Connect with us

ZDNET

This is how fast a password leaked on the web will be tested out by hackers

Published

on

Half of accounts compromised in phishing attacks are manually accessed within 12 hours of the username and password being leaked, as cyber criminals look to exploit stolen credentials as quickly as possible.

ZDNet Recommends

Cybersecurity researchers at Agari planted thousands of credentials which were made to look like they belonged to real users, but were in fact of under the control of the researchers, onto websites and forums popular for dumping stolen usernames and passwords.

The false credentials – seeded over the course of six months – were designed to look like compromised logins for well-known cloud software applications.

Researchers found that the accounts are actively accessed within hours of the login credentials being posted online on phishing websites and forums.

“About half of of the accounts were accessed within 12 hours of us actually seeding the sites. 20% are accessed within an hour and 40% are accessed within six hours. That really shows you how quickly a compromised account is exploited,” Crane Hassold, senior director of threat research at Agari told ZDNet.

Almost all of the accounts were accessed manually. It might be a mundane task, but ultimately, it proves useful for cyber criminals, as they can accurately test if the credentials do really work.

“It’s a pretty tedious process I’m sure on their end, but they’re getting a lot of good information from it and they’re using the accounts in a variety of different ways for different types of malicious activity,” said Hassold.

For example, by accessing an account, an attacker can attempt to find sensitive information in people’s email inboxes, or even their cloud storage software, which could be stolen and either used to help further attacks or sold on.

There’s also the possibility that the attackers could use the compromised accounts to conduct other attacks, such as phishing or Business Email Compromise (BEC) attacks, using the compromised account in order to launch further campaigns.

One attacker attempted to use a compromised account to conduct BEC attacks against the real estate sector, launching emails that would have attempted to redirect victims to a website to steal login details of real estate companies. However, in this case, because the fake credentials were controlled by researchers, none of the attempted emails actually arrived at their intended destinations.

ZDNet Recommends

The best password manager

Everyone needs a password manager. It’s the only way to maintain unique, hard-to-guess credentials for every secure site you and your team access daily.

Read More

However, it demonstrates how cyber criminals take compromised credentials and attempt to exploit them in order to gain access to additional accounts.

“Where you have credential phishing, it leads to a compromised account, which leads to more credential phishing campaigns which leads to more compromised accounts and so on,” said Hassold.

While compromised accounts are accessed quickly, the research found that they’re often abandoned after about a week – although by this time it’s likely that’s because the attackers have moved onto other accounts, perhaps after using the initial account as a stepping stone to get there.

Organisations can take precautions to defend their users, cloud applications and the wider network from phishing and other attacks. One of these is having appropriate defences in place, like anti-virus software or spam filter.

Meanwhile, using multi-factor authentication can help prevent compromised accounts from being exploited, as it makes it much harder for an attacker to use – while also alerting the victim that something is wrong.

MORE ON CYBERSECURITY

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://www.zdnet.com/article/this-is-how-fast-a-password-leaked-on-the-web-will-be-tested-out-by-hackers/#ftag=RSSbaffb68

ZDNET

Customer experience now the top technology priority, but organizations aren’t quite ready

Published

on

These days, everyone dreams of superior customer experience (CX), especially customers. Next in line are business leaders, who have finally started to see the light. Of course, that means the renewed pressure to pump up CX to, yeah, you guessed it — IT managers and professionals. However, getting everyone on the same page to deliver the goods is the hardest part of all.

The challenge was surfaced in a survey of 1,420 IT decision-makers released by RackSpace Technology, which found that focusing on CX implementations helps companies see greater rewards. Organizations that adopt a CX-led focus enjoy 1.6x higher brand awareness, 1.5x more employee satisfaction and nearly double their rates of customer retention, repeat purchases, average order values and customer lifetime value. “The research underscores the impact that modernizing applications to provide better customer experience can have on competitiveness and growth,” the survey’s authors add.

conference-crowd-gaylord-national-convention-center-september-2013-photo-by-joe-mckendrick.jpg
Photo: Joe McKendrick

The rub, of course, is that building better CX systems is the easy part. Half of the IT executives in the survey, 50%, report that it can take weeks to gain consensus before implementing technology changes, such as deploying new applications or launching a transformation project. Another 42% say it takes months. “This lag in consensus building negatively impacts time to market. If teams can’t move agile and fail fast, they’ll be beaten to the punch by competitors who can move through concept, development and release faster,” the researchers report.

Even when people and strategy are aligned, CX technology teams still face technology-related barriers, the survey shows. As is common with adopting new technology, legacy IT (26%), budget (24%), skills gaps (22%) and expertise (18%) rank as top barriers. Cultural issues also weigh heavily in the list as represented by resistance to change (16%), lack of buy-in (16%) and lack of leadership support (13%). 

Emotions dictate technology initiatives, and this survey confirms it. The top barrier reported was the fear of negatively impacting existing customer experience (28%), the survey also finds. “Organizations recognize that technology is needed to improve the customer experience but are still nervous about changing the existing customer experience by implementing new technology,” the survey’s authors state. “Despite the push to innovate and transform, respondents are aware that the learning curves of customer experience improvements can cause friction.”

The good news is that no one is objecting to the employment of tech to improve CX — 52% report little to no resistance to technology changes. Only 23% report resistance. “IT leaders can gather from this that stakeholders are interested in change where there’s a specific business case, such as customer experience, and that interest could translate into less resistance when it’s time to implement programs.”

For IT leaders, the results also confirm that CX is a main strategic priority (48%), ahead of IT security, compliance (45%) and IT strategy (41%), and that technology is the key to driving customer experience. Over half (55%) of survey respondents credit applications with enhancing customer experience. Moreover, almost all organizations surveyed understand the importance of CX, with 94% reporting that some form of user experience initiative is underway within their organization. Only a small percentage (6%) report having no CX strategies or initiatives in place.   

Technology-Related Barriers to CX Development

  • Fear of negatively impacting existing CX     28%
  • Legacy IT systems     26%
  • Limited budget     24%
  • Complexity     23%
  • Lack of staff with the appropriate skill sets     22%
  • Lack of expertise to lead transformation activities     18%
  • Unclear digital transformation strategy     18%
  • Lack of a trusted partner/advisor to work on digital transformation activities     18%

Modern technology initiatives are prevalent, which ultimately is seen in smoother CX delivery. Six out of ten (63%) respondents are using technology to drive automation efficiencies and over half (51%) are using it to drive IoT and cloud native initiatives. Even more directly, technology initiatives focused on real-time data analysis (44%) and customer engagement (30%) are prevalent.  

How Does Technology Drive your Corporate Strategy?

  • Driving corporate strategy     63%
  • Use intelligent automation to drive efficiencies     51%
  • Leverage innovative technologies such as IoT and cloud native applications     46%
  • Greater employee collaboration     44%
  • Real-time data analysis/customer ‘pulse’     40%
  • Simplify decision making     30%

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://www.zdnet.com/article/business-benefits-of-modernizing-applications-to-improve-customer-experience/#ftag=RSSbaffb68

Continue Reading

ZDNET

This app teaches you how to make your iPhone secure

Published

on

A big part of making security work is educating users about the importance of it, and how quickly (and usually effortlessly) the bad guys can take advantage of our mistakes.

This is exactly what iVerify does.

Must read: I just found my lost AirTag… you’ll never guess where it went

2021-06-11-16-31-44.jpg

First and foremost, iVerify is a security scanner that makes sure you are making use of the basic security features such as Face/Touch ID, Screen Lock, and are running the latest iOS version. It also runs a device scan that looks for security anomalies and gives you a heads up if something seems out of place.

It can be very hard to spot if an iPhone has been hacked, so having a tool installed that keeps an eye out for the telltale signs of intrusion offers piece of mind.

iVerify is also packed with guides that looks at the many different security features built into iOS, and how you can take advantage of them to secure your iPhone (or iPad).

There’s also a whole raft of other cool stuff, from information on securing your Apple, Facebook, Google, Instagram, Linkedin, and Twitter accounts, information on activating DNS over HTTPS, a periodic reboot reminder (a simple way to protect yourself from remote exploits), and even a page that offers the latest security news.

$3 at Apple Store

iVerify is a brilliant app that gets regular updates to keep the information fresh and up-to-date.

iVerify is not free — it costs $2.99 — but it’s truly worth the money if you take security seriously. Even if you know your around iOS well, you’re likely to learn a few new things from going through all the guides contained in this app.

iVerify requires iOS 13.0 or later or iPadOS 13 or later, and is compatible with iPhone, iPad, and iPod touch.

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://www.zdnet.com/article/this-app-teaches-you-how-to-make-your-iphone-secure/#ftag=RSSbaffb68

Continue Reading

ZDNET

iVerify (version 17)

Published

on

iOS Haptic Touch

Just long-press on an app and see what pops up. It might be useful, it might not be. It depends on the app!
You can even do the same with built-in iOS features, such as Control Center. …

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://www.zdnet.com/pictures/iverify-version-17/#ftag=RSSbaffb68

Continue Reading

ZDNET

Avaddon ransomware group closes shop, sends all 2,934 decryption keys to BleepingComputer

Published

on

Avaddon ransomware group, one of the most prolific ransomware groups in 2021, has announced that they are shutting the operation down and giving thousands of victims a decryption tool for free. 

BleepingComputer’s Lawrence Abrams said he was sent an anonymous email with a password and link to a ZIP file named, “Decryption Keys Ransomware Avaddon.” 

The file had decryption keys for 2,934 victims of the Avaddon ransomware. The startling figure is another example of how many organizations never disclose attacks, as some reports have previously attributed just 88 attacks to Avaddon. 

Abrams worked with Emsisoft chief technology officer Fabian Wosar and Coveware’s Michael Gillespie to check the files and verify the decryption keys. Emsisoft created a free tool that Avaddon victims can use to decrypt files. 

Ransomware gangs — like those behind Crysis, AES-NI, Shade, FilesLocker, Ziggy — have at times released decryption keys and shut down for a variety of reasons. A free Avaddon decryption tool was released by a student in Spain in February but the gang quickly updated their code to make it foolproof again.  

“This isn’t new and isn’t without precedence. Several ransomware threat actors have released the key database or master keys when they decide to shut down their operations,” Wosar told ZDNet. 

“Ultimately, the key database we obtained suggests that they had at least 2,934 victims. Given the average Avaddon ransom at about $600,000 and average payment rates for ransomware, you can probably come up with a decent estimate of how much Avaddon generated.”

Wosar added that the people behind Avaddon had probably made enough money doing ransomware that they had no reason to continue. 

According to Wosar, ransom negotiators have been noticing an urgency when dealing with Avaddon operators in recent weeks. Negotiators with the gang are caving “instantly to even the most meager counter offers during the past couple of days.”

“So this would suggest that this has been a planned shutdown and winding down of operations and didn’t surprise the people involved,” Wosar explained. 

Data from RecordedFuture has shown that Avaddon accounted for nearly 24% of all ransomware incidents since the attack on Colonial Pipeline in May. An eSentire report on ransomware said Avaddon was first seen in February 2019 and operated as a ransomware-as-a-service model, with the developers giving affiliates a negotiable 65% of all ransoms. 

“The Avaddon threat actors are also said to offer their victims 24/7 support and resources on purchasing Bitcoin, testing files for decryption, and other challenges that may hinder victims from paying the ransom,” the report said. 

“What’s interesting about this ransomware group is the design of its Dark Web blog site. They not only claim to provide full dumps of their victims’ documents, but they also feature a Countdown Clock, showing how much time each victim has left to pay. And to further twist their victims’ arms, they threaten to DDoS their website if they don’t agree to pay immediately.” 

img-8885-1.jpg
DomainTools

The group has a lengthy list of prominent victims that include Henry Oil & Gas, European insurance giant AXA, computer hardware company EVGA, software company Vistex, insurance broker Letton Percival, the Indonesian government’s airport company PT Angkasa Pura I, Acer Finance and dozens of healthcare organizations like Bridgeway Senior Healthcare in New Jersey, Capital Medical Center in Olympia, Washington and others. 

The gang made a note of publishing the data stolen during ransomware attacks on its dark web site, DomainTools researcher Chad Anderson told ZDNet last month

Both the FBI and the Australian Cyber Security Centre released notices last month warning healthcare institutions about the threat of Avaddon ransomware. 

screen-shot-2021-06-11-at-10-11-24-pm.png
Australian Cyber Security Centre

The notice said “Avaddon threat actors demand ransom payment via Bitcoin (BTC), with an average demand of BTC 0.73 (approximately USD $40,000) with the lure of a decryption tool offered (‘Avaddon General Decryptor’) if payment is made.”

The group was also implicated in multiple attacks on manufacturing companies across South America and Europe, according to the Australian Cyber Security Centre. 

Cybersecurity firm Flashpoint said that alongside REvil, LockBit, and Conti, Avaddon was one of the most prolific ransomware groups currently active.  

Digital Shadows’ Photon Research Team told ZDNet in May that a forum representative for the Avaddon ransomware took to the Exploit forum to announce new rules for affiliates that included bans on targeting “the public, education, healthcare, and charity sectors.” 

The group also banned affiliates from attacking Russia or any other CIS countries. US President Joe Biden is expected to press Russian President Vladimir Putin on ransomware attacks at a summit in Geneva on June 16.  

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://www.zdnet.com/article/avaddon-ransomware-group-closes-shop-sends-all-2934-decryption-keys-to-bleepingcomputer/#ftag=RSSbaffb68

Continue Reading
Esports3 days ago

Genshin Impact Echoing Conch Locations Guide

Esports5 days ago

All 17 character locations in Collections in Fortnite Chapter 2, season 7

Esports4 days ago

Here are all the milestones in Fortnite Chapter 2, season 7

AI5 days ago

How to Become a 21st Century Engineer?

Blockchain5 days ago

BPI No Longer Allows Crypto Transactions

AR/VR5 days ago

‘Warhammer Age of Sigmar: Tempestfall’ Gets First Look at Gameplay, Invite-only Beta

Blockchain4 days ago

Doge meme Shiba Inu dog to be auctioned off as NFT

Esports4 days ago

What Time Does Minecraft 1.17 Release?

Esports4 days ago

How to Fly UFOs in Fortnite

Esports3 days ago

MLB The Show 21 Kitchen Sink 2 Pack: Base Round Revealed

Blockchain4 days ago

World Economic Forum Releases a DeFi Policy Toolkit for Fair and Executable Regulations

Esports5 days ago

How to unlock the Superman Skin in Fortnite Chapter 2, season 7

Blockchain5 days ago

Donald Trump on Bitcoin: “Essentially It’s a Currency Competing Against the Dollar”

zephyrnet3 days ago

7th Global Blockchain Congress by Agora Group & TDeFi on June 21st and 22nd, 2021, Dubai.

Esports5 days ago

How to get Rick from Rick and Morty in Fortnite Chapter 2, season 7

Aviation3 days ago

The Story Of The Boeing 777 Family

Gaming4 days ago

MUCK: How To Get The Best Weapon | Wyvern Dagger Guide

Blockchain3 days ago

Woonkly will be the official Title Sponsor of the 7th edition Global Blockchain Congress organized by Agora Group in Dubai

Crowdfunding5 days ago

US Government Claws Back Crypto from Ransomware Scam as Feds Flex Growing Tech Muscle

Blockchain3 days ago

Death Cross is Appearing Over Bitcoin Price Chart

Trending