Usually, hackers exploit hardware and software vulnerabilities to hack ATMs and force them to spit out cash, but now anyone can simply buy a malware to steal millions in cash from ATMs.
Hackers are selling ready-made ATM malware on an underground hacking forum that anybody can simply buy for around $5000, researchers at Kaspersky Lab discovered after spotting a forum post advertising the malware, dubbed Cutlet Maker.
The forum post provides a brief description and a detailed manual for the malware toolkit designed to target various ATMs models with the help of a vendor API, without interacting with ATM users and their data.
Therefore, this malware does not affect bank customers directly; instead, it is intended to trick the bank ATMs from a specific vendor to release cash without authorisation.
The manual also mentions an infamous piece of ATM malware, dubbed Tyupkin, which was first analysed in 2014 by Kaspersky Lab and used by an international cybercrime gang to conduct Jackpotting attack and make Millions by infecting ATMs across Europe and beyond.
The list of crimeware contains in the toolkit includes:
Cutlet Maker—ATM malware which is the primary element of the toolkit
Stimulator—an application to gather cash cassette statuses of a targeted ATM
c0decalc—a simple terminal-based application to generate a password for the malware.
According to Kaspersky researchers, the functionality of the Cutlet Maker malware suggests that two people are supposed to be involved in the ATM money theft—the roles are called “drop” and “drop master.”
“Access to the dispense mechanism of CUTLET MAKER is password protected. Though there could be just one person with the c0decalc application needed to generate a password,” the researchers say. “Either network or physical access to an ATM is required to enter the code in the application text area and also to interact with the user interface.”
In order to operate, the application needs a special library, which is part of a proprietary ATM API and controls the cash dispenser unit—this shows how cyber “criminals are using legitimate proprietary libraries and a small piece of code to dispense money from an ATM.”
The price of this ATM malware toolkit was $5000 at the time of Kaspersky’s research.
The advertisement of this Cutlet Maker ATM malware was initially published on the AlphaBay Darknet marketplace, which was recently taken down by the FBI.
With the rise in cyber-crimes, ethical hacking has become a powerful strategy in the fight against online threats.
In general terms, ethical hackers are authorised to break into supposedly ‘secure’ computer systems without malicious intent, but with the aim of discovering vulnerabilities to bring about improved protection.
Ethical Hackers are now kind of becoming the alchemists of the 21st century.
More and more organisations are being targeted in cyber-attacks, and they must get to know their enemy if they are to protect vital networks. Meet the professional, ethical hacker.
Despite this, the common belief among many at-risk companies is that ‘to outwit a hacker, you need to hire one’.
With so much at stake, even technology providers are turning to those with hacking skills to find the flaws in their products and fix them before the baddies can exploit them.
Infamous Apple Hacker Turned Ethical; Hired by Facebook
23-year-old George ‘GeoHot’ Hotz gained notoriety in 2007 when he became the first person to ‘jailbreak’ Apple’s iPhone by creating a program that enabled iPhone users to modify their devices to run on other carrier networks, despite AT&T having an exclusive deal with Apple.
Two years later Hotz cracked Sony’s PlayStation 3 games console, giving him access to the machine’s processor which helped gamers to amend their game consoles and run unapproved applications and pirated games.
However, despite his reputation, social networking giant Facebook hired Hotz and is reported to be engaged in building an anti-hacker defence programme.
Start Your Career in Ethical Hacking
As companies begin to employ ethical hackers, the need for IT specialists with accredited skills is growing, but ethical hackers require support too.
Learning how to hack helps information security professionals implement the most robust possible security practices. It is as much about finding and fixing security vulnerabilities as it is anticipating them.
As you learn more about the methods hackers use to infiltrate systems, you will be able to pre-emptively resolve issues; if you do not understand how black hat hackers could get into your systems, you are going to have a hard time securing them.
Think of it this way: a computer network is like a yard with a fence to keep people out. If you have put something valuable inside the yard, someone may want to hop the fence and steal it.
Ethical hacking is like regularly checking for vulnerabilities in and around the fence, so you can reinforce weak areas before anyone tries to get in.
8 Online Ethical Hacking Training Courses (With Samples)
Here is an excellent opportunity for you to learn to hack through live demonstrations and hands-on experience with the latest tools.
This week we are introducing a new package of 8 online courses: The Zero to Hero Cyber Security Hacker Bundle, which usually costs $360, but you can exclusively get this 8-in-1 online training course for just $29 after 91% discount.
Here below you can watch sample videos of all training programs before joining:
Learn computer hacking and become a cyber-warrior.
This course forms the basis for anyone who wants to become a real-time penetration tester. You will learn how to research and gather information about a target without leaving any traces, all in an ethical way.
By the end of the course, you will be familiar with how attackers gather their information before launching an attack and know how to mitigate it beforehand.
Get information on Information security needed to operate organisational processes.
In this course, you will learn how employees, business owners, and other computer users tend to have their security compromised, and what you can do to help safeguard yourself and others from digital attacks.
This is an advanced course and helps build on foundation knowledge.
In this course, you will learn how cryptography, steganography, password cracking, game hacking, reverse engineering, and privilege escalation based attacks are performed in a simulated test environment ethically.
This course helps system security professionals mitigate these attacks. It is perfect for anybody who is passionate about developing their skills in the field of internet security.
The hacking of Equifax and the subsequent leaking of private data on an estimated 143 million people has created a furor that reaches from top governmental levels down to the little guys worried that their data is being distributed and misused all over the internet. There are big reasons to be concerned Equifax is not […]
The hacking group behind a series of embarrassing hacks that targeted personal email accounts of senior officials at the FBI, the CIA, and the White House, among other United States federal agencies in 2015.
Justin Liverman, a 25-year-old man from Morehead City, who was known under the online alias “D3F4ULT,” was arrested last year along with another member of the group—Andrew Otto Boggs, 23, of North Wilkesboro, who allegedly used the handle “INCURSIO.”
The duo hacked into multiple government organizations between October 2015 and February 2016. Boggs was sentenced to two years in prison on June 30, 2017, for his role.
Liverman pleaded guilty on January 6 this year to conspiracy to hack U.S. government computers and accounts and was sentenced to 5 years in prison on Friday. He will also be forced to pay $145,000 in restitution.
According to the plea agreement, “beginning in November 2015, Liverman conspired to attempt to intimidate and harass U.S. officials and their families by gaining unauthorized access to victims’ online accounts, among other things.”
“Liverman publicly posted online documents and personal information unlawfully obtained from a victim’s personal account; sent threatening text messages to the same victim’s cellphone; and paid an unlawful ‘phonebombing’ service to call the victim repeatedly with a threatening message,” U.S. prosecutors in the Eastern District Court of Virginia said.
Crackas With Attitude targeted more than ten U.S. government officials including the following and caused more than $1.5 million in losses to victims: The hacking group also leaked the personal details of 31,000 government agents belonging to almost 20,000 FBI agents, 9,000 Department of Homeland Security officers, and some number of DoJ staffers.
According to the federal officials, the hacking group used social engineering to trick victims into revealing their account numbers, passwords, and other sensitive details, using which they gained access to their accounts.
However, a 17-year-old British teenager, who is known as CRACKA and the leader of the “Crackas With Attitude” hacking group, is actually responsible for carrying out the above attacks. His prosecution is still ongoing in the United Kingdom.
The Shadow Brokers, a notorious hacking group that leaked several hacking tools from the NSA, is once again making headlines for releasing another NSA exploit—but only to its “monthly dump service” subscribers.
Dubbed UNITEDRAKE, the implant is a “fully extensible remote collection system” that comes with a number of “plug-ins,” enabling attackers to remotely take full control over targeted Windows computers.
In its latest post, the hacking group announced a few changes to its monthly dump service and released encrypted files from the previous months as well.
Notably, the September dump also includes an unencrypted PDF file, which is a user manual for the UNITEDRAKE (United Rake) exploit developed by the NSA.
According to the leaked user manual, UNITEDRAKE is a customizable modular malware with the ability to capture webcam and microphone output, log keystrokes, access external drives and more in order to spy on its targets.
The tool consists of five components—server (a Listening Post), the system management interface (SMI), the database (to store and manage stolen information), the plug-in modules (allow the system capabilities to be extended), and the client (the implant).
The Snowden documents suggested the agency used the tool alongside other pieces of malware, including CAPTIVATEDAUDIENCE, GUMFISH, FOGGYBOTTOM, GROK, and SALVAGERABBIT, to infect millions of computers around the world.
CAPTIVATEDAUDIENCE is for recording conversations via the infected computer’s microphone
GUMFISH is for covertly taking control over a computer’s webcam and snap photographs
FOGGYBOTTOM for exfiltrating Internet data like browsing histories, login details and passwords
GROK is a Keylogger Trojan for capturing keystrokes.
SALVAGERABBIT is for accessing data on removable flash drives that connect to the infected computer.
New Terms for Shadow Brokers Monthly Dump Service
The Shadow Brokers is now only accepting payments in ZCash (ZEC) from its monthly subscribers, rather than Monero since it uses clear text email for delivery, and has also raised the rates for exploits, demanding nearly $4 Million.
The group demanded 100 ZEC when it started its first monthly dump service in June, but now the hackers are demanding 16,000 ZEC (which costs $3,914,080 in total) for all NSA dumps. Zcash currently trades at $248 per unit.
Those who want to gain access only to the September dump that includes the new NSA malware files need to pay hackers 500 ZEC.
The Shadow Brokers gained popularity after leaking the SMB zero-day exploit, called Eternalblue, that powered Wannacry ransomware attack that crippled large businesses and services around the world in May.
After that, the mysterious hacking group announced a monthly data dump service for those who want to get exclusive access to the NSA arsenal, which they claim to have stolen from the agency last year.
The notorious hacking group that has been in operation since at least 2011 has re-emerged and is still interested in targeting the United States and European companies in the energy sector.
Yes, I am talking about the ‘Dragonfly,’ a well-resourced, Eastern European hacking group responsible for sophisticated cyber-espionage campaigns against the critical infrastructure of energy companies in different countries in past years.
In 2014, we reported about the Dragonfly groups ability to mount sabotage operations against their targets—mainly petroleum pipeline operators, electricity generation firms and other Industrial Control Systems (ICS) equipment providers for the energy sector.
Researchers from cyber security firm Symantec who discovered the previous campaign is now warning of a new campaign, which they dubbed Dragonfly 2.0, saying “the group now potentially has the ability to sabotage or gain control of these systems should it decide to do so” and has already gained unprecedented access to operational systems of Western energy firms.
Here are the major highlights of the group activities outlined in the new report from Symantec:
The hacking group has been active since late 2015 and reportedly using same tactics and tools that were used in earlier campaigns.
The major objective of the Dragonfly 2.0 group is to collect intelligence and gain access to the networks of the targeted organization, eventually making the group capable of mounting sabotage operations when required.
Dragonfly 2.0 majorly targeting the critical energy sectors in the U.S., Turkey, and Switzerland.
Like previous Dragonfly campaigns, the hackers are using malicious email (containing very specific content related to the energy sector) attachments, watering hole attacks, and Trojanized software as an initial attack vector to gain access to a victim’s network.
The group is using a toolkit called Phishery (available on GitHub) to perform email-based attacks that host template injection attack to steal victim’s credentials.
Malware campaign involves multiple remote access Trojans masquerading as Flash updates called, Backdoor.Goodor, Backdoor.Dorshel and Trojan.Karagany.B, allowing attackers to provide remote access to the victim’s machine.
However, Symantec researchers did not find any evidence of the Dragonfly 2.0 group using any zero day vulnerabilities. Instead, the hacking group strategically uses publically available administration tools like PowerShell, PsExec, and Bitsadmin, making attribution more difficult.
“The Dragonfly 2.0 campaigns show how the attackers may be entering into a new phase, with recent campaigns potentially providing them with access to operational systems, access that could be used for more disruptive purposes in future,” Symantec believes.
Cyber attacks on energy grids are not a new thing. Energy companies in Ukraine targeted by hackers on two different occasions in late 2015 and late 2016, actually caused the power outage across several regions in Ukraine, causing a blackout for tens of thousands of citizens around midnight.
Moreover, Nuclear facilities in the United States, including Wolf Creek Nuclear Operating Corporation, were targeted by a well-known Russian group back in July this year, but luckily there’s no proof if the hackers were able to gain access to the operational systems or not.
If you are searching for free ready-made hacking tools on the Internet, then beware—most freely available tools, claiming to be the swiss army knife for hackers, are nothing but a hoax.
Last year, we reported about one such Facebook hacking tool that actually had the capability to hack a Facebook account, but yours and not the one you desire to hack.
Now, a Remote Access Trojan (RAT) builder kit that was recently spotted on multiple underground hacking forums for free found containing a backdoored module that aims to provide the kit’s authors access to all of the victim’s data.
Dubbed Cobian RAT, the malware has been in circulation since February of this year and has some similarities with the njRAT and H-Worm family of malware, which has been around since at least 2013.
According to ThreatLabZ researchers from Zscaler, who discovered the backdoored nature of the malware kit, the “free malware builder” is likely capable of allowing other wannabe hackers to build their own versions of the Cobian RAT with relative ease.
Once the criminals create their own version of malware using this free builder, they can then effectively distribute it via compromised websites or traditional spam campaigns to victims all over the world and is capable of recruiting affected devices into a malicious botnet.
The Cobian RAT then steals data on the compromised system, with the capability to log keystrokes, take screenshots, record audio and webcam video, install and uninstall programs, execute shell commands, use dynamic plug-ins, and manage files.
Cyber Criminals Want to Hack Wannabe Hackers
Now, if you get excited by knowing that all these capabilities offered by the original authors of the malware builder kit are free as they claim, you are mistaken.
Unfortunately, the custom RATs created using this free Cobian RAT malware builder kit has a hidden backdoor module, which silently connects to a Pastebin URL that serves as the kit authors’ command-and-control (C&C) infrastructure.
The backdoor, at any time, can be used by the original authors of the kit to issue commands to all RATs built on the top of their platform, eventually putting both wannabe hackers and compromised systems infected by them at risk.
“It is ironic to see that the second level operators, who are using this kit to spread malware and steal from the end user, are getting duped themselves by the original author,” Deepen Desai, senior director of security research at Zscaler, wrote in a blog post published Thursday.
“The original author is essentially using a crowdsourced model for building a mega Botnet that leverages the second level operators Botnet.”
The researchers also explain that the original Cobian developer is “relying on second-level operators to build the RAT payload and spread infections.”
The original author then can take full control of all the compromised systems across all the Cobian RAT botnets, thanks to the backdoor module. They can even remove the second-level operators by changing the C&C server information configured by them.
A recently observed unique Cobian RAT payload by the researchers reportedly came from a Pakistan-based defence and telecommunication solution website (that was potentially compromised) and served inside a .zip archive masquerading as an MS Excel spreadsheet.
The bottom line: Watch out the free online stuff very carefully before using them.
A team of hackers at the CIA, the Central Intelligence Agency, allegedly used a Windows hacking tool against its targets to gain persistent remote access.
As part of its Vault 7 leaks, WikiLeaks today revealed details about a new implant developed by the CIA, dubbed AngelFire, to target computers running Windows operating system.
AngelFire framework implants a persistent backdoor on the target Windows computers by modifying their partition boot sector.
AngelFire framework consists five following components:
1. Solartime — it modifies the partition boot sector to load and execute the Wolfcreek (kernel code) every time the system boots up.
2. Wolfcreek — a self-loading driver (kernel code that Solartime executes) that loads other drivers and user-mode applications
3. Keystone — a component that utilizes DLL injection technique to execute the malicious user applications directly into system memory without dropping them into the file system.
4. BadMFS — a covert file system that attempts to install itself in non-partitioned space available on the targeted computer and stores all drivers and implants that Wolfcreek starts.
5. Windows Transitory File system — a new method of installing AngelFire, which allows the CIA operator to create transitory files for specific tasks like adding and removing files to AngelFire, rather than laying independent components on disk.
According to a user manual leaked by WikiLeaks, AngelFire requires administrative privileges on a target computer for successful installation.
The 32-bit version of implant works against Windows XP and Windows 7, while the 64-bit implant can target Server 2008 R2, Windows 7.
Previous Vault 7 CIA Leaks
Last week, WikiLeaks published another CIA project, dubbed ExpressLane, which detailed about the spying software that the CIA agents used to spy on their intelligence partners around the world, including FBI, DHS and the NSA.
Since March, WikiLeaks has published 22 batches of “Vault 7” series, which includes the latest and last week leaks, along with the following batches:
CouchPotato — A CIA project that revealed its ability to spy on video streams remotely in real-time.
Dumbo — A CIA project that disclosed its ability to hijack and manipulate webcams and microphones to corrupt or delete recordings.
Imperial — A CIA project that revealed details of 3 CIA-developed hacking tools and implants designed to target computers running Apple Mac OS X and different flavours of Linux OS.
UCL/Raytheon — An alleged CIA contractor that analysed in-the-wild advanced malware and submitted at least five reports to the agency for help it develops its malware.
Highrise — An alleged CIA project that allowed the US agency to stealthy collect and forward stolen data from compromised smartphones to its server via SMS messages.
BothanSpy and Gyrfalcon — Two alleged CIA implants that allowed the spy agency to intercept and exfiltrate SSH credentials from targeted Windows and Linux computers using different attack vectors.
OutlawCountry — An alleged CIA project that allowed the agency to hack and remotely spy on computers running Linux operating systems.
ELSA — Alleged CIA malware that tracks geo-location of targeted laptops and computers running the Microsoft Windows OS.
Brutal Kangaroo — A tool suite for Microsoft Windows OS used by the CIA agents to target closed networks or air-gap computers within an organisation or enterprise without requiring any direct access.
Cherry Blossom — A framework employed by the agency to monitor the Internet activity of the targeted systems by exploiting flaws in Wi-Fi devices.
Pandemic — A CIA’s project that allowed the spying agency to turn Windows file servers into covert attack machines that can silently infect other PCs of interest inside the same network.
Athena — A spyware framework that the agency designed to take full control over the infected Windows systems remotely and works against every version of Windows OS–from Windows XP to Windows 10.
AfterMidnight and Assassin — 2 alleged CIA malware frameworks for the Microsoft Windows platform that’s meant to monitor and report back actions on the infected remote host PC and execute malicious actions.
Archimedes — Man-in-the-middle (MitM) attack tool allegedly developed by the agency to target computers inside a Local Area Network (LAN).
Scribbles — Software allegedly designed to embed ‘web beacons’ into confidential documents, allowing the CIA agents to track insiders and whistleblowers.
Grasshopper — A framework which allowed the spying agency to easily create custom malware for breaking into Microsoft’s Windows OS and bypassing antivirus protection.
Marble — Source code of a secret anti-forensic framework used by the agency to hide the actual source of its malware.
Dark Matter — Hacking exploits the spying agency designed to target iPhones and Macs.
Weeping Angel — Spying tool used by the CIA agents to infiltrate smart TV’s, transforming them into covert microphones.
Year Zero — CIA hacking exploits for popular hardware and software.
There is no indication of WikiLeaks servers and website been compromised, instead it seems their website has been redirected to a hacker-controlled server using DNS poisoning attack.
In DNS poisoning attack, also known as DNS spoofing, an attacker gets control of the DNS server and changes a value of name-servers in order to divert Internet traffic to a malicious IP address.
Shortly after the defacement, the site administrators regained access to their DNS server and at the time of writing, the WikiLeaks website is back online from its official legitimate servers.
OurMine is a Saudi Arabian group of hackers which claims to be a “white hat” security firm.
The group markets itself by taking over social media accounts of high-profile targets and then encourages them to contact the hacking group to buy its IT security service in an effort to protect themselves from future cyber attacks.
Since most of us rely upon the Internet for day-to-day activities today, hacking and spying have become a prime concern, and so have online security and privacy.
The Internet has become a digital universe with websites collecting your sensitive information and selling them to advertisers, hackers looking for ways to steal your data from the ill-equipped networks, websites, and PCs, and government conducting mass surveillance—every model has shifted to data collection.
So, what’s the solution and how can you protect your privacy, defend against government surveillance and prevent malware attacks?
Virtual Private Network—Yes, one of the most efficient solutions to maximize your privacy is to use a secure VPN service.
VPN serves as an encrypted tunnel between your computer and destinations you visit on the internet to secure your Internet traffic and protects you from bad guys getting into your network to steal your sensitive data.
When choosing a VPN, Private Internet Access (PIA) comes out to be one of the best-performing VPN services available in the market.
PIA also has solid performance and a good reputation for keeping its user data private with more than 3,000 servers worldwide. Here are few key features of PIA:
Most VPN providers offer one primary encryption method (usually the strongest available to make sure nothing goes awry), but PIA provides a few different methods on their OpenVPN tunnels depending on what criteria you are concerned.
By default, PIA uses the OpenVPN protocol with AES-128 encryption to protect data transmissions, SHA1 to authenticate the data and RSA-2048 to set up the secure server connection.
However, you can mix and match encryption protocols as per your needs, or select presets labeled such as “All Speed No Safety,” “Risky Business” and “Maximum Protection.” you can also use the PPTP or L2TP/IPSec VPN protocols instead of OpenVPN protocol if you want to mask your IP address, and/or circumvent censorship and geolocation.
Besides providing strong encryption protocols, PIA does not log user activity that will monitor and record data points from your VPN activity.
One can sign up for PIA with only a valid email address—no real name required. PIA takes payments in Bitcoin, Cashu and gift cards as well.
PIA also allows you to use P2P file-sharing networks and BitTorrent on its servers, which is convenient.
The service also provides an ad-, trackers-, and malware-blocking tool, called PIA Mace, that blocks annoying advertisements across web pages, trackers that allow marketing companies to track you throughout the Internet and malware that could steal your data.
There is also a ‘Kill Switch’ feature included in Private Internet Access, which shuts down all the internet-connected applications when your VPN connection suddenly disconnects.
Speed & Performance
Regardless of the VPN service you use, it will affect your Web browsing speeds.
PIA has more than 3272 servers in 25 countries around the world including Asia, Central America, Europe, India, the UK, South America, and the United States. No matter where you go, you are very likely to find a nearby server.
So, overall, PIA’s speeds are good.
The service takes a few seconds to connect securely through PIA’s network and allows users to stay online for more than 12-hour period without reconnecting.
Compatibility & Usability
PIA is available extensively across most major apps and operating systems. It has applications for Windows, macOS, Linux, Android, and iOS. There is also a Chrome extension.
As far as usability goes, PIA allows you to connect up to 5 simultaneous devices from a single account at any given time. There are no bandwidth restrictions or throttling to worry about.
PIA’s few extra features include IPv6 leak protection, DNS leak protection, and an encrypted WiFi network.
Private Internet Access VPN: 2-Yr Subscription (Get 63% Discount)