addition to this report, Siemens also announced a partnership with US software company ServiceNow to establish a unified software to monitor, detect, and respond to cyberthreats targeting power infrastructure. important amount. Siemens Energy’s artificial intelligence (AI)-based software combined with ServiceNow’s Operations Technology Management system exposes cyber threats for analysts to assess and prioritize early response. Leo Simonovich, Vice President and Global Head of Industrial Networks at Siemens Energy said of the report: “Digitalization is empowering the oil and gas sector to be more efficient, flexible and reliable – but it also opens up many new vulnerabilities for cyberattacks. More than ever, cybersecurity must be at the core of companies’ business and operating models, especially in the oil and gas industry. Effective defenses depend on robust monitoring and detection – which means companies cannot act alone. Coordination and alignment are very important; This latest book, based on insights from leaders in the oil and gas sector, reflects these efforts. ” “Most energy companies grapple with complex technological and economic challenges associated with monitoring, detecting, and preventing cyberattacks on critical infrastructure,” emphasized Leo Simonovich. important. Our MDR, powered by the Eos.ii solution, is the first AI-based platform built to provide visibility and context across the energy industry’s entire digital operating environment. to promptly prevent attacks”. This is one of the ways the oil and gas industry is using AI and other innovative technologies to improve security and monitoring and evaluation operations across multiple sectors. As the United States ramps up its game in cybersecurity, the rest of the world has taken note of this recent attack and is responding at the international level to ensure that energy security is not compromised. development is synchronized with the digitization of the energy system. Establishing and regulating cybersecurity practices across the industry enhances the collective recovery efforts of oil and gas companies, presenting a united front against cybercrime and security threats other importance.

Artwork: The Conversation The Australian newspaper today, quoting Senate Speaker Scott Ryan, said that on March 27, the computer network of the Australian Parliament was attacked by hackers for nearly 24 hours. As soon as the attack was discovered, appropriate controls were put in place to lock down the accounts of MPs and staff working in Parliament to ensure that information was not compromised. These measures prevented malicious actors, but left MPs and staff working for the Australian Parliament unable to access their accounts on the Parliament computer network for about a week. On the same day, March 27, the computer network of one of Australia’s largest media companies, Nine Entertainment, was also attacked by hackers, affecting the broadcast of many television programs. Nine Entertainment was forced to change broadcast locations and rebroadcast some old shows to overcome the impact of this attack. According to information from Australian authorities, in recent years, public agencies and businesses of this country have become the target of many cyber attacks. Typically, the National Assembly computer network attack before the country held the National Assembly elections in 2019. MP Andrew Hastie, Australia’s assistant defense minister, said: “Cyber ​​attacks are low-cost and difficult to detect. At the same time, these attacks can be carried out at any time and from any location”, so it’s time to think about “cyberspace as a battlefield”.

Illustration. https://tinhtexaydung.petrotimes.vn According to GasBuddy, about 30% of all retail gas stations in North Carolina, South Carolina and George are out of gas. Virginia and Tennessee are also experiencing significant blackouts. Colonial Pipeline’s main pipeline transporting gasoline and diesel to the US East Coast has been shut down, following a ransomware attack earlier this month. More than a thousand fuel stations in the Southeast have run out of petrol and diesel due to panic buying and pipeline closures. Even people in Texas, in the Rio Grande Valley, are flocking to gas stations to fill up with fuel, when news of gas stations running out of fuel. Colonial Pipeline paid almost $5 million in ransom in the form of a cryptocurrency to the hackers. But 2 weeks after shutting down, some gas stations are still shutting down. In Georgia, according to AAA data, the average price of a gallon of regular retail gasoline was $2,944 as of May 20, up from $2,708 a month before the pipeline failure. In North Carolina, the average price for gasoline is $2,929 per gallon, compared with $2,627 a month ago. According to Reuters, U.S. gasoline consumption is nearing pre-pandemic levels and is now down just 4% in the four weeks since May 14 from the five-year pre-pandemic average. https://tinhtexaydung.petrotimes.vn

According to Apple’s release notes, the update provides an important security patch, which fixes two major vulnerabilities in the WebKit suite of applications that could allow hackers to penetrate users’ iPhones. iPhone battery life and overall device performance have taken a big hit since installing iOS 14.5. (Photo: TechnoSports) Apple recommends that users immediately update to iOS 14.5.1 as soon as possible. However, Apple seems to have rushed to roll out this update to fix those problems early, which leads to some new problems. Some users have reported that iPhone battery life and overall device performance have degraded significantly since installing iOS 14.5. (Photo: Internet) In a video posted on YouTube on May 5, YouTuber Nick Ackerman showed this problem. In a speed test between iPhone XR, iPhone 11 and iPhone 12, YouTuber Nick Ackerman found that iOS 14.5.1 reduced the performance of iPhone 12 and 11 by 60% through the test posted on YouTube. In the benchmark test using the 3DMark application, the iPhone 12 and iPhone 11 both performed worse than the iPhone XR – an iPhone model that was released in 2018. (Photo: Nick Ackerman / YouTube) (Photo: Nick Ackerman / YouTube) In the Geekbench battery life test performed by iAppleBytes, the iPhone 11 running iOS 14.5.1 gave about 5.5 hours of battery life, down from 6 hours for the iPhone 11 running iOS 14.5 in same test. This puts users between two difficult choices, because if they choose to stay in iOS 14.5, users will be at risk of being hacked into their iPhone through a security hole. Meanwhile, if updating to iOS 14.5.1, users will be forced to accept many errors that arise after updating. (Photo: AR7 / Twitter) Luckily iOS 14.6 will bring a fix for this performance issue. The upcoming update is currently in beta, and as of now, the iOS 14.6 beta shows that the update won’t affect the device’s battery life. The official iOS 14.6 version will be rolling out to the community soon as Apple has now made beta versions of iOS 14.7 and iPadOS 14.7 available to developers. Therefore, users should be aware of this important update in the coming days.

This hacker organization has received ransom from many victims. This shows that data ransom attacks have become a lucrative business for cybercriminals. Bitcoin is increasingly preferred by criminal organizations Earlier this month, Colonial Pipeline suffered a severe attack that forced the company to shut down nearly all of its fuel system supplying the southeastern states of the United States. The FBI confirmed the crime was DarkSide, a cybercrime organization believed to be located in Eastern Europe. Last week, it was reported that Colonial had agreed to pay $ 5 million to DarkSide (in bitcoin) for the data recovery password. Recently, the CEO of the company confirmed this information. DarkSide operates like a business. This group develops malicious code to crack and steal the target’s data, then trains partners, the partners continue to train the hackers. When hackers use this malicious code to carry out successful missions, DarkSide will receive a percentage of those successful attacks. In March 2021, when it announced a new software that can crack data faster than before, DarkSide even released a press release and invited reporters to interview. Hackers often demand ransom in virtual currency. London-based blockchain analytics firm Elliptic has identified a bitcoin wallet that DarkSide uses to receive ransoms from victims. On May 14, London-based blockchain analytics firm Elliptic said it had identified a bitcoin wallet used by DarkSide to collect ransoms from victims. That same day, Intel 471 security researchers said DarkSide closed after losing access to its servers and when the organization’s virtual currency wallets were empty. According to Elliptic, DarkSide and other affiliates of this organization have collected at least $90 million in bitcoin ransoms, and they receive funds through 47 different digital wallets. “To our knowledge, this analysis includes all payments to DarkSide,” said Tom Robinson, Elliptic co-founder and chief scientist. However, there may be other undetected transactions, so this $90 million figure should be considered the lowest limit.” Also according to Elliptic’s research, DarkSide’s bitcoin wallet was holding $5.3 million in cryptocurrency before it was all withdrawn last week. There are some rumors that these bitcoins have been seized by the US government. Of the $90 million ransom, $15.5 million went to the developers of DarkSide and $74.7 million to affiliates. Much of that is being sent to cryptocurrency exchanges and thereby converted into fiat. Bitcoin is increasingly preferred by criminal organizations as crypto traders do not reveal their identities. However, because the digital ledger that underpins bitcoin is public, researchers can keep track of where these funds are going.

Colonial Pipeline transports 2.5 million barrels of fuel per day. Photo: Colonial Pipeline According to the BBC, the state of emergency allows fuel to be transported by road. The news agency quoted experts as saying that fuel prices could increase by 2-3% on May 10, but the real impact would be much worse if this situation continued for longer. Many sources confirm that the malicious code attack is caused by a cybercriminal gang called DarkSide, which infiltrated Colonial’s system on May 6 and stole nearly 100GB of data as a “hostage”. After taking over the data, the group of hackers locked this data on some computers and servers, demanded a ransom and warned that if they did not receive the money, they would release the data on the internet. Colonial is working with law enforcement, cybersecurity and the US Department of Energy to restore service. On the evening of May 9, the company announced that although the four main pipelines continued to stop, some smaller lines between the terminals and delivery points were still operating. “Immediately after learning of the attack, Colonial proactively shut down certain systems to stop the threat. These actions temporarily halted all pipeline operations and affected some systems. our information technology system, which we are actively working on restoring,” said Colonial. “We are in the process of restoring service to other pipelines and will bring the entire system back online when we believe it is safe and in full compliance with all federal regulations. “. The DarkSide message appears on the victim’s computer screen. DarkSide isn’t the largest cybercriminal gang in the field, but the incident demonstrates the heightened risk that malware poses to critical U.S. industrial infrastructure, not just businesses. This gang lists all types of stolen data and sends the victim the URL of the “personal leak site”, where the data is pre-loaded waiting for automatic publication, if the company or organization does not. payment before the deadline. DarkSide claims to provide proof of the data obtained, and is ready to delete all such data from the victim’s network. According to Digital Shadows, a London-based cybersecurity company that tracks global cybercrime groups to help businesses limit their risk of being hacked, DarkSide acts like a company.

The attack was one of the most disruptive digital ransom schemes reported, prompting US lawmakers to call for increased protection of America’s critical energy infrastructure from hackers. Commerce Secretary Gina Raimondo said pipeline repairs were a priority for the Biden administration and Washington was working to avoid more severe fuel supply disruptions by helping Colonial restart the road network. The tube is more than 5,500 miles (8,850 km) long. “Right now it’s an all-in-one effort,” Raimondo said on CBS’s “Face the Nation.” “We are working closely with company, state and local officials to ensure they return to normal operations as quickly as possible and without disruption to supplies,” Colonial said. The pipeline network was attacked – Photo: Reuters Their main fuel lines are still offline, but some of the smaller routes between the terminals and delivery points are now up and running. Neither Raimondo nor the company has given an estimate of a full reboot date. U.S. gasoline futures rose more than 3% to $2,217 a gallon, the highest since May 2018 as trading opened for the week and market participants reacted to pipeline closures. Colonial ships about 2.5 million barrels per day of gasoline and other fuels from refineries on the Gulf Coast to consumers. Its extensive pipeline network serves major US airports including Atlanta’s Hartsfield Jackson Airport, the world’s busiest airport by passenger traffic. A spokeswoman for Charlotte Douglas International Airport said the airport had supplies on hand and was “monitoring the situation closely”. Retail fuel experts including the American Automobile Association say outages lasting several days could have a significant impact on fuel supplies in the region, particularly in the southeastern US. Colonial Pipeline’s fuel tanks – Photo: Reuters While the US government investigation is in its early stages, a former official and three industry sources said the suspected hackers were a professional cybercrime group called DarkSide. DarkSide is one of many gangs that often use malware to extort victims. These groups gain access to private networks, encrypt files with software, and often steal data. They ask for money to decrypt the files and ask for more money to not publish the stolen content. During the Colonial attack, the hackers stole more than 100 gigabytes of data.

Colonial Pipeline had to shut down the entire network after a cyber attack. Photo: wsj.com The administration of President Joe Biden said it was making every effort to restore the company’s operations and avoid disruption to supply. Experts say gas prices will not be affected if the company resumes normal operations in the next few days. However, this cyberattack, rated as the worst ever for the US infrastructure system, should be a warning bell for other companies about the risk they will become the next target of similar attacks. According to Colonial Pipeline, the company’s pipeline carries gasoline and other fuels from Texas to the Northeast, providing nearly 45 percent of the fuel for the East Coast of the United States. Although Colonial Pipeline has not revealed who is responsible for the cyber attack, an unnamed person on the team investigating the incident confirmed that the culprit was a hacker group nicknamed Darkside. This group has been spreading ransomware since August 2020 and is classified as one of the most attackable groups. Over the past 3 years, Darkside has become more and more professional and has caused Western countries tens of billions of dollars in losses. Ransomware attacks are malicious code designed to lock down computer systems using encrypted data and demand a ransom to restore access. US Commerce Secretary Gina Raimondo on May 9 warned US businesses to be wary of ransomware attacks. The female minister affirmed that she would work closely with the Department of Homeland Security to handle the issue, considering this a top priority of the government. Reuters news agency, citing a notice from the White House, said the administration was working to help Colonial Pipeline company resume operations to avoid supply disruptions. According to sources, before activating ransomware, hackers often steal data, which is used to blackmail businesses or distort the truth. Sometimes stolen data is more valuable to hackers than the benefit they get by disrupting business operations. Security experts say the attack is a warning to operators and managers of essential infrastructure in the US such as electricity, water, energy and transportation facilities that have long been built. do not update the method to ensure security against the risk of being attacked. Mr. David Kennedy, a senior security consultant and founder of the security consulting firm TrustedSec, admitted that ransomware attacks have spiraled out of control in the US and are currently under development. is one of the greatest threats facing the United States. However, most American companies lack the ability to prepare for such threats.

According to the Vice , DarkSide’s message does not directly refer to the Colonial Pipeline attack, but is titled “Regarding the Latest News”. The group said its actions were unrelated to politics. The cyber attack on May 7 caused the Colonial Pipeline’s fuel pipeline system to stop working. Photo: Bloomberg. “We are a non-political group, not involved in geopolitics. Don’t tie us to a government or look for other motives… Our aim is to make money, not to cause problems for society,” a DarkSide representative wrote on a website belonging to the dark web. According to the Washington Post , some US officials believe that DarkSide is the hacker group behind the Colonial Pipeline attack. Also in the new statement, DarkSide said it will change the way it works and selects targets. “From today, we will examine and analyze each company that partners want to encrypt to avoid social consequences,” the group wrote. On May 7, Colonial Pipeline announced that it had to disconnect some systems after discovering it was “a victim of a cyber attack”. According to the Business Insider , this move caused more than 8,046 km of fuel pipes and some computer systems of Colonial Pipeline to stop working. In an updated statement on May 8, the company representative confirmed that the software used for the attack was in the form of ransomware, which encrypts files in the system and requires victims to pay if they want to get it. again. The company hired a cybersecurity firm to investigate the severity of the attack. The DarkSide hacker group spoke out after the alleged implementation of a cyber attack against the Colonial Pipeline. Photo: Motherboard. According to information on its website, Colonial Pipeline transports about 45% of all fuel consumed on the East Coast of the United States. On May 9, the company said that while the main pipelines are still closed, some smaller pipelines have been reactivated. In response to the incident, the US Department of Transportation has declared a state of emergency in 17 states and Washington to lift restrictions on carriers and drivers assisting in fuel shortages. The declaration of emergency will be in effect until the end of the state of affairs, or until 23:59 on June 8 (local time). After the Colonial Pipeline incident, gasoline prices in the US increased more than 3% to $2,217 per gallon – the highest price since May 2018. Experts warn that the price of gas raw materials may increase further if Colonial Pipeline does not reopen the pipeline in the next few days. How did the FBI hack the suspect’s iPhone? Cellebrite has invented a phone-cracking technology that makes it easier for the FBI to investigate.

The case that the information of 533 million Facebook accounts has just been released by hackers has made the issue of user privacy once again the focus of all attention. Agreeing on the fee of 5 million dong to regain the account after clicking on a strange link sent by a friend thanks to a vote on Facebook, Ms. LA, the owner of a famous beauty spa in Hanoi, spent 2 more days considering the proposal. about identity verification. Due to the characteristics of her job and the desire to create credibility with her partner, Ms. LA accepts to spend an additional 50 million to ask an intermediary to register for a green certificate. People who need to authenticate their Facebook accounts and other social networks like LA are not rare, especially business people, or celebrities. They are willing to spend a small amount of money to assert something that is their own property. While some platforms allow for free and simple identity verification, with Facebook it is both a difficult challenge and an intermediary fee is an option that is almost mandatory. That seemingly absurd thing is still happening every day, every hour, but no one is sure whether those verified accounts are guaranteed forever or not, because of the status of blue-tick accounts being occupied. becoming an online sales channel in recent times is easy to find. Especially when information about the data of 533 million Facebook users has just been released, many people cannot help but worry. The above data source is being sold by hackers on a hacker forum last week, including information such as phone number, login ID, full name, home address, date of birth, profile and email address … Which involves users in 106 countries, with 32 million Americans, 11 million British and 6 million Indians. In this regard, Facebook said the stolen data did not include users’ financial, health and password information. However, these data can provide valuable information for hackers and other breaches. More importantly, this is not the first time Facebook’s user data has been exposed on a large scale. Facebook user data is regularly leaked The 2015 cult case involving the British consulting firm Cambridge Analytica illegally used the personal data of more than 87 million Facebook users to target political ads. This is a scandal that caused Facebook to accept a settlement of up to $ 5 billion, and also caused founder Mark Zuckerberg to testify before the US Congress. Then in September 2019, a database of more than 400 million phone numbers related to Facebook accounts was released, including about 50 million Vietnamese users. Just 3 months later, the information of 267 million users including login IDs, names and phone numbers continued to fall into the hands of hackers. At the same time, the data leak in Belgium and Luxembourg, including that of European Justice Didier Reynders, many EU cabinet members and diplomats, has caused Facebook to suffer for a while. long time. However, Facebook explained that these data leaks were not caused by hackers breaking into the system, but rather by a vulnerability in the sync communication tool that was exploited by vandals in 2019. Facebook later The company has discovered the vulnerability and fixed it, and confirmed that similar incidents will not happen again in the future. Meanwhile, Mike Clark, Facebook’s director of product management, is constantly moving to try to downplay the impact of this large-scale leak. By March 2021, netizens were again shocked by the information that the data of 41 million Facebook users in Vietnam was distributed by hackers. Talking to a VietNamNet reporter at the time, a Facebook representative acknowledged that the leaked data was from users of this social network, but said “this may be information obtained before we (Facebook – PV) made changes over the past few years to protect users’ information. However, whether Facebook really protects users’ information according to what the head of this platform often says, that is another story. Judging by the recent situation, it seems that the problem of leaking Facebook user information is difficult to completely solve and needs to be looked at in detail. The spread of user information may first be because Facebook did not pay attention to this aspect, nor did it establish a complete and strict system to protect user information. At the same time, after a data breach, Facebook did not thoroughly summarize the problem, how to fix loopholes and prevent new problems from appearing. Not only that, a Facebook spokesperson said it is not clear which users should be notified in the recent incident. Because users cannot patch the vulnerabilities themselves and their personal data has been spread on the Internet, Facebook will not specifically notify the users involved. As a result, Facebook’s performance in this area is relatively poor, and user data leaks are frequent. After all, compared to other social software, users’ dependence on Facebook is still very high. If it leaks many times, I am afraid that it will easily cause irreparable losses and bad consequences. Legal privacy of Facebook users With the data of 87 million users exposed in the Cambridge Analytica scandal, the 10 countries with the most Facebook accounts being collected are the US, Philippines, Indonesia, UK, Mexico, Canada, India, Brazil, Vietnam and Australia. Vietnam has 427,446 user accounts whose data has been collected. CEO Mark Zuckerberg admitted that Facebook made mistakes and that his company failed to protect customer data, losing users’ trust. “We have a responsibility to protect your data, and if we can’t do that, we don’t deserve to serve you,” Zuckerberg wrote in a post on his personal Facebook page after the scandal. In addition to the $5 billion settlement with the US Federal Trade Commission (FTC) at the time, the two sides reached a landmark settlement against allegations of misuse of user data. . According to the settlement reached by the FTC, when more than 500 user information is illegally stolen, Facebook is required to report it within 30 days. In connection with this case, Facebook also had to pay £500,000 (about $ 649,000) after a fine from the UK Information Commissioner’s Office (ICO). By October last year, a user group called Facebook You Owe Us in the United Kingdom, led by the law firm Milberg London and supported by former CEO Richard Lloyd, continued to sue Facebook and seek compensation. another large sum. Meanwhile, most of Facebook’s data disclosure scandals have a direct impact on users of this social network in Vietnam. No one has been able to determine how many of the 427,446 Vietnamese user accounts in the Cambridge Analytica incident, or the 41 million accounts in the newly announced case in March 2021, were affected, even appropriated and had to be stolen. spend a small amount of money to get your account back like LA One thing is for sure, users are solely responsible for the security of personal account information in accordance with the general provisions of most platforms, including Facebook. However, if personal information on platforms like Facebook is leaked without subjective reasons from the user, on the contrary due to a security incident from the platform, who will be responsible for this? Since Facebook is obligated to compensate users in the US or EU affected by security incidents on the platform, why are 69,280,000 users using this social network in Vietnam, accounting for 70 .1% of the entire population (statistics as of June 2020), of which many are victims of Facebook incidents, are automatically responsible? This question, the writer would like to leave the answer open, because currently Vietnam does not have specific regulations and sanctions that apply specifically to social networking platforms, or the object of application in this case is outside of Vietnam. the scope of control under applicable law due to not having a home office. However, it is a problem that needs to be solved in the near future…

However, this update is causing many iPhone users to face more serious problems. Apple’s iOS 14.5.1 update received a bad response. According to users’ feedback, the iPhone after updating to iOS 14.5.1 often exits the application suddenly while in use, the applications also load longer, the response of the device is also slower. The iOS 14.5.1 update is also said to be the cause of the iPhone 12’s performance loss of up to 60% through a series of tests on the Geekbench measuring tool, the iPhone 12 (iOS 14.5) reached 1,583 single-core points and 3,967 multi-core points. kernel, while the corresponding scores of iPhone 12 (iOS 14.5.1) are 1,478 and 2,339. Similarly, the scores on the iPhone 11 (iOS 14.5) are 1,318 and 3,019, while the iPhone 11 (iOS 14.5.1) is 794 and 1,271. The performance scores of the iPhone XR (iOS 14.5.1) are 1,105 and 2,085, while the iPhone 7 (iOS 14.5.1) is 728 and 1,291. Performance is even worse than the “old” elder brother iPhone XR born in 2018.

Colonial Pipeline’s Dorsey hub in Maryland, USA. Photo: Reuters The difficulty in fuel supply has raised concerns that gasoline prices at pumping stations will escalate during the peak summer travel season. Colonial Pipeline said the company is trying to resume operations this weekend after its fuel pipeline system was paralyzed since May 7 after being hit by a cyber attack. The shutdown of the Colonial Pipeline’s fuel pipeline system shut down nearly half of the US East Coast’s fuel supply. The US Energy Administration on May 10 called for mandatory cybersecurity standards for fuel pipeline operators and operators. “Incentivizing the voluntary application of standards to pipelines is inadequate,” said US Federal Energy Regulatory Commission Chairman Richard Glick. The US Federal Bureau of Investigation (FBI) has accused a cybercriminal group called “DarkSide” of causing a ransomware attack on Colonial Pipeline. Reuters news agency quoted cybersecurity experts as saying that DarkSide is based in Russia or Eastern Europe, so the gang usually avoids targeting computers that use the languages ​​of the former Soviet republics. However, US President Joe Biden on May 10 expressed he did not believe that the Russian government was behind the cyber attack on the Colonial Pipeline. “So far there is no evidence based on our intelligence that Russia is involved,” Biden said. A statement titled DarkSide group on May 10 stated: “Our goal is to make money and not create problems for society.” Ransomware attack is a type of malware designed to disable computers by encrypting data and blackmailing victims if they want to regain system access. It is not clear what price the hackers offered for Colonial Pipeline, and the company has not commented on the matter. Fuel demand in the southeastern United States has increased sharply in recent days as consumers fear fuel shortages. The Southeastern region of the United States has long depended mainly on the supply of fuel flowing through the Colonial Pipeline’s pipeline system. The average national gasoline price rose 6 cents to $2.96 a gallon last week, the highest since May 2018 and close to a peak set in 2014, the American Automobile Association said. also warned of speculation about fuel hoarding as the supply continued to decrease. Katina Willey, a resident of Florida on May 10, said she had to go to 5 gas stations to buy gas. “Consumers have to wait in long lines at three of the five gas stations I go to,” added Katina Willey. Many other car owners said they were also looking to refill their gas tanks out of fear that the fuel situation could worsen. If the Colonial Pipeline’s pipeline disruptions continue, fuel suppliers may be able to force fuel transportation by trucks and trains to partially ease the fuel shortage. The US Department of Transportation on May 9 lifted travel restrictions for fuel truck drivers in 17 states affected by supply disruptions.

The security hole exists for more than 3 years, but Intel has not been able to fix it. Photo: CIO Indeed, 3 years have passed, and there is still no end to the vulnerability. Meanwhile, experts from the University of Virginia and the University of California, San Diego, have discovered a new attack method that bypasses all current Specter protections built into the chip. This attack method has the potential to put almost any system – desktops, laptops, cloud servers and smartphones – once again at risk. Revealing Specter ushered in a wave of more powerful attacks, allowing malicious code to directly read passwords, encryption keys, and other valuable information from the computer’s kernel memory. Although chip manufacturers such as Intel, ARM and AMD already know this and combine defenses to reduce the threat from vulnerabilities, the methods have not yielded the desired effect. A Specter attack is capable of tricking the processor into executing instructions along a wrong path, the researchers say. Even though the processor recovers and completes its task correctly, hackers can still access confidential data while the processor goes in the wrong direction. The new attack method exploits what is called a micro-operator buffer (called micro-ops), an on-chip component that breaks machine instructions into simpler instructions and speeds up computation, like a secondary channel to reveal confidential information. Micro-op cache is built into Intel processors, manufactured since 2011. According to researchers at the University of Virginia, Intel’s defense proposal against Specter (called LFENCE) is to place sensitive code in a waiting area until security checks are done and only then the code Only sensitive is allowed to execute. However, research has shown how attackers can steal information through micro-op caching and use it as a secret channel. Although exploiting the Specter vulnerability is very difficult, the researchers say that with computers with a lot of sensitive data, hackers do not mind the difficulty. To protect the system from the new attack, the researchers propose to clear the micro-ops cache. This is a technical solution that comes at the expense of performance benefits. According to the researchers, micro-op caching has some dangerous effects. First, it ignores all caching reduction techniques such as side channels. Second, attacks in this zone go undetected like an existing attack or malware. Third, because the micro-op cache is at the front of the path, prior to execution, Intel’s Specter protections or recommendations to limit cache updates are still compromised. public.

Illustration. The hack brought down the pipeline, now in its sixth day, and led to panic buying and gas shortages in the Southeastern United States. Colonial said it began reopening its pipeline late Wednesday afternoon, a process that could take days, but declined to comment on the ransom issue. Colonial is working closely with law enforcement, the Department of Energy, and US cybersecurity company FireEye to minimize damage and restore operations. Colonial and government responses to the breach are being closely watched following one of the most direct hacking attacks on US critical infrastructure after years of warnings. Ransomware attacks have increased in number and ransom prices, with hackers encrypting data and seeking cryptocurrency payments to unlock. Investigators in the Colonial case say the malware was distributed by a gang known as DarkSide, which consisted of Russian-speaking people and evaded attack targets in the former Soviet Union. DarkSide previously said that it has no intention of meddling in geopolitics and will be more careful about its affiliates going forward. On Wednesday, the group said on its website that it was “dropping” data from three other victims, including a technology company in Chicago. Officials have so far found no significant connection to the Russian government, concluding instead that the pipeline company that supplies 45% of the US East Coast’s oil was crippled by the attack. ransomware. DarkSide allows “affiliates” to infiltrate targets in different places, then handle ransom negotiation and data release. Two people involved in the Colonial investigation said the man linked in this case was a Russian criminal with no special ties to the government.

Illustration. https://tinhtexaydung.petrotimes.vn The attack resulted in higher gas prices, causing drivers to worry about shortages, while Colonial Pipeline Co. is working to restart the fuel line. However, the price of gasoline sold at pumping stations is higher and the possibility of fuel supply shortage is inevitable. After all, it is only temporary and its effects will be fleeting. But there’s a bigger problem: this has to do with America’s energy infrastructure, exactly how secure is its cybersecurity infrastructure? Experts soon said: The team that carried out this attack consisted of seasoned hackers. Later, a ransomware group called DarkSide claimed responsibility for the attack, and the FBI also pointed to this group as the culprit. Here’s what DarkSide said in its statement: “We are apolitical, we do not engage in geopolitics, do not need to tie us to a defined government, and seek our motives. . Our goal is to make money, and not create any other problems for society. Starting today, we’re introducing censorship and vetting of each company that our partners want to encrypt to avoid future social consequences.” The statement was clearly intended to address allegations made that Russia was behind the attack, but even the White House was careful not to point the finger at Moscow. President Biden said there was no evidence that they were involved in the attack. That’s related to geopolitical motives, but the statement also suggests that DarkSide and its partners won’t stop, even if they don’t intentionally cause problems. “Colonial may be at risk of leaking consignor confidential data,” said Vicki Knott, CEO of CruxOCM, a provider of control room operations services to the oil and gas industry. https://tinhtexaydung.petrotimes.vn

Experts say that in each attack, typically hackers will attack networks or systems, steal personal or sensitive information and then demand ransom to return or unlock them. that information. Although experts say that companies should not pay a ransom to hackers because this action helps to foster legal violations, according to Mimecast statistics, 54% of the companies have paid the ransom. Of these, 76% of the companies got their data back, while 24% couldn’t get it back. Prior to this report, since last year, many entities including major Australian companies have reported being attacked by hackers. The recent victim is Nine Network Television, which makes some programs unable to broadcast as usual. Previously, the Australian National Assembly’s computer network was also attacked a number of times. In response to this situation, Australia’s Cybersecurity Center issued recommendations and procedures to instruct entities on how to secure cyber security. At the same time, experts believe that regular software updates as well as the use of multi-factor authentication are also useful measures for security in a cyberspace environment./.

Quanta is headquartered in Taiwan (China), is the main MacBook manufacturing partner for Apple. The company is also a partner of HP, Facebook, and Alphabet (the parent company of Google). Accordingly, when the event just ended, REvil posted an article containing 15 pictures detailing a device that is supposed to be a MacBook designed in March 2021. Images include the part number, specific sizes and capacities, detailing many of the parts that work inside the Apple laptop. One of the images signed by designer John Andreadis. REvil has asked Apple to pay a ransom of $ 50 million by May 1. Previously, this group posted information on “Happy Blog” – where hackers announced their “victory”. REvil is said to have made an agreement with Quanta before but did not get the victim’s consent, then the new hacker group released the records on the day of the Apple event. Quanta, for its part, admitted the company had suffered a hacker attack but did not detail whether any data was stolen. The Apple partner also reported to law enforcement about the day-to-day attack and said it had immediately activated an information security defense system, upgraded its infrastructure to protect data. Whether. Apple representatives have not released any official comment on the incident. according to Bloomberg