Expert(s):
Founder and CEOfeature_status*/ ?>
ImmuniWeb

Comments Dotted : 54
November 23, 2020

CEO Reacted On Europol Reveals That Criminals Are Using Ai For Malicious Purposes, And Not Just For Deep Fakes
At ImmuniWeb, we have started to see proposals on the Dark Web related to implementation and maintenance of Machine Learning models.
Cybercriminals have been leveraging Machine Learning (ML) and Artificial Intelligence (AI) for years already. Thanks to the growing abundance of different Machine Learning frameworks and data processing available at a very affordable price, Machine Learning has become omnipresent and easily accessible even to small cyber gangs. At ImmuniWeb, we have started to see proposals on the Dark Web related to implementation and maintenance of Machine Learning models for a wide spectrum of criminal.....Read More
Cybercriminals have been leveraging Machine Learning (ML) and Artificial Intelligence (AI) for years already. Thanks to the growing abundance of different Machine Learning frameworks and data processing available at a very affordable price, Machine Learning has become omnipresent and easily accessible even to small cyber gangs. At ImmuniWeb, we have started to see proposals on the Dark Web related to implementation and maintenance of Machine Learning models for a wide spectrum of criminal purposes, spanning from improving phishing campaigns and identity theft to smart WAF bypass and exploitation of web-based vulnerabilities undetectable by automated scanners. Cybercriminals will likely outstrip cybersecurity companies in practical usage of ML/AI in the near future. Most of the outcomes will, however, unlikely bring substantial changes or novel major risks given that ML/AI is narrowly applied to accelerate, amplify and enhance existing attack vectors and techniques.  Read Less
August 12, 2020

Security researcher publishes details and exploit code for a vBulletin zero-day
The volume of personal data available in web forums is huge.
Combined with the peak of summer holidays and Covid-19 disruption, this vulnerability may have quite disastrous and long-lasting consequences compared to similar ones disclosed in the past. The volume of personal data available in web forums is huge. Attackers will launch large-scale and automated hacking campaigns to later run password re-use and identity theft attacks, and extort money from those victims whose sensitive data was exposed in the forum’s private messages for example. Worse,.....Read More
Combined with the peak of summer holidays and Covid-19 disruption, this vulnerability may have quite disastrous and long-lasting consequences compared to similar ones disclosed in the past. The volume of personal data available in web forums is huge. Attackers will launch large-scale and automated hacking campaigns to later run password re-use and identity theft attacks, and extort money from those victims whose sensitive data was exposed in the forum’s private messages for example. Worse, given that the security flaw allows a non-authenticated remote attacker to run arbitrary code on the server, not only the forum may be compromised but the entire web server and its environment. Cybercriminals commonly don’t take a summer vacation, and exploitation in the wild has reportedly already started. We can expect that the vast majority of vulnerable forums will be hacked and backdoored within the next 24 hours. Administrators of the affected resources shall urgently apply the vendor-supplied patch, and consider putting the entire web server offline for investigation whether their forum has been compromised. Modern-day attackers usually install patches once their target is under control to preclude “competitors” from getting in. Thus, if your forum is somehow invulnerable, it’s rather an alarming sign.  Read Less
July 29, 2020

Business ID theft soars amid COVID closures
Less sophisticated gangs may use black SEO or even lawful DMCA takedown requests to make legitimate websites disappear from Google.
The situation we observe at ImmuniWeb is largely exacerbated by SMBs' insecure websites. Frequently, fraudsters swiftly take control of outdated WordPress or Drupal websites, and modify phone numbers and email addresses listed there. Then it becomes virtually impossible to recognize the fraud for would-be lenders. Worse, such security incidents maybe later assigned to the victimized business owners as a negligent failure to protect their business, making them liable for fraudulent transactions.....Read More
The situation we observe at ImmuniWeb is largely exacerbated by SMBs' insecure websites. Frequently, fraudsters swiftly take control of outdated WordPress or Drupal websites, and modify phone numbers and email addresses listed there. Then it becomes virtually impossible to recognize the fraud for would-be lenders. Worse, such security incidents maybe later assigned to the victimized business owners as a negligent failure to protect their business, making them liable for fraudulent transactions they indirectly facilitated. Less sophisticated gangs may use black SEO or even lawful DMCA takedown requests to make legitimate websites disappear from Google, and bring a similar domain name with copy-pasted content but altered phone numbers and phony emails. The proliferation of stolen data across the Dark Web bolsters mushrooming fraud, enabling cybercriminals to massively usurp identities in a riskless and effortless manner. They aptly forge critical documents, based on the information previously leaked online, and preclude even experienced fraud investigators from noticing any red flags in time. The economic slowdown caused by the pandemics will likely spur further growth of identity theft and a wide spectrum of financial fraud stemming from it.  Read Less
July 13, 2020

Experts On Revenge Hack Steals Thousands Of Databases From Security Firm
The statements made by the intruders should be thoroughly investigated and assessed prior to making any conclusions.
Cybercriminals are increasingly targeting MSPs and trusted third-parties including cybersecurity companies as recently highlighted by the US Secret Service. Modern cyber gangs prefer the indirect approach to frontal attacks given that it is usually faster, easier and much less risky. This specific case, however, seems to be a personal revenge incident primarily directed to damage reputation of the allegedly breached cybersecurity firm. The statements made by the intruders should be thoroughly.....Read More
Cybercriminals are increasingly targeting MSPs and trusted third-parties including cybersecurity companies as recently highlighted by the US Secret Service. Modern cyber gangs prefer the indirect approach to frontal attacks given that it is usually faster, easier and much less risky. This specific case, however, seems to be a personal revenge incident primarily directed to damage reputation of the allegedly breached cybersecurity firm. The statements made by the intruders should be thoroughly investigated and assessed prior to making any conclusions. Given the details of the incident, a criminal investigation may have a considerable degree of success to uncover the chain of events and identify the attackers. Interestingly, such an incident, based on the reported facts, will unlikely be covered by the majority of cyber insurance policies so vigorously demanded by a growing number of businesses considering them as a panacea from hackers.  Read Less
June 22, 2020

Comment: Potentially Sensitive Data From Over 200 US Police Departments Exposed Online By ‘BlueLeak’s
The eventual outcome of this leak will likely have disastrous effects for many innocent people.
The eventual outcome of this leak will likely have disastrous effects for many innocent people. First, it will likely inflict irreparable reputational, financial and even physical harm to suspects and people charged with crimes who later were acquitted in a court of law. Furthermore, it will jeopardize legally protected people, like witnesses, who helped investigators convict dangerous criminals. The disclosure will now literally cause the death of the witnesses if their identity is revealed.....Read More
The eventual outcome of this leak will likely have disastrous effects for many innocent people. First, it will likely inflict irreparable reputational, financial and even physical harm to suspects and people charged with crimes who later were acquitted in a court of law. Furthermore, it will jeopardize legally protected people, like witnesses, who helped investigators convict dangerous criminals. The disclosure will now literally cause the death of the witnesses if their identity is revealed to the criminals or their bloodthirsty accomplices. Finally, it will substantially hinder the performance of daily law enforcement operations across the entire country, bolstering street crimes and violent crime, exposing thousands of helpless people to the risk of serious bodily injuries and death. The underlying motives of the publication are obscure for the time-being, however, one thing is crystal-clear and undisputable is that the perpetrators will be morally and [probably] legally accountable for countless ruined lives of innocent people having any relation to the [now criticized] police. Given the surrounding technical circumstances of the leak, it may be reasonable to suppose that the perpetrators have left numerous traces and digital footprints while exfiltrating the data and publishing it online. I think a rapid investigation by Federal and state law enforcement agencies will rapidly shed light on the identities of the wrongdoers. I won’t be surprised if later they will be charged with conspiracy, aiding and abetting murders and other felonies punishable by a life sentence. It may be an exemplary case aimed to demonstrate zero tolerance of the society to cybercrimes aimed to take away innocent lives of people of all ages, social groups and races. From a technical standpoint, it is a painful reminder that third-party security is essential to protect your organization from cyber threats in 2020. You cannot just implement and ensure security in-house but also need to keep an eye on all your trusted parties that have any access to your data or systems.  Read Less
June 22, 2020

North Korean State Hackers Reportedly Planning COVID-19 phishing campaign targeting 5M Across Six Nations
Large scale phishing campaigns is a matter of daily routine.
Large scale phishing campaigns is a matter of daily routine. Some of them involve 0day vulnerabilities, or very recent and not yet patched vulnerabilities, while most of them have carefully selected contacts stolen from various sources or purchased on the Dark Web. There, you have readily available contacts of hundreds of millions of people available for sale, including recent law enforcement databases and governmental resources. Five millions contacts can be located in one day with a web.....Read More
Large scale phishing campaigns is a matter of daily routine. Some of them involve 0day vulnerabilities, or very recent and not yet patched vulnerabilities, while most of them have carefully selected contacts stolen from various sources or purchased on the Dark Web. There, you have readily available contacts of hundreds of millions of people available for sale, including recent law enforcement databases and governmental resources. Five millions contacts can be located in one day with a web browser and hundred of bucks in Bitcoin. Professional cybercriminals will unlikely discuss their upcoming hacking campaigns in a visible manner unless they aim to build a smoke screen a raise a false alert. Moreover, targeting enterprises with COVID-19 today borders to absurd, virtually all organizations now have internal memos or policies saying to distrust all and any COVID-19 related communications from any source. It seems that the allegedly detected campaign comes from script kiddies, not a nation-state threat actor.  Read Less
June 18, 2020

Hackers Target Military And Aerospace Staff By Posing As HRs Offering Jobs
These attacks are particularly dangerous because they aptly leverage inherent human weaknesses.
Financially motivated cyber gangs and nation-state threat actors have been successfully exploiting HR for many years to steal valuable trade secrets and conduct economic espionage. These attacks are particularly dangerous because they aptly leverage inherent human weaknesses. Often, you don’t even need any hacking but to stumble upon a talkative or disgruntled employee who will readily share a great wealth of confidential information either unwittingly or maliciously. Amid the pandemic, the .....Read More
Financially motivated cyber gangs and nation-state threat actors have been successfully exploiting HR for many years to steal valuable trade secrets and conduct economic espionage. These attacks are particularly dangerous because they aptly leverage inherent human weaknesses. Often, you don’t even need any hacking but to stumble upon a talkative or disgruntled employee who will readily share a great wealth of confidential information either unwittingly or maliciously. Amid the pandemic, the situation has been exacerbated given that most of the engineers now work from home, having access to an enterprise's crown jewels. It suffices to breach and backdoor their machines to get virtually unlimited access to corporate trade secrets. Some threat actors knowingly exploit the COVID-19 mess to cover some inconsistencies or other red flags during an interviewing process, for example, to convincingly explain why they cannot meet in person or send a formal employment proposal. Organizations should invest in employee training and security awareness in a consistent and reward-oriented manner. WFH infrastructure should be properly inventoried and monitored. Access to corporate data should be provided on the “as-needed” basis with a proactive monitoring of any anomalies. Last but not least, it won’t hurt to hire an external law firm to review your confidentiality and intellectual property clauses in employment contracts.  Read Less
June 09, 2020

Expert Insight On CallStranger Vulnerability Lets Attacks Bypass Security Systems And Scan LANs
It is nonetheless perfectly possible to identify the “heart and the brain” of the system.
Modern enterprises are characterized by a skyrocketing complexity of their IT infrastructure that may be dispersed across a hundred of countries and maintained by thousands of third parties. On one side, this makes organizations extremely vulnerable and susceptible to cyber-attacks such as ransomware, which exploit shadow IT devices, unprotected cloud and abandoned servers as an entry point into their victim’s premises. On the other side, however, this convoluted intricacy makes global attack .....Read More
Modern enterprises are characterized by a skyrocketing complexity of their IT infrastructure that may be dispersed across a hundred of countries and maintained by thousands of third parties. On one side, this makes organizations extremely vulnerable and susceptible to cyber-attacks such as ransomware, which exploit shadow IT devices, unprotected cloud and abandoned servers as an entry point into their victim’s premises. On the other side, however, this convoluted intricacy makes global attack virtually impossible, as some disjoint parts of the central system will continue working in isolation. It is nonetheless perfectly possible to identify the “heart and the brain” of the system and target it directly with disastrous consequences. We will likely see professional cyber mercenaries being hired not just for data theft campaigns but for highly destructive and damage-creation hacking campaigns. Amid the political and economic crisis of the unprecedented scale, many unscrupulous organizations and state actors won’t hesitate to crush their rivals by paralyzing their computerized factories, supply management chains and sales points. Given how interconnected our IT infrastructure has become, thanks to the rapid proliferation of IoT devices and connected objects, one wisely prepared attack could swiftly shut down a global company for several weeks or even months. Visibility, inventory and continuous monitoring of your digital assets and data is the key to avoid falling victim to the sophisticated attacks.  Read Less
June 03, 2020

CEO On Ransomware Gang Is Auctioning Off Victims’ Confidential Data
Organizations have limited visibility of their 'attack surface', including corporate data.
An Interesting trend that one may observe in today's cybercrime landscape are fake threats to publish allegedly stolen data. Many organizations, whose business largely depends on its reputation, are well prepared to pay a fortune to avoid negative publicity. Another relatively new but rapidly growing scenario is exaggeration of nature or value of data stolen and encrypted by a ransomware. Organizations have limited visibility of their 'attack surface', including corporate data which is.....Read More
An Interesting trend that one may observe in today's cybercrime landscape are fake threats to publish allegedly stolen data. Many organizations, whose business largely depends on its reputation, are well prepared to pay a fortune to avoid negative publicity. Another relatively new but rapidly growing scenario is exaggeration of nature or value of data stolen and encrypted by a ransomware. Organizations have limited visibility of their 'attack surface', including corporate data which is chaotically dispersed across organization’s computers and servers. Once a machine is hacked and encrypted, victims may well believe that attackers will find a backup of their database, critical source code or other important trade secrets. However, prior to paying a ransom, you should carefully investigate, analyze and assess the situation to avoid falling victim to manipulative fraudsters.” Sadly the coronavirus pandemic has pushed many beginners in the IT field to become cybercriminals amid unemployment and lack of finding a well-paid job in their field. Thus, we will likely see a surge of fake extortion campaigns ventured by the newbies and aimed to strip organizations out of cash in a simple and swift manner.  Read Less
May 28, 2020

Expert Insight On Cost Of Criminal Services
Many young people were earning their living by doing some ad hoc programming and other IT work.
I think it’s a false plummet that substantially stems from a rapid proliferation of amateur and unskilled cybercriminals. Many young people were earning their living by doing some ad hoc programming and other IT work. With the pandemic, demand for their services crashed, leaving them without a choice but to join the dark side. Unsurprisingly, their cheap services are often of substandard quality, while when dealing with goods such as credit cards you will likely pay for blocked or expired.....Read More
I think it’s a false plummet that substantially stems from a rapid proliferation of amateur and unskilled cybercriminals. Many young people were earning their living by doing some ad hoc programming and other IT work. With the pandemic, demand for their services crashed, leaving them without a choice but to join the dark side. Unsurprisingly, their cheap services are often of substandard quality, while when dealing with goods such as credit cards you will likely pay for blocked or expired ones, or a duplicate that's already been sold to another client in the best case scenario. There are also some temporary fluctuations on the market, for example, skimming attacks may get considerably less victims than usual and thus affect supply and demand. Most of the skilled cybercriminals feel very comfortable amid the pandemic, enjoying countless new and unprepared victims and innumerable number of exposed and unprotected devices and infrastructure.  Read Less