Cyber Police Exposed A Large-scale Criminal Network

✨ Megiddo

✨ Megiddo

✨ President ✨
Staff member
Joined
May 15, 2016
Messages
14,578
Likes
2,645
Points
1,730
6UEwBYcSzkF649WC33EOnHKCeOlPz2kGGeYM68xu.jpeg


The Ukrainian cyber police reported on the successful blocking of the site, which, by installing an application on a smartphone, could access all user data.

This is discussed in the message of the National Police on the social network Facebook.

“Cyberpolice together with Kyivstar blocked a fraudulent resource

. user data.

Thanks to the prompt reaction of the cyber police officers and the company's specialists, this phishing resource has been blocked, "the department says.


facebook com
Although a screenshot of the analysis of the dangerous program in the Joe Sandbox was attached before publication, some Ukrainians noted that the police did not provide the public with useful information.

"Everything is fine here - an interesting incident, cooperation, but there is one drawback - neither the name of the application, nor the indicators. That is, those who provide information security in organizations (information security administrators, etc.) cannot work out your information. If you were the head of the enterprise, read the news of the KP and asked your IS administrator: "Dear, was there (is) a risk from the described threat in our enterprise?", then your "security administrator" could not answer - because there is nothing to check.

And this, sir, is not an isolated case. I have already seen interesting news dozens of times, but there was no fact. For example, they detained a fraudster who was distributing the SPZ and stealing authentication data. Point. What to do with this info? Nothing, right. It is necessary to indicate the name of the SHPZ, provide hashes and indicators so that information security administrators and all interested parties can check whether this threat is relevant for them. Please make sure that news like the one mentioned above is necessarily published with an attachment in the form of "Indicators of Compromise", where you would mark the hash-sums of the files (FSH), the domain and IP-addresses of the control servers, any other indicators of attack / compromise. This is the de facto standard. Now it turns out that you talked about something, did the job, and everyone else has nothing to do, all the indicators you have somewhere in the records slowly "die" ", - Nikolay Koval explained.

cyberpolice gov ua
__________________
 
You must log in or register to reply here.
Top Bottom