Connect with us

Business

Facebook: Taking Action Against Hackers in Iran

Facebook threat intelligence analysts and security experts work to find and stop a wide range of threats including cyber espionage campaigns, influence operations and hacking of our platform by nation-state actors and other groups. As part of these efforts, our teams routinely disrupt adversary operations by disabling them, notifying users if they should take steps…

Published

on

Facebook threat intelligence analysts and security experts work to find and stop a wide range of threats including cyber espionage campaigns, influence operations and hacking of our platform by nation-state actors and other groups. As part of these efforts, our teams routinely disrupt adversary operations by disabling them, notifying users if they should take steps to protect their accounts, sharing our findings publicly and continuing to improve the security of our products.

Today, we’re sharing actions we took against a group of hackers in Iran to disrupt their ability to use their infrastructure to abuse our platform, distribute malware and conduct espionage operations across the internet, targeting primarily the United States. This group is known in the security industry as Tortoiseshell, whose activity was previously reported to mainly focus on the information technology industry in the Middle East. In an apparent expansion of malicious activity to other regions and industries, our investigation found them targeting military personnel and companies in the defense and aerospace industries primarily in the US, and to a lesser extent in the UK and Europe. This group used various malicious tactics to identify its targets and infect their devices with malware to enable espionage.

This activity had the hallmarks of a well-resourced and persistent operation, while relying on relatively strong operational security measures to hide who’s behind it. Our platform was one of the elements of the much broader cross-platform cyber espionage operation, and the group’s activity on Facebook manifested primarily in social engineering and driving people off-platform (e.g. email, messaging and collaboration services and websites), rather than directly sharing the malware itself.

We identified the following tactics, techniques and procedures (TTPs) used by this threat actor across the internet:

Social engineering: In running its highly targeted campaign, Tortoiseshell deployed sophisticated fake online personas to contact its targets, build trust and trick them into clicking on malicious links. These fictitious personas had profiles across multiple social media platforms to make them appear more credible. These accounts often posed as recruiters and employees of defense and aerospace companies from the countries their targets were in. Other personas claimed to work in hospitality, medicine, journalism, NGOs and airlines. They leveraged various collaboration and messaging platforms to move conversations off-platform and send malware to their targets. Our investigation found that this group invested significant time into their social engineering efforts across the internet, in some cases engaging with their targets for months.

Phishing and credential theft: This group created a set of tailored domains designed to attract particular targets within the aerospace and defense industries. Among them were fake recruiting websites for particular defense companies. They also set up online infrastructure that spoofed a legitimate US Department of Labor job search site. As part of their phishing campaigns, they spoofed domains of major email providers and mimicked URL-shortening services, likely to conceal the final destination of these links. These domains appeared to have been used for stealing login credentials to the victims’ online accounts (e.g. corporate and personal email, collaboration tools, social media). They also appeared to be used to profile their targets’ digital systems to obtain information about people’s devices, networks they connected to and the software they installed to ultimately deliver target-tailored malware.

Malware: This group used custom malware tools we believe to be unique to their operations, including full-featured remote-access trojans, device and network reconnaissance tools and keystroke loggers. Among these tools, they continued to develop and modify their malware for Windows known as Syskit, which they’ve used for years. They also shared links to malicious Microsoft Excel spreadsheets, which enabled malware to perform various system commands to profile the victim’s machine in a manner very similar to the Liderc reconnaissance tool identified by researchers at Cisco. One previously unreported variant of the malicious tool was embedded in a Microsoft Excel document and was capable of writing the output (i.e. result of the system reconnaissance) to a hidden area of the spreadsheet, which presumably required an attacker to social engineer the target to trick them into saving and returning the file.

Outsourcing malware development: We’ve observed this group use several distinct malware families. Our investigation and malware analysis found that a portion of their malware was developed by Mahak Rayan Afraz (MRA), an IT company in Tehran with ties to the Islamic Revolutionary Guard Corps (IRGC). Some of the current and former MRA executives have links to companies sanctioned by the US government.

We shared our findings and threat indicators with industry peers so they too can detect and mitigate this activity. To disrupt this operation, we blocked malicious domains from being shared on our platform, took down the group’s accounts and notified people who we believe were targeted by this threat actor.

Threat Indicators

Domains:

1st-smtp2go[.]email 2nd-smtp2go[.]email 3rd-smtp2go[.]email 4th-smtp2go[.]email accounts[.]cam activesessions[.]me adobes[.]software alhds[.]net apppure[.]cf bahri[.]site bbcnews[.]email bitly[.]cam biturl[.]cx brdcst[.]email careeronestop[.]site cc-security-inc[.]email ccsecurity-mail-inc[.]email ccsecurity-mail-inc[.]services citymyworkday[.]com cityofberkeley[.]support cnbcnews[.]email cnnnews[.]global codejquery-ui[.]com com-account-challenge[.]email com-signin-v2[.]email comlogin[.]online comlogin[.]services copyleft[.]today crisiswatchsupport[.]shop datacatch[.]xyz dayzim[.]org dh135[.]world dollrealdoll[.]com dollrealdoll[.]online entrust[.]work erictrumpfundation[.]com facebookservices[.]gq fblogin[.]me fileblade[.]ga findcareersatusbofa[.]com fiservcareers[.]com goodreads[.]rest googl[.]club gropinggo[.]com hex6mak5z98nubb9vpd6t36cydkncfci9im872qx6hjci2egx8irq3qyt9pj[.]online hike[.]studio hiremilitaryheroes[.]com hosted-microsoft[.]com iemail[.]today incognito[.]today infoga[.]cam iqtel[.]org irtreporter[.]com itiee[.]life itieee[.]life jessicamcgill[.]life jqueryui-code[.]com jumhuria[.]com kartick[.]net kaspersky[.]team linkgen[.]me linksbit[.]com linq[.]ink liveleak[.]cam liveuamap[.]live lockheedmartinjobs[.]us loginaccount[.]email logonexchangeonline[.]com logonmicrosoftonline[.]com lskjirn[.]life mail2go[.]live mail2go[.]online mail2u[.]live mailaccountlive[.]email mailaccountlive[.]support mailpublisher[.]live mails[.]center metacafe[.]live micorsoftonilne[.]com micorsoftonline[.]website micorsoftonline[.]xyz microsoftoffice[.]systems microsoftonilne[.]cloud mispace[.]cam msol[.]live msonline[.]live mssecurityaccount[.]online mydomainxyz[.]xyz news-smtp2go[.]email newsl[.]ink noreplay[.]email novafile[.]tk onpointcorp[.]co outlook-services[.]com outlookservices[.]live outlookservices[.]me outube[.]live pic-shareonline[.]com pixlr[.]live pixlr[.]myftp[.]org post-jquery[.]com prefiles[.]ml publicsgroupe[.]net pwutc[.]live rali[.]live recruitme[.]international robotics[.]land sabic[.]work sandsngo[.]com saudivisions2030[.]org securityaccountreply[.]com seery[.]online sendblaster[.]org sender[.]gb[.]net shareae[.]cf shlink[.]run shlnk[.]run short-l[.]link shortli[.]live shrt[.]rip shur[.]live shurl[.]site site1[.]life smtp-2go[.]com smtp2go[.]best smtp2go[.]club smtp2go[.]email smtp2go[.]fun smtp2go[.]icu smtp2go[.]live smtp2go[.]me smtp2go[.]pw smtp2go[.]site smtp2go[.]space smtp2go[.]website smtper[.]center smtptogo[.]pw soc-usa[.]email soundcloud[.]fun soundcloud[.]live spreadme[.]international src-ymlang[.]link support-securitymail[.]email support-ymail-team[.]online surl[.]ist surl[.]live sxk8xrjtaikv3dxl7hgghw3vptvxpzzxeynrcltu4k3yeecjq3[.]online systembackend[.]site techmahindra[.]support teleweb[.]world tetra[.]email thegardian[.]ml thegaurdian[.]live thomsonsreuters[.]email thomsonsreuters[.]eu thomsonsreuters[.]link thomsonsreuters[.]net tinil[.]ink tinly[.]me tinylink[.]pro tinyurl[.]gold tiwpan[.]xyz tox[.]cheap treasury[.]email treporter[.]com trumphotel[.]net trumpnationallosangeles[.]email trumporganization[.]world trumporganizations[.]com tv-youtube[.]com uploaderfile[.]cf usdailypost[.]com usdailypost[.]net usdp[.]news vps[.]limited watch-youtube[.]com wikileaks[.]email workshopplatform[.]network xn--rumphotels-vcc[.]com xn--twitte-u9a[.]com xyzsitexyz[.]xyz ymail-account[.]support ymail-security-support[.]email ymail-security[.]support ymailaccounts[.]us ymailsupport[.]info zain[.]network

Source

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published.

Business

Facebook: How Meta Is Preparing for Brazil’s 2022 Elections

Today, we want to share our work to protect the integrity of presidential elections taking place in Brazil in October 2022. In recent years, we’ve increased our efforts to combat misinformation by investing in teams, technology and partnerships to ensure the safety of people using Meta’s platforms. Since 2016, we’ve quadrupled our security and integrity…

Published

on

By

Today, we want to share our work to protect the integrity of presidential elections taking place in Brazil in October 2022. In recent years, we’ve increased our efforts to combat misinformation by investing in teams, technology and partnerships to ensure the safety of people using Meta’s platforms.

Since 2016, we’ve quadrupled our security and integrity workforce to more than 40,000 people globally. Last year alone, we invested nearly $5 billion in both areas.

We know that local knowledge is essential for this work to be effective, so we also have a large team of specialists based in Brazil who have a deep understanding of the situation. These efforts are intensified as the election approaches, and our work to protect the integrity of our platforms will continue after the vote.

Preventing and Stopping Election Interference

Removing content that violates our policies on voter suppression, such as posts that discourage people from voting, is among our many responses to potential interference in the electoral process. We take many actions to prevent hate speech or the incitement of violence on our platforms.

Currently, 99.7% of the fake accounts we remove from Facebook are deleted by artificial intelligence, before they are reported by users. We also investigate and disrupt networks that use fake accounts in a coordinated way to influence public debate.

Closer to October, we will activate an Elections Operations Center focused on Brazil, an initiative we’ve implemented since 2018, to bring together experts from across the company – including intelligence, data science, engineering, research, operations, public policy and legal teams. They work together to identify potential threats on our platforms in real time, accelerating our response time.

Collaborating With Authorities

In partnership with Brazil’s Superior Electoral Court (TSE), in December 2021 we started adding a label to posts about political elections on Facebook and Instagram, directing people to reliable information on the Electoral Justice website. In the first two months after its launch, the label led to a 10-fold increase in visits to the Electoral Justice portal.

Between the end of April and the beginning of May, we posted reminders on Facebook for users to request or update their voter cards. The content was seen by the majority of adults using Facebook in Brazil and more than three  million people clicked to see more information. Closer to the upcoming election, we will again display reminders on Facebook and Instagram about voting day to raise awareness among voters and reduce abstention rates.

For the first time, the TSE will be able to report content directly on Facebook and Instagram that may violate our policies. We will analyze the reports once they are received.

WhatsApp launched an extrajudicial channel of communication in the 2020 municipal election to receive complaints from the TSE. The focus is on quick response to potential cases of bulk messaging, which is forbidden by local electoral law and by the app’s terms of service.

We also developed a virtual assistant on WhatsApp with the TSE, as we did during Brazil’s 2020 municipal election. The chatbot is accessible through the number +55 61 9637-1078. It allows voters to interact directly with the electoral authority and receive relevant information about the vote.

Meta has hosted training sessions for electoral officials all over Brazil to explain our actions to curb misinformation, share details on how Facebook and Instagram work, and detail our content rules, which we call our Community Standards and Community Guidelines. We also offer workshops to candidates and their campaign teams.

The partnership with the TSE also includes booklets with information for the electoral community and a guide to combating online violence against women in politics, also supported by the Women’s Democracy Network (WDN) – Brazil Chapter.

Fighting Misinformation

We remove content on Facebook and Instagram that discourages voting or interferes with voting, such as incorrect information about the election date or candidates’ numbers.

We also work with independent fact-checking organizations to verify the veracity of reported posts that don’t violate our Community Standards. When fact-checkers mark a post as false, we reduce its reach on Facebook and Instagram.

People who still see this content in their feeds will see it covered with a label and a link directing them to more information from the fact-checker. In July, we increased the number of partners in our fact-checking initiative in Brazil from four to six including: Agência Lupa, AFP, Aos Fatos, Estadão Verifica, Reuters Fact Check and UOL Confere.

Since messages on WhatsApp are end-to-end encrypted, we fight misinformation on WhatsApp through measures to reduce message virality.

Messages forwarded on WhatsApp are identified with a tag. Since 2020, messages with five or more forwards can be resent to just one conversation, which has led to a 70% global reduction in the number of frequently forwarded messages. This year, we implemented a new forwarding limit on WhatsApp: now, any forwarded message can only be forwarded again to one WhatsApp group at a time.

Advertising Transparency

In 2018, we launched our transparency tools for ads about politics and elections on Facebook and Instagram in Brazil. In 2020, we began requiring advertisers who wish to run ads about elections or politics to complete an authorization process and include “Paid for by” disclaimers on these ads. This year, we’ve expanded that requirement to ads about social issues such as economics, security and education.

All posts with the “Paid for by” disclaimer go to the Ad Library, where they are stored for seven years. The tool is open and provides anyone with detailed information about political ads including  the ad source account, audience demographics and estimated spending range, among other data.

Protecting the integrity of the Brazilian election in 2022 on our apps is a priority for Meta. We will continue to share updates on how we move forward with this work.

See more information about our work on elections.

Source

Continue Reading

Business

Microsoft is a Leader in The Forrester Wave: CRM Suites, Q3 2022

We are honored to announce that Microsoft Dynamics 365 was identified as a Leader in The Forrester WaveTM: CRM Suites, Q3 2022. A few weeks ago, during his Microsoft Inspire keynote, Satya Nadella reminded us of the distinct value that Microsoft provides to organizations by leading the way in digital transformation and supercharging their systems…

Published

on

By

We are honored to announce that Microsoft Dynamics 365 was identified as a Leader in The Forrester WaveTM: CRM Suites, Q3 2022.

A few weeks ago, during his Microsoft Inspire keynote, Satya Nadella reminded us of the distinct value that Microsoft provides to organizations by leading the way in digital transformation and supercharging their systems of record. “Dynamics 365 is purpose-built for this new world of business process. Our intelligent business applications connect data, process, and teams, ushering in a new era of hyper connected business and offering unparalleled value.” And over this past year we have been proud to see our customers take Dynamics 365 and show that there are really no limits to what can be done when you unite data silos with industry-leading AI and integrate collaboration tools throughout.

From the Campari Group’s ability to deploy bespoke personalization to their event attendees with real-time customer journey orchestration, to Dextra Group’s saving a whopping 60 percent on their customer relationship management (CRM) cost while also increasing seller productivity and lead quality, and to the city of Richmond, Virginia transformation of their non-emergency case management capabilities to deliver omnichannel engagement for improved efficiency and also becoming benchmark for how governments nationwide can utilize digital tools to better serve their communities.

What makes our CRM and connected products stand out for our customers? Here are seven key insights we have heard over the past year.

  1. Dynamics 365 provides an end-to-end, full-funnel solution. Dynamics 365 is the only portfolio of intelligent business applications that accelerates revenue outcomes by transforming selling experiences with a single intelligent, digital, customizable solution.
  2. Robust AI insights at your fingertips. Dynamics 365 enables everyone, across every team, to make better and more impactful decisions by converting data into insights with the intelligence of Microsoft AI allowing teams to be more efficient and productive.
  3. Breakdown the barriers between people. We offer the leading workplace collaboration, video conferencing, and meeting software in the world with Microsoft Teams, which can connect seamlessly with our out-of-the-box CRM or be personalized to fit an organization’s needs with custom features.
  4. Personalize every experience. Dynamics 365 Marketing assists companies in more deeply understanding their customers and drives intent with AI-powered insights to deliver connected experiences—all the way from acquisition to retention.
  5. Streamlined, proactive, scalable sales. Dynamics 365 helps sales teams uplevel forecasting and revenue operations with built-in AI and machine learning and enhance seller performance with recommended next best actions, productivity tools, and real-time coaching.
  6. Breakthrough service capabilities. Dynamics 365 Customer Service helps organizations meet the evolving needs of every customer across every channel and increases customer satisfaction, while boosting frontline employee productivity regardless of location.
  7. Low-code transformation. With Microsoft Power Platform, organizations can provide anyone with the ability for low-code transformation with low-code, intuitive, extensible tools that seamlessly connect to Dynamics 365. 

It’s an honor for us that so many organizations look to us for help modernizing sales, marketing, and service operations. As Forrester states in its report, “Microsoft’s strong vision, the breadth of its suite, and its partner ecosystem and industry solutions drive its 40% year-over-year growth, especially in industries such as financial services, healthcare, and retail.” We genuinely believe that with connected data, underpinned by industry leading AI and insights, there are no limits to what organizations can do. From upleveling employee experiences, to improving team productivity, and building deeper relationships with customers. It is all available with Dynamics 365.

Learn more

To learn more about how Microsoft compared with the other eight selected providers, please navigate to The Forrester WaveTM: CRM Suites, Q3 2022 website and get your copy.

Source

Continue Reading

Business

Exchange Online Basic authentication is going away: What you need to know

Effective October 1, 2022, you will no longer be able to use Basic authentication to connect to Microsoft Exchange Online. If your organization uses server-side synchronization or the deprecated Dynamics 365 Email Router, you should find out now whether you need to prepare for the change. How will removing Exchange Online Basic authentication affect Dynamics…

Published

on

By

Effective October 1, 2022, you will no longer be able to use Basic authentication to connect to Microsoft Exchange Online. If your organization uses server-side synchronization or the deprecated Dynamics 365 Email Router, you should find out now whether you need to prepare for the change.

How will removing Exchange Online Basic authentication affect Dynamics 365 and Power Apps?

After October 1, 2022, any connection to Exchange Online that uses server-side sync or the Dynamics 365 Email Router with Basic authentication (username and password) will quit working. Dynamics 365 mailboxes that use these connections will no longer be able to:

  • Send email from Dynamics 365 through Exchange Online
  • Retrieve email from Exchange Online
  • Synchronize appointments, contacts, or tasks between Dynamics 365 and Exchange Online

This change doesn’t affect connections that use Modern authentication (OAuth 2.0 token-based authorization).

How can I find out if I need to prepare?

If your company is using server-side sync or the Email Router to connect to Exchange Online using a username and password, you need to act. There are a couple of ways to find out whether your organization is affected and what you need to do if it is.

Review your Message Center Posts (recommended)

The fastest and most reliable way to know if you need to prepare and what to do is to look in the Microsoft 365 Message Center. (You must have admin rights to sign in to the Message Center.) The Exchange Online team has been sending monthly Message Center posts to all affected customers with the following title format: “Basic Authentication – Monthly Usage Report – 2022.”

If your organization is using server-side sync with Basic authentication, you may also have received Message Center posts from the Dynamics 365 or Power Apps services. Look for posts with the following title: “Impact due to Exchange Online disabling Basic Authentication.”

The posts provide detailed information about the change and actions you need to take before October 1.

Check your Dynamics 365 email settings

If you don’t find any posts in the Message Center, read our guide on how to check whether your organization is affected and if it is, what you need to do before October 1.

Learn more

You can find more information, including FAQs, in the documentation:

Use of Basic authentication with Exchange Online | Microsoft Docs

Source

Continue Reading

Trending

Copyright © 2021 Today's Digital.