Cybersecurity threat becomes personal in latest attack

Started by dozerin, Feb 17, 2023, 04:54 AM

Previous topic - Next topic

dozerinTopic starter

Five days ago, I noticed a red and white warning on my wife's computer from Gmail that someone had attempted to change the account password. I quickly intervened and changed the password back while turning on two-factor authentication.



I discovered that the IP session was 189.33.44.246, but couldn't determine the source due to no one using anonymizers or proxies these days. Later on, I realized that my email reported an incorrect password on my main account, causing me to become concerned and promptly head to the hospital. I restored my password via SMS there and found out that the culprit connected to it using 212.156.58.182. Unfortunately, they had already changed all my passwords and hаcked into my bitcoin accounts on Mtgox, deepbit.net, and slush pool.

All three computers were scanned for malware using McAfee, Nod32, Rootkit reliever, Sophos Anti-Rootkit, and tdsskiller, but the results showed nothing.

Before the attack, all of the computers had antivirus software installed and all passwords were no less than 10 characters long, comprised of letters and numbers. Despite this, the hаcker managed to gain access. I also checked for any exceptions in the antivirus software, but found none.

Out of suspicion, I found a 500MB dumbva0z folder with an SQL database on my wife's computer in the Firefox folder. However, it did not trigger any antivirus or other scanners.

Do you have any recommendations for preventing this from happening again? Thank you in advance!
  •  

dinuanzz

Are you familiar with CureIt? It's worth a try in case the malware has gone unnoticed and has already left.

Additionally, I'd recommend SpyBot Search & Destroy. Once installed, update all databases and perform a thorough scan to ensure complete removal of any existing malware.

It's important to regularly scan your devices for malware, especially after noticing suspicious activity or experiencing a potential cyber attack. Keeping your antivirus software up-to-date and practicing safe browsing habits can also help prevent future attacks.
  •  

seanmarshall

It is unlikely that the attack was network-based. When authenticating in Gmail, the https protocol is used and any interference would prompt a loud warning from the browser.

Based on the attack also compromising other passwords, it is possible that it originated locally. It could be something as straightforward as a homemade keylogger that sends key logs to an email address or a malicious browser plugin. Antivirus software may not be able to detect such attacks if they were specifically targeted at you.

It's important to remain vigilant and consider all possibilities when dealing with cyber attacks or suspicious activity on your devices. Keeping your devices up-to-date and avoiding sketchy downloads or websites can also help prevent malware from infecting your system.
  •  

miaedwards

A few suggestions come to mind to help improve cybersecurity and protect sensitive information.

One option is to purchase a second computer for your wife or create a separate system using virtualization technology.

Another idea is to store critical data on a system running an alternative operating system, such as FreeBSD, which has a reputation for being more secure than Windows.

Creating a personal email gateway can also add an extra layer of protection against password theft and other attacks targeting real email accounts.

It's essential to take proactive measures to protect yourself and your personal information in today's digital age. Additionally, staying informed about the latest cybersecurity threats and best practices can help you stay one step ahead of potential attackers.
  •  

hufujiyu

When it comes to detecting a pytĸit infection, there are generally only two symptoms: suspicious processes in the system and the results of an antivirus scan. However, detecting this type of hack is not always straightforward as it can be effectively concealed within a system. If a hacker begins taking active measures, such as sending large amounts of information or making suspicious connections, there may be signs of their activity that a user can pick up on. Common entry points for pytĸits include vulnerabilities within a system or applications, which can be exploited to gain access to system files and install additional components.

Attempting to remove a pytĸit manually can lead to further issues with the system and its applications. Instead, users are encouraged to use specialized anti-virus programs, such as AVG Anti-Rootkit, Avira Rootkit Detection, Dr. Web, and others, to detect and remove the infection.

To protect your computer from Python attacks, it's important to use licensed software, stay current with operating system updates, and regularly update all software. It's also advisable to use a non-administrative account, utilize effective and properly configured antivirus software, exercise caution with removable media, and avoid downloading suspicious files from unreliable sources.

Even with antivirus software, there is no absolute guarantee that a detected pytĸit will be removed. Keeping systems up-to-date and practicing safe browsing habits can help reduce the risk of infection in the first place.
  •  

bobsmith

1. Strengthen Your Passwords: Consider using longer and more complex passwords consisting of a mix of uppercase and lowercase letters, numbers, and symbols. Avoid using easily guessable information like birthdays or names.

2. Enable Two-Factor Authentication (2FA): Two-factor authentication adds an extra layer of security by requiring a secondary verification method, such as a text message code or app-generated code, in addition to your password.

3. Keep Software Updated: Ensure that all your operating systems, applications, and antivirus software are updated to the latest versions. Regular updates often include security patches that address vulnerabilities.

4. Be Cautious of Suspicious Emails and Links: Avoid clicking on suspicious links or downloading attachments from unknown sources. Phishing emails are a common way for hackers to gain access to personal information.


- Implement Network Segmentation: Divide your network into separate segments or subnets to limit the potential impact of a breach. This way, if one segment is compromised, it doesn't provide direct access to the entire network.
- Conduct Regular Security Audits: Perform periodic audits of your systems and networks to identify vulnerabilities and address them promptly.
- Stay Updated on Security News and Alerts: Follow reputable sources of cybersecurity news and subscribe to security alerts to stay informed about the latest threats and vulnerabilities.
- Use a Password Manager: Consider using a password manager tool to securely store and generate unique passwords for each online account. This can help you manage and strengthen your passwords without the risk of forgetting them.
- Enable Account Activity Notifications: Set up notifications for any suspicious or unusual activity on your accounts to promptly detect unauthorized access attempts.
- Practice Safe Browsing Habits: Be cautious when visiting websites, downloading files, or clicking on links. Stick to trusted sources and be wary of downloading files from unknown sources.
- Regularly Update and Patch Software: Keep all software, including operating systems, applications, and plugins, up to date with the latest security patches and updates.
- Be Cautious of Public Wi-Fi Networks: Avoid accessing sensitive information or conducting financial transactions when connected to public Wi-Fi networks, as they may be insecure and susceptible to interception.
- Encrypt Sensitive Data: Use encryption techniques to secure your sensitive data, both in transit and at rest, to make it harder for attackers to access and decipher the information.

- Implement Least Privilege Principle: Limit user access rights to only what is necessary for their role. Provide users with the minimum privileges required to carry out their tasks, reducing the potential impact of a compromised account.

- Conduct Regular Security Awareness Training: Educate yourself and others about common cybersecurity threats, such as phishing, social engineering, and malware. Train employees, family members, or anyone who uses your home network in recognizing and responding to these threats appropriately.

- Secure Your Home Network: Change the default login credentials for your Wi-Fi router, use strong encryption protocols like WPA2 or WPA3, and regularly update the firmware to patch any identified vulnerabilities.

- Enable Automatic Software Updates: Enable automatic updates for your operating system, applications, and security software. This ensures you have the latest security patches and protections against newly discovered vulnerabilities.

- Regularly Scan for Malware and Intrusions: Use reputable antivirus and anti-malware software to conduct regular scans of your devices for any malicious software or intrusions. Remove any identified threats promptly.

- Use Secure File-Sharing Practices: When sharing files or documents with others, utilize secure file-sharing platforms or encrypt the files before sending them. Avoid using untrusted third-party platforms or insecure methods.

- Secure Your Social Media Accounts: Regularly review and update the privacy settings on your social media accounts. Be cautious about the information you share publicly and consider limiting access to your personal details.

- Secure Your Mobile Devices: Apply strong passcodes or biometric authentication on your mobile devices, keep them updated, and be cautious when downloading apps from unofficial sources.
  •