Your Tech Story

cyberattack

Ukraine’s Mobile Operator Kyivstar Facing ‘Powerful’ Cyberattack

Ukraine’s Mobile Operator Kyivstar Facing ‘Powerful’ Cyberattack

Leave a Comment / News, Tech News / By

Ukraine’s telecommunications infrastructure was rattled today as Kyivstar, the country’s largest mobile operator, fell victim to a significant cyberattack, disrupting cellular and Internet services across the region. The company reported a technical failure resulting from the attack, leading to a temporary blackout of mobile communication and Internet access for its subscribers.

Ukraine’s Mobile Operator Kyivstar Facing ‘Powerful’ Cyberattack

Image Source: sg.news.yahoo.com

In an official statement released today, Kyivstar acknowledged the targeted assault, describing it as a “powerful hacker attack” that impacted their network systems. The outage disrupted services, leaving many customers unable to use their mobile phones or access the internet.

Despite the severity of the breach, Kyivstar moved swiftly to reassure its subscribers that their personal data remained secure. The company affirmed that despite the disruption, there had been no compromise of sensitive user information. This announcement aimed to allay concerns regarding potential data breaches or leaks arising from the cyberattack.

Kyivstar Assures Subscribers’ Personal Data Uncompromised

Deputy Prime Minister Oleksandr Kubrakov addressed the situation, providing assurance that Kyivstar was diligently working to restore its services. He estimated that normal operations would resume within four to five hours, offering a glimmer of hope to the affected users and businesses reliant on uninterrupted communication.

Amidst the turmoil, Interior Minister Ihor Klymenko emphasized that despite the service disruption, emergency services’ mobile numbers continued to function without any impediments. This assurance aimed to maintain public confidence in essential services, assuring citizens that critical emergency communication channels remained operational.

Also Read: How to Clean Your AirPods the Right Way?

The cyberattack on Kyivstar underscores the persistent threat posed by hackers to critical infrastructure and essential services, highlighting vulnerabilities within telecommunication networks. Such incidents raise concerns not only about service disruptions but also about the potential exposure of sensitive user data, prompting calls for enhanced cybersecurity measures and vigilance within the telecommunications sector.

As Ukraine grapples with the aftermath of this cyber assault, attention is drawn to the pressing need for robust cybersecurity protocols to safeguard against future threats. The incident serves as a stark reminder of the ever-evolving landscape of cyber threats and the necessity for proactive measures to protect vital communication infrastructure.

Kyivstar’s resilience in swiftly addressing the attack and safeguarding user data stands as a testament to the significance of proactive cybersecurity measures in defending against sophisticated cyber threats targeting telecommunications networks.

WormGPT

What is WormGPT? The new AI behind the cyberattacks

Leave a Comment / Story, Tech Story / By

In recent news, a dangerous AI tool named WormGPT has been gaining popularity on cybercrime forums within the dark web. Marketed as a “sophisticated AI model,” WormGPT is specifically designed to generate human-like text for hacking campaigns, enabling cybercriminals to execute attacks on an unprecedented scale.

According to cybersecurity expert Daniel Kelley, who shared his findings on the platform Slashnext, WormGPT was trained on a diverse range of data sources, with a particular emphasis on malware-related data. This training allows the AI tool to create text that can be utilized for various malicious activities.

WormGPT
Image Source: dataconomy.com

The implications of WormGPT’s emergence are concerning for everyday internet users and businesses alike. One of the key issues lies in the speed and volume of scams that a language model like this can generate simultaneously.

The rapid text generation capability of AI models, combined with WormGPT’s malicious intent, poses a significant threat. Cyberattacks such as phishing emails can now be replicated easily, even by those with minimal cybercriminal skills.

Adding to the danger is the promotion of “jailbreaks” on ChatGPT, a similar AI language model by OpenAI, which essentially allows for the manipulation of prompts and inputs to create harmful content or reveal sensitive information. The consequences of such manipulation can be severe, leading to potential data breaches, inappropriate content dissemination, and the development of harmful code.

Also Read: The Future of AI: How Artificial Intelligence Will Change Future

Kelley pointed out that generative AI, like WormGPT, can produce emails with impeccable grammar, making them appear legitimate and decreasing the chances of being flagged as suspicious. This democratizes the execution of sophisticated Business Email Compromise (BEC) attacks, providing access to powerful hacking tools for a broader spectrum of cybercriminals, including those with limited technical expertise.

While companies such as OpenAI ChatGPT and Google Bard are actively working to combat the misuse of large language models (LLMs), there are concerns about the capabilities of these countermeasures.

A recent report by Check Point highlighted that Bard’s anti-abuse restrictors in the realm of cybersecurity are significantly lower compared to ChatGPT, making it easier to generate malicious content using Bard’s capabilities.

The introduction of WormGPT to the dark web follows a disconcerting trend. Researchers from Mithril Security recently revealed their successful modification of an existing open-source AI model named PoisonGPT, aimed at spreading disinformation. The potential consequences of such AI technology are still largely unknown.

As AI has already demonstrated the ability to generate and spread disinformation, manipulate public opinion, and even influence political campaigns, the emergence of bootleg AI models like WormGPT only exacerbates the risks faced by unsuspecting users.

In conclusion, the rise of WormGPT on the dark web signifies a troubling development in the world of cybercrime. The ease with which this AI tool can generate realistic and malicious content poses a significant threat to cybersecurity.

As cyber threat actors find new ways to exploit AI technology, it becomes crucial for AI developers and cybersecurity experts to remain vigilant and take proactive measures to safeguard against potential abuses of AI language models.

Additionally, internet users and organizations must stay informed about these developments and implement robust security measures to protect themselves from the ever-evolving landscape of cyber threats.

trellix

Trellix – A Cybersecurity Company That Was Founded By A Former Engineer Of Sun Microsystems.

Leave a Comment / Story, Tech Story / By

Trellix is a cybersecurity company based in California, United States. Recently, FireEye and McAfee enterprise businesses combined together to launch this extended detection and response company in January 2022. So, the roots of Trellix originally date back to the foundation of FireEye by Ashar Aziz, a former engineer at Sun Microsystems.

FireEye was founded in 2004 and after a gap of a few years, the company started commercializing its products. Today, Trellix represents the products of FireEye and some of its main products are email security, endpoint security, file security, cross-vendor, etc. Trellix has approximately 3,400 employees and the company’s recent research claims that most of the hacking groups are either linked to China or Russia.

About Trellix

Trellix is a privately-held cybersecurity company that has evolved in the past 18 years and expanded the ways and techniques in threat detection. The company has been responsible for the detection and prevention of some of the major cyber-attacks across the world. Currently, the Trellix Advanced Threat Research (ATR) team has anticipated cyber attacks targeting Ukraine, and hence team of wipers has been deployed.

Trellix offers both hardware and software products for investigating cyberattacks, preventing malicious activities, and analyzing IT risks. The initial focus of the company was on developing virtual machines to test internet traffic. But after the company started acquisitions it diversified. In 2013, the company went public but then it was privatized once again in 2021. In 2021, FireEye sold both its brand name and products to Symphony Technology Group which then launched Trellix after a year.

Trellix
Image source: indianexpress.com

History

The history of Trellix began in 2004 with the foundation of FireEye. Though the company was established in 2004, its first product was publicly released in 2010, after a gap of six years. After it released its first product, the company decided to expand in the Middle Eastern market in the same year. By the end of 2010, FireEye opened new offices in the Asia Pacific region, and in 2011 opened new offices in Europe. In 2013, the company expanded into the African market as well. Till 2012, the founder of FireEye, Ashar Aziz played the role of CEO in the company but stepped down in December and he was replaced by David DeWalt, former CEO of McAfee. The main reason why DeWalt was recruited was to prepare the company for an IPO. In 2013, the company raised $50 million in funding and went public after which it raised another $300 million.

Recent Operations

FireEye was growing rapidly especially after it became a public company. The annual revenue of the company increased by eight folds within a couple of years between 2010 and 2012. As the company grew and expanded to various other international markets, the employees also increased from 175 in 2011 to 900 in 2013. Though FireEye was growing rapidly the net profit was not increasing sharply because of the high operating cost, especially in the research division. FireEye also started making acquisitions during this time and started with Mandiant, an information security company in 2013. The deal was closed for $1 billion. Mandiant was a famous cybersecurity company that was known for investigating high-profile hacking groups. In 2014, it acquired another information security company called nPulse Technologies for $60 million.

After making a few acquisitions and launching new products, the annual revenue of the company was $100 million in 2015. But even at this point, the company wasn’t profitable yet due to large research expenditure. In 2016, FireEye acquired two new companies called iSight Partners and Invotas. In the same year, DeWalt stepped down from the CEO of the company and he was replaced by Mandiant CEO Kevin Mandia. In 2021, after STG acquired both FireEye and McAfee Enterprise, the company decided to roll out Trellix.

Bryan Palma – CEO of Trellix

Bryan Palma has become the CEO of Trellix in 2022. He is new to the company as he joined FireEye only a year ago as the Executive Vice President of FireEye Products. He went to the University of Richmond for his bachelor’s and later acquired an MBA degree from Duke University.

SolarWinds Inc

SolarWinds Inc – A Software Development Company that has Recently Fallen Victim to the World’s Largest Cyberattack.

Leave a Comment / Story, Tech Story / By

In the past year, the name of SolarWinds Inc has been crawling in every news website speaking of cyberattacks. SolarWinds is a major software developing company based in America which has many reputed multinational companies as its clients. Last year, the company was the victim of the most sophisticated and the largest cyberattack the world has ever witnessed. After this attack, a security firm called Trustwave raised some concerns regarding the security flaws in the products of SolarWinds which questioned if the company can protect its client’s privacy at all. The cyberattack followed by these allegations had a negative impact on the company’s reputation and the share price fell.

About SolarWinds Inc

SolarWinds Inc is an American software company with headquarters based in Austin, Texas. The company develops software for enterprises that helps in managing networks, IT infrastructure, and systems. SolarWinds has several offices in the US and overseas with more than 3,200 employees working for the company. Donald Yonce and David Yonce founded the company in 1999 and it became a publicly-traded company in 2009. The company has approximately 300,000 customers which include most of the Fortune 500 companies. There was a huge investigation last year when Orion, one of the SolarWinds products was compromised by a cyberattack.

SolarWinds Inc
Image source: owler.com

Early days

Donald Yonce, who was a former executive at Walmart along with his brother, David Yonce started SolarWinds in Tulsa, Oklahoma. Though the company was established in 1999, the two brothers started working on their products ahead of time. Trace Route and Ping Sweep were the first two products rolled out by the company. In November 2001, SolarWinds released its first web-based network performance monitoring application. In 2006, Michael Bennett became the CEO of the company and the headquarters were shifted from Tulsa to Austin. During 2007, the company raised funds from Bain Capital, Insight Venture Partners, and Austin Ventures. After the fundings, the company decided to file its first IPO of $112.5 million and became public in 2009.

After the first IPO, the company made several acquisitions and expanded rapidly. In 2011, it was featured in Forbes magazine as one of the top fastest-growing companies. Bennett’s leadership ended in 2010 and he was replaced by the former CFO of the company, Kevin Thompson. In 2013, the company announced that it will be investing in an operations hub in Utah. The company’s target was to develop high-functioning products at a low cost which is desirable by every enterprise. The same year, SolarWinds was named the Best Small Company in America by Forbes. The number of employees in SolarWinds doubled from 2011 to 2013 as the total count became 900. In 2016, the company had more than 1700 employees and generated annual revenue of half a billion dollars. During this time the company was taken private and again filed a public offering in 2018. Last year, Kevin Thompson retired and he was replaced by Sudhakar Ramakrishna. Currently, the company is trying to cope up with the losses it faced during the recent cyberattack.

Acquisitions

In 2007, the company received good funding and it decided to invest the money in new acquisitions. So, the company acquired Neon Software and monitor Corp. The company also opened a new office in Ireland for sales purposes. The company didn’t just acquire companies but also focused on acquiring products that matched the interest of the company. After the company became public in 2009, it acquired many companies including Kiwi Enterprises, Hyper9 Inc, TriGeo, EminentWare, etc. By this time the company opened offices outside the US, including Australia, Czech Republic, India, and Singapore. The recent companies acquired by the company are Capzure Technology, Librato, SpamExperts, VividCortex, etc.

Sudhakar Ramakrishna – CEO of SolarWinds

Sudhakar Ramakrishna has recently become the CEO of the company. He has 25 years of professional experience in different fields including networking, security, mobility, etc. He is the former CEO of Pulse Secure and also worked at Citrix, Motorola, 3Com, etc. Ramakrishna is an alumnus of Kansas State University.

Colonial Pipeline

The White House working to aid the recent Colonial Pipeline Cyberattack.

Leave a Comment / News, Tech News / By

Colonial Pipeline is the top U.S. pipeline operator which was recently attacked by a ransomware group. The U.S. government said that this group of hackers might be new but they aren’t amateur hackers. This attack has plummeted the oil supply thus forcing the company to shut down the oil supply in the eastern states of the nation. The White House is working closely with Colonial Pipeline to help them recover the losses after the cyberattack.

The suspect behind this Colonial Pipeline cyberattack is not yet made official but a couple of industry resources have informed Reuters that the group DarkSide is one of the suspects. Cybersecurity has mentioned that veteran cybercriminals constitute the group of DarkSide whose main focus is to squeeze as much as possible from their target. Tension among government officials and lawmakers has increased and this attack is one of the most disruptive digital ransom schemes ever reported. (Reuters)

Colonial Pipeline

After the change of the political scenario in the U.S., the pipeline fix became one of the top priorities for the Biden administration and Washington, said Gina Raimondo, Commerce Secretary. The U.S. government was working vehemently so that Colonial Pipeline could restart the 8,850km pipeline network stretching from Texas to New Jersey. She further mentioned that the White House is working closely with the company, state, and local officials so that the company gets back and up running as soon as possible.

Colonial Pipeline
Image Source: bloombergquint.com

Colonial Pipeline has mentioned on Sunday that the main pipeline network is not in operation at this moment. But there are some smaller lines between the terminals and delivery points which are currently operational. The company is uncertain as to when the company can resume the entire pipeline network again.

Oil Supply Disrupted

Colonial Pipeline is responsible for transporting approximately 2.5 million barrels of gasoline per day and other fuels. It is shipped from the Gulf Coast refiners to the mid-Atlantic and southeastern United States consumers. This pipeline network supports the major airports of the U.S. including  Atlanta’s Hartsfield Jackson Airport. One spokesperson from the Charlotte Douglas International Airport said that the airport has a supply on hand which is supplied by another major pipeline along with Colonial.

The compromise of the oil supply network will have a significant impact on the regional fuel supplies. Since the company is uncertain about when the company will be fully operational again, this outage will affect the southeastern United States, said American Automobile Association. Once the crisis tends to continue prices will accelerate substantially in the southeastern states. Some of the U.S. states that are very vulnerable to this situation are Tennessee, Georgia, and Maryland.

Suspected Criminals for the Cyberattack

The investigation led by the U.S. government is in its early stage but still many of the industrial experts and a former U.S. official suspect it to be the cybercriminal group called DarkSide. DarkSide is a professional ransomware group that avoids setting targets in the post-Soviet states. Their goal is to break into a network and then use software to encrypt the data while they steal data at times. Once this is done they ask for payment to decrypt the data. Additional payments are charged as they continuously threaten to publish the stolen content.

An unnamed source has said that this time the hackers stole more than 100 gigabytes of data from Colonial. While the FBI was working with both government and private officials, the hackers took the cloud computing system offline that they used to collect the stolen data. It seems that the data of Colonial was not further transported to any other system. The company has declined to make any further comments regarding DarkSide.

The Biden Administration

On Saturday, President Joe Biden was briefed about the Colonial Pipeline cyberattack and that the government was trying to restore the company and prevent disruption in supply. The lawmakers are looking forward to working more with privately-held critical infrastructure companies to guard against cyberattacks. (Reuters) U.S. Senator, Bill Cassady has said that this is a question and threat to national security and something that the Democrats and Republicans can work on together.

The Federal Motor Carrier Safety Administration is issuing temporary hours of service exemption so that refined products are transported to 17 southern and east coast states including Alabama, Delaware, Florida, Georgia, New Jersey, and New York. Alternative transportations can be required at any hour and the oil refining companies are looking into it.

spyware

Governments Using Spyware Technology to Snoop On People and Hack Their Phones

Leave a Comment / Tech News / By

Most of us have data and vital information stored online. Most of us are of the opinion that such cloud storage spaces and our phones are only ours, and hence, safe. However, around the world, we are now seeing a rise in cybercrimes. As the years roll, the number of people who find themselves under the threat of a cyberattack, spyware, or malware attack is on the rise. It isn’t just individuals who fall prey to such attacks, but countries as a whole. Several reports filed last year talking about how governments use spyware software to track their people’s movements and actions. Here’s an in-depth look at the use of spyware technology by various governmental bodies.

Whatsapp Files Suit

In October of last year, the world’s most popular messaging app Whatsapp filed a case against an Israeli tech company by the name NSO. This little known company was thought to be the one behind a well-planned and executed cyber-attacks on over 1,400 Whatsapp users. Most of the people who were attacked were human rights activists, diplomats, and journalists. 

Stephanie Kirchgaessner, who at The Guardian investigated this piece worked with Citizen Lab, a spyware tracking company in Canada. After her studies, she concluded that NSO had helped the UAE, Morocco, Mexico, Bahrain, Kazakhstan, and even Saudi Arabia. The company, however, vehemently opposed the lawsuit stating that Whatsapp was drawing false parallels. NSO argued that it licensed Pegasus, their state-of-the-art spyware only to law-enforcement agencies and government bodies. 

Spying: An International Game

The lawsuit began a new fight against unlawful and uncalled for surveillance by the State on its people. It tried to hold the global surveillance industry accountable for its actions, which are left entirely unregulated. There have been several cases before against the Israeli NSO by people who have fallen prey to their cyberattacks. However, Whatsapp was the first tech company to take the spyware firm to court. 

How Spyware Infiltrates 

The lawsuit states that NSO helps government agencies spy on residents through simple Whatsapp video calls. The scariest thing about this spyware software being that it does not require the person to attend the call to infiltrate their phone. The extremely sophisticated malware began spying even if the target missed the call, making them very dangerous. The software could intercept all forms of communication, access, and share photographs, and activate cameras and microphones without the target knowing. Furthermore, it also had the power to track locations and access different forms of data.

Who Are Their Targets

The Whatsapp lawsuit includes targets from over 20 different countries. The spyware singles out and targets religious figures, lawyers, activists, diplomats, politicians, and journalists. Also, NSO’s Pegasus could have been the software used to spy on writer Jamal Khashoggi who was killed by Saudi Arabia’s security services. His friend, Omar Abdulaziz, filed a lawsuit against the company for infecting his phone for the Saudis.

While activists have claimed that surveillance technology is taking over our lives over the years, they have had little success in implicating such firms. Also, no one has been able to come up with remedies or solutions for this problem, as such agencies keep intruding on our lives. The lawsuit filed in a District Court in California will be the first of many lawsuits against such agencies that hack our phones and enter our lives. Though NSO rejected the claims by stating their technology helps government agencies fight terrorism and violence, they will still need to prove their innocence in court. The company also claimed that using their software for any other purpose was a violation of the product contract.

Whatsapp received help from Canada’s Citizen Lab, which works out of the University of Toronto. This agency helps with tracking and identifying spyware technology users around the world. John Scott-Railton, who works as a senior researcher at the Citizen Lab, stated that such a lawsuit is unprecedented. Regarded as a milestone in the field of privacy and digital protection, this lawsuit may help other agencies to come forward with their findings. Such lawsuits will also prompt governments to enact stricter laws regarding data privacy. As we move into the future, it will be imperative that our data also enjoys the same security that our houses and other belongings do. Over time, we may witness more such allegations coming out into the public, helping countries frame their own data privacy policies. Until then, all of us will have to be careful, and try to prevent such snooping from happening to us.