Category Archives: Hacking

Here we deal with all current topics related to piracy. You will be informed of the latest news on COMPUTER security and we will give each time a solution or advice to protect yourself.

Ransomwares: are French companies the smell hens of cybercriminals

According to figures provided by the French authorities, the National Agency for Security of Information Systems, during the year 2020, cyber attacks have clearly exploded.

At the same time, the ransom requirements of cyber criminals have also increased significantly. And on this side, the authorities have always accused companies of being intimidated too quickly and paying the ransom too quickly.

This article will also interest you: Should we be wary of Cyber insurance

According to figures provided by Acyma, the organization that manages the platform responsible for assisting victims of computer attacks, between 20 and 30 per cent of French companies, victims of ransomware, pay the ransoms demanded.

Yet the trend has always been clear never to negotiate with cyber criminals. You must never pay the ransoms demanded.On 15 April, during the senate hearing, Johanna Brousse, a magistrate specializing in cybercrime, declared: "Today France is one of the countries most attacked by ransomware because we pay ransoms too easily, some insurers even guarantee the payment of ransoms. We have to make everyone understand that if they pay the ransom, they penalize everyone. ».

So it's time to break this ransom demand profitability. Marc Bothorel, IT Security Referee of the Confederation of Small and Medium-sized Enterprises (CPME), explains: "The hackers understood that it was a good business and that they were not likely to be prosecuted." In such a situation, paying the ransom seems to be the best deal possible to avoid the disclosure of secret information.

According to the president of the National Agency for Security of Information Systems, Guillaume Poupard, to solve this problem there is no quick fix. "There will be no cyber shield that will protect France or Europe: it is an elegant concept but in practice it does not exist. It is essential that everyone is involved in their protection," he said at the same session in the Senate.

On the other hand, the problem is elsewhere. "There is a myth among entrepreneurs that small and medium-sized enterprises are not a target for hackers. However, they know that they have less means for their security and that they can serve as vectors of attacks to enter the homes of larger ones. Marc Bothorel explains.

If we take into account the lack of culture in computer security, another point is added to the growing problem: "the murky game of insurers". Indeed, it has been formally observed that insurance companies clearly prefer to pay the ransom demanded by cyber criminals than to find another way to compensate their client. "With the exception of a few specialty insurers, many companies now sell e-insurance for profit," says Bothorel. Risk assessment questionnaires are too declarative. ».

Yet it is possible to protect yourself without spending too much: "Today you can protect yourself at low cost: with an antivirus and an anti-spam, you are already blocking 95% of malicious emails", stresses Marc Bothorel.

Now access an unlimited number of passwords:

Check out our hacking software

Microsoft Exchange: Hacked email boxes

Even today, we continue to talk about server security vulnerabilities that affect Microsoft Exchange.

A significant vulnerability that in some ways shakes the professional world as well as the IT world in general. These 4 vulnerabilities, known as Proxylogon, have facilitated the execution of several targeted computer attacks. In this case, Spear phishing or the deployment of ransomware. The deployment of security patches by Redmond's firm was not enough to slow down the cybercrime wave, which is making the most of the discovery of this security breach. Today, thousands of organizations are vulnerable, whether businesses or local authorities.

This article will also interest you: Computer hacking: about 400 computer systems in Belgium affected by the Microsoft Exchange security flaw

Recently, for example, another security flaw has been uncovered that offers the ability to remotely take control of Microsoft Exchange's email servers. Apparently hackers have already taken advantage of the latter to hack into mailboxes.

"Few targets with vulnerable servers have been able to avoid the first automated cyberattacks that have plagued the first for weeks. If that's the case, they have to play Lotto," notes WatchGuard's France director, Pascal Le Digol. The French company mentions that one of the companies with which it collaborates had been hit hard with 50 jobs. His computer system was paralyzed in just six minutes.

The hacking of e-mail boxes was uncovered after the one that affected the European Banking Authority. A hack that was facilitated by the "Proxylogon" security vulnerabilities on Exchange.

In early March 2021, Microsoft issued a warning about the actions of a group of hackers called "Hafnium".This group took advantage of several Type 0 Day security vulnerabilities to infiltrate email boxes to companies and strategic U.S. government organizations.

"Two of them are critical and allow you to launch remote server commands without authentication, take full control of them and access all emails," explains Grégory Cardiet, technical director at Vectra Networks (a company specializing in real-time computer attack detection).

In this way, hackers find themselves in a position to collect enough content from servers that companies have installed

"The problem is systemic because almost everyone uses Microsoft Exchange and the flaws have affected all software versions since 2010," says Vincent Hinderer, a cyber threat expert at Orange Cyberdefense.

According to the American company, the Chinese government is behind all these cybercrime actions. So taking advantage of the security flaw to rush in and implement for when this wave of cyber malice. In March, there was a 10-fold increase in attempts, according to specialists at US cybersecurity firm Checkpoint. This situation has been confirmed by Microsoft.

One of the problems with this situation is that the vulnerabilities in question can be exploited by small hackers

"The most interesting flaw and its code, like the method to exploit it, were shared on Reddit and then copied and shared everywhere, and the list of vulnerable servers is easily accessible in internet databases," says Cardiet. "All hackers, from the most lame, know how to create an automatic script that will probe the presence of vulnerabilities in servers, it's a flaw that hurts very much," adds Pascal Le Digol of WatchGuard Technologies.

When we discovered the security breach, we were talking about 400,000 servers written around the world. Today, with the security patch deployed by Microsoft, it is estimated to be "15,000 servers were vulnerable," says Guillaume Poupard, head of the national information systems security agency.

"There has been an unprecedented general mobilization to deal with the issue and a large part of the park has fortunately been protected, it was not the dreaded "Pearl Harbor"," tries to reassure Vincent Hinderer of Orange Cyberdefense.

Now access an unlimited number of passwords:

Check out our hacking software

Computer hacking: about 400 computer systems in Belgium affected by Microsoft Exchange security flaw

The case concerning the security breach of the Exchange services of the American giant Microsoft continues.

Recently, it was discovered in Belgium that nearly 400 computer systems were able to be infiltrated thanks to the exploitation of the vulnerability of Exchange's servers. The information was brought to the attention of the general public during a statement from the Centre for Cybersecurity Belgium. The institution warns of a possible "tsunami of cyberattacks" that could occur in the coming weeks.

This article will also interest you: Exchange piracy: security experts worried about the presence of a ransomware

"From vulnerable server lists, we were able to detect more than 400 systems where some form of intrusion occurred. This means that malicious parties have entered these systems and are now waiting to take action," stresses the Centre for Cybersecurity Belgium. The institution's fear over a proliferation of ransomware-based attacks. He warns that the coming week is likely to be quite hectic in this regard.

The Centre for Cybersecurity Belgium explains that a large part of the servers that were Vulnerable have been updated. However, there are still a thousand computer systems still vulnerable to computer attacks. This makes an impressive figure while showing the impending danger.

Hackers would install web shells to make it easier to operate web shells, in order to gain access to the computer systems they target. This helps them to operate without attracting too much attention without raising suspicions.

"This allows them to keep a line of communication open, so to speak, in order to launch an attack later. In the lists we reviewed, we found at least 400 servers with a Shell web installed. In other cases, hackers may have installed other malware, in addition to the web shells in question, in order to mount an attack at a later date, such as a ransomware," the CyberSecurity Center noted in its statement.

For companies that have already carried out the security updates, the instruction is to remain vigilant. They are expected to continue to monitor their computer systems in order to look for potential traces that cyber criminals could have left behind during intrusions or updates. Just to be able to avoid a recurrence. In addition, "Companies and organizations that use Exchange Online with a hybrid configuration or an exchange server on site for administrative applications must immediately update systems, remove web shells, verify what happened and detect any suspicious activity," the Belgium CyberSecurity Center recommended in its statement.

In addition, it should be noted that the computer attack that took advantage of Microsoft Exchange's security vulnerabilities would have affected nearly 1,000 computer systems worldwide. For now, China has been singled out by U.S. authorities for sponsoring this wave of cyberattacks. They promised a response.

Now access an unlimited number of passwords:

Check out our hacking software

Medical data leaks: check to see if you are affected by the massive leakage of health data

Last week, the news was about the leak of sensitive medical data of nearly 500,000 people in France.

This data was on the Dark Web. At first they support marketed and for whatever reason, they are now free. Faced with such a situation, a specialized company has decided to put online a way to check if the data in circulation contains some that concern us.

This article will also interest you: Medical data: Several hundred French patients see them given data on the Dark Web

The company that offers this tool is based in the French city of Rennes. She calls herself Accéis.

So if you're unseeding to get people whose data is in circulation, then you can check. Simply go to the site fuitededonneesdesante.acceis.fr, dial your Social Security number in the single search field that will be presented to you. You will then be able to check if you are beautiful and well among those whose data is in free flow.

For more details, the security company that set up the system states that the server "does not contain personal information or health data related to the data leak. Only cryptographic condensates (SHA-256) are used to confirm/disprove the presence of an identity in the data leak. ».

Those who may be affected by the leak should know that an investigation is well under way to determine not only the extent of the leak but also those responsible.

On the one hand, vigilance is required. Because this information can be used to initiate identity theft campaigns, or even attempts at extortion or blackmail. That's how hackers work.

"We have had the case in the past for a medical-psychological clinic whose recordings of the session had been recovered by a hacker, who had pressured the patients by threatening to disclose the contents of the exchanges, and to demand a ransom for not doing so," says Yves Duchesne, a computer security specialist.

In this context, such a scenario is highly likely. It is for this reason that the specialist strongly advises, to people who might be in such conditions, to train the authorities as soon as possible in either the gendarmerie or the platform for cyber-malice: https://www.cybermalveillance.gouv.fr/. According to Yves Duchesne, whatever the cause of a computer incident, it is certain that everything comes from the same strain: "Hospitals, like laboratories, do not necessarily have a cybersecurity expert in their ranks. A lab does not have the ability to tell whether the software that allows it to manage medical data is secure or not. He also relies on being sold to him. ». He concludes by noting a very alarming reality: "Computer security in the health sector, the target of multiple attacks in recent times, "because medical data is selling well", has been under construction for several years, with consideration of the importance of protecting itself. »

Now access an unlimited number of passwords:

Check out our hacking software

Ransomware: Kia company targeted by attack

Hackers managed to reach the car company KIA.

As a result of this hack, the cybercriminals behind the plan are demanding payment of a US$20 million ransom.

The services of the French automotive giant that have been affected is the network service used by dealers and customers who have subscribed to UVO services. As a result several customers even more able to activate some basic features starting their vehicle remotely or to pay their bills.

This article will also interest you: Tesla: it is possible to steal the electric car by a simple hacking

At first, it should be mentioned the manufacturer would have rejected any hypothesis of ransomware attack.

In a certain sense, the computer attack suffered by the French manufacturer is part of the generalization and popularization of connected cars that continue to take an important place in consumer habits. And hackers know that. Regular consumers are beginning to like the habit of being able to interact with the vehicle remotely. A simple computer attack can undermine this interaction and the pleasure that can be derived from it

"Many Kia customers suffered from such a problem last week. Since February 13, Kia's online and connected services have broken down, leaving homeowners unable to pay their bills, remotely unlock their vehicles, or even warm them up in the midst of one of the toughest winter periods that parts of the United States have known in a long time," said The Drive.

To be heard, customers had to go through social networks such as Twitter to express their anger and their face of the outage.

But the outage didn't just affect customers. It also reached out to first-time buyers who would have liked to open an account on Kia's platform.

However, the problem only began to grow much more when a user on the social network Twitter claimed that his Arizona-based dealer had told him about a breakdown caused by a ransom program.

If this were a ransomware attack, there will be nothing surprising. Especially since for a while, it has become clearly a trend. As part of the French manufacturer Kia, the company has not officially confirmed the attack on the ransom software. But a screenshot, about it circulates or hackers reportedly demanded from Kia a sum of nearly 20 million dollars. They would have had access to several sensitive files. Also in the assumptions, the attack is believed to have been the work of a group of cybercriminals known as DoppelPaymer, a name they were blamed by Crowdstrike researchers in 2019. In short, they are hackers well-known enough in the industry to attack large groups in order to obtain huge sums of money as ransom.

"Since late August 2019, unidentified actors have been using the DoppelPaymer ransom software to encrypt victim data in critical sectors around the world such as health, emergency services and education, interrupting citizens' access to services," the FBI said in a dossier on the DoppelPaymer group.

"Since its emergence in June 2019, the DoppelPaymer ransomware has infected various industries and targets, with players regularly demanding six- and seven-figure ransoms for bitcoins (BTC). Before infecting systems with ransomware, actors exfiltrate data for use in extortion plans and made follow-up phone calls to victims to encourage them to pay more ransoms." Add the U.S. Federal Police.

Yet for its part, the automaker continues to say it is not aware of any ransomware attack. The company said it had observed a "prolonged system failure," without giving further details.

"Kia Motors America, Inc. is currently experiencing a prolonged system failure," a spokesman for the manufacturer noted. "Affected systems include the KiaOwners portal, UVO mobile applications and the consumer web portal. We apologise for the inconvenience to affected customers and strive to resolve the issue as quickly as possible by minimizing the disruption of our activities." The latter seems to be downplaying the claims of a potential ransomware attack. "We are also aware of online speculation that Kia is the subject of a ransomware attack. At this time, we can confirm that we have no evidence that Kia or any Kia data is the subject of a "ransomware" attack."

Now access an unlimited number of passwords:

Check out our hacking software