A leader of the Department of Cybersecurity and High-Tech Crime Prevention (Ministry of Public Security) also confirmed that he had received an official letter from VOV. Currently, the Department of Cybersecurity and High-Tech Crime Prevention and a number of professional units of the Ministry of Public Security have investigated and clarified. In addition, the Cyber ​​Emergency Response Center (VNCERT) and network operators also participate in supporting and solving problems. At the time of the cyber attack, readers could not access the website of VOV newspaper. Photo: VOV. Exchange with Zing , a representative of VOV’s technical department said that cyberattacks on the agency’s resource system began on June 12. At about 13:00 on June 13, the bandwidth system was overloaded, suspected of being attacked by a denial of service (DDoS). On the morning of June 14, the administrator continued to record a new attack that caused the bandwidth of the system and the website to be overloaded. This is the first time this newspaper has been attacked by DDoS. In addition to the above attacks, the VOV side also believes that the person behind the attacks also discredits the stars of the VOV electronic newspaper on Google or repeatedly makes offensive and threatening comments on the newspaper’s fanpage. The VOV side is reviewing and detecting malicious code in the system, and at the same time limiting the consequences of cyberattacks, calculating damage to coordinate with authorities to solve.

Since the beginning of 2021, the world has experienced a series of large-scale cyber attacks. (Source: Reuters) In an age where technology is creeping into every aspect of life, the term cyberattack is not new. Many people think simply that a cyber attack is an attempt by a hacker to steal data or money by infiltrating a computer network, databases, network infrastructure, websites, and devices. individual or organization. But now, hackers have found a way to make a lot of money illegally by attacking physical infrastructure targets, disrupting essential services, affecting not only to a person, a company that can spread to an entire city, even a country. Cyberattacks on the rise Over the past time, the US has continuously suffered from ransomware attacks targeting large companies, non-governmental organizations and government agencies. Most recently, on June 2, a ferry terminal operator service in the US state of Massachusetts became the target of a cyber attack, partially disrupting the ferry service payment system. Previously, hackers attacked the world’s leading meat processing group JBS SA, a branch in the US. In early May, the largest US oil pipeline operator Colonial Pipeline was also attacked by ransomware and forced to shut down some systems, disrupting supplies and pushing gasoline prices to record highs. green. Not only the US, the targets of hackers are very diverse. According to data from cybersecurity company BlackFog, from the beginning of 2021 to the present, US organizations and businesses have suffered 52 ransomware attacks, three times higher than the second-ranked country, the UK (16 (16). competition), followed by France (7), Canada (7), Australia (4), the Netherlands (4) and India (3). The rest of the world suffered only 39 attacks by hackers. Danger wave According to CNN, hacker groups have found that attacking critical service infrastructure can easily make them more money, in less time. These types of attacks have the potential to cause chaos in life, which can lead to product scarcity, push prices higher… The bigger the disruption, the quicker the hacked companies pay the hacker to fix the problem soon. The US Cybersecurity and Infrastructure Agency (CISA) has listed 16 industries as critical infrastructure sectors, including energy, healthcare, financial services, water, etc. Attacks, disruption of these industries can have a dramatic impact, undermining the US economy and security. More dangerously, most companies in this industry do not consider themselves technology-focused companies, leaving the operating system defenseless against increasingly sophisticated attacks by hackers. In addition, it is no coincidence that cyber attacks have increased sharply in the context of the raging Covid-19 pandemic. Millions of people move to remote work, including employees with access to critical infrastructure, while ransomware is deployed simply by enticing victims to click a link in an email. . Eric Cole, a former cybersecurity official under President Barack Obama, said that in order to promote automation, the internal networks of critical infrastructures are now networked and make the risk more risky. higher attack. In particular, hospital systems and healthcare providers are often targeted because they are busy dealing with Covid-19 and have little time to update their defenses. In response to this new wave of danger, on June 3, the White House sent an open letter, asking essential service companies to “consider ransomware as a threat to our core business.” themselves, rather than simply risk data theft.” US Commerce Secretary Gina Raimondo on June 6 asked the private sector of the country to be vigilant against the increasing wave of cyber attacks, and said that the threat is always present and even present. may become more severe. In order to protect your safety as well as your wallet, according to CNN , not only the US, companies, organizations and agencies also need to quickly close potential vulnerabilities in the system, update software and ensure that the most important functions are “immune” from damage. network attacks. Individuals also need to be cautious and alert before clicking on any link on the internet.

Warning: Hackers take advantage of the Covid-19 epidemic to spread malicious code. Illustration Taking advantage of the complicated development of the Covid-19 epidemic in many countries around the world and even in Vietnam, hacker groups have opened many cyberattack campaigns through fake emails with documents containing malicious code. , with titles and content related to the Covid-19 epidemic to trick users into opening documents. As noted by experts of CyRadar Information Security Joint Stock Company, the hot topic of the Covid-19 epidemic and the Covid-19 vaccine has continued to be exploited by many hacker groups in their campaigns to defraud Vietnamese users. Nam through the form of sending fake emails with attached document files containing malicious code. Specifically, two cyberattack campaigns in the form of sending fake emails with attached documents related to the Covid-19 epidemic, including “Jam Gia Dien dich Covid-19.docx” and “Covid-19– Vaccines.xlsm”. The above docx and xlsm file formats, according to experts’ analysis, have malicious code installed. When the user opens the document file, the malicious code will penetrate the computer, allowing the remote hacker to control the computer through commands. From there, hackers can also order to download many other malicious codes, steal data, passwords, screenshots… Currently, as noted by CyRadar, the number of cases where users are tricked into downloading and opening fake documents related to the Covid-19 epidemic and the Covid-19 vaccine are not many. However, in the context of a complicated epidemic and a growing remote working model, experts predict that in the coming time, there may be more hacker groups that continue to take advantage of the Covid-19 epidemic to attack scams. user island. Therefore, in addition to recommending the use of protection software, experts also recommend that organizations, businesses and users need to be careful and consider carefully when downloading email attachments.

(Artwork. Source: bitcoinexchangeguide.com) Ransomware attacks have been on the rise in South Korea over the past year, paralyzing hospitals and shopping malls amid the COVID-19 pandemic leading to an increase in online shopping activities. . On June 3, a large plastic surgery hospital in the south of Seoul announced on its website that its server had been attacked with ransomware and that hackers appeared to have stolen data. patient’s personal data. This is the latest in a series of recently reported ransomware attacks – a tactic used by cybercriminals to infiltrate businesses’ systems and use their data to demand ransom. ransom. According to the South Korean Ministry of Science and Information Technology, last year there were 127 ransomware attacks, a threefold increase from the previous year. Since the beginning of this year, the country has recorded 65 attacks with ransomware. Malware attacks blackmail was aimed at various businesses in Korea. Last month, food delivery company Super Hero’s operations were paralyzed for hours after an attack that affected 15,000 delivery workers nationwide. Last November, local fashion and retail group E-Land was also “inquired” by hackers, forcing 23 of the 50 branches of the NC Department Store and NewCore Outlet to suspend operations. Mr. Kim Seung-joo, Professor of Cyber ​​Security at University Korea , commented that as companies are forced to choose to increase their reliance on remote work during the pandemic, cyber attacks malicious code Blackmail has become a bigger threat because they can paralyze the entire working system. This has led to many companies paying a ransom and has led hackers to carry out more attacks. He urged businesses to invest in cybersecurity to prevent the threat in the first place. In response to ransomware attacks in the near future, last month, the Korean Ministry of Information and Communications Technology set up a 24-hour monitoring group to support hacked companies. . The government is now providing assistance to affected companies in system recovery.

The entrance to a shopping mall in Seoul, South Korea is closed after a ransomware attack. (Source: Yonhap) On June 3, a large plastic surgery hospital in the south of Seoul announced on its website that its server had been attacked with ransomware and that hackers appeared to have stolen data. patient’s personal data. This is the latest in a series of recently reported ransomware attacks – a tactic used by cybercriminals to infiltrate businesses’ systems and use their data to demand ransom. ransom. According to the Korean Ministry of Science and Information Technology, last year there were 127 ransomware attacks, a threefold increase from the previous year. Since the beginning of this year, the country has recorded 65 attacks with ransomware. Ransomware attacks have targeted various businesses in South Korea. Last month, food delivery company Super Hero’s operations were paralyzed for hours after an attack that affected 15,000 delivery workers nationwide. Last November, local retail and fashion group E-Land was also “inquired” by hackers, forcing 23 of the 50 branches of the NC Department Store and NewCore Outlet to suspend operations. Kim Seung-joo, a professor of cybersecurity at Korea University, said that in the context of companies being forced to choose to increase their reliance on remote working during the pandemic, ransomware attacks Money has become a bigger threat because they can paralyze the whole working system. This has led to many companies paying a ransom and has led hackers to carry out more attacks. Kim Seung-joo urged businesses to invest in cybersecurity to prevent the threat in the first place. In response to ransomware attacks, last month, South Korea’s Ministry of Information and Communications Technology set up a 24-hour monitoring team to assist hacked companies. The government is now providing assistance to affected companies in system recovery. (according to Yonhap)

The move comes after the attack on the US oil and gas shipping company Colonial Pipeline and the growing damage caused by cybercriminals. The US raised the level of investigation into the crime of extortion hackers to the level of ‘terrorists’. Photo: REUTERS In an internal guideline document sent to law offices across the United States on June 3, the US Department of Justice directed that investigations into ransomware should be coordinated with the central government, specifically: A new task force was established in Washington. “This will be a specialized process to ensure we can track all cases of extortion hackers regardless of where they happen in the US, so we can capture the connection between subjects and proceed to break the whole link,” said Deputy Attorney General John Carlin. Previously, in May, the largest US oil pipeline system, the Colonial Pipeline, was crippled by hackers. Colonial Pipeline has decided to pay hackers who have compromised their systems nearly $5 million to regain access. According to the Reuters , the DOJ’s guidance document specifically mentions the Colonial attack as an example of “the growing threat posed by cybercriminals and digital ransomware to the nation.” . “To ensure we can uncover connections between incidents and investigations across the country and globally, and to paint a big picture of national security and economic threats, The economy we face, we must strengthen and focus our internal monitoring,” the guidance document states. Reuters Citing US officials, the decision to include ransomware attacks in a special process by the Department of Justice shows that the issue is being prioritized. “We’ve used this model in the past for counterterrorism, but never with ransomware,” said Carlin, adding that the process typically applies to cases involving direct national security. In practice, this means that investigators at US attorneys’ offices dealing with ransomware cases will have to share both up-to-date case details and technical information with officials in Washington. The guidelines also require offices to review and report other investigations related to the large-scale cybercrime ecology. According to the guidelines, the list of investigations currently required to be reported to the central government includes: anti-virus services, illegal online forums or marketplaces, cryptocurrency exchanges, cybercriminal server services, botnets, and online money laundering services. “We would like to emphasize that prosecutors and criminal investigators need to report and conduct monitoring of cryptocurrency exchanges, illegal online forums or marketplaces for trading hacking tools. , as well as tracking botnets that serve a variety of purposes,” said Carlin. According to Mark Califano, a former US attorney and cybercrime expert, raising the level of investigation could allow the US Justice Department to “deploy resources more effectively” and “identify common exploits” variables” used by cybercriminals.

In a statement on May 31, JBS USA said it detected an organized cyberattack that affected several servers that support the corporation’s information technology systems at its North American facilities. and Australia. JBS is the world’s largest meat processing company, with operations in many countries such as the US, Australia, Canada, Europe, Mexico, New Zealand and the UK. The company said no customer, supplier or employee data was leaked or used for shady purposes following the cyberattack. However, the company said it will take a long time to resolve this issue and as a result, some transactions with customers and suppliers may be disrupted. All US beef processing plants under JBS have stopped production, affecting nearly a quarter of the total supply in the US market. The company’s other meat processing plants were also disrupted to a certain extent. Photo: Visual China Although the company has not publicly stated that it is threatened by ransomware, the White House said the attack was ransomware, possibly from a group based in Russia, although JBS has not made it public. confirm this. White House spokeswoman Karine Jean-Pierre told Reuters the FBI was investigating. Ransomware is malicious software that encrypts a target’s system, preventing users from accessing and using their computer system or document files (mainly detected on Windows operating systems). In some cases, hackers also gain access to the target’s data and demand a ransom if they want to get the data back. Since November last year, a series of ransomware attacks have targeted well-known companies such as the US factory Foxconn, Apple’s Macbook Quanta laptop assembly partner, and the Colonel Pipeline pipeline company. Among them, Quanta has stolen a large number of drawings of the new MacBook, which has a certain effect on Apple. The hacker group asked Apple to pay a ransom of $ 50 million to not publicly publish the data they have, Apple flatly refused. Leading US fuel pipeline operator Colonial Pipeline has shut down its entire network following a ransomware-related cyberattack. According to CNBC, the company Colonial paid $4.4 million in ransom in the form of Bitcoin cryptocurrency to the DarkSide hacker group. For these companies, there are two issues that need to be considered: First, why the security team can’t resist hacker attacks; second, what role does cryptocurrencies play in these transactions? The “fragility” of businesses before a cyber attack When you hear the word “cybersecurity,” you probably think of large companies or government organizations that invest tens of millions of dollars in firewalls, anti-virus software, and other security protocols to protect their systems from potentially malicious attacks or data leaks. Or you would think of the large internal cybersecurity teams who are knowledgeable and know how to deploy the latest technology to fight hackers and protect corporate information. The reality is that security issues affect every company – from the smallest store, fledgling startups to the largest multinationals. Any system is not immune to loopholes, and hackers who have the guts to attack large businesses are organized and premeditated. The security team of a large enterprise cannot avoid negligence, giving hackers the opportunity to take advantage. Hackers take advantage of cryptocurrency to make blackmail transactions Photo: QQ After successful attacks, many hacker groups now demand ransom in the form of cryptocurrencies, namely Bitcoin instead of real money. All transactions are assigned to Bitcoin addresses, but this address is not assigned to a specific person or organization. To increase anonymity, each transaction you can use a Bitcoin address to send and receive money, no one can know who you are. So Bitcoin is definitely the best choice when it comes to making illegal transactions. As the most valuable cryptocurrency today, Bitcoin has become a favorite object of hackers. The market value of cryptocurrencies skyrocketed around October of last year. Since mid-May of this year, this market price has been continuously falling, but it seems that the cryptocurrency still has a chance to explode again. In 2017, a type of malicious code called WannaCry opened a huge cyber attack in 150 countries, causing many users’ files to be locked. If they want the right to unlock, the victim has to pay the hackers 300 USD worth of Bitcoin. In 2019, hackers attacked the city of Baltimore (Maryland state, USA), froze thousands of computers, turned off emails … and demanded the city pay about 100,000 USD in Bitcoin. Ransomware attacks will get stronger and stronger Photo: QQ According to Ekram Ahmed, a spokesman for cybersecurity firm Check Point: “Hackers are pursuing larger and more advanced targets because they know they can succeed. Networks like Colonial paid $4.4 million in ransom, ransomware monetization will attract many new entrants. Things are getting worse, and I firmly believe that ransomware is now a national security threat.” . The consecutive attacks signal a worrying trend in ransomware attacks, especially those that can cause major disruption. Ransomware attacks are becoming more and more common, although hackers often find smaller and more vulnerable targets, less network security, and will pay a ransom to keep their systems normal. usually return as quickly as possible. Cryptocurrencies like Bitcoin have made it much easier for hackers to obtain ransoms. “Ransomware is now a lucrative business for hackers. Since the beginning of 2020, the number of organizations affected by ransomware has increased by 120%.” According to a recent report by cybersecurity firm Sophos, the average cost of recovering from a ransomware attack also appears to have doubled. Software company Chainalysis determined that $350 million was spent on ransomware ransoms in 2020. But it can be difficult to know the full scale of the attacks and the amount of ransom paid, because many the company did not report them in the first place. CNA Financial Corporation, one of the largest insurance companies in the US, paid $40 million in ransom last March, which was revealed only two months later. Law enforcement agencies advise businesses hit by ransomware not to pay the ransom, and say it will encourage hackers to continue demanding increasingly high amounts. However, not every company has the technological capabilities to deal with a group of hackers as sophisticated as Apple.

Appropriate measures should be taken to limit the risk from ransomware. Illustration. With this form of attack, hackers often use tricks to fake websites, extract data of agencies and organizations and demand ransom. Cybercriminals carry out cyberattacks according to a concise strategy that is applicable to many industries. An analysis of recent experts shows that, in 2020 alone, the amount of damage related to ransomware attacks has reached billions of dollars. More dangerously, this behavior also targets the government’s information technology systems, causing serious impact. To protect critical data from attacks, government IT systems need to ensure external layers of security, while having the added responsibility of maintaining the infrastructure if an intrusion occurs. offense. According to studies, despite the development and expansion of the scope, the attacker’s methods still have similarities. Most hackers will illegally exploit the lowest-level vulnerabilities first, through some common and easy-to-implement method. Therefore, experts recommend to prevent ransomware from this initial step through some of the following methods. 1. Secure remote access Remote access is a familiar method often used by attackers, especially through unpatched vulnerabilities of information systems. Accordingly, hackers are constantly scanning the internet, looking for ways to exploit these vulnerabilities to perform attacks. To combat vulnerability scanning, organizations should prioritize patching vulnerabilities first. Along with that, to protect the system, experts recommend that organizations identify remote access systems to their systems by looking up IP addresses. If an attack is suspected, users should block public access to remote desktop protocol services (iRemoteDesktop – RDP), a secure shell that encrypts transmission data (Secure Socket Shell – SSH) ) and file transfer protocol (File Transfer Protocol – FTP). Agencies and organizations need to ensure that systems for remote access such as firewalls, VPN gateways, and email gateways are regularly patched, perform scanning for security holes, and deploy multi-factor authentication. Multi-factor Authentication (MFA) for accounts that are authorized for remote access. Hackers take advantage of security holes to attack the network. Illustration. 2. Email security Many ransomware incidents can start with an email sent to a user. This attack method is gradually becoming popular for hackers to perform blackmail. Experts say it’s safer to prevent unsolicited emails in the first place. The email security system acts as a “fence” to protect the strange messages from the internet and private mailboxes in the intranet system. To avoid email threats, users need to make sure email messages are scanned through a filtering system, and check attachments and links for advanced threats. In addition, account holders should audit or block password-protected documents as hackers often use this method to bypass email data scanning. 3. Keep data backups safe The third most common method for ransomware is to identify the target, encrypt the data, and then completely delete the backups. In addition to the data on the network and the data being used directly, the hacker will search all backups and encrypt them, disabling the data to increase the possibility of ransom from the victim. The victim then has a high probability of paying to buy back these encrypted data. Therefore, individuals, agencies and organizations should have backup plans to ensure the safety of all data. 4. Implement a 3-2-1 . Backup Strategy Without the right protections, backups, and archiving, concurrent copies on the same network are vulnerable to hackers. To avoid network-wide attacks, experts have come up with a safe backup measure for users’ data systems. For all important files, users should store 3 copies, including 1 primary backup for daily use and 2 backup copies. In it, the files will be saved on 2 different media environments to reduce the possibility of mass attacks. These copies must be in place so that data can be accessed and restored easily and quickly in the event of a failure. At the same time, users should save 1 copy outside the work network or home network, in case of force majeure situations due to natural disasters, unexpected disasters.

The report found that as many as 23 apps are available on Google Play, each with between 50,000 and 10 million downloads, violating privacy guidelines in the collection and storage of user information. Some applications are less secure, leaving users vulnerable to personal data leakage. (Photo: Check Point) Of these, there are 13 applications that store user data in the cloud but are not secure. This means hackers can easily access data from the outside. Hackers can even modify the developer’s notice, and replace it with malicious links or misleading content. Users’ personal information is easily leaked when using these applications. (Photo: Check Point) These vulnerabilities put at least 100 million Android users at risk of phishing, identity theft, and malware attacks. 13 out of 23 apps have extremely poor security, allowing hackers to access public data, but Check Point only lists 5 applications that need attention: This Screen Recoder app was found to be storing users’ passwords on an unsecured cloud service, leaving the data vulnerable to leaks. (Photo: Check Point) – Astro Guru : Horoscope app with over 10 million downloads. Astro Guru stores each user’s name, date of birth, gender, GPS location, email address, and payment information. – iFax : Mobile fax application, stores all documents sent by more than 500,000 users in a cloud database. – Logo Maker : Logo design app with over 170,000 users. The user’s full name, account ID, email and password are all accessible. (Artwork: Crystal Cox/Business Insider) – Screen Recorder : This app has more than 10 million downloads. The developer stored the user’s password on an unsecured cloud service, making the data vulnerable to leaks. – T’Leva : Taxi hailing app from Angola with over 50,000 downloads. This application saves the history between the driver and the rider, the location data, name and phone number are accessible. Check Point said it notified the app developers, but only Astro Guru responded, and some of the apps are still available on Google Play.

According to this leader, he never intended to experiment with opening 3rd-party app stores for its devices, because that would push users closer to the risk of malware exposure. Tim Cook appeared in court on May 21. Photo: Yahoo Finance. The view of Apple CEO received approval from Professor Justin Cappos, working at Tandon School of Engineering , belonging to New York University . “Clearly it is not possible for users to arbitrarily install software from their own application store,” Professor Justin Cappos stated on the website. Yahoo Finance . “Even if it’s a familiar app, there’s still the potential for increased malware and phishing on the iPhone.” Of course, Apple’s blocking of 3rd party app stores on iPhones is not simply about protecting consumers. The company also collects a 30% fee on transactions made through the App Store. In other words, while Apple is right when it comes to consumer protection, the dominance of the App Store still gets it in trouble with antitrust regulation. Tim Cook’s stance In an antitrust lawsuit being considered by the court, Epic claims Apple abused the position of the App Store, forcing developers to use a payment system it managed and paying a 30% fee. From summer 2020, Epic kicks things off with a Fortnite update, adding the option to pay for in-game currency through its own channel at a cheaper price than the App Store. Apple responded by removing Fortnite from the app store and locking down Epic’s developer account. The game company quickly filed a lawsuit against Apple for monopoly behavior, demanding a reduction in transaction fees through the App Store or allowing 3rd party app stores to operate on the iPhone. CEO Epic appeared in court on May 20. Photo: Yahoo Finance. The trial took place in May with many fierce arguments, and Judge Yvonne Gonzalez Rogers is expected to announce the ruling next week. Here, Epic argues that if a 3rd-party app store appeared on the iPhone, developers could reduce the price of the app because it wouldn’t cost Apple 30% of the fee. Present in court, Tim Cook defended its stance on not allowing external app stores to appear on the iPhone. By comparing the amount of malware on iOS with platforms that allow the installation of 3rd party applications – Cook asserts that the iPhone accounts for only 1-2% of malware infections, while this rate on Android, Windows up to 30-40%. “If you look at the malware on iOS compared to Android and Windows, it’s really insignificant.” The numbers are on Apple’s side Cook’s view is reinforced by Report on smart device threats in 2020 published by Nokia. Accordingly, 26.64% of malware infections come from Android devices. This number is down from 47.15% in 2019. Nokia believes that security on Android has improved compared to before, in addition, hackers are gradually shifting attacks to IoT devices. Meanwhile, 38.92% of all malware infections originate from Windows PCs. The corresponding rate on Apple’s iPhone is only 1.72%. The rest belongs to other IoT devices. The rate of malware infection on iPhone is much lower than on other platforms. Photo: Yahoo Finance. Why the difference between the 3 operating systems? Professor Cappos says there are several factors at play, including iOS being updated more frequently than Android and Windows. Operating system updates will patch bugs that hackers can exploit with malware, making devices harder to jailbreak. In addition, Android and Windows are two of the most used platforms in the world, which makes them attractive targets for cybercriminals. Both the App Store and Play Store have automated malware detection processes, but Google has trouble allowing users to access 3rd-party app stores. Most security experts recommend not downloading it. download applications from these places due to the risk of malicious code insertion. Meanwhile, Windows allows users to install apps through the Windows Store or download them from anywhere on the web. Can’t “Security Flag” protect Apple? Apple does not disclose revenue from the App Store, instead, it bundles it with Services. This business, which includes Apple TV+, Apple Music+, and iCloud, will bring in $53.7 billion in 2020, or 20 percent of Apple’s $274 billion in total revenue. That proves the App Store is generating a lot of money for the company. With huge profits and strict controls on the app store, Apple may face accusations of unfair competition. According to Professor Shubha Ghosh of Syracuse University of Law , Apple needs to demonstrate that this business is up to the level of security it offers. Sometimes in the eyes of Judge Gonzalez Rogers, the 30% commission per transaction and the security of the platform don’t go together. Even security may not be the judge’s concern. “Antitrust courts don’t care so much about safety – they care about competition,” says Professor Sam Weinstein of Cardozo Law School explain. Why does Apple want to repair the iPhone itself? Apple wants to repair iPhones themselves instead of empowering 3rd parties or users.

Colonial Pipeline Company’s fuel tanks in Baltimore, Maryland, USA. (Photo: AFP/VNA) US Department of Homeland Security (DHS) on May 27 issued new security guidance for owners and operators of fuel pipelines. This move follows a cyber attack on the company’s fuel pipeline system Colonial Pipeline , leading to gas supply disruptions on the US East Coast this month. Homeland Security Secretary Alejandro Mayorkas said: “The recent malware attack on a major fuel pipeline shows that the cybersecurity of pipeline systems is a critical factor. pivotal to the homeland security of the United States.” Under DHS, owners and operators of fuel pipeline Key players will be required to immediately report confirmed and probable cyber-attacks to the Department of Cybersecurity and Infrastructure Security under their respective jurisdictions. DHS (CISA), and appoint a cybersecurity coordinator available 24 hours a day and 7 days a week. The issuance of the new guidance also requires fuel pipeline owners and operators to review current cybersecurity measures to detect any vulnerabilities, as well as remedial actions if necessary. there is a risk of a cyber attack. They must notify this result to the Transportation Security Administration (TSA), a unit of DHA, and CISA within 30 days. The DHS statement said TSA is considering additional mandatory measures to enhance cybersecurity to protect the US fuel system. Previously, on May 7, Colonial Pipeline announced that it was attacked by ransomware and forced to close some systems. This incident caused a large-scale supply disruption, causing thousands of gas stations on the US East Coast to fall into shortages and gasoline prices to the highest level since 2017. The US government has issued an order. state of emergency in 17 states and Washington, D.C. After more than 1 week of being affected, the Colonial Pipeline oil pipeline has returned to normal operation. Colonial Pipeline has publicly confirmed paying a ransom to restore computer networks. Meanwhile, the US Federal Bureau of Investigation (FBI) identified DarkSide as the hacker group behind the attack.

Illustration. The cybersecurity situation has undergone drastic changes in recent times, especially in the context of the Covid-19 epidemic and the trend of remote working. This manifests itself in large-scale and increasingly complex attacks. Hackers perform an average of 50 million password attacks per day, 579 attacks per second. AGAINST MALWARE AND RAMSOMWARE WITH DEVELOPMENT Microsoft’s telemetry results released over the weekend showed that the prevalence of malware and ransomware infections in Asia-Pacific has been increasing over the past 18 months, stretching back to before the Covid-19 pandemic. -19 outbreak to date. Specifically, in Australia it is 23%; China is 80%; India 15%; Japan 16%; New Zealand 19%, Singapore 43%, Hong Kong 38%, South Korea 22%, Malaysia 2%, Philippines 15%, Taiwan 16%, Thailand 3% and Vietnam 7%. Among them, Indonesia alone has a 24% decrease in malware infection rate. The number of cyber attacks and the number of Vietnamese IP addresses in botnets increased in March 2021 due to hackers taking advantage of the increasing demand for Internet use by users as well as people’s interest in translation information. Covid-19. During the same period, the number of ransomware infections (a subset of malware) also increased by 453% in Australia; China (463%); India (100%); Japan (541%); New Zealand (825%); Singapore (296%), Hong Kong (179%), Indonesia (31%), South Korea (64%), Malaysia (72%), Philippines (70%), Taiwan (407%), Thailand (6%) ). This figure in Vietnam is recorded at 15%. In Vietnam, in March 2021 alone, the Information Security Administration recorded 491 incidents of cyber attacks on information systems, an increase of 8.15% compared to February 2021. In which, the number of Malware attacks is 180, while Phishing and Deface attacks are 164 and 147, respectively. In the first quarter of 2021, although compared to the same period in 2020, the number of cyberattacks causing problems on information systems decreased by 20%, but from the beginning of 2021 to now, the number of cyberattack incidents has decreased by 20%. is still in an uptrend. Experts believe that the reason for the increase in the number of cyberattacks and the number of Vietnamese IP addresses in botnets in March 2021 was because hackers took advantage of users’ increasing demand for Internet use as well as the interest People’s attention to information about Covid-19 epidemic. Therefore, the number of Phishing and Malware attacks on systems has increased to cheat, destroy and steal information illegally… It can be seen that, in the context of complicated epidemic developments, when more and more organizations, businesses and individual users work remotely, work from home, they are creating an environment for bad guys to exploit vulnerabilities, Attacks, information theft, large-scale cyberattacks take place in Vietnam and around the world. ABOUT 3.5 MILLION SECURITY PROFESSIONALS IN 2021 Experts say that even as more people begin returning to the office, hybrid work is forecast to remain the norm in the future. According to Forrester, as people gradually settle into a new working model after the pandemic, we will still see an increase in the proportion of employees working remotely compared to before the pandemic, at 300%. And the current Job Trends Index report shows that 53% of respondents in Asia plan to move to a new place because they can work remotely, compared to 46 percent globally. %. That change has been demanding an urgent need for new security solutions to meet the way of working, especially when the network of organizations is no longer limited to the “office wall”. This requires a very different mindset from the traditional “network is the border” and “device protection” approaches. Organizations and businesses need to take data and authentication as the center. While there are many other ways to secure these days, addressing identity, authentication, and information management issues is still critical. Experts have pointed out 4 main pillars to protect users against new work era cyber threats, including: identity protection, Zero Trust mindset, cloud application, and resource investment. security personnel. The network of organizations is no longer limited to the “office wall”. This requires a very different mindset from the traditional “network is the border” and “device protection” approaches. As recent attacks have shown, identity will be the “battlefield” for future attacks. Microsoft Vice President of Security, Compliance, and Identity Vasu Jakkal said that, in a world where identity is the new battleground, adopting a Zero Trust strategy has become a must for businesses. Karma. The hybrid workplace is virtually borderless, so it’s important to establish protective “barriers” around identities and devices. As part of his journey to building a Zero Trust mindset, the expert emphasized that “passwordless authentication will be the trend of the future and that transformation will be seen this year”. Besides the application of technology, experts also emphasize the special importance of people and skills in ensuring information security of each business organization. However, the lack of security professionals and the lack of diversity in security teams are two weaknesses that attackers will find to hit next year, the expert said. It is estimated that the information security industry will be short of about 3.5 million security professionals this year.

This hacker organization has received ransom from many victims. This shows that data ransom attacks have become a lucrative business for cybercriminals. Bitcoin is increasingly preferred by criminal organizations Earlier this month, Colonial Pipeline suffered a severe attack that forced the company to shut down nearly all of its fuel system supplying the southeastern states of the United States. The FBI confirmed the crime was DarkSide, a cybercrime organization believed to be located in Eastern Europe. Last week, it was reported that Colonial had agreed to pay $ 5 million to DarkSide (in bitcoin) for the data recovery password. Recently, the CEO of the company confirmed this information. DarkSide operates like a business. This group develops malicious code to crack and steal the target’s data, then trains partners, the partners continue to train the hackers. When hackers use this malicious code to carry out successful missions, DarkSide will receive a percentage of those successful attacks. In March 2021, when it announced a new software that can crack data faster than before, DarkSide even released a press release and invited reporters to interview. Hackers often demand ransom in virtual currency. London-based blockchain analytics firm Elliptic has identified a bitcoin wallet that DarkSide uses to receive ransoms from victims. On May 14, London-based blockchain analytics firm Elliptic said it had identified a bitcoin wallet used by DarkSide to collect ransoms from victims. That same day, Intel 471 security researchers said DarkSide closed after losing access to its servers and when the organization’s virtual currency wallets were empty. According to Elliptic, DarkSide and other affiliates of this organization have collected at least $90 million in bitcoin ransoms, and they receive funds through 47 different digital wallets. “To our knowledge, this analysis includes all payments to DarkSide,” said Tom Robinson, Elliptic co-founder and chief scientist. However, there may be other undetected transactions, so this $90 million figure should be considered the lowest limit.” Also according to Elliptic’s research, DarkSide’s bitcoin wallet was holding $5.3 million in cryptocurrency before it was all withdrawn last week. There are some rumors that these bitcoins have been seized by the US government. Of the $90 million ransom, $15.5 million went to the developers of DarkSide and $74.7 million to affiliates. Much of that is being sent to cryptocurrency exchanges and thereby converted into fiat. Bitcoin is increasingly preferred by criminal organizations as crypto traders do not reveal their identities. However, because the digital ledger that underpins bitcoin is public, researchers can keep track of where these funds are going.

The US has opened an investigation into this cyber attack. Ransomware is a type of malware designed to lock down a system by encrypting data and demanding a ransom from the victim to regain access. Colonial Pipeline asked a cybersecurity company to coordinate with federal law enforcement agencies to investigate this cyberattack. President Joe Biden was briefed on the incident. The White House said Washington will work to help the Colonial Pipeline resume the interrupted fuel supply. This is considered the largest cyber attack on the US energy system Colonial Pipeline is providing nearly half of the fuel for the US east coast. This is considered one of the largest ransomware attacks ever recorded against US energy infrastructure. The shutdown of the largest fuel pipeline network in the United States will cause the price of this item and related products to spike. Colonial Pipeline transports 2.5 million barrels of gasoline and other fuels per day through 8,850 kilometers of pipeline connecting Gulf Coast refineries to the eastern and southern United States. The company also supplies fuel to several major US airports, including Hartsfield Jackson Airport in Atlanta, which has the world’s largest passenger traffic.

This information was confirmed by the iTunes Customer Experience Manager at the time, Dale Bagwell, on Motherboard in an email that 128 million consumers downloaded more than 2,500 apps infected with malware that came from fake copies. Xcode’s appearance. In total, these 2,500 infected apps were downloaded more than 203 million times in the App Store. Another Apple recruiter mentioned that “China represents 55% of customers and 66% of downloads”, also referring to the malware “XcodeGhost”. According to multiple internal Apple emails, about 18 million affected users are based in the US. Notably, Apple has had many internal discussions about how to send warnings to affected developers and users because the number of customers potentially exposed to malicious code is quite high. Even so, App Store VP Matt Fischer notes that this will pose some challenges in terms of localization of the email’s language, since downloading these apps takes place in the App Store. all over the world. As a result, Apple failed to send warnings to users and developers. Even popular apps like WeChat and Angry Birds 2, designed for the Chinese market, are on the affected list, the report said. As soon as the malware was identified, Apple asked developers to immediately recompile their apps with a genuine version of Xcode. Lookout explains that “developers are drawn to downloading this fake version of Xcode because it will download much faster in China than the official version of Xcode from Apple’s Mac App Store.” Following this incident, Apple increased the security of Xcode installation and malware scanning when submitting apps to the App Store. In testimony from one of the heads of the App Store at the trial of the lawsuit between Epic and Apple, this person said the iOS app review process is part of Apple’s charge for the App Store.

Colonial Pipeline had to shut down the entire network after a cyber attack. Photo: wsj.com The administration of President Joe Biden said it was making every effort to restore the company’s operations and avoid disruption to supply. Experts say gas prices will not be affected if the company resumes normal operations in the next few days. However, this cyberattack, rated as the worst ever for the US infrastructure system, should be a warning bell for other companies about the risk they will become the next target of similar attacks. According to Colonial Pipeline, the company’s pipeline carries gasoline and other fuels from Texas to the Northeast, providing nearly 45 percent of the fuel for the East Coast of the United States. Although Colonial Pipeline has not revealed who is responsible for the cyber attack, an unnamed person on the team investigating the incident confirmed that the culprit was a hacker group nicknamed Darkside. This group has been spreading ransomware since August 2020 and is classified as one of the most attackable groups. Over the past 3 years, Darkside has become more and more professional and has caused Western countries tens of billions of dollars in losses. Ransomware attacks are malicious code designed to lock down computer systems using encrypted data and demand a ransom to restore access. US Commerce Secretary Gina Raimondo on May 9 warned US businesses to be wary of ransomware attacks. The female minister affirmed that she would work closely with the Department of Homeland Security to handle the issue, considering this a top priority of the government. Reuters news agency, citing a notice from the White House, said the administration was working to help Colonial Pipeline company resume operations to avoid supply disruptions. According to sources, before activating ransomware, hackers often steal data, which is used to blackmail businesses or distort the truth. Sometimes stolen data is more valuable to hackers than the benefit they get by disrupting business operations. Security experts say the attack is a warning to operators and managers of essential infrastructure in the US such as electricity, water, energy and transportation facilities that have long been built. do not update the method to ensure security against the risk of being attacked. Mr. David Kennedy, a senior security consultant and founder of the security consulting firm TrustedSec, admitted that ransomware attacks have spiraled out of control in the US and are currently under development. is one of the greatest threats facing the United States. However, most American companies lack the ability to prepare for such threats.

New solution Bkav 2021 applies Artificial Intelligence to create a 5-layer protection system The new solution Bkav 2021 applies Artificial Intelligence to create a 5-layer protection system, helping businesses and individual users closely protect the digital environment and digital data. The main protection layers of Bkav 2021 include the Network Layer that protects and monitors all incoming and outgoing network connections. The operating system layer monitors and detects operating system vulnerabilities. The data layer is responsible for protecting and monitoring changes to data or system configuration. The application layer performs behavioral and vulnerability monitoring of applications. Finally, the User Layer helps ensure the enforcement of information security policies. The manufacturer said that the new version of Artificial Intelligence technology applied in Bkav 2021 has enhanced the ability to identify malicious code by up to 99.9% as well as reduce the possibility of mistakenly catching clean files to approximately 0. %. Bkav’s new technology is also 144% more efficient than the previous 2020 version. In particular, the business version of Bkav Endpoint also provides reporting statistics in the form of a visual Dashboard. Businesses will get an overall picture of the protection situation periodically by week, month, and year, including the number of scanned files, the number of malicious files, the number of controlled connections, and the number of blocked dangerous connections. , the rate of infected malicious code, the number of times to prevent data encryption, spying attacks, the number of operating system vulnerabilities… Bkav Endpoint is provided in 3 versions, suitable for different sizes of businesses, including Endpoint SME for small and medium scale, Endpoint Enterprise for large scale and Endpoint Total for very large scale. Vu Ngoc Son, Vice President in charge of Anti-Malware of Bkav, said: “Bkav 2021’s 5-layer protection system provides comprehensive protection and does not miss any risks. At the same time, the system is also equipped with centralized administration features and periodic reports to help agencies, businesses and users always know the latest overview and details about the computer virus situation. in the whole system, so that they can really feel secure and actively participate in the digital transformation process”.

Colonial Pipeline’s Dorsey hub in Maryland, USA. Photo: Reuters The difficulty in fuel supply has raised concerns that gasoline prices at pumping stations will escalate during the peak summer travel season. Colonial Pipeline said the company is trying to resume operations this weekend after its fuel pipeline system was paralyzed since May 7 after being hit by a cyber attack. The shutdown of the Colonial Pipeline’s fuel pipeline system shut down nearly half of the US East Coast’s fuel supply. The US Energy Administration on May 10 called for mandatory cybersecurity standards for fuel pipeline operators and operators. “Incentivizing the voluntary application of standards to pipelines is inadequate,” said US Federal Energy Regulatory Commission Chairman Richard Glick. The US Federal Bureau of Investigation (FBI) has accused a cybercriminal group called “DarkSide” of causing a ransomware attack on Colonial Pipeline. Reuters news agency quoted cybersecurity experts as saying that DarkSide is based in Russia or Eastern Europe, so the gang usually avoids targeting computers that use the languages ​​of the former Soviet republics. However, US President Joe Biden on May 10 expressed he did not believe that the Russian government was behind the cyber attack on the Colonial Pipeline. “So far there is no evidence based on our intelligence that Russia is involved,” Biden said. A statement titled DarkSide group on May 10 stated: “Our goal is to make money and not create problems for society.” Ransomware attack is a type of malware designed to disable computers by encrypting data and blackmailing victims if they want to regain system access. It is not clear what price the hackers offered for Colonial Pipeline, and the company has not commented on the matter. Fuel demand in the southeastern United States has increased sharply in recent days as consumers fear fuel shortages. The Southeastern region of the United States has long depended mainly on the supply of fuel flowing through the Colonial Pipeline’s pipeline system. The average national gasoline price rose 6 cents to $2.96 a gallon last week, the highest since May 2018 and close to a peak set in 2014, the American Automobile Association said. also warned of speculation about fuel hoarding as the supply continued to decrease. Katina Willey, a resident of Florida on May 10, said she had to go to 5 gas stations to buy gas. “Consumers have to wait in long lines at three of the five gas stations I go to,” added Katina Willey. Many other car owners said they were also looking to refill their gas tanks out of fear that the fuel situation could worsen. If the Colonial Pipeline’s pipeline disruptions continue, fuel suppliers may be able to force fuel transportation by trucks and trains to partially ease the fuel shortage. The US Department of Transportation on May 9 lifted travel restrictions for fuel truck drivers in 17 states affected by supply disruptions.

Illustration. The breach at Alpharetta, Georgia-based Colonial Pipeline is the latest in a series of cybersecurity incidents confronting the administration of President Joe Biden – as well as a striking reminder that many companies Operators of the nation’s most basic infrastructure, from dams to power plants, are still unprepared to deal with the threats posed by toxic numbers. Here’s a summary of how a criminal gang managed to get into Colonial’s systems and why the tool they use – ransomware – is such a persistent threat. How can a hacker shut down a pipeline? On May 7, Colonial Pipeline said it learned that hackers had infected their computer networks with ransomware, malicious code used to take control of computers and extract payments from victims. The breach affected Colonial’s business network, which it uses for tasks like payroll management and data reporting to regulators. Colonial disabled those systems, but it also turned off the much more sensitive technology running its pipeline operations — a precaution meant to prevent hackers from accessing it if they hadn’t already. These systems monitor air flow for impurities and leaks, control power levels, and perform other automated tasks to keep pipelines running smoothly. What exactly was closed? Colonial shut down its entire main pipeline, more than 5,500 miles long from Houston, Texas, to Linden, New Jersey. The pipeline transports 45% of gasoline, jet fuel and diesel to the US East Coast, according to the company. The short-lived outage sent wholesale gas prices up on financial markets in the affected region, but that rally cooled slightly during trading on May 10. And while some gasoline retailers may try to add a few cents a gallon to the price at the pump, there have been no reports of shortages at suppliers serving those retail points. Market analysts say the pipeline shutdown will need to last through at least the middle of the week to start affecting supply in some parts of the Southeast, and Houston’s refineries won’t start. reduce production unless Colonial shuts down until next week. Overall, the US is stockpiling 235 million barrels of gasoline, enough to supply the whole country for nearly a month. However, retail gasoline prices have risen steadily in recent weeks and any anxiety could accelerate gains as the country approaches Memorial Day weekend, which the industry considers is the beginning of the “summer driving season” in high demand. How bad could this be? It depends on whether the outage turns into a protracted crisis for Colonial’s customers, which include busy airports and US military bases. Some customers can buy fuel from foreign suppliers, but they will face more financial pressure as Colonial’s pipeline network remains offline. Colonial said on May 10 that it has begun reactivating segments of the pipeline and anticipates “significantly restoring operational service by the end of the week”. However, they did not explain what “basically” means and did provide some other details about the attack investigation. What is Ransomware? Ransomware is software that hackers deploy to lock down victims’ data so they can’t access or use it – in the worst case scenario, essentially shutting down an entire company or government office. The hacker then demands a ransom in exchange for providing a digital key to unlock the files. Over the past few years, ransomware has grown from an occasional nuisance to a ubiquitous threat. Victims include the hospital system, the school district and the DC police department, as well as many small businesses. According to the FBI report, ransomware attacks increased by 37% from 2018-2019 and 20% from 2019-2020. According to one report, the pandemic has led to a significant increase in ransomware, with the number of attacks Attacks more than doubled year-on-year, with a particularly large increase in the healthcare sector. The Department of Justice recently launched a task force to explore new solutions to the problem. But in the meantime, the problem continues to get worse as criminal motives grow. Why aren’t pipelines and power plants better protected against ransomware? The private companies that operate much of America’s critical infrastructure — power plants, dams, natural gas pipelines, and other critical facilities — often neglect to implement safety protocols. government-recommended cybersecurity. While protecting against foreign government hackers sometimes requires complex technology that small critical infrastructure operators cannot afford, protecting against ransomware is are not. Use strong passwords, train employees not to click on suspicious links, and require employees to use multi-factor authentication – which involves entering a randomly generated number after entering one’s password – can prevent all but the most advanced types of hacks, including ransomware. Despite years of warnings from government officials and cybersecurity experts, most companies outside of the highly regulated financial sector have not taken many of these steps. And even organizations that try to take cybersecurity seriously can be covered by small holes. A long-neglected office worker or old computer in a closet is often the weak link that opens an organization’s doors to hackers. With so many companies leaving themselves with easy targets, many cybercriminals have started using ransomware to make money. By choosing victims they know there can be no downtime, these criminals virtually guarantee themselves an easy profit. Additionally, many ransomware operators have begun exploiting a secondary source of profit: reselling stolen data on the dark web, where sensitive personal information can fetch huge sums. Between victims and hackers is a burgeoning crypto ecosystem, consisting of unscrupulous payment facilitators ready to handle ransom transactions and rock wall law enforcement. How often do victims pay the ransom? The US government discourages ransomware victims from paying attackers to regain access to their data. While some ransomware operators honor their agreements and unlock victims’ files to foster trust and increase their chances of receiving a future ransom, many of these criminals simply take the money and disappear. Paying the ransom also encourages cybercriminals to continue their attacks. Anne Neuberger, deputy national security adviser for cyber and emerging technologies, said: “We recognize that victims of cyberattacks often face very difficult situations and they must balance the cost-benefit when there is no other option about paying the ransom,” – told reporters on May 10 In the US, it is not illegal to pay a ransom to regain access to locked data. However, it is illegal to pay ransoms to entities on the Treasury’s sanctions list, and the Treasury Department has warned companies that assist ransomware victims to conduct due diligence on hackers. before making payment arrangements. DarkSide, what is the group behind the attack? The FBI has confirmed that the Colonial Pipeline hack was the work of the DarkSide ransomware gang. This group is a relatively newcomer to the ransomware ecosystem, but they are already well known for their professionalism, patience, and large ransom demand. Security firm Cybereason wrote in a report last month: “The team has a phone number and even a help desk to facilitate negotiations with the victim, and they are putting a lot of effort into gathering information. about their victims – not just technical information about their environment, but more general information about the company itself, like the size of the organization and estimated revenue.” DarkSide is based in Russia, but so far the US has said it does not believe the hackers acted on behalf of the government of Russian President Vladimir Putin. Mr. Biden said on the afternoon of May 10: “To date, there is no evidence … from our intelligence people that Russia is involved. However, he added: “There is evidence that the actor’s ransomware is in Russia. They have some responsibility to deal with this.” Like other ransomware gangs, DarkSide operates on a so-called “ransomware-as-a-service” model, in which it provides code to less sophisticated hackers and helps them carry out attacks enter in exchange for their share of the profits. After being closely watched by the Colonial Pipeline attack, DarkSide seems to be rethinking this model. On May 10, a purported statement from the DarkSide hackers announced the group’s intention to scrutinize the partners’ planned attacks in the future to “avoid social consequences.” festival”. “Our goal is to make money, and not create problems for society.” What is the US government doing with this attack? The White House has established a working group that includes the Department of Homeland Security’s Cybersecurity and Infrastructure Agency; The Department of Transport’s Pipeline and Hazardous Materials Safety Administration; FBI; and the Departments of Energy, Treasury and Defense. These agencies are working together to prepare for various scenarios should the pipeline remain shut, including planning for shortages and higher gas prices. In addition, the Department of Transportation waives regulations that limit the driving time without rest of fuel trucks in 17 states and Washington DC. That could make it easier to deliver to customers due to Colonial’s closure.

Accordingly, on the group’s website, DarkSide confirmed that it never intended to interrupt the US fuel supply when attacking the network of the Colonial Pipeline company, headquartered in Georgia, USA. The group also said that it will carefully examine its goals in the future, while emphasizing that the group is not affiliated with any governments when the cyber attack takes place because the group is always acting alone. DarkSide wrote on the website: “We are a non-political organization. We are not tied to a government. Our goal is to make money, not to put society in a difficult situation like it is today. in”. “From today, we will carefully examine each company that our partners want to attack to avoid future consequences,” the DarkSide team stressed. The partners the group refers to are “affiliates” of the group, DarkSide said. This group of hackers acts as a company that specializes in providing “hacking services” and is not directly involved in cyber attacks on companies or governments. The team will develop malware for the cyber attacks and negotiate the ransom with the victim, at the request of their partner. One source believes that DarkSide will receive 20-30% of the ransom for its services.

Accordingly, on the group’s website, DarkSide confirmed that it never intended to interrupt the US fuel supply when attacking the network of the Colonial Pipeline company, headquartered in Georgia, USA. The group also said that it will carefully examine its goals in the future, while emphasizing that the group is not affiliated with any governments when the cyber attack takes place because the group is always acting alone. DarkSide wrote on the website: “We are a non-political organization. We are not tied to a government. Our goal is to make money, not to put society in a difficult situation like it is today. in”. “From today, we will carefully examine each company that our partners want to attack to avoid future consequences,” the DarkSide team stressed. The partners the group refers to are “affiliates” of the group, DarkSide said. This group of hackers acts as a company that specializes in providing “hacking services” and is not directly involved in cyber attacks on companies or governments. The team will develop malware for the cyber attacks and negotiate the ransom with the victim, at the request of their partner. One source believes that DarkSide will receive 20-30% of the ransom for its services.

The first mass attack on Apple’s mobile platform came to light when researchers discovered 40 malicious apps that existed on the App Store. Apple was silent about the biggest attack on the iOS platform. Photo: Getty Images. When the scope of the investigation was expanded, this number was eventually determined to be 4,000. They contain malicious code that makes iPhone and iPad part of the botnet. Simply put, the iPhone infected with malicious code becomes the iPhone “zombie”, manipulated for many malicious purposes. Malware infiltrated 128 million iPhones This shocking information has just been revealed by Epic’s lawyers, a few days before the trial of the antitrust lawsuit between the game maker and Apple. Accordingly, on the afternoon of September 21, 2015, about a week after Apple launched iPhone 6s / 6s Plus, Apple leaders discovered 2,500 malicious applications on the App Store, which were downloaded by 128 million users, total plus 203 million visitors, of which 18 million users in the US. Thousands of malware appeared on 128 million iPhones. Photo: Bankinfosecurity. “Joz, Tom and Christine – the number of affected customers is very large, should we email all of them?”, Apple’s Senior Vice President of Global Marketing, Greg Joswiak team members by email. “If so, Dale Bagwell from the Customer Experience team will take care of it. It should be noted that it is difficult to translate emails into the local language, as the application is downloaded in many different countries around the world. About 10 hours later, Bagwell joined the discussion on this matter. Obviously localizing the content, especially the exact name of the application, is not easy. Finally, no emails are sent to the client. Apple quietly posted a simple Q&A document, which generally lists the series of malicious codes appearing on the App Store and the 25 most downloaded names of these. Currently the post has also been deleted. Malware impersonates Apple’s development tools The biggest attack in iOS history came from developers writing apps using fake Xcode – Apple’s iOS and OS X software development tools. The version called XcodeGhost stealthily inserted malicious code alongside the normal functions of the application. Since then, the infected applications cause the victim’s iPhone to be controlled and controlled by the server, and provide a lot of information about the device, including name, identification code, network information, details in ” IDfierForVendor ”… XcodeGhost has embedded the malicious code in popular applications. Photo: Hackread. In China, XcodeGhost promises to load faster than the Xcode toolkit provided by Apple. When developers use the fake version, they receive a warning from Gatekeeper, the macOS security feature requires the app to be verified by a reputable publisher. Eventually, however, thousands of apps developed from the fake toolkit still appeared on the App Store. Disappointing behavior of Apple According to the Wired The Cupertino giant has long made security and privacy a top priority on its devices. Therefore, they need to report directly to the users affected by this serious incident. Google has a bad reputation for being silent when users download malicious apps on Android or the Chrome browser, now it’s Apple’s turn. This is not the first malware scandal on the App Store that eventually falls silent. From 2013, page ArsTechnica found that the application “Jekyll” passed an Apple rating but ultimately contained malicious code. The leaders of Apple have forwarded back and forth, discussing a lot about the method of controlling and approving applications on the App Store. However, all are kept internally confidential without public notice to affected users. IOS 15 build with many new features The new iOS build integrates quite a few features that users have been waiting for.

Activities of management, administration, production, business and procurement of enterprises and people will be gradually changed, implemented through the digital environment. This also increases the risk of cyber attacks, especially attacks on digital data and the digital environment. To help users limit attacks and minimize damage in the future, Bkav has introduced anti-virus software version 2021, applying artificial intelligence to create a 5-layer protection system, helping businesses. and more secure users. Mr. Vu Ngoc Son, Bkav’s Vice President in charge of Anti Malware, said: “Bkav 2021’s 5-layer protection system provides comprehensive protection and does not leave any risk out. At the same time, the system is also equipped with centralized management features, periodic reports to help agencies, businesses and users always grasp general information, so they can be assured and actively participate. number converter ”. According to the manufacturer, Bkav 2021 is capable of detecting malware up to 99.9% as well as reducing the possibility of catching a clean file by approximately 0%, optimizing performance by 144% compared to the previous version. . Users who are installing Bkav antivirus software will be automatically upgraded to the new version.

Logo of Ebay Inc., an e-commerce group. Photo: Reuters NFT is a type of digital asset that uses blockchain technology – similar to the Bitcoin cryptocurrency – to create a unique chain of code that represents a certain item and cannot be replaced. These sequences are often used to identify digital versions of works of art, song or cyber phenomena. NFT has boomed this year, as enthusiasts spend huge sums of money on artwork and items that only exist online, with some products selling for tens of millions of dollars. However, not all NFTs are collectibles. NFTs can be in-game items, event tickets, and domain names. In the short term, an NFT warehouse will be made available to sellers who meet eBay’s standards. In addition, users can expect future programs, policies and tools that will allow them to buy and sell NFT for a wider range of products. In the coming months, eBay will add new features that may not contain blockchain-based collections, said Jordan Sweetnam, eBay’s Senior Vice President and General Manager for North America. owns 187 million of these users. The announcement comes just a week after eBay said it is looking into the possibility of accepting cryptocurrencies as a form of payment in the future and is looking to enable NFT on its platform.

CEO Tim Cook speaks at WWDC 2018 (Image: Getty Images) This is the first time Apple publish this data. It is a sign of “defective apple” becoming more transparent in the process of approving and rejecting iPhone applications under pressure from many countries. Thanks to the application review system, comparing with the App Store regulatory list, the company can keep iPhone users safe from fraud, malware or poor experience. Apple also published some notable figures for 2020. Accordingly, the manufacturer Iphone rejected nearly 1 million applications submitted for the first time; deny nearly 1 million application updates. 48,000 applications removed due to use of “hidden or unreported features”; 150,000 applications removed for spam or other application copying; 215,000 apps removed for collecting too much user data or violating privacy; 95,000 applications were removed due to phishing, usually they change to other types of applications such as gambling, porn. 470,000 accounts disabled from the developer program for phishing. Additionally, last month, Apple declined 3.2 million app downloads using an enterprise license. This is how large businesses often use to circumvent the App Store law to install internal apps on employees’ iPhones. Currently, the lawsuit between Apple and Epic Games is taking place. Game maker Fortnite denounces the App Store as a “closed garden”, hurting developers, and Apple discriminates against many. Epic Games also confirmed that Apple’s process is not perfect, sometimes approving malware. Apple employees themselves have admitted their process is not good enough to prevent scams. At the trial, Apple said, combining 500 automated reviewers and testers to review nearly 5 million applications per year, from 2017 to 2019 (updates included), the rate from declined from 33% to 36%. The flaws are too small for the size of the App Store. Apple sees the App Store as a fundamental, irreplaceable part of its business. This is the only way for users to install software on the iPhone. Apple’s attorney argued that if users let users download apps from outside the App Store the way Android is doing, they would be at risk of security. Apple doesn’t want to be Android. Du Lam (According to CNBC)

Users need to be cautious before providing personal information on social networks. According to Kaspersky’s “Building our place in the digital reputation economy”, social media users in Southeast Asia have become more aware of online risks. Netizens in Southeast Asia do not want to share identity information, family directly, where they live and work on their personal pages. Up to 76% of survey participants do not want to upload financial information online. This percentage is highest among Baby Boomers (people born two decades after World War II), accounting for 85%. Gen Z – the youngest generation – is the group with the lowest rate at 68%. Judging by the current tendency of young people to be more open to sharing information on cyberspace, Kaspersky believes that this is the main driver of the development of electronic payments in the region. However, this also poses a risk when young users do not pay much attention to information security. To best ensure privacy on social networks, especially financial information and personal data, Kaspersky has made a number of recommendations to users. The first is not to publish travel information, not to disclose too much personal information such as date of birth or workplace in the profile section. You should also not post your home address or phone number on any public forum. Second, you should check automatic positioning settings in posts, don’t share location publicly if it’s not absolutely necessary. Third, you should not participate in the quiz that appears on social networks. Usually, these games silently extract personal information with simple questions. That is the information commonly used in security questions. If you provide too much, hackers can use them to break into online accounts. Fourth, be wary of the contest or winning information, because they pose the risk of disguising fraud. If you share it on social media, you could inadvertently spread malicious code or pave the way for the disclosure of sensitive data. Hackers can take advantage of security holes on mobile devices to steal information. Artwork: BS Raise awareness about mobile device security According to a Kaspersky report, 71% of survey respondents in Southeast Asia use passwords to protect their mobile devices. However, just over half of them check and change privacy settings regularly and have internet security software installed on their devices. In order to keep financial information and personal data on your device safe, you need to take note of the following recommendations. Specifically, the most basic security method is to lock your phone with a password that is difficult to guess and update the system regularly. You absolutely do not jailbreak or root your phone. This can pave the way for hackers to enter the system and install malicious code. You should only use licensed and verified apps and games on reputable app stores. An application capable of remotely erasing data is also recommended, making it easy to erase information in case your phone is stolen.

The malware affected 128 million iPhone users. The XcodeGhost malware was spread by hackers through the hidden installation of a version of Xcode programming software, then sharing on forums for iOS developers. Some of these malicious applications at that time included many popular names such as WeChat, the Chinese version of Angry Birds 2. Statistics show that about 2500 applications were infected with malware and up to 203 million users who downloaded these anti-malware applications Security experts believe that the XcodeGhost malware can collect information such as infected application name, device model, network information and some other data. Later, Apple said it did not record the data associated with the user’s identity, or the iCloud login password was collected. After the problem was discovered, Apple asked developers to use the official version of Xcode to compile the app before re-releasing it on the App Store. According to the 9to5mac Apple also strengthens the security process when installing Xcode, checking the application’s malicious code before releasing it on the App Store after the incident.

The Colonia company had to shut down the fuel pipeline after a cyber attack. Photo: AP. Leading American fuel pipeline company Colonial shut down its entire network that supplies nearly half of the fuel to the US East Coast, following a May 8 ransomware ransomware attack. Every day, the Colonial company ships 2.5 million barrels of gasoline, diesel, jet fuel and other products through a 850-kilometer pipeline connecting the eastern and southern coasts of the United States. The company has shut down systems to stop the threat after learning about the attack. According to sources, hackers are most likely a highly professional cybercrime group. And the malware used in the attack is ransomware. Ransomware is a type of malware designed to lock systems by encrypting data and taps money to regain access. This malware has become popular in the past 5 years. The Colonial Company has invited a third-party cybersecurity company to conduct an investigation and contacted law enforcement and other federal agencies to initiate an investigation. Colonial provided no further details or said how long their fuel lines would be closed. “Cyber ​​vulnerabilities have become a systemic issue,” said Ms. Algirde Pipikaite, Head of Network Strategies at the World Economic Forum’s Cyber ​​Security Center. Without measures to protect cybersecurity, attacks are occurring more often on industrial systems such as oil and gas pipelines or water treatment plants. In 2017, Colonial shut down its gas distillation and production lines during Hurricane Harvey that hit the Gulf Coast. That contributes to tight supply and price increases in gasoline in the US.

Colonial Pipeline America’s largest fuel pipeline system was attacked by network, has not yet assessed the damage. (Source: Freightwaves) To deal with the incident, the company had to close the entire network. Colonial Pipeline said the attack “suspended all pipeline operations and affected some of our IT systems”. Sources in cybersecurity revealed that the malware used in the Colonial Pipeline attack was ransomware – a type of malware designed to block systems with how to encrypt data and request a ransom payment to restore access. The Colonial transports gasoline, diesel, jet fuel and other refined products from the Gulf of Texas to the populous US East Coast via a 8,850 km pipeline, serving 50 million customers. Oil analyst Andy Lipow said that the impact of the attack on supply and fuel prices will depend on how long the pipeline is down. If the line stops working for a day or two, the impact will be minor. However, if the pipeline is forced to shut down for 5 or 6, shortages or price increases will occur, especially in the area stretching from Alabama to Washington DC. (According to AFP, Reuters)

Experts say that in each attack, typically hackers will attack networks or systems, steal personal or sensitive information and then demand ransom to return or unlock them. that information. Although experts say that companies should not pay a ransom to hackers because this action helps to foster legal violations, according to Mimecast statistics, 54% of the companies have paid the ransom. Of these, 76% of the companies got their data back, while 24% couldn’t get it back. Prior to this report, since last year, many entities including major Australian companies have reported being attacked by hackers. The recent victim is Nine Network Television, which makes some programs unable to broadcast as usual. Previously, the Australian National Assembly’s computer network was also attacked a number of times. In response to this situation, Australia’s Cybersecurity Center issued recommendations and procedures to instruct entities on how to secure cyber security. At the same time, experts believe that regular software updates as well as the use of multi-factor authentication are also useful measures for security in a cyberspace environment./.

As one of the 15 products and solutions of Vietnam Post and Telecommunication Group (VNPT) won the Sao Khue Award 2021, VNPT Smart IR is the first malware detection and prevention software in Vietnam to provide the control compliance with information security regulations on enterprise end computers. VNPT Smart IR is a comprehensive incident detection and response solution that protects servers and workstations against viruses and malware; supporting inquiry, investigation of the cause and timely response when information security incidents (ATTT) occur; supervising the installation of unauthorized software and monitoring the compliance of organizations and enterprises with security policies. Early detection, prevention and removal method of malicious code The system can perform the following functions: Detect abnormal processes by using Machine Learning technology and support isolating the computer when the problem occurs, timely handling malicious code spreading in the network; Monitor, statistic, and remove invalid applications installed in accordance with the enterprise’s regulations; Control compliance with the organization’s computer security policies; Supporting security staff to promptly handle and respond to incidents as well as enterprise-wide remote malware attacks, early prevention of risks of food safety loss. Products can be applied to all information systems in all fields and on all sizes. Modular design allows customers to choose modules suitable for their size and needs, and investment costs. The application of automatic replacement solutions, helps to reduce the number of manpower needed, while accelerating work progress and productivity many times more, helping to save costs, optimize resources and contribute to standards. detection and troubleshooting process. VNPT Smart IR uses Machine Learning technology to detect and warn unusual events on the client computer with quality Threat Intelligence sample data from reputable data sources such as Microsoft, Kaspersky, … for accurate detection. types of malicious code are hidden in the system and handled according to appropriate methods, ensuring that malicious code is completely processed, no longer capable of causing harm to the system, thoroughly overcoming the damage caused by malicious code. . In addition, the system also has the ability to continuously self-study from anomalous data collected from the client machine. Compared to the traditional method that mainly uses signatures, rules, and hashes to detect today, this method has the ability to detect, prevent and remove malicious code earlier, minimizing the damage caused by malicious code. caused by malicious code. The product is fully equipped with encryption, authentication, integrity protection, confidentiality, tested by the Department of Information Security and a team of testing experts of VNPT before actual implementation and verification. period and testing when releasing a new, updated version to add features to ensure resistance to attacks and outside intrusions. Many potentials for development in the future Up to now, in Vietnam, only six products of five enterprises in the field of anti-malware have been certified by the Ministry of Information and Communications for their technical requirements under Directive 14 / CT-TTg dated 25th. May 5, 2018 of the Prime Minister on “Enhancing capacity to prevent and control malware”. In addition, there is no domestic unit that develops and commercializes Incident Response products, as well as a product that checks compliance with security and safety policies at terminal computers. VNPT Smart IR is the first malware detection and prevention software in Vietnam to provide control of compliance with internal corporate safety regulations (currently the software is doing checklist according to ISO 27001 standard: 2013), for example, does the terminal computer turn on the firewall or not, install endpoint protection or not, turn on UAC, and many other checks … Developed-oriented products can be combined with existing security equipment and applications of the organization (firewall, IDS / ISP, AV …), integrating with existing SOC systems of organizations, business, thereby reducing investment costs, increasing product flexibility, suitable for many types of businesses in all fields. Deployed from June 2016 on VNPT’s internal information system and provided to customers from October 2020, as of February, VNPT Smart IR has stably operated on 21,000 user computers. Currently, typical customers using VNPT’s solutions are Bac Lieu Department of Information and Communication (TT-TT) Bac Lieu, Department of TT-TT Gia Lai, Department of TT-TT-Dak Lak, Department of TT -TT Tien Giang, Department of TT-TT Quang Binh, Department of TT-TT Phu Tho. The solution deployed at the customer side will be monitored 24/7 by the surveillance system located at the VNPT SOC Security Operations Center, supported by a team of experienced experts in the field of malware analysis, incident response from VNPT Security Lab with a network covering 63 provinces and cities across the country, ensuring continuous operation and timely detection of problems in customers’ IT systems. Analysis data source from VNPT Security Lab, data from VNPT’s network, which is constantly updated in real time also enriches data input for the system to ensure identification of the latest hazards. The most dangerous. Not only was honored at Sao Khue Award 2021, previously, VNPT Smart IR was awarded the Promotion Prize of Vietnam Talent Contest 2019 in the IT Creative Startup category; Awarded the Golden Key 2020 title for “Excellent prospects and information security products and confirmed to meet the Prime Minister’s Directive 14 / CT-TTg dated May 25, 2018 on” anti-malware ”.

Although Indonesia still ranks 5th globally in the number of ransomware attacks detected, it has dropped from 1,158,837 cases in 2019 to 439,473 cases in 2020. This downtrend also also appeared in other countries in the region including Vietnam, the Philippines, Malaysia and Thailand. China remains at the top of the list for the number of ransomware cases globally in both 2019 and 2020. Meanwhile, Brazil and Russia have swapped the 2nd and 3rd place in the rankings, with Brazil currently ranked 2nd by 2020. “When I look at the statistics for individual ransomware groups, I find that this trend is in line with an overall drop in the number of detected cases,” said Fedor Sinitsyn, security researcher at Kaspersky. This is mainly due to the decrease in the number of cases involving WannaCry. This group makes up a significant portion of all the ransomware discovered to date, although for more than three years these have not been supported by the “originator” and exist only as one. “zombie” “. One of the most persistent cyber threats facing small and medium businesses in the region is still ransomware, malicious code designed to infect the computers of organizations and individuals, and encrypting data. Data inside and block access to the computer. The attackers will then request a fee from the victim in exchange for re-activation of the system. Ransomware attacks may be on the decline, but Kaspersky has been warning businesses of all sizes in every sector about the increasing activity of Ransomware 2.0, also known as ransomware. have purpose. Mr. Yeo Siang Tiong, General Manager of Kaspersky Southeast Asia commented: “We should not be optimistic that the number of detected ransomware cases has decreased. Since last year, we have noticed a number of changes to this threat. The ransomware teams are now more concerned with quality than quantity. This means that instead of randomly and passively waiting for an unsafe user to bite, the attackers are now actively hunting for victims ”.

Doctor Web researchers discovered 10 seemingly harmless apps on AppGallery – Huawei’s official app market – that contain codes that connect to malicious C&C servers to take over additional configuration and components. These additional components bypass the user, automatically signing up for the paid service. To cover the phone’s owner, they demanded access to the notification and then interfered with the SMS verification code sent by the paid service. According to experts, the malicious code will subscribe to up to 5 such services, although developers can change the limit at any time. The list of infected applications range from virtual keyboards, photography, launchers, texting to stickers, games. Most have the same developer, Shanxi Kuailaipai Network Technology. In total, 10 apps were downloaded by more than 538,000 Huawei users. Doctor Web reported to Huawei and the company removing them from AppGallery. However, downloaders still have to manually delete the device. Below is a list of software that need to be removed immediately: Super Keyboard, Happy Color, Fun Color, New 2021 Keyboard, Camera MX – Photo Video Camera, BeautyPlus Camera, Color RollingIcon, Funney Meme Emoji, Happy Tapping, All-in-One Messenger. Experts say that modules downloaded from the malicious AppGallery also appear in other apps on Google Play. Once activated, they contact the remote server to receive the configuration file, which contains the task list, the paid service website, and the JavaScript mimics the user’s actions. The Joker malware was born in 2017, continuously detected in apps on Google Play Store. In October 2019, Kaspersky malware analyst Tatyana Shishkova tweeted about more than 70 malicious applications on the Google market. According to Google, they have removed about 1,700 Joker malicious apps since 2017. Du Lam (According to BleepingComputer)