Connect with us

Featured

Spy vs Spy: strange story of cybercrime underworld

In the cyber-world, not only are everyday users at risk of having their personal details stolen, but so too are new cybercriminals as was evident on the underground site leakforums, writes PAUL DUCKLIN, Senior Security Advisor, Sophos.

Not all malware is ransomware, even though ransomware hogs the spotlight these days.

Keyloggers are still popular in the cybe runderworld, because they help crooks to steal  passwords. Armed with  email passwords, for example, crooks can pull off much more audacious crimes than ransomware, such as business email attacks, also known a CEO fraud or wire-wire scams (that’s where a crook logs in with a stolen password to send an email that doesn’t just look as though it came from your CEO’s account, it really did come from her account.)

The fraudulent email in a wire-wire scam won’t be a demand for $300 in bitcoins, which is a typical price-point in ransomware, but an official-sounding corporate instruction to put through a massive funds transfer. The amount may be $100,000 or even more, and the email will typically claim that that the funds are part of time-critical business venture such as an acquisition, to justify both the large sum and the urgency.

In other words, there’s still big money in Keyloggers, and one of the most popular keyloggers these days is KeyBase, a product that was originally sold as a legitimate application before being abandoned in apparent disgust by its author.But KeyBase lives on, with cyber crooks giving it a new home all over the cybercriminal underground.

Dishonour among thieves

Sometimes crooks turn on their own kind, as happened in this story. A user on the popular underground site leakforums, going by the name pahan12, popped up offering a PHP Remote Access Trojan called SLICK RAT.But newbie crooks who ran the installer didn’t get what they paid for. Instead, they ended up infected with the KeyBase data stealer instead, and their stolen passwords were sent off to a data-collection website. (The “Pahan” connection continued here, because the URL contained the text pahan123.)

My guess is that Pahan was after his victims’ logins for leakforums and other hacker sites, in order to build up his rank in the underground, and  went after users on other crime forums, too.,

(Interestingly, Pahan has a history of this sort of double-cross, promoting one cybercrime tool but infecting it with another. In  November 2015, Pahan was offering a malware scrambling tool called Aegis Crypter).

Cryptors take an existing malware program as input, and churn out a modified, scrambled, compressed and obfuscated program file as output, in the hope that this will bypass basic virus-blocking tools. But Pahan’s version of Aegis included its own “secret sauce”: a zombie Trojan called Troj/RxBot than hooks up infected computers to an IRC server from which remote command-and-control instructions can be sent to the network of zombies. The IRC channels on the server that were used by Pahan’s zombie were pahan12 and pahan123.

And in March 2016, a user going by pahann was promoting a version of the KeyBase toolkit, which can be used to generate keylogger files to order.

This KeyBase malware generation toolkit was itself infected, in a weird sort of “malware triangle”.

By this time, things were getting quite complicated for Pahan, who had samples of SLICK RAT for sale that were infected with KeyBase; of Aegis Crypter infected with Troj/RxBot; and of KeyBase infected with COM Surrogate, which delivered Troj/RxBot and Cyborg.

What next?

Things didn’t go so well for the duplicitous Pahan, a.k.a. Pahan12, a.k.a. Pahan123, a.k.a. Pahann, after that… Just last week, when our team of experts  were looking around to see what Pahan had been up to recently, we found a number of  intriguing data and postings relating to him. Amusingly, (if cyber criminality can ever be truly funny), it seems as if Pahan/12/123/n has managed to infect himself with one or more of the malware samples he’s been juggling recently.

So, if you’ve ever wondered what a cybercrook keeps up his sleeve, this might give you some ideas: we can see a ransomware sample, various pre-prepared malware binaries, scanners, a sniffer, remote access tools and more. Maybe his next step will be to scramble his own files with the ransomware we can see stashed there in his Google Drive account?

So, if you had to write the story “What Pahan did next?”…

…what would you say? (And if you could choose, what would you wish for?)

(This article first appeared on Sophos Naked Security, August 16, 2016: https://nakedsecurity.sophos.com/2016/08/16/you-dirty-rat-spy-versus-spy-in-the-cybercrime-underworld/?utm_source=Naked+Security+-+Sophos+List&utm_campaign=a54b497abf-naked%252Bsecurity&utm_medium=email&utm_term=0_31623bb782-a54b497abf-455162573 )

Featured

How to create an esports team

2018 was a landmark year for South African esports as one of the country’s best teams took the battle overseas and made waves in the international scene. A year ago Bravado’s top Counter-Strike: Global Offensive (CS:GO) team relocated to Arizona in the U.S., a venture dubbed Project Destiny, where they used the opportunity to train as full-time professional athletes and conquer the best teams out there.

Project Destiny was a massive success. A year later and Bravado’s CS:GO team had carved a name for itself through several high-profile victories and invitations to top tier tournaments. Clearly this is not the end of the story and the team has been reflecting on the lessons and opportunities.

Team captain Dimitri “Detrony” Hadjipaschali helped lead Project Destiny and gleaned a considerable amount on what needs to go into an esports team.

Team for the right reasons

For aspirant pro players who want to up their game, pun intended, he advises starting at the basics: why do you want a team?

“In recent times, people want to create a team with no direct intention, not knowing if they want to do this casually and socially, or professionally. Doing this professionally requires risk. It depends on how much work and sacrifices are contributed to the cause of creating a team. Playing socially is fine, part-time, as many people do, but playing professionally and wanting to reach the top one day, purely depends on your dedication, motivation and intention.”

Put in the hours

Like any aspirant pro athlete, preparation requires hours of training. Bravado’s players all put in several hours of training daily, 7 days a week, and Project Destiny’s full-time pros worked multiple training sessions every day, usually in the morning and afternoon for 4 hours each, as well as competitive matches in the late evening.

But even Bravado members who are not full time still put in hours of training every day. Serious players need to find the time and build up their dedication because this level of performance is simply the bar set in esports. Said Dimitri:

“The general esports title or game a team competes in will require anything, if not more than, a traditional sport outside of esports would require to get to the top.”

Fortunately, you don’t have to go all-out from the start. Esports are tiered with the top players in the highest tiers. So there is space to cut your esporting teeth while making room for it in your life. But never forget that to be one of the best means no half-measures. In esports, you have to commit to win.

Share goals

“A good team player is an individual who views his team as a single unit and not just himself as an ‘individual player’ in the bigger picture,” said Dimitri. “They put their team first and before themselves. This is the first main fundamental of a mindset required for a team player.”

Pro teams shouldn’t be mistaken for gaming clans, which are more casual and where gaming is a hobby. Even though they can be very competitive, clans mostly play for fun and entertainment, whereas a professional team is highly competitive with goals that it sets out to accomplish.

This is important because it helps the team members agree on the importance of those goals and the focus required. If you are not willing to show up every day to play the same game, partake in training exercises and learn from feedback, a pro career won’t work for you:

“Playing professionally requires aligned individuals where they share common goals and have equal intentions to realize what they want to achieve and what it takes to compete at a high level.”

Be patient

Professional athletes aren’t created overnight. It takes many years of focus and dedication while also pursuing studies or working at a day job before someone manages to ascend into a paid career. Esports is the same and demands patience alongside dedication.

Esports teams amplify this requirement. While in Arizona, Bravado applied the maxim “Teams who work together win together.” Household chores were divided up between players, creating a sense of common responsibility. This repetitive reinforcement of team values is crucial for success, whereas impatience for a team to ‘click’ is a recipe for disaster:

“Often, teams do not achieve their desired results and achievements in the short run and immediately resort to a roster change. Or someone in the team is replaced without a completely valid reason. This underestimates the importance of sticking together to create synergy in the long run.”

He also added that using time smartly is perhaps even more important than the amount of time spent on training. The team under Project Destiny used a full-time coach who helped set routines, objectives and priorities:

“The mistake with teams struggling to improve these days is that they do not know and understand how to work with limited time, and how to do this best and constructively as possible. Often teams that aren’t at a top competitive level yet arrange bootcamps, but set the limited time they have with each other incorrectly, or rather not to the best potential.”

When Bravado embarked on Project Destiny, it aimed to put South African esports on the map and serve as role models for aspirant players in the country. By those measures, it has been a huge success and Bravado continues to grow and educate. Through the ongoing support of sponsors Alienware and Intel, Bravado continues its mission of creating esporting excellence and opportunity for South Africans.

Learn more at bravadogaming.com or contact Bravado’s players directly via their social media accounts.

Continue Reading

Featured

Opera reveals SA browsing habits

Opera, one of the world’s major browser developers, and leader in AI driven digital content delivery and discovery, has released its State of Mobile Web 2019 report, revealing that nine out of ten people in South Africa use their mobile browser every day.

Other Key findings from the report include:

  • Internet users in Africa use their browser to access social media domains such as Facebook, YouTube, Twitter and Instagram, followed by entertainment and search websites
  • Opera News users in Africa spend 50% of in-app time watching videos
  • South Africans pay six times more per gigabyte of mobile data than people in India
  • Opera Mini saved users nearly 100 million USD in mobile data in 2018

The report reveals that the Opera mobile browsers and standalone news app were used by nearly 20 million internet users in Africa and by more than 350 million people globally in the first quarter of 2019. The State of Mobile Web 2019 report also shows that Opera experienced a growth of more than 26 percent of its user base year on year, compared to the first quarter of 2018 in Africa.

“We are thrilled to see that our mobile browsers and news app have grown by 25 million monthly users in the last year, ” said Jørgen Arnesen, Head of Marketing and Distribution at Opera. “The new Opera News app has led this positive growth, as well as the introduction of new features to our mobile browsers like built-in VPN and crypto wallet. The successful partnerships Opera has with major smartphone manufacturers in Africa have also contributed to this massive growth”.

The 2019 edition of the State of the Mobile Web report looked into the use of the Opera Mini browser and the Opera browser for Android, and it shows that mobile browsing is one of the most popular online activities among African internet users. For example, in South Africa, nine out of ten people use their mobile browser every day, an activity they prefer over the use of other applications like YouTube.

The report also revealed that on average, Africans using Opera spend more than 30 minutes browsing online each day. The most browsed category of websites was social media platform domains such as Facebook, YouTube and Instagram, followed by search engines like Google, and entertainment and sport websites.

100 million dollars  saved on mobile data

In the State of the Mobile Web 2019 report, Opera gives detailed insight into the use of the data savings feature in the Opera Mini browser, and compares the average price of mobile data in 20 countries in Africa. The results revealed that the data compression mode in Opera Mini saved users nearly 100 million USD of data in 2018.

In this analysis, Opera also compared the costs of data in some African countries with the cost of mobile data in India and Germany. The outcome of this analysis showed that South Africans pay six times more per gigabyte of mobile data than Indians and almost the same price as Germans for one gigabyte of mobile data.

Rapidly changing  news and video consumption landscape

The report takes a look at the trends of news and video consumption across Africa. This includes analyzing the usage of its standalone Opera News app, which grew from launch to over 20 million users in a period of one year. Categories like breaking news, local news, and entertainment were the favourites among users in the first quarter of the year.

Video content is also becoming more popular among people who use the Opera News app. The report shows that people spend 50 percent of in-app time inOpera News watching videos on Instaclips, the recently added video feature on the news app.

The usage of Instaclips keeps growing since its test launch in December 2018: in Q1-2019, Instaclips registered a total of 122,000 videos uploaded in different languages such as English, Portoguese, French, Arabic and Swahilli.

Expanding beyond browsing to fuel digital transformation

Opera’s commitment to digital transformation in Africa is ongoing. Beyond the development of its mobile browsers and standalone news app, Opera has made major investments on the African continent, expanding its services to other technology areas such as FinTech and digital advertising.

In 2018, Opera announced the launch of OKash, a fintech micro-lending solution that quickly gained traction among mobile internet users in Kenya. Today, OKash ranks among the most downloaded micro lending applications among Kenyans and its user base keeps on growing.

In May 2019,Opera announced the introduction of Opera Ads, a new advertising platform that allows media agencies and publishers to run more targeted marketing campaigns through the Opera platforms.

Available online

The full version of State of Mobile Web 2019 report is available to read online or for download by clicking here.

Continue Reading

Trending

Copyright © 2019 World Wide Worx