As another evidence of hackers targeting the weaker links in the ecosystem, this WSJ report indicates that North Korean hackers have targeted social service organizations helping North Korean defectors settle down in South Korea. We have seen similar scenarios when hackers target employment background check companies for the heist of large amounts of personnel data.
Friday, December 28, 2018
Thursday, December 27, 2018
According to this report, some Chinese hackers specifically target IT service providers, because they can use such service providers as a spring board to hack their customers. This makes total sense, and means that the IT department of enterprises who want to outsource their IT operations must conduct plenty of due diligence of the service provider's cybersecurity posture.
https://www.washingtonpost.com/world/national-security/us-and-more-than-a-dozen-allies-to-condemn-china-for-economic-espionage/2018/12/20/cdfd0338-0455-11e9-b5df-5d3874f1ac36_story.html?noredirect=on&utm_term=.4bbcd70aed11
https://www.washingtonpost.com/world/national-security/us-and-more-than-a-dozen-allies-to-condemn-china-for-economic-espionage/2018/12/20/cdfd0338-0455-11e9-b5df-5d3874f1ac36_story.html?noredirect=on&utm_term=.4bbcd70aed11
Friday, December 14, 2018
Many recent reports indicate multitude of Chinese hacking activities against US targets:
- Marriott breach is a part of APT from China aiming to gather more intelligence about US citizens (https://www.wsj.com/articles/u-s-navy-is-struggling-to-fend-off-chinese-hackers-officials-say-11544783401)
Hope the US-China trade talks will turn the tide on this ill-development and bring more peace to the cyberspace.
- Chinese hackers breach US Navy Contractors (https://www.wsj.com/articles/u-s-navy-is-struggling-to-fend-off-chinese-hackers-officials-say-11544783401). The report says that this hack is linked to Temp.Periscope, a suspected Chinese
government hacking unit that uses phishing emails to gain network access.
- Marriott breach is a part of APT from China aiming to gather more intelligence about US citizens (https://www.wsj.com/articles/u-s-navy-is-struggling-to-fend-off-chinese-hackers-officials-say-11544783401)
Hope the US-China trade talks will turn the tide on this ill-development and bring more peace to the cyberspace.
Saturday, April 9, 2016
WeChat has to deal with a large number of complaints and close many accounts because of fraud
WeChat is the most popular social network platform among Chinese across the world.
With such popularity, the platform has also attracted a lot of fraud activities. Criminals and malicious users are using WeChat to spread rumors, and to commit fraud.
In 2015, Tencent, the company who operates the WeChat platform, processed 8.5 million user complaints, and had to close hundreds of thousand accounts.
The most prevalent illegal activities on WeChat and other network platforms are:
- Fraud
- Gambling
- Drug/weapon dealing
- Blackmailing
- IP infringement
Today, many fraud activities are associated with fake job offers, porn services on the Internet, pay for participating in a lottery, red envelops, etc.
Source in Chinese: http://mp.weixin.qq.com/s?__biz=MjM5NjM4MDAxMg==&mid=405514250&idx=1&sn=99a252f096484325d2543ec7f0ce48ad&scene=5&srcid=0410cRDztJ3P4w2LiqcheA6t#rd
With such popularity, the platform has also attracted a lot of fraud activities. Criminals and malicious users are using WeChat to spread rumors, and to commit fraud.
In 2015, Tencent, the company who operates the WeChat platform, processed 8.5 million user complaints, and had to close hundreds of thousand accounts.
The most prevalent illegal activities on WeChat and other network platforms are:
- Fraud
- Gambling
- Drug/weapon dealing
- Blackmailing
- IP infringement
Today, many fraud activities are associated with fake job offers, porn services on the Internet, pay for participating in a lottery, red envelops, etc.
Source in Chinese: http://mp.weixin.qq.com/s?__biz=MjM5NjM4MDAxMg==&mid=405514250&idx=1&sn=99a252f096484325d2543ec7f0ce48ad&scene=5&srcid=0410cRDztJ3P4w2LiqcheA6t#rd
Wednesday, December 23, 2015
Data security risks rising for Chinese firms
Based on a study by PwC, Chinese companies tackled an average of 1245 information safety cases in 2015, a 517% year-on-year increase over last year.
Customer data, internal records, and intellectual property owned by energy, retail, technology, and engineering companies were the most targeted.
In addition, wider adoption of emerging IT solutions such as the Internet of Things increased the chances of data leakage, as more data are transmitted from portal devices and over wireless networks.
The survey also found that Internet security budgets for Chines companies neared $8 million in 2015, significantly higher than the global average of $5.1 million.
Online data leakage and damage cost China-based firms $2.63 million in 2015, a 10 percent jump over 2014. The amount is also higher than the global average of $2.55 million, because cyber-security incidents involving the cash-rich Chinese Internet companies usually entail high financial losses.
The results are based on a survey of more than 330 chief executives, financial officers, and IT professionals working in mainland China or Hong Kong.
Customer data, internal records, and intellectual property owned by energy, retail, technology, and engineering companies were the most targeted.
In addition, wider adoption of emerging IT solutions such as the Internet of Things increased the chances of data leakage, as more data are transmitted from portal devices and over wireless networks.
The survey also found that Internet security budgets for Chines companies neared $8 million in 2015, significantly higher than the global average of $5.1 million.
Online data leakage and damage cost China-based firms $2.63 million in 2015, a 10 percent jump over 2014. The amount is also higher than the global average of $2.55 million, because cyber-security incidents involving the cash-rich Chinese Internet companies usually entail high financial losses.
The results are based on a survey of more than 330 chief executives, financial officers, and IT professionals working in mainland China or Hong Kong.
Wednesday, November 25, 2015
DDoS has become a big business in China
Based on a research published by Tencent Research Institute, in China, DDoS attacks now "employs" about 380,000 people in China, with more than 6000 hacking groups, and revenue to the north of RMB$10 billion ($1 = 6.39RMB as of Nov. 25, 2015).
Typical scenarios of a DDoS attack in China include:
- Business competition: one would hire these hackers to attach the website or IT system of a competitor.
- Blackmail: one would attack a business until some ransom money is paid.
People make money by:
- Sell DDoS tools
- Execute attacks
- Be the middle man.
(Source is in Chinese: http://mp.weixin.qq.com/s?__
Subscribe to:
Posts (Atom)