company logo

Product

Our Product

We are Reshaping the way Developers find and fix vulnerabilities before they get exploited.

Solutions

By Industry

BFSI

Healthcare

Education

IT & Telecom

Government

By Role

CISO/CTO

DevOps Engineer

Resources

Resource Library

Get actionable insight straight from our threat Intel lab to keep you informed about the ever-changing Threat landscape.

Subscribe to Our Weekly Threat Digest

Company

Contact Us

Have queries, feedback or prospects? Get in touch and we shall be with you shortly.

loading..
loading..
loading..
Loading...

Facebook

Chinahackers

loading..
loading..
loading..

Facebook disrupted Chinese Hackers for targeting Uighur Muslims

Facebook disrupted a hacking operation that made use of social media platforms to distribute ioS and Android malware

25-Mar-2021
2 min read

Related Articles

loading..

Heritage Foundation

Cyberattack

Heritage Foundation, a conservative think tank, hit by a cyberattack. Details ar...

A recent cyberattack on the Heritage Foundation, a prominent conservative think tank in Washington D.C., serves as a stark reminder that no organization is immune to cyber threats. While the details of the attack are still emerging, it highlights the ever-evolving landscape of cybersecurity and the importance of robust defenses for organizations of all sizes and sectors. #### Understanding the Threat Landscape Think tanks, by their very nature, are attractive targets for cyberattacks. They often house sensitive data, intellectual property, and confidential communications. Additionally, their influence on policy and public discourse makes them prime targets for those seeking to disrupt or manipulate the political process. #### What We Know About the Attack Details about the attack are scarce at this point. The Heritage Foundation has not commented on the incident, and it is not yet known what data, if any, was stolen. However, some key facts can be gleaned from the available information: - The attack occurred earlier this week, prompting the Heritage Foundation to shut down its network to prevent further malicious activity. - While there is no concrete evidence, a Heritage official is quoted as saying that the attack likely originated from nation-state hackers. - Think tanks are attractive targets for cyberattacks due to their influence on policy making and connections to government officials. In 2015, The Heritage Foundation was hit by a previous cyberattack that resulted in the theft of internal emails and donor information. #### Why Think Tanks Are Vulnerable Think tanks are prime targets for cyberattacks for several reasons: - **Access to Sensitive Information:** Think tanks often house sensitive data such as policy research, internal communications, and donor information. - **Influence on Policy:** Their work can shape government policy and legislation, making them valuable targets for those seeking to influence political agendas. - **Potential for Disruption:** A successful cyberattack could disrupt a think tank's operations and hinder its ability to conduct research or communicate its findings. #### Possible Reasons for this CYBERATTACK - **Previous Compromise:** According to a few reports, it mentions a 2015 attack where "hackers stole internal emails and the personal information of its donors." A history of successful breaches hints at potential lingering weaknesses within Heritage's defenses. - **Evolving Attack Techniques:** Hackers continuously refine their methods. Security strategies that protected against the 2015 attack may not be enough to counter today's sophisticated threats. This suggests that cyberattack methodologies are constantly evolving, requiring continuous adaptation. - **Insufficient Response or Updates:** While it's impossible to speculate with certainty, the Heritage Foundation may have failed to implement the necessary security upgrades or comprehensive changes after the 2015 breach. This lack of action could leave them susceptible to similar or more advanced attack techniques. - **Unknown Vulnerabilities:** The current attack could be exploiting an entirely new vulnerability. Software, hardware, and even human behavior can have undetected weaknesses that attackers can leverage. #### Potential Causes of Vulnerability There could be a number of reasons why the Heritage Foundation might have been vulnerable to a cyberattack: - Many organizations, including think tanks, rely on legacy IT systems that may not have the latest security patches or configurations. These outdated systems can be exploited by attackers. - Social engineering attacks, which trick employees into clicking on malicious links or divulging sensitive information, are a common tactic used by cybercriminals. Even a single employee mistake can provide attackers with a foothold in a network. - Cybercriminals are constantly developing new and sophisticated attack methods. Organizations need to stay up-to-date on the latest threats and implement appropriate defenses. #### Takeaway While we can't pinpoint the exact reason for Heritage's vulnerability with certainty, this incident reinforces these cybersecurity truths: - **No one is immune:** Even organizations with resources and a focus on security face risks. - **Adaptability is key:** Cybersecurity is an ongoing battle, not a one-time solution. - **Past Attacks are Warnings:** Vulnerabilities exposed in the past demand diligent patching and continuous security reexamination.

loading..   13-Apr-2024
loading..   4 min read
loading..

Credential Stuffing

Roku

Hundreds of Thousands of Roku Accounts Hacked! Hackers breached Roku accounts vi...

In light of recent incidents impacting user accounts, Roku, a leading streaming platform, has undertaken a comprehensive investigation and mitigation strategy to address security concerns. The following [Threatfeed](https://www.secureblink.com/cyber-security-news) meticulously dissects the events, response measures, and recommendations provided by Roku to fortify user security. #### Incident Overview Earlier this year, Roku [detected](https://www.roku.com/blog/protecting-your-roku-account), unauthorized access to approximately [15,000 user accounts](https://www.secureblink.com/cyber-security-news/15-000-roku-accounts-hacked-and-sold-for-0-50), followed by a subsequent breach affecting an additional 576,000 accounts. The breaches stemmed from credential stuffing attacks, where attackers utilized stolen login credentials from unrelated sources to gain unauthorized access. #### Attack Methodology Credential stuffing exploits the practice of users reusing login credentials across multiple platforms. Attackers leverage automated tools to execute millions of login attempts using stolen username/password pairs, targeting accounts with reused credentials. #### Impact Assessment In less than 400 instances, malicious actors made unauthorized purchases of streaming service subscriptions and Roku hardware products using compromised accounts. However, no sensitive information, such as full credit card numbers, was accessed. #### Technical Insights Threat actors employ automated tools like Open Bullet 2 or SilverBullet to execute credential stuffing attacks. These tools enable mass login attempts, posing a significant threat to accounts with reused credentials. #### Future Preparedness Roku continues to enhance security measures, including ongoing monitoring of account activity and implementing controls to detect and deter credential stuffing attacks. #### Response Measures 1. **Password Resets and Notifications**: Roku reset passwords for affected accounts and directly notified impacted customers about the incidents. 2. **Refunds and Reversals**: Refunds were issued for unauthorized purchases made on compromised accounts. 3. **Two-Factor Authentication (2FA)**: As a proactive measure, 2FA was enabled by default for all Roku accounts, regardless of impact status. #### Mitigation Strategies: 1. **2FA Implementation**: Users are encouraged to activate 2FA to add an extra layer of security to their accounts. 2. **Strong Password Practices**: Roku advises users to create unique, strong passwords containing a mix of characters to deter unauthorized access. 3. **Vigilance and Awareness**: Users are urged to remain vigilant against suspicious communications and to regularly review account activity for any anomalies.

loading..   12-Apr-2024
loading..   2 min read
loading..

Hunter

Ransom

Japan

Ransomware attack cripples Hoya, impacting production and orders. Attackers stea...

Hoya Corporation, a prominent Japanese manufacturer of optical instruments, medical equipment, and electronic components, recently fell victim to a crippling ransomware attack. The attack, orchestrated by the Hunters International ransomware group, significantly impacted Hoya's production capabilities and order processing. This [Threatfeed](https://www.secureblink.com/cyber-security-news) goes through the nuances of the attack, Hoya's response, and the broader implications. ### All about the Attack The attack involved a ransomware strain deployed by the Hunters International group, a relatively new player in the RaaS (Ransomware-as-a-Service) landscape. While details about the specific ransomware variant used are scarce, security researchers suspect it could be a derivative of a more established ransomware family, such as Maze or [REvil](https://www.secureblink.com/cyber-security-news/r-evil-files-surfaced-in-foiled-a-dutch-company-recovered). These ransomware families are known for their sophisticated encryption methods and ruthless tactics, often threatening to leak stolen data on the dark web if ransom demands are not met. ![ransom(1).png](https://sb-cms.s3.ap-south-1.amazonaws.com/ransom_1_0ca31433a5.png) ***Hunter International’s Ransom Demand*** [Reports](https://www.lemagit.fr/actualites/366580339/Ransomware-Hunters-International-demande-10-millions-de-dollars-a-Hoya) indicate that the attackers gained unauthorized access to Hoya's network through a combination of techniques, possibly including phishing emails, unpatched software vulnerabilities, or exploiting legitimate remote access tools. Once inside the network, the attackers moved laterally, escalating privileges and deploying the ransomware payload across critical systems. While this isn't the very first time for Hoya to be under the radar of a cyberattack, earlier this week, the previous one disrupted the production and order processing, with several of its business divisions experiencing IT outages. The attack resulted in the encryption of an estimated 2 terabytes of data, including 1.7 million files. The stolen data could potentially encompass a wide range of sensitive information, including: - Trade secrets, product blueprints, and research data are valuable assets for any company, and their exposure in a data breach could have a devastating impact on Hoya's competitive edge. - Customer payment details, financial records, and banking information are highly sought after by cybercriminals and could be used for fraudulent activities. - Employee names, addresses, social security numbers, and other personal information could be misused for identity theft or targeted attacks. - Emails, internal communications, and confidential negotiations could be leaked to competitors or used for blackmail purposes. The extent of the damage caused by the stolen data remains undisclosed, but it is also evident that the attackers intended to inflict significant disruption and financial hardship on Hoya. ### Hoya's Response and Recovery Efforts Hoya promptly responded to the attack by implementing a comprehensive incident response plan. Hoya's IT security team likely isolated compromised systems to prevent the ransomware from spreading further across the network. This could have involved shutting down servers, disconnecting infected devices, and segmenting the network. Once the affected systems were contained, Hoya would have focused on eradicating the ransomware from the network. This might have involved deploying anti-malware software or leveraging decryption tools, if available. The recovery phase would involve restoring critical business operations. This could entail restoring data from backups, rebuilding affected systems, and implementing additional security measures to prevent future attacks. Throughout the response process, Hoya would have conducted a forensic investigation to determine the root cause of the attack, the scope of the breach, and the attackers' methods. This investigation would be crucial for improving Hoya's cybersecurity posture and preventing similar incidents in the future. The exact timeframe for Hoya's complete recovery from the attack remains unknown. However, it is certain that the company has incurred significant financial losses due to production disruptions, business downtime, and the cost of incident response and recovery efforts. ### Critical Takeaways and Industry Implications The Hoya cyberattack serves as a stark reminder of the escalating severity and financial repercussions of ransomware attacks. Even large, multinational corporations with presumably robust security measures are not immune to these threats. A layered security approach incorporates multiple security controls at different levels of the network to make it more difficult for attackers to gain a foothold. This could include firewalls, intrusion detection/prevention systems (IDS/IPS), endpoint security solutions, and data encryption. Organizations should conduct regular security assessments to identify vulnerabilities in their systems and applications. These assessments should include penetration testing, vulnerability scanning, and security audits. Having a well-defined incident response plan in place allows organizations to react swiftly and effectively in the face of a cyberattack. This plan should outline procedures

loading..   12-Apr-2024
loading..   4 min read