Police shut down darknet market’s servers and seize bitcoin worth $25M
Monthly Archives: April 2022
Lock Down & Level Up: Protect Your Online Gaming from Hackers
As a gamer, you love the stuff you’ve racked up over the years—that rare Fortnite skin from six seasons ago, a complete set of Tier 20 armor in World of Warcraft, or a Steam account loaded with your favorite titles. Hackers love it too. Because they can make money off it.
Hackers have been stealing and reselling online gaming accounts for some time now. Yet the recent 400 percent rise in online gaming theft shouldn’t come as a surprise, particularly as so many of us turned to games for entertainment lately. As people leveled up, gathered loot, and filled their libraries with games in the cloud, hackers saw the opportunity.
The opportunity is this: gaming accounts have a street value. The virtual items and perks we acquire through gaming take time, effort, participation, and sometimes just good luck to build up. In a way, we’ve worked hard to earn our fun. Meanwhile, others out there are willing to take a shortcut. There are those who’ll pay for a well-stocked gaming account that someone else has built up, and hackers are more than willing to hijack accounts from innocent victims and sell them online.
Put simply, the virtual goods in your gaming accounts are like any other good. They have value. And just like anything else you value, they’re worth protecting. That’s exactly what we’ll help you do here.
Sanctioned markets, gray markets, and dark markets: Where gaming goods are sold
First up, let’s take a quick look at the different ways digital goods get moved and sold out there—just to get a sense of the marketplaces that have cropped up around gaming and where hackers fit into the mix.
And there are several. Over the years we’ve seen all kinds of gaming marketplaces crop up, whether they’re sanctioned marketplaces built inside of online games, gray marketplaces that exist outside of games, and dark marketplaces where stolen accounts and goods are exchanged.
1. Sanctioned marketplaces
As a gamer, you’re likely familiar with any number of sanctioned auction houses and marketplaces that are built right into online games, all designed and supported by the game’s developers. A classic example is the long-running auction house in World of Warcraft where players can buy and sell items with in-game currency, the World of Warcraft gold piece. And as marketplaces can go, the rarer and more coveted the item, the higher the price the seller can get for it. In fact, there are plenty of articles on how to play the markets for profit, in a quasi-stock market-like fashion, and all within the legitimate boundaries of the game.
In recent years, we’ve also seen the rise of in-game currencies that players can purchase for cash, again by design and with the support of the developer. A couple of examples are the World of Warcraft Tokens and Minecraft tokens and coins. What you can do with such tokens and coins varies from game to game, yet players can use them to acquire in-game currency, items, or paid to play time.
Increasingly common are in-game stores that allow players to purchase items and perks with cash, just like any other online store. Taken together with all the other ways a player can round up items in a game, it’s easy to see how a gamer’s account can grow into something somewhat unique and valuable over time, simply by playing and participating in the game.
2. Gray market “boosters” and other services for cash
With the time it takes for a player to level up a powerful character and acquire the items that can come along with it, there are out-of-game organizations that will, for a fee, do that work for a player in return for payment. Essentially it involves a player starting a gaming account, rolling up a character, and then handing over the account to a “booster” who will play the game on the owner’s behalf. When the agreed-upon level is reached, the booster hands back the character to the owner.
Of course, there are all kinds of potential problems with this. Strictly from a security standpoint, this means an account owner is handing over their credentials to a stranger, with no real guarantee that this stranger simply won’t change the account password, never hand back the account, and simply walk away with any funds that may have been paid upfront.
Further, “boosting” and other similar services may be against the user agreement the player signed when joining up for the game. For example, World of Warcraft recently updated its policy, stating that they now,
[P]rohibit organizations who offer boosting, matchmaking, escrow, or other non-traditional services, including those offered for gold. World of Warcraft accounts found to be in violation of this policy are subject to account actions. These actions can include warnings, account suspensions and, if necessary, permanent closure of the disruptive World of Warcraft account(s).
So while “boosting” services may not be illegal themselves, they can run counter to user agreements and may lead to cases of fraud when a booster service fails to fulfill its commitment or simply locks a player out of their own account.
3. Dark market sale of stolen gaming accounts and goods
Then there’s the theft and resale of online game accounts, clear examples of digital goods illegally changing hands. Stolen accounts make their way into dark web marketplaces and ads on chat platforms and social media, thanks to hackers who’ve cracked previously legitimate accounts and then packaged them up for sale. In some instances, cybercriminals will sell entire game collections, such as online gaming platform accounts where gamers may have purchased and have access to dozens and dozens of games stored in the cloud.
The method behind this theft is much like a credit card or bank account hack. Often using credentials lifted from a data breach, hackers will take known usernames and passwords and feed them into a credential stuffing application—which can then attempt to access hundreds, even thousands, of accounts through automated login requests.
Given that many users out there use the same passwords across their accounts makes them an easy target for this practice and can reap a large harvest of cracked accounts. From there, the account can be accessed, have its password changed, and then made ready for advertising and sale, where an account can be resold for a few dollars, or for potentially thousands depending on what the account contains.
Protecting your online gaming account from getting hacked
There’s plenty you can do. A few simple steps on your part can drop some serious roadblocks in the way of a hacker who’s looking to crack your account or target you for a scam.
1. Passwords, passwords, passwords
Each of your accounts should have its own strong, unique password. No repeats. And if you have some sixty-plus accounts across all the shopping, banking, gaming, and forum posting you do, not to mention your apps, that sounds like a lot of work. Because it is. Although it doesn’t have to be. A password manager can do the work for you by creating and storing strong, unique passwords for you.
2. News of a data breach? Change your password
Data breaches happen all the time now, striking businesses both large and small. If a business or organization where you have an online account gets breached, change your password right away. Related to the above, make sure the passwords across your other accounts are strong and unique. It’s not uncommon for hackers to try breaching passwords in other accounts, all in the hope that the victim is using the same or a similar password on other accounts as well.
3. Multifactor your defense
Several gaming services offer multi-factor authentication (MFA) as a means of protecting accounts. In addition to requiring a username and password to log in, MFA further verifies account activity by sending a unique code to the email address or text to a device you own, which makes gaining illegal access that much tougher for hackers. Some gaming platforms even support an authentication app, such as the Battle.net Authenticator, offered by Blizzard. In all, the occasional extra clicks required by MFA can really save you some massive headaches by preventing theft. If you have MFA as an option, strongly consider using it.
4. Don’t feed the phish
Phishing attacks have made the jump from email to bogus ads on social media and in search too. In short, a phishing attack involves the hacker posing as a well-known company or organization with the intent of fooling you into providing your username and password. With that, they can drain your account, whether it’s money from your bank account or goods in your gaming account. Spotting phishing attacks can call for a sharp eye nowadays because some hackers can make the phishing emails and sites they use look like the real thing. Comprehensive online protection software will include web protection that can spot bogus links and sites and warn you away from them, even if they look legit.
5. Watch out for “spearphishers”, too
Spearphishers are a special sort, in that they make more targeted attacks. While a phisher will send out an email blast or attempt to rope in a high volume of victims with an ad, a spearphisher will send a direct message to specific, potential victims. You may have seen or heard of this in massively multiplayer online games where an otherwise unknown player sends a message to another with a link to a website, complete with the promise of loot, in-game currency, or services to level up characters. Ignore and don’t visit that link. Chances are it’s a scammer, or at least someone who may be breaking the game’s user agreement by offering such services.
6. Mods and malware
Whether you’re downloading a mod, an expansion, or a new game itself, go with a reputable online store or source. Hackers will drop malware into all kinds of files and applications, games included. Given that such malware could log keystrokes that steal login info, inject ransomware code to hold your device and data hostage, or simply wreak havoc on your files and things, it can have implications for more than just your gaming accounts and the virtual assets you have with them.
Play defense
Hackers know there’s good money in gaming accounts. They wouldn’t bother with them otherwise. Realizing that your gaming account has value is the first step to protecting it.
In addition to taking the steps above, consider comprehensive online protection software. It offers defense in breadth and depth, covering everything from device security, privacy, and identity protection. However, if you want an even faster and safer gaming experience, gamer security is worth looking into. In addition to strong security features, it also offers performance-enhancing technologies that prioritize system resources and keep your gameplay going smooth.
In all, keep in mind that gaming accounts are serious business for hackers. Put up your defenses. Then get out and enjoy yourself, knowing that you have made it far, far tougher for them to ruin your fun.
The post Lock Down & Level Up: Protect Your Online Gaming from Hackers appeared first on McAfee Blog.
stargz-snapshotter-0.10.2-1.fc34
FEDORA-2022-e244ad73d6
Packages in this update:
stargz-snapshotter-0.10.2-1.fc34
Update description:
Security fix for CVE-2022-21698
Online Fraud Up 233% During Pandemic
RiskOps platform observes massive increase in rate of online fraud attacks
Borat RAT: New RAT with Ransomware Capability
FortiGuard Labs is aware of a report that a new Remote Access Trojan (RAT) called “Borat” is sold in underground forums. The RAT provides not only typical RAT capabilities such as keylogging, audio and webcam recording, and browser credential stealing to cybercriminals, but also offers file encryption and decryption capability as well as creating a ransom note on the victim’s machine.Why is this Significant?This is significant because Borat RAT not only enables cybercriminals to perform typical RAT activities but also provides ransomware capabilities as well.What Functionalities Does Borat RAT Provide?Borat RAT allows an attacker to perform the following activities:KeyloggingRansomware activities such as encrypting and decrypting files as well as creating a ransom note on the victim’s machineDistributed Denial of Service (DDoS)Audio and webcam recordingRemote desktopReverse proxySteals device infoProcess hollowingCredential stealingDiscord token stealingPlay audioSwap mouse buttonsHold mouseShow and hide the Desktop and the taskbarEnable and disable webcam lightHang systemTurn off the monitorDisplay blank screen What is the Status of Coverage?FortiGuard Labs provides the following AV coverage for Borat RAT:MSIL/Agent.CFQ!trMSIL/Keylogger.DUS!trMalicious_Behavior.SB
Securing Critical Infrastructure: It’s Complicated
In his testimony before the U.S. House Committee on Homeland Security on April 5, Amit Yoran, Tenable’s chairman and CEO, highlighted real-world challenges and offered guidance on how government can help.
When leaders in government and the private sector speak about critical infrastructure, we tend to describe it as if it were one monolithic entity, funded equally and governed by the same set of rules and regulations. In the United States, the reality is far different.
Heterogeneity among critical infrastructure providers coupled with other factors, such as their prime appeal as targets for cybercriminals and the industry pressure to digitize their operations, make it a challenge to craft a consistent, unified and effective cybersecurity strategy for this sector. It’s a critical issue whose implications extend well beyond the technology realm, as cyber breaches of water treatment facilities, hospitals or power plants can have life-and-death consequences.
It’s an issue Tenable is deeply involved in. Amit Yoran, our CEO and chairman, testified before the U.S. House Committee on Homeland Security on April 5 during the “Hearing on Mobilizing our Cyber Defenses: Securing Critical Infrastructure Against Russian Cyber Threat.’’ Yoran’s testimony provided a comprehensive assessment of the challenges and offered concrete suggestions for improvements.
“Critical infrastructure providers have a duty of care, highlighted in turbulent times, to be responsible stewards of the services that are relied on by millions of Americans,” Yoran said.
Data reveals stark differences in cyber maturity
The Cybersecurity and Infrastructure Security Agency (CISA) has identified 16 critical infrastructure sectors in the U.S., including financial services, energy providers, healthcare, manufacturing, and water and wastewater treatment facilities. Some, like financial services organizations, are privately held, well-funded, for-profit entities, with no shortage of resources to hire the top cybersecurity talents and purchase best-of-breed technologies. Others, like energy and transportation providers, may run the gamut, with some privately operated, others publicly held, and some run as public-private partnerships, with wide variances in the level of funding and resources available to them. Still others, like water and wastewater treatment facilities, are run by local municipalities that often struggle to fund basic services, let alone find the resources to lure top cybersecurity professionals to their teams.
The level of cybersecurity preparedness amongst critical infrastructure providers is concerning. According to a report from the Center for Strategic and International Studies (CSIS) and Trellix— based on survey results from 800 IT decision makers from several countries around the world, including the United States — 9% of critical infrastructure operators don’t even have a cybersecurity strategy in place, despite the fact that 85% of respondents believe they have been targeted by a nation-state cyberthreat.
Tenable’s own vulnerability data reveals stark differences in cybersecurity maturity levels among key critical infrastructure sectors. According to Tenable data, the average number of critical vulnerabilities per device found in financial services organizations and in organizations in the energy sector — which includes providers of electricity, oil, gas and other consumable fuels — is about the same. Our data indicates both sectors are relatively mature in their cybersecurity practices. It takes a median of 12 days for organizations in the financial services and energy sectors to remediate a critical vulnerability. Contrast that with organizations in the healthcare and manufacturing sectors, which average twice as many critical vulnerabilities per device as their financial services and energy counterparts. Vulnerability remediation takes a median of 29 days for manufacturing organizations and 32 days for healthcare organizations, respectively. The more time a vulnerability is left unpatched, the greater the advantage it presents to attackers.
As Yoran stated in his written testimony: “There is no singular defense paradigm that could effectively be applied across all the sectors. Some critical infrastructure providers have a high degree of cybersecurity preparedness, strong risk understanding and risk management practices, and very strong security programs. Others are woefully ill-prepared.”
Attacks on interconnected systems have sweeping impact
At the same time, all critical infrastructure organizations face the same pressure to pursue digital transformation in their quest for efficiency and to accommodate the needs of a remote workforce. The changes are impacting not only the information technology (IT) systems and infrastructure but also the operational technology (OT) systems upon which critical infrastructure organizations rely.
While the notion of digital transformation is nothing new for those working in IT, the pace of change has quickened dramatically in the past two years as the global pandemic forced organizations to quickly ramp up a variety of cloud and remote access solutions in order to keep their businesses functioning. In OT, connectivity to IT systems and networks is a comparably new phenomenon and often involves updating legacy industrial systems with modern connectivity solutions in order to improve efficiency. Such IT/OT convergence is rapidly transforming how critical infrastructure organizations operate — and increasing risk in the process.
Taken together, the disparities in funding and the increasing interconnectedness of systems can significantly increase risk. To illustrate the real-world implications when a small municipality is targeted, Yoran’s testimony explored a February 2021 incident in which a water treatment plant was breached in Oldsmar, FL, a town of 15,000. In this incident, the attacker attempted to change the alkaline levels in the water to a level that would severely damage human tissue. It’s a striking example of the risks of IT/OT convergence; the attacker gained access to a remote IT management software called Team Viewer, and from there “accessed the system by exploiting cybersecurity weaknesses including poor password security, and an outdated Windows 7 operating system,” according to the FBI. This attack demonstrates the significance of proper system hygiene.
As alarming as the water treatment example is, another recent case even more starkly illustrates the potential negative outcomes of IT/OT convergence. On May 7, 2021, Colonial Pipeline was hit with a ransomware attack that caused the company to shut its operations for six days, prompting the President of the United States to issue a state of emergency. The compromise affected business systems located in the organization’s IT environment. The OT systems that control the pipeline itself were not directly accessed in the attack. Yet, the fear and uncertainty of the possible reach of the attack contributed to Colonial Pipeline’s decision to shut down pipeline operations. Colonial Pipeline ultimately ended up paying the hacking group DarkSide a total of 75 bitcoins ($4.4 million) for the ability to unlock its systems and get fuel back out to a majority of the East Coast.
Ransomware attacks against critical infrastructure providers represent a profitable enterprise for cybercriminals, as demonstrated by the Conti ransomware data leaks. The Conti bitcoin wallet data showed more than $1 billion had been paid, creating a massive funding method for Russian actors. It also clearly demonstrates the importance of vulnerability management as a core tenet of strong cybersecurity practice. The Conti group and its affiliates reportedly made use of over 30 known vulnerabilities, some of which were first disclosed in 2018.
While these challenges may seem daunting, Yoran’s testimony outlined four concrete steps the U.S. government can take to improve the cyber preparedness of critical infrastructure providers.
Establish baseline cybersecurity standards of care for critical infrastructure that align with international standards and the National Institutes of Standards and Technology (NIST) Cybersecurity Framework, based on effective cyber hygiene practices.
Finalize and implement the proposed SEC rule that requires public companies to disclose their policies and practices to address their cybersecurity risks.
Implement the cyber incident reporting requirements included in the FY 2022 Omnibus Appropriations bill.
Support and strengthen value-added engagement between the private sector and public sector.
Yoran’s testimony also included guidance on actions the U.S. government can take to protect its own networks and systems. These include:
Strengthening government networks by including protection of federal OT and Active Directory services in the Continuous Diagnostics and Mitigation (CDM) Program.
Implementing Section 1505 of the FY 2022 National Defense Authorization Act.
Establishing metrics for transparency and accountability.
Ensuring sufficient funding for CISA and the Office of the National Cyber Director to ensure they can meet mission requirements.
For more detail on these recommendations, access the full testimony here.
Learn more
Download Tenable’s 2021 Threat Landscape Retrospective
Read the blogs, You Can’t Modernize Critical Infrastructure Without Cybersecurity and Unpacking the U.S. National Security Memorandum on Improving Cybersecurity for Critical Infrastructure
Download the whitepaper, Prediction of an OT Attack
stargz-snapshotter-0.10.2-1.fc35
FEDORA-2022-a7d438b30b
Packages in this update:
stargz-snapshotter-0.10.2-1.fc35
Update description:
Security fix for CVE-2022-21698
CVE-2020-28847
Cross Site Scripting (XSS) vulnerability in xCss Valine v1.4.14 via the nick parameter to /classes/Comment.
CVE-2020-23349
An intent redirection issue was doscovered in Sina Weibo Android SDK 4.2.7 (com.sina.weibo.sdk.share.WbShareTransActivity), any unexported Activities could be started by the com.sina.weibo.sdk.share.WbShareTransActivity.
CVE-2020-19229
Jeesite 1.2.7 uses the apache shiro version 1.2.3 affected by CVE-2016-4437. Because of this version of the java deserialization vulnerability, an attacker could exploit the vulnerability to execute arbitrary commands via the rememberMe parameter.