Skip to content

大流行期間網絡攻擊有所增加,了解如何保護自己

Cyberattacks have been causing concern and discomfort for those who use and depend on digital spaces for some time now.

This type of activity disrespects the private life of social subjects, in order to expose them to different types of risks.

They usually occur unexpectedly and victims suffer numerous damages, whether monetary, psychological or otherwise.

This action is commonly practiced by malicious hackers, who are dedicated to committing crimes in virtual systems through their technical knowledge of the software.

Hackers can infect connected devices by sending a virus, affecting their performance, and causing irreversible damage.

Likewise, these malicious attackers can steal personal data and information from computers, laptops, tablets, mobile phones, and other connected digital technology devices.

The practice of these crimes can generate harm with no turning back for those who suffer them, and they are more common than it seems.

During the crisis of the new coronavirus, this became even more evident.

The Scenario of Cyberattacks During the New Coronavirus Pandemic

It is possible to state that, if the situation was already quite serious before the pandemic, with the arrival of the new coronavirus, it only worsened.

The new virus brought many complications and, due to the preventive measures required to avoid a more catastrophic situation than the current one, preventive sanitary measures were taken, including social distancing.

This has led many people to work from home. The number of home office jobs had a considerable increase because companies and businesses across the country had to start a process of moving from the physical to the virtual world to survive the crisis.

A consequence was people starting to consume more products online due to isolation, which caused the virtual market and the demand for connectivity to skyrocket.

From this perspective, especially considering the emergency context of society’s shift to the digital world and coinciding with the growth in the number of users, the consequence was a considerable increase in the number of cyberattacks.

This demonstrates a problematic situation in several spheres.

For this reason, it becomes increasingly important to take preventive measures, both concerning the new coronavirus, as well as the security of your electronic equipment and digital devices.

Some precautions and preventive measures can be essential so that a situation as unpleasant as cybercrime is avoided, preventing possible troubles and losses that can often be irreparable.

Protect Yourself from Cyberattacks During the Pandemic

Although it is regrettable to have to worry about the security of your electronic devices, as well as data and personal information in virtual systems that, presumably, should be protected, it is important to be aware of the dangers that exist within the digital world.

By knowing the risks, one can look for preventive measures and, in this way, reduce the chances of potential damage. Here’s some information that can help protect against cyberattacks.

Choose Your Password Wisely

It may seem trivial, but choosing a more complex password makes it very difficult for attackers to gain access to your systems and networks.

Therefore, an important tip is to choose passwords with a higher degree of difficulty, especially those used in more significant virtual spaces; try to develop a more elaborate password.

At the same time, it is interesting to change the password from time to time, helping to reduce the number of data recorded during a certain period.

We often access websites or virtual platforms on different electronic devices and this can facilitate access by malicious individuals.

In the last year, there was also an increase in the number of leaks of various users’ data and information throughout Brazil.

For this reason, it is recommended that you double-check if you are among this group of people. You can perform this check through the senhasegura Hunter website and find out if any of your data has already been exposed.

If after checking it, you discover that your privacy has been invaded and your data has been exposed, immediately change your passwords and check that there has been no serious damage.

Search for PAM Solutions

PAM (Privileged Access Management) solutions work as a great support in managing the passwords of your organization’s critical systems and in protecting your data.

This type of solution works as a repository that stores and protects passwords, information, and important documents of your business. Also, a PAM solution such as senhasegura monitors access and ensures control and security of the passwords provided.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Senhasegura
Senhasegura strive to ensure the sovereignty of companies over actions and privileged information. To this end, we work against data theft through traceability of administrator actions on networks, servers, databases and a multitude of devices. In addition, we pursue compliance with auditing requirements and the most demanding standards, including PCI DSS, Sarbanes-Oxley, ISO 27001 and HIPAA.

為了打擊勒索軟件黑客,耗盡了加密貨幣沼澤

This kind of digital extortion – increasingly viewed as terrorism – would be impossible without the ability to move money around anonymously

Last month, a cybercriminal group penetrated the Colonial Pipeline. This wasn’t just “another” hack, with privacy consequences and threats on personal information. The severe results were shown instantly. Gas supply to millions of Americans was disrupted leading to a spike in gas prices and panic buying causing local fuel shortages in the southeast, and resurfacing old memories of the infamous gas crisis in the US in the late 1970s.

It becomes evident, and not for the first time, that ransomware has the potential to affect the personal lives of innocent citizens tremendously. The problem is worsening by the day as groups improve their ransomware code and collect easy money.

The US authorities responded – a national cyber investigative task force was formed and last night, DOJ told Reuters that US authorities will “give ransomware hacks similar priority as terrorism”. This begs the question, however: will it be possible to stop ransom hacks without treating its originator?

The fact is we’re not looking at this problem holistically. There is one factor making this problem possible, and systemic: cryptocurrency. Ransomware hacks thrive due to the possibility to transfer cryptocurrency easily, rapidly and without leaving traces. The criminals are not required to deal with complex transfers. Gone are the days where hostage-takers demand one million dollars in small-unranked-paper-bills, with a jet on the runway ready to take them to some foreign land where there’s no extradition agreement. All they need is a Bitcoin address, Monero, or ZCash, and a few command lines – and voila – the money lands safely at the hands of the criminals. It’s almost a sterile crime.

In fact, those money transfer machines enable the prosperity of a global crime industry, fueled by corporate extortion funds. For instance, in the case of the Colonial Pipeline, despite the involvement of the FBI and the law authorities, a five million dollar ransom was paid in order to free the systems. Some of the funds were recovered, in an unprecedented operation, and yet, the damage remained.

This is not pocket change. Each win – no matter how financially lucrative – builds on itself and gives these cybercriminals more confidence to fuel the next attack. For example, in dark web forums the phenomenon of “ransomware hack as a service” is gaining popularity, and criminals are offering ransomware for rent. The thieves have become so contented, that they are allowing others to use their tools, while they’re resting safely as ordinary software vendors.

In order to stop terror, we have to stop its funding. However, when it comes to ransomware hacks there is still no internalization of the fact that strict limitations should be put on its primary funding source – cryptocurrencies. The promise for liberty and freedom from censorship made by theoreticians in this field are shattered daily, and instead of a paradise for innocent civilians, we’re left with the opposite – a utopia for criminals. In fact, untraceable cryptocurrencies are the swamp in which the disease of ransomware flourish.

This swamp must be dried up. If governments around the world seriously intend to stop the phenomenon of ransomware hacks, they have to put strict limitations on money transfers via crypto currencies. They must supervise cryptocurrencies the same way they do with cash, bank transfers, diamonds or weapons. Countries should demand users to expose their money sources and prevent them from doing major deals not conducted through the supervised international banking system.

Governments should also implement methods of tracking cryptocurrencies and sound the alarm when illegal activity is detected. If they cannot decide on or implement a system to administer this, governments should consider the unpopular step of complete prohibition of holding and trading cryptocurrency. Drying up of the funding sources for these attacks may be the only viable approach to stop their continued proliferation. If we do not take immediate action to dry those swamps, we will find ourselves in the near future too weak and too ill to recover.

Originally posted on Times of Israel

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About SCADAfence
SCADAfence helps companies with large-scale operational technology (OT) networks embrace the benefits of industrial IoT by reducing cyber risks and mitigating operational threats. Our non-intrusive platform provides full coverage of large-scale networks, offering best-in-class detection accuracy, asset discovery and user experience. The platform seamlessly integrates OT security within existing security operations, bridging the IT/OT convergence gap. SCADAfence secures OT networks in manufacturing, building management and critical infrastructure industries. We deliver security and visibility for some of world’s most complex OT networks, including Europe’s largest manufacturing facility. With SCADAfence, companies can operate securely, reliably and efficiently as they go through the digital transformation journey.

為了打擊勒索軟件黑客,耗盡了加密貨幣沼澤

This kind of digital extortion – increasingly viewed as terrorism – would be impossible without the ability to move money around anonymously

Last month, a cybercriminal group penetrated the Colonial Pipeline. This wasn’t just “another” hack, with privacy consequences and threats on personal information. The severe results were shown instantly. Gas supply to millions of Americans was disrupted leading to a spike in gas prices and panic buying causing local fuel shortages in the southeast, and resurfacing old memories of the infamous gas crisis in the US in the late 1970s.

It becomes evident, and not for the first time, that ransomware has the potential to affect the personal lives of innocent citizens tremendously. The problem is worsening by the day as groups improve their ransomware code and collect easy money.

The US authorities responded – a national cyber investigative task force was formed and last night, DOJ told Reuters that US authorities will “give ransomware hacks similar priority as terrorism”. This begs the question, however: will it be possible to stop ransom hacks without treating its originator?

The fact is we’re not looking at this problem holistically. There is one factor making this problem possible, and systemic: cryptocurrency. Ransomware hacks thrive due to the possibility to transfer cryptocurrency easily, rapidly and without leaving traces. The criminals are not required to deal with complex transfers. Gone are the days where hostage-takers demand one million dollars in small-unranked-paper-bills, with a jet on the runway ready to take them to some foreign land where there’s no extradition agreement. All they need is a Bitcoin address, Monero, or ZCash, and a few command lines – and voila – the money lands safely at the hands of the criminals. It’s almost a sterile crime.

In fact, those money transfer machines enable the prosperity of a global crime industry, fueled by corporate extortion funds. For instance, in the case of the Colonial Pipeline, despite the involvement of the FBI and the law authorities, a five million dollar ransom was paid in order to free the systems. Some of the funds were recovered, in an unprecedented operation, and yet, the damage remained.

This is not pocket change. Each win – no matter how financially lucrative – builds on itself and gives these cybercriminals more confidence to fuel the next attack. For example, in dark web forums the phenomenon of “ransomware hack as a service” is gaining popularity, and criminals are offering ransomware for rent. The thieves have become so contented, that they are allowing others to use their tools, while they’re resting safely as ordinary software vendors.

In order to stop terror, we have to stop its funding. However, when it comes to ransomware hacks there is still no internalization of the fact that strict limitations should be put on its primary funding source – cryptocurrencies. The promise for liberty and freedom from censorship made by theoreticians in this field are shattered daily, and instead of a paradise for innocent civilians, we’re left with the opposite – a utopia for criminals. In fact, untraceable cryptocurrencies are the swamp in which the disease of ransomware flourish.

This swamp must be dried up. If governments around the world seriously intend to stop the phenomenon of ransomware hacks, they have to put strict limitations on money transfers via crypto currencies. They must supervise cryptocurrencies the same way they do with cash, bank transfers, diamonds or weapons. Countries should demand users to expose their money sources and prevent them from doing major deals not conducted through the supervised international banking system.

Governments should also implement methods of tracking cryptocurrencies and sound the alarm when illegal activity is detected. If they cannot decide on or implement a system to administer this, governments should consider the unpopular step of complete prohibition of holding and trading cryptocurrency. Drying up of the funding sources for these attacks may be the only viable approach to stop their continued proliferation. If we do not take immediate action to dry those swamps, we will find ourselves in the near future too weak and too ill to recover.

Originally posted on Times of Israel

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

About CDM InfoSec Awards
This is Cyber Defense Magazine’s ninth year of honoring global InfoSec innovators. Our submission requirements are for any startup, early stage, later stage or public companies in the INFORMATION SECURITY (INFOSEC) space who believe they have a unique and compelling value proposition for their product or service. Learn more at http://www.cyberdefenseawards.com

About the Judging
The judges are CISSP, FMDHS, CEH, certified security professionals who voted based on their independent review of the company submitted materials on the website of each submission including but not limited to data sheets, white papers, product literature and other market variables. CDM has a flexible philosophy to find more innovative players with new and unique technologies, than the one with the most customers or money in the bank. CDM is always asking “What’s Next?” so we are looking for Next Generation InfoSec Solutions.

About Cyber Defense Magazine
With over 5 Million monthly readers and growing, and thousands of pages of searchable online infosec content, Cyber Defense Magazine is the premier source of IT Security information for B2B and B2G with our sister magazine Cyber Security Magazine for B2C. We are managed and published by and for ethical, honest, passionate information security professionals. Our mission is to share cutting-edge knowledge, real-world stories and awards on the best ideas, products and services in the information technology industry. We deliver electronic magazines every month online for free, and special editions exclusively for the RSA Conferences. CDM is a proud member of the Cyber Defense Media Group. Learn more about us at https://www.cyberdefensemagazine.com and visit https://www.cyberdefensetv.com and https://www.cyberdefenseradio.com to see and hear some of the most informative interviews of many of these winning company executives. Join a webinar at https://www.cyberdefensewebinars.com and realize that infosec knowledge is power.

ESET揭露夜神模擬器供應鏈攻擊的幕後駭客組織身分

今年2月,夜神模擬器(NoxPlayer)的軟體更新機制遭到入侵,該款Android模擬器用戶全球約1.5億人,攻擊者鎖定特定少數用戶下手,對他們的電腦進行監控。

背後發動攻擊的APT駭客組織,被命名為Gelsemium,根據相關的分析結果,ESET指出,這個組織最早約於2014年開始發起攻擊行動,遭到Gelsemium攻擊的受害者,遍及東亞和中東,受害單位的類型,包含了政府機關、宗教團體、電子製造業,以及大專院校等。該組織鎖定的國家,涵蓋中國、蒙古、北韓、南韓、日本、土耳其、伊朗、伊拉克、沙烏地阿拉伯、敘利亞,以及埃及。ESET也提供入侵指標(IoC)供資安人員參考。

對於Gelsemium擅長的手法而言,ESET認為是藉由微軟Office的漏洞與釣魚郵件,來散布用來攻擊的惡意軟體,並且利用Exchange伺服器的RCE漏洞,來進行水坑式攻擊。該組織約於2020年9月發動NightScout行動(Operation NightScout),滲透了夜神模擬器的更新伺服器。ESET表示,在10萬名同時是ESET與夜神模擬器的用戶中,僅有5名收到惡意更新,他們位於臺灣、香港,以及斯里蘭卡。

除了上述攻擊事件之外,ESET也點名兩支之前被發現的惡意軟體:OwlProxy和Chrommme,可能與Gelsemium有所關連。為何這些惡意軟體與該組織有關?ESET指出,前者與Gelsemium惡意軟體的元件程式碼,雖然幾乎沒有直接關連,但他們在分析之後還是發現與該組織有關的證據。

後者則是ESET從Gelsemium生態圈調查所找到的後門程式,與前者相同的是,從程式碼的層面比對該駭客組織使用的元件,也幾乎沒有什麼關連,但Chrommme與該組織使用的Gelsevirine,都使用相同的2個C2伺服器。再者,另一個與該組織有關的證據,則是ESET也在遭受Gelsemium攻擊的組織電腦中,發現了Chrommme。

原文出處一:https://www.welivesecurity.com/2021/02/01/operation-nightscout-supply-chain-attack-online-gaming-asia/

原文出處二:https://www.welivesecurity.com/2021/06/09/gelsemium-when-threat-actors-go-gardening/

#若有任何資安需求,歡迎洽詢台灣二版資安專業團隊,服務電話:(02)7722-6899,或上官網查詢:https://version-2.com.tw/?skip=1

關於台灣二版Version 2
台灣二版(V2)是亞洲其中一間最有活力的IT公司,發展及代理各種互聯網、資訊科技、資訊安全、多媒體產品,包括通訊系統等,透過龐大銷售點、經銷商及合作伙伴,提供廣被市場讚賞的產品及客製化、在地化的專業服務。台灣二版(V2)的銷售範圍包括香港、中國、台灣、新加坡、澳門等地區,客戶涵蓋各產業,包括全球1000大跨國企業、上市公司、公用機構、政府部門、無數成功的中小企業及來自亞洲各城市的消費市場客戶。 

關於ESET
ESET成立於1992年,是一家面向企業與個人用戶的全球性的電腦安全軟體提供商,其 獲獎產品——NOD32防病毒軟體系統,能夠針對各種已知或未知病毒、間諜軟體 (spyware)、rootkits和其他惡意軟體為電腦系統提供實時保護。ESET NOD32佔用 系統資源最少,偵測速度最快,可以提供最有效的保護,並且比其他任何防病毒產品獲 得了更多的Virus Bulletin 100%獎項。ESET連續五年被評為“德勤高科技快速成長500 強”(Deloitte’s Technology Fast 500)公司,擁有廣泛的合作夥伴網絡,包括佳 能、戴爾、微軟等國際知名公司,在布拉迪斯拉發(斯洛伐克)、布里斯托爾(英國 )、布宜諾斯艾利斯(阿根廷)、布拉格(捷克)、聖地亞哥(美國)等地均設有辦事 處,代理機構覆蓋全球超過100個國家。