Showing posts with label hackers. Show all posts
Showing posts with label hackers. Show all posts

Friday, June 4, 2021

REvil Ransomware Attack - JBS Foods Shutdowns Temporarily

The largest meat distributor JBS Foods faced a REvil ransomeware attack over the weekend and it disrupted several servers supporting IT systems and affected the supply chain as well.

Global meat distributor JBS SA had to shut down operations in the United States, Canada and Australia after a Ransomware attack on its IT systems. “Attackers targeted several servers supporting North American and Australian IT systems of JBS Foods on Sunday”, according to a statement by JBS USA. JBS employees were greeted with a ransom note over the weekend the same had been used in previous REvil attacks as well.

“the company took immediate action, suspending all affected systems, notifying authorities and activating the company’s global network of IT professionals and third-party experts to resolve the situation,” as per company statement after ransomware attack.

Production has begun to resume at most of the JBS beef plants in the United States on Wednesday. Canada beef plant partially operational on Tuesday. Most of the workers at JBS plants in Australia, Canada and the United States were unable to start their work on Monday and Tuesday.

JBS didn’t confirm whether it had paid the ransom or not to the attackers.

Who is JBS Foods

Brazil-based JBS Foods is the largest meat distributor includes beef, chicken and pork. Total 245,000 employees work for JBS in many countries and has 9 plants in US. Their major clients are Country Pride, Swift, Certified Angus Beef, Clear River Farms and Pilgrim’s.




Who is Attacker -

The FBI confirmed that Russia-based cybercriminal group known for its attacks on leading U.S. companies and they are the major suspect. This group is known as REvil and it has already targeted around 237 organizations since 2020, according to Recorded Future, a cybersecurity company. The number of victims of ransomware attack could be much higher because most of the organization quietly pay their ransom to maintain their reputation and avoid the loss of data.

What is REvil Ransomware -

REvil group runs its organization like "ransomware as a service" and rents their script and help to individual or group to target the attack. This is known as Sodinokibi, Bluebackground, or Sodin aslo. If you remember Darkside who was responsible Colonial Pipeline ransomware attack, is one of the subscriber of REvil group. Reports suggest that now DarkSide has choose a separate path. If you want to know about Execution and Business Model of REvil then you should read this post.

You can find Prevention method also in above post.

Tuesday, November 1, 2016

Increase JIO Internet Speed - Simple Tricks



Nowadays every Indian is going after Jio SIM and trying hard to get new SIM from reliance store. However, they are being disappointed due to slow internet speed. There are several post and videos to speed up your Jio internet but they are absolutely waste of time and promotion of their apps. I’m not saying that below tip will work 100% for you but I checked few of phones and observed better speed. But before telling you about these tricks, will give you some background on LTE band.

About 4G band:
 
Please see below band information using by Indian service providers.]

Airtel offers 4G on Band 40 (2300MHz)
Vodafone offers 4G on Band 5 (850Mhz)
Reliance Jio offers 4G on Band 3, Band 5, and Band 40.

Before we move ahead, it is important to know the difference in these three bands and how they work.

Best coverage: Band 5 > Band 3 > Band 40.
Best speed: Band 40 > Band 3 > Band 5

In that case, you will get best connection speed in the Band 5 then your speed will not be as good and if you are on Band 40 then you will get good speed but coverage will be poor.

Please be informed your phone automatically switches between bands according to the strength of the signal at a certain location, that’s why Reliance Jio work in good speed at certain areas than poor at others.

You can fix the LTE band to get better Jio speed by doing below changes.

Trick 1: Select band 40 manually

  • To increase speed, follow these steps
  •  Dial *#*#4636#*#*
  • Select phone information 
  •  Select "Set preferred network type"
  • Select LTE Only
For Qualcomm processor

 Install Shortcut Master (Lite) app from Play Store.-à Menu > Search -à Type "Service Menu" or "Engineering Mode" and search à Open if found and access to change LTE bands

For MediaTek processor

Install MTK Engineering Mode à Run app à Select 'MTK Settings' à Select 'BandMode' àSelect SIM slot where you have put your Jio SIM à Select 'LTE mode' à Select band 40 for best speed or band 5 for best coverage à Save settings & reboot mobile to activate changes.

Note: These methods may or may not work even if you have smartphones with these processors. We suggest you to try these on your own risk.

I would suggest, note down your current setting before making changes manually. If you see any network issue with above changes so you can reset your settings. I hope you understand that one band work for good speed and other one is being used for better coverage.

Trick 2: Change APN settings

Jio internet speed can be increased by making changes on APN settings.

Please note down your existing setting before going for change.

Change the APN Settings as shown below.
 Name - RJio
 APN - jionet
 APN Type - Default
 Proxy - No changes
 Port - No changes
 Username - No changes
 Password - No changes
 Server - www.google.com
 MMSC - No changes
 MMS proxy - No changes
 MMS port - No changes
 MCC - 405
 MNC - 857 or 863 or 874
 Authentication type - No changes
 APN Protocol - Ipv4/Ipv6

Use Snap VPN :

Now download Snap VPN app from the Google Play Store and connect to Singapore or France server. This should improve your downloading speed but not browsing speed.

Enjoy high-speed internet.

Friday, April 11, 2014

Heartbleed bug leaves millions of users vulnerable






Web administrators and computer security researchers on Tuesday scrambled to fix a serious vulnerability in OpenSSL encryption used by thousands of web servers, including those run by email and web chat providers. The bug, dubbed Heartbleed, "allows anyone on the internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software".

In other words hackers or cyber criminals can use the Heartbleed bug to steal private encryption keys from a server that is using OpenSSL protocols of SSL/TLS encryption and then snoop on the user data, including passwords. There are reports that servers of Yahoo, Imgur and Flickr have been affected. However, this is around two-year-old bug and hence no one knows for sure how many people have exploited it at how many servers have been compromised.

The bug is so serious and widespread that Tor Project, which manages the anonymous Tor network, has advised web users to go offline for a while. "If you need strong anonymity or privacy on the internet, you might want to stay away from the internet entirely for the next few days while things settle," it said in a blog post.

OpenSSL Project has created a website called www.heartbleed.com to inform web users and web masters about the bug."The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users," explained a note posted on the website.

In a separate note OpenSSL Project said that the bug was discovered by Neel Mehta, a security researcher working with Google. It also said the "affected users should upgrade to OpenSSL 1.0.1g". The key bit to note here is that by users OpenSSL doesn't mean the web users but web server administrators who use OpenSSL protocols.
The reason why the Heartbleed bug has caused panic among server administrators and security researchers is because how it affects servers. "This bug has left large amount of private keys and other secrets exposed to the internet. Considering the long exposure, ease of exploitation and attacks leaving no trace this exposure should be taken seriously," explained the Heartbleed website. "Leaked (private) secret keys allow the attacker to decrypt any past and future traffic to the protected services and to impersonate the service at will."

In an answer to a question — Am I affected by the bug? — the OpenSSL website notes, "you are likely to be affected either directly or indirectly".

"OpenSSL is the most popular open source cryptographic library and TLS implementation used to encrypt traffic on the Internet. Your popular social site, your company's site, commerce site, hobby site, site you install software from or even sites run by your government might be using vulnerable OpenSSL. Many of online services use TLS to both to identify themselves to you and to protect your privacy and transactions. You might have networked appliances with logins secured by this buggy implementation of the TLS," noted the website.

To Consumers:

There are complex conditions as to whether your data may or may not have been retrieved, and you should assume details like passwords may have been stolen, but a blind reset of everything could actually make it more likely that you lose your details. You need to reset passwords once a provider has patched.

Attackers may soon start sending fake notifications and links pretending to offer help or magic solutions. Be extra cautious on the web, not just because of Heartbleed but also the cyber criminals tend to jump on hot topics to launch nasty code and secondary attack campaigns.

Fix / Solution:
Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS

Mitigation Perspective:

From a technical mitigation perspective, check that your IT security team do the following. If you just apply the patch you haven’t really mitigated the risk. In some cases the vulnerability may have allowed attackers access to other sensitive security information or tokens, so additional steps may be required.

  • · Apply the patch
  • · Generate a new certificate and a new key (failure to do this and patch means attackers may still be able to intercept and man in the middle customers private content)
  • · Revoke the old certificate and key (important, many are forgetting this)
  • · Restart the service (many also forgetting this leaving the old secrets or version loaded)
  • · Validate you are no longer vulnerable with the numerous test scripts available.
  • · Check all your servers and services, not just the most obvious candidates. Backup servers, hot stand by and others may still be vulnerable.
  • · Check for any evidence of malpractice (though unlikely available) and instigate incident response procedures and customer notification as required. Perform a risk assessment too to identify any tokens or sensitive data that may have been lost which provide attackers with alternative channels.



Affected / Unaffected versions of Open SSL :


We are listing the affected / unaffected versions of Open SSL software’s as below:

Affected :

OpenSSL 1.0.2-beta

OpenSSL 1.0.1 - OpenSSL 1.0.

UnAffected :

OpenSSL 1.0.2-beta2 (upcoming)

OpenSSL 1.0.1g

OpenSSL 1.0.0 (and 1.0.0 branch releases)

OpenSSL 0.9.8 (and 0.9.8 branch releases)



Vulnerable OS:


Ubuntu Ubuntu Linux 12.04 LTS i386
Ubuntu Ubuntu Linux 12.04 LTS amd64
Red Hat Enterprise Virtualization Hypervisor for RHEL 6 0
Red Hat Enterprise Linux Workstation Optional 6
Red Hat Enterprise Linux Workstation 6
Red Hat Enterprise Linux Server Optional 6
Red Hat Enterprise Linux Server 6
Red Hat Enterprise Linux HPC Node Optional 6
Red Hat Enterprise Linux HPC Node 6
Red Hat Enterprise Linux Desktop Optional 6
Red Hat Enterprise Linux Desktop 6
Oracle Enterprise Linux 6.2
Oracle Enterprise Linux 6
OpenSSL Project OpenSSL 1.0.1c
OpenSSL Project OpenSSL 1.0.1a
OpenSSL Project OpenSSL 1.0.1
Gentoo Linux
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64
Cisco TelePresence Video Communication Server (VCS) 0
Cerberus Cerberus FTP Server 4.0.9.8
CentOS CentOS 6


Cisco Vulnerable Products: 




Cisco AnyConnect Secure Mobility Client for iOS [CSCuo17488]
Cisco Desktop Collaboration Experience DX650
Cisco Unified 7800 series IP Phones
Cisco Unified 8961 IP Phone
Cisco Unified 9951 IP Phone
Cisco Unified 9971 IP Phone
Cisco TelePresence Video Communication Server (VCS) [CSCuo16472]
Cisco IOS XE [CSCuo19730]
Cisco Unified Communication Manager (UCM) 10.0
Cisco Universal Small Cell 5000 Series running V3.4.2.x software
Cisco Universal Small Cell 7000 Series running V3.4.2.x software
Small Cell factory recovery root filesystem V2.99.4 or later
Cisco MS200X Ethernet Access Switch
Cisco Mobility Service Engine (MSE)
Cisco TelePresence Conductor
Cisco WebEx Meetings Server versions 2.x