Archive for April 5, 2022

The Works Pwned By Hackers Shutting Down Some Stores

Posted in Commentary with tags on April 5, 2022 by itnerd

BBC News this morning reported that The Works shop was forced to shut some of their stores down after a cyber-attack. The retailer was forced to close 5 of its 526 stores after hackers gained access to its computer systems and caused issues with its tills. The Works has stated that no customer payment data was compromised. 

Chris Olson, CEO, The Media Trust, a digital safety platform:

“The Works breach follows many all-too-familiar beats based on my experience of cyberattacks directed at retailers. And while it seems that no credit card information has been impacted at this time, the reason is not necessarily reassuring: like many businesses, The Works processes payments from its Web and retail endpoints via one or more third parties.”

“Unfortunately, third parties are increasingly targeted by malicious actors, representing one of the most overlooked risk factors for breaches of financial information. One only has to look at Magecart to understand the potential ramifications. As part of its remediation and response, The Works should carefully evaluate its digital partners to ensure they are not vulnerable – otherwise this relatively small cyber incident may end in a much bigger one.”

The Works said it had told the Information Commissioner’s Office (ICO) about the attack. Which means that if they screwed something up, we’ll out and they’ll be held accountable. I’ll be watching for that report when it comes.

Leave a comment »

Hydra Darknet Market Taken Down By The Germans

Posted in Commentary with tags on April 5, 2022 by itnerd

Germany’s Federal Criminal Police Office today announced (translation here) that the world’s largest illegal dark web marketplace, Hydra Darknet Market, has been taken down. The Darknet market, which has been in operation since 2015, was a Russian-language darknet marketplace that opened as a competitor to the now-defunct Russian Anonymous Marketplace (aka RAMP). The agency attributed the shutdown to an extensive investigation operation conducted by its Central Office for Combating Cybercrime (ZIT) in partnership with US law enforcement authorities since August 2021.

Chris Olson, CEO, The Media Trust, had this to say about this takedown:

“The shutdown of Hydra is a small win for cybersecurity, but a win nonetheless. Attackers who target consumers for credit card details and other personally identifiable information (PII) can’t use it directly without risking discovery and arrest; therefore, they sell this information on darknet markets instead. Without them, the incidence of cybercrime would undoubtedly decrease.”

“Unfortunately, Hydra represents a miniscule drop in the bucket of global cybercrime, which will cost organizations (and therefore consumers) about $10.5 trillion per year by 2025. Cyber actors have perfected the pipeline from Web and mobile-based phishing attacks to darknet markets which we will not name, and new ones are opening all the time. In truth – if past precedent is anything to go by – Hydra operators will likely take their digital assets and resurface in the near future under new identities and domains.”

Any takedown of an online cybercrime marketplace is a good thing. But there needs to be much more of this to send threat actors and wannabe threat actors scared. Let’s hope that law enforcement knows that.

Leave a comment »

Canada Is Among Top 2 Countries for AvosLocker Ransomware Detection: Trend Micro

Posted in Commentary with tags on April 5, 2022 by itnerd

As ransomware continues to be a security concern, a new variant named AvosLocker was discovered as an emerging threat. A recent report from Trend Micro titled “Ransomware Spotlight: AvosLocker” details this:

AvosLocker is one of the newer ransomware families that came to fill the void left by REvil. While not as prominent or active as LockBit or Conti, it is slowly making a name for itself, with the US Federal Bureau of Investigation (FBI) releasing an advisory on this threat. According to the report, AvosLocker has been targeting critical infrastructure in different sectors of the US, with attacks also observed in other countries like Canada, UK, and Spain. Although detections are low, its clever use of familiar tactics makes it a ransomware variant worth monitoring today.

Of interest, the report found that Canada was among the top two countries for AvosLocker detections between July 2021 to February 2022.Moreover, the top three industries affected in Canada were energy, healthcare and the financial sectors.

While AvosLocker is a comparatively newer ransomware family with a low detection rate compared to LockBit or Conti, it is slowly making a name for itself, with the US Federal Bureau of Investigation (FBI) releasing an advisory on this threat. 

Although detections are low, its clever use of familiar tactics makes it a ransomware variant worth monitoring today.

  • It uses the remote administration tool AnyDesk. One of the notable characteristics of AvosLocker campaigns is its use of AnyDesk, a remote administration tool (RAT) to connect to victim machines. Using this tool, the operator can manually operate and infect the machine.
  • It runs on safe mode. Another key element of AvosLocker is running itself on safe mode as part of its evasion tactics. The attacker restarts the machine, disables certain drivers, and runs on safe mode, thus avoiding certain security measures that are unable to run in this mode. Operators also set up certain drivers to make sure that AnyDesk would run even in safe mode. It is important to note that this was a tactic previously employed by the now defunct REvil.
  • Operators auction stolen data. AvosLocker again takes a leaf from REvil’s page by auctioning stolen data on its site, on top of its double extortion scheme. This could be the group’s way of further monetizing a single successful attack or salvaging a failed one.

Operating as a RaaS, the actors behind AvosLocker coordinate their attacks and choose their targets based on their ability to pay the demanded ransom, pursuing critical infrastructure in different industries.

I would read this Trend Micro report and see if your defences against this ransomware measure up.

1 Comment »

Good Chemistry Company Secures Seed Funding

Posted in Commentary with tags on April 5, 2022 by itnerd

The computational chemistry team founded within advanced computing software pioneer, 1QBit, announced today that it is branching out and forming a new independent venture, named Good Chemistry. Backed by Green Sands Equity, Accenture, and WorldQuant Ventures, Good Chemistry is set to fundamentally change the way new materials are discovered and designed across a vast number of industries — including chemical, pharmaceutical, oil and gas, automotive, and academic research — by harnessing the power of computational and quantum chemistry and placing it in the hands of developers.

Through its active research, development, and industry collaborations over the last three years, Good Chemistry is already working with heavyweights including Dow, Amazon Web Services (AWS), DIC Corporation, and Microsoft — due in large part to its proprietary advances in computational chemistry and simulations, which have enabled the shift from the physical lab to the digital world, dramatically decreasing time to market, cost of development, and the amount of infrastructure previously required.

Heading Good Chemistry’s team is CEO and Founder, Arman Zaribafiyan, 1QBit’s first hire and founder of its quantum simulation division, who holds a Ph.D. in quantum information from the University of British Columbia.

Three factors seing Good Chemistry apart are its use of multiple paradigms of technology; its inclusion of the developer community at large in their product development, in particular, those emerging at the intersection of quantum chemistry, software, and machine learning; and its interdisciplinary team of software engineers, computational and quantum chemists, machine learning scientists, and quantum computing scientists.

Good Chemistry’s Scientific Advisory Board comprises some of the industry’s top talent:

  • Paul Zimmerman, Professor of Chemistry at the University of Michigan and developer of the iFCI method, which is one of the core solvers in Good Chemistry’s cloud-based computational chemistry platform, QEMIST Cloud.
  • Frank Noe, Professor at Freie Universitat in Berlin, Germany, known for his pioneering work in applying machine learning across physical sciences, including chemistry and biophysics. He has made numerous contributions to the field, including his recent work on leveraging machine learning to perform high-accuracy quantum chemistry calculations.
  • Isaac Kim, Assistant Professor of Computer Science at the University of California, Davis. Isaac studies the structure of entanglement in quantum many-body systems that allows efficient simulation of such systems on classical and near-term quantum computers.The team’s deep multi-year collaboration with Dow has resulted in a number of scientific breakthroughs in high-accuracy simulations of material properties on quantum computers, which have landed both companies at the forefront of the materials design industry.

Industrial users such as Dow and DIC Corporation are already using the beta version of Good Chemistry’s quantum computing software development kit, and cloud-native developer platform, QEMIST Cloud.

The company has just announced they will be opening up access to new Beta users beginning March 2022. “Our initial studies have shown very promising results; we’re excited to see what external researchers and developers can do with our platform now that we’re making it available for beta release,” says Good Chemistry’s Director of Research and Development, Dr. Takeshi Yamazaki. QEMIST Cloud will be available to the broader public later in 2022. Researchers, developers and organizations who want to be considered Beta users can now sign up at www.goodchemistry.com.

Leave a comment »

Donald Trump’s Truth Social Has Appeared To Have Crashed And Burned

Posted in Commentary with tags on April 5, 2022 by itnerd

Not that I am surprised by this, but according to The BBC, Donald Trump’s attempt to create a social network of his own after being thrown off of every other social network on the planet has been branded a “disaster”:

Truth Social might look like Twitter, but it isn’t available on Android phones, web browsers or, apparently, to most people outside the US. And a Republican ally of Mr Trump’s, who did not wish to be identified, said: “Nobody seems to know what’s going on.” On 21 February, Truth Social was one of the App Store’s most downloaded apps — but many who downloaded it were unable to use it. There was an assumption this problem would soon be resolved and Mr Trump would start posting his “truths” in the coming days — but neither of those things happened. My attempt to register, this week, was placed at number 1,419,631 on the waiting list. 

While YouTube, TikTok, Instagram and Facebook are among the 10 most downloaded apps, according to Similar Web, Truth Social is outside the top 100. Users who find their way in can find the app a little empty, as many big voices on the American right have so far stayed away. Another study found downloads have fallen by as much as 95%. And many are feeling frustrated. “Signed up for Truth Social a couple weeks ago and still on a waiting list,” one Twitter user said, on Tuesday. “By the time I’m off the waiting list and on to Truth Social for real, Trump will be President again,” joked another.

And why aren’t things working? Here’s a big hint:

Truth Social chief executive Devin Nunes said its goal was to be “fully operational” by the end of March. 

But quite why the app is having so many problems has baffled experts. 

Some have pointed to Truth Social’s partnership with Rumble, a video-sharing platform that looks a bit like YouTube.

Popular with conservatives and the far right, Rumble was supposed to provide a “critical backbone” for the site’s infrastructure. 

But if Truth Social is having server problems, why has it taken so long to fix? 

“It should take a few days to fix, not six weeks,” a Republican source close to Mr Trump said. 

“There’s always going to be hiccups at the beginning – but at this point, I would have thought it would have been resolved. 

“Nobody seems to understand why.”

I can take a guess. The people behind Truth Social are in way over their heads and have no clue how to fix this and get things operational. So it sits there and acts as a pretty big source of embarrassment for Trump as a result. One wonders how long it will be before Trump gets fed up, burns it to the ground and pretends it never existed. Because there seems to be no light at the end of this tunnel for Trump.

1 Comment »

MailChimp Pwned…. Be On The Lookout For Phishing Emails

Posted in Commentary with tags , on April 5, 2022 by itnerd

According to Engadget, MailChimp has been pwned and threat actors got access to over 100 MailChimp customer accounts. That gave them them the ability to send emails that would appear to have come from any one of those businesses. One of the affected email lists was that of cryptocurrency company Trezor with attackers trying to gain access to their wallet credentials. Something that the company has confirmed:

Also metaverse platform Decentraland has also said that they were affected.

Because the emails appear to come from the companies that are affected by this, you’ll really need to be on your toes and examine any email that you get to make sure it’s not a phishing email. In the meantime, expect more fallout from this hack in the coming days as more companies post notices that they have been affected by this hack.

1 Comment »