The cyber attacks of 2019 were unprecedented in scope and targeted most iOS-based devices. The operating system, once considered impenetrable, today hosts a variety of cyberattacks.
Hacks WhatsApp application and Spyware Installer on Smartphone
A report published by the Financial Times in May showed that hackers have succeeded in installing a particular type of surveillance technology on users’ phones. Technology that can use WhatsApp voice calling capabilities.
It is not yet clear how many users have been victims of the attack, but with nearly 1.5 billion users worldwide using WhatsApp, the number of victims should be high.
The Financial Times noted in part of its report that the spyware was designed by a company called NSO Group.
WhatsApp respond to the news, saying the above hacker attack was carry out by a private company sponsor by a government agency. The NSO group did not comment on the news.
Attack on iPhone
Forbes Magazine reports that some Chinese software companies have been cyber-attacking iPhone users in the past two years through malicious websites. For the first time, cyber security team experts at Google’s Zero Project identify the attacks.
Ibn Tim describe the attacks as “advance,” saying: “Owners of iPhone phones that have been exposing to malicious sites that spread like traps have make their phones vulnerable to attacks and the potential for passwords, messages, calls and even The location of their location is gone. “
Apple patch the vulnerability two days after the official release, announcing that 10 malicious sites in China were target to monitor the activity of a specific group of users.
Theft of US Customs and Border Protection information
In June, a group of hackers managed to infiltrate the US Customs and Border Protection database of stolen photos and steal information.
The database contained pictures of passengers and their license plates. In the cyberattack, hackers managed to steal information from 100,000 passengers, the Washington Post reported.
Investigations show that the above information was leak through one of the customs contractor’s network, but no name was giving.
The hack of a US Department of Defense contractor information network
Brian Carbs, a prominent cyber security expert, said one of the IT contractors (Miracle Systems),
who signed a partnership with the United States and headquartered in Virginia,
was hack and that information was leak to the contractor in the Darkcube database.
It is not yet clear exactly how large the scope of the hacker attack is and who is influencing those individuals or organizations,
but the contractor had signed a contract with the US Department of Defense, the National Health Service and the US Department of Homeland Security.
Investigations have reveal that Miracle Systems has been infect
by malware called Emotet through an infected email attachment and the victim of the hacker attack.
Hack the Flipboard Content Integration Program
Phillipboard is a content aggregation program that announced in early 2019 that hackers managed to infiltrate the program’s databases. The databases of this application were content aggregation consisting of usernames, email addresses, and stored passwords of users.
Information recorded by users themselves in databases. The hacker attack stole information from users last year. How many accounts have been affected by the attack is not yet known. Needless to say, this content aggregation program held more than 159 million users.
Fortnite is one of the most popular games nowadays with over 200 million users worldwide. The game has security vulnerabilities that hackers can use to gain control of gamers’ accounts, view account information, use digital money inside the game for their purchases, and even chat in the game, the security company Checkpoint reported.
To eavesdrop. In addition to the vulnerabilities mentioned above, hackers have created fraudulent pages for the Internet to encourage users to collect more money after stealing personal information from a cyberattack.
Checkpoint security experts have reported that no special tools were needed to identify the vulnerabilities. Hackers only used one weakness of a Fortnite subdomain to attack and implement the XSS attack.
In the above attack the hacker sends the infected link to the user. The user system would quickly become infected by clicking the infected link, and the attack would succeed.
In April 2019, UpGuard reported that the database of two third-party Facebook applications had been hacked and that information was publicly released. The hacker attack was dubbed the biggest disclosure of information in the history of social media.
The leak information was from a multimedia company call Cultura Colectiva,
which contained information records of more than 450 million Facebook users, such as likes, surveillance and IDs.
Another program was called At the Pool, whose database consisted of user IDs, likes, videos, songs, photos, events and topics of interest to users. In this hacker attack and infiltration of the bank’s database, hackers gained access to at least 22,000 Facebook users.
Hacking Visual Studio Tools and Creating Back Doors in Computer Games
Microsoft announced in early April that hackers had managed to hack into Visual Studio’s integrated development environment and put the back doors on the products of three computer game makers who used Visual Studio to build their games. The hack attack caused at least 92,000 computer systems to run infected versions of these computer games.
Wired said in a news release that the Barium hacker group claimed responsibility for the attack. The hacker group has repeatedly attacked software companies’ infrastructure tools. The April attack is classified as a hacker attack called the supply chain attack.
An attack where hackers embed malicious code into a company’s critical software and then transmit malicious code to the company’s client systems.
Companies can hardly identify supply chain attacks,
as companies building software, and especially computer games,
digitally sign their software before distributing their software even when malware is in their software.
They are still able to legally sell their software because there are no clear indications that the software is infect.
Ransomware attacks on US government agencies
In 2019, hackers used ransomware to extort money from US government and local agencies. Baltimore, Georgia State Courts and Florida-based semi-state corporations and several Texas-based private organizations have been major victims of these ransomware attacks.
While various states have opposed ransom payments and have been forced to spend millions of dollars on rebuilding their IT infrastructure to restore systems and prevent new attacks, several Florida-based companies have agreed to pay a million ransom. To pay hackers a dollar.
It is a bit strange to pay this ransom,
because if companies had backed up their data they wouldn’t have to pay ransom by replacing backups.
Install back doors on Asus computers through the company’s own software
The attack, identified in 2019,
revealed that hackers used Asus software to create and install backdoors on thousands of PCs built by the company.
The motherboard magazine was the first IT site to publish the attack, announcing that at least thousands of infected files were installed on users’ computers through an ASUS update, and ASUS due to a lack of awareness through the Live Update Utility.
Has sent the above update to users. Wired reported this time that the hacker barium group said in a message that the attack was carried out by the underground group.
LockerGoga ransomware attacks on manufacturing companies based in different countries
LockerGoga is an interesting ransomware of its kind that turns off the victim’s computer as long as
they do not pay the ransom, preventing users from accessing the files.
The ransomware can turn off the physical equipment used in the production line of companies and factories and hinder the day-to-day operations of businesses.
The Wired site reported that the victims of the ransom could no longer access their files after just a few minutes because the files were encrypted and only one ReadMe file with the following text was visible to them: “Congratulations.
There is a security breach in your organization’s infrastructure. You should be happy that a professional group, not a novice group, has been able to detect this security breach. Newcomers could detect this breach and cause serious damage to your files. »
Theft of tens of millions of subscribers of Capital One
The latest is one of the largest cyberattacks report. The hacking attack targeted Capital One’s financial institutions in July. An attack that leaked information and even details, revealing tens of millions of credit card information to its customers.
In this hacker attack, information such as transaction history, account balance, account balance, addresses and even social security numbers of users were revealed. Capital One said in a statement that fortunately there were no signs of misuse of the disclosed information.
Following the attack, Paige Thompson, a former Amazon engineer, was arrested and charged with forging information and planning the attack.
Initially, Mrs Thompson was charged with assaulting Captain Van, who was expected to serve five years in prison and a $ 250,000 fine.
In April, the Justice Department announced that Seattle’s federal jury had indicted Ms. Thompson on two of the data failures of Capital One and demanded a 25-year prison sentence.
in the case the FBI filed with the court, Ms Thompson was indict in 30 hacker attacks on various organizations,
although no solid evidence was provided for the attacks.