phishing-attacks

Another COVID-related lure: Phishing Scam Targeting Email Users

Amid the COVID-19 outbreak, email users are constantly warned against fraudulent emails and scams. However, a new phishing campaign targeted email users by promising them a government-funded tax cut.

According to think tank Parliament Street, the phishing email appears from the recipient appearing to be a ‘Government Digital Service Team’ which claims a user to offer a rebate of nearly £400.

The email begins with,

“You are getting a Council Tax Reduction (this used to be called Council Tax Benefit) considering you’re on a low income or get benefits,” 

“Total amount of benefits: GBP 385.50. The refunded amount will be transferred directly on your Debit/Credit card. Apply now to claim the reductions made over your past two years of Council Tax payments.”

However, in the subject line, the refund amount stated appears £385.55. This is one of several mistakes that indicates a suspicious recipient. Such mistakes demonstrate an email to be a scam

Parliament Street said that the message is delivered to hundreds of inboxes. As argued by Andy Harcup, Absolute Software VP,

“Since the start of COVID-19, the cyber-threats facing adults in the UK has surged, and this latest attack is one of many which have been designed to prey on individuals’ vulnerability and fear during this trying time,” 

The CEO of Cynance, Stav Pischits added that cybercriminals find it easy to use government text and copy it to create phishing emails.

“All too often, weary workers who are struggling with the financial impact of the COVID-19 outbreak will jump at the chance for a discount or refund like this,” he argued.

“Anyone receiving an email like this should also double check the source address of the sender and carefully examine the communication for typos and errors, often associated with online scams. Failure to do so could put the financial and personal data of the individual and their employer at risk.”

In the first half of this year, a notable increase in phishing scams is seen against which users are warned. The new phishing campaigns are emerging every day and for users, it is crucially important to beware.

Local-Election-Officials

Local Election Officials’ Emails Could be at risk for phishing attempts

Cybersecurity firm Area 1 found 666 of 10,000 election workers used personal email accounts

According to a report, many election officials across the US are using email systems that could make them more susceptible to phishing attempts

Less than 20 percent of 10,000 state and local election administrations had advanced anti-phishing controls in place. About 666 of the election officials were relying on personal email addresses for election-related matters.

Jurisdictions in several states were using a version of free Exim software that Russia’s GRU intelligence service had targeted for online attacks starting in 2019, according to the Journal

It raises concerns that local election officials may be underprepared for possible intrusions into their email systems. 

Already this year, foreign hackers have targeted the personal email accounts of staffers working on the campaigns of presumptive Democratic nominee Joe Biden and President Trump. Google, which reported the attempts, said last month it had not seen evidence that those attacks were successful.

gaming online services shuftipro

Garmin Online Services Reportedly Hit With Ransomware Attack in demand for $10 Million

Ransomware attacks are on the rise, and Garmin is the latest big name to take a hit.

A hacker group called Evil Corp demanded $10m from the GPS giant in the latest high-profile ransomware attack. The feds have been chasing Evil Corp for months.

Garmin said Garmin Connect, garmin.com, and even its call centers were hit.

An ongoing global outage at sport and fitness tech giant Garmin  was caused by a ransomware attack, according to two sources with direct knowledge of the incident.

The incident began late Wednesday and continued through the weekend, causing disruption to the company’s online services for millions of users.

In a brief update on Saturday, Garmin said it had “no indication that this outage has affected your data, including activity, payment or other personal information.”

The two sources told TechCrunch that Garmin was trying to bring its network back online after the ransomware attack. One of the sources confirmed that the WastedLocker ransomware was to blame for the outage.

Ransomware attacks have occurred with increasing regularity in the last several years. After gaining access to a computer system through a vulnerability or social engineering, ransomware attackers encrypt important files. They demand heavy payment to provide the decryption key.

twitter breach scam

Twitter Breach – Bitcoin Scams to the Next Level

A massive attack is reported on Twitter accounts of high-profile and well-recognized brands. Hackers targeted the twitter accounts and took cryptocurrency scam to the next level in a duration of a few hours. The scam took place on July 15 in which 130 well-recognized Twitter accounts were abused to promote the Bitcoin scam.

Hackers got access over the accounts of Barack Obama, Kayne West, Joe Biden and many other celebrities and were able to post tweets promising to pay double the amount of Bitcoin payment that will be sent to the digital wallet address for next 30 minutes. 

The attackers employed social engineering tricks and probably gained access to Twitter’s internal administrative tools through which they were able to post the tweets directly. The hackers were able to collect 12 BTC through more than 320 transactions. The digital wallet address was also given on which the users were supposed to send BTC within 30 minutes of posting the tweets.

bitcoin scams

Major US Twitter accounts hacked in Bitcoin scam

Billionaires Elon Musk, Jeff Bezos, Barack Obama, Joe Biden and Bill Gates are among the many US figures who are targeted by hackers on Twitter in an apparent Bitcoin scam.

The official accounts of prominent figures were hacked and requested donations in the cryptocurrency. The US Senate Commerce committee has asked Twitter to brief it about the incident next week.

So far Twitter has reported in a series of tweets that  it was a “coordinated” attack targeting its employees “with access to internal systems and tools”.

Hackers used this access to take control of many highly-visible accounts and Tweet on their behalf. It is added that significant steps had been taken to limit access of criminals to such internal systems. For the time being Twitter has blocked users from being able to tweet Botcoin wallet addresses. 

Meanwhile, Twitter chief executive Jack Dorsey tweeted about the incident: 

“Tough day for us at Twitter. We all feel terrible this happened.”

 

Moreover, People are urged to treat requests for money or sensitive information on social media with extreme caution. Cyber-security experts said that the breach could have been a lot worse in other circumstances.

ecommerce lost million fraud

eCommerce Lost £16 Million in Frauds During Lockdown

The UK’s national reporting centre for fraud and cybercrime has revealed new figures which show £16 million has been lost to eCommerce fraud during the Covid-19 lockdowns.

Action Fraud statistics show 16,352 people fell victim to online shopping and fraudsters steal £17m during lockdown. Since shops were forced to close due to the coronavirus outbreak, businesses are enforced to operate online only. Fraudsters took advantage of this situation and made their game strong.  Most of the victims were between 18 to 26 years of age and lived in London, Birmingham, Manchester, Leeds, Sheffield, Liverpool, Bristol and Nottingham.

Ben Tuckwell, RSA Security district manager for the UK and Ireland, said: 

           “The warning from Action Fraud is concerning but not altogether surprising. Unfortunately, fraudsters thrive in times of disruption. The recent shift to e-commerce has been critical for both consumers and the economy, but fraudsters have been quick to take advantage too. In fact, in the first three months of 2020, RSA recovered details of over five million unique compromised cards globally.”

Once credentials are stolen these are sold on the dark web to other fraudsters who can use them to buy goods. During the pandemic, fraudsters appear to have had growing success targeting online sites for fraudulent purchases. Especially. As retailers guided consumers to mobile apps as a means to transact, fraudsters have exploited this shift. As shopping increasingly moves online, there is a dire need to have digital identity verification solutions integrated into the system to know your buyer and to put a halt on fraudsters.

DDos attacks

Cloudflare Discloses Another huge DDoS Attack

Amid the COVID-19 outbreak, a surf in internet traffic can be seen and thus, an increase in cyberattacks. DDoS attacks are getting complex over time and levitating each passing day. Hackers are finding new ways to exploit vulnerabilities in the network. A four-day attack was witnessed by Cloudflare in late June which involved 316,000 unique sending addresses with 754 million packets per second peak rate.

Cloudflare revealed a DDoS attack on June 21 and mitigated it. Cloudflare researchers reported in a blogpost that this cyberattack was the combination of three TCP attack vectors; ACK floods, SYN floods, and SYN-ACK floods. In this four-day period, the attack sustained a peak rate of 400-600 million packets per second and crossed 700 multiple times. 

The packet-based volumetric DDoS attack was endeavored to jam the routers and all data center appliances of Cloudflare and didn’t flood the in-bound data connections. The company says that these huge cyberattacks continue despite their decrease and size or volume of DD0S attacks. 

Cloudflare says in its blog post that the attack was detected and handled automatically by their DDoS detection system and does not involve any manual interventions. It also says that the attack was an organized four-day campaign that remained from June 18 to June 21

Protect Business and Remote Staff from Cybercriminals Shufitpro

7 Ways to Protect Business and Remote Staff from Cybercriminals

Businesses are facing ‘new normal’ as the workplace has shifted from offices to homes amid coronavirus pandemic. This has made many businesses keep running but added vulnerability too as the company’s data is being accessed from different servers and locations. Remote work is a trend that is being widely adopted in this pandemic to keep businesses operating but companies need to take steps to safeguard their data and team members against cybercriminals taking advantage of the current situation. In this blog, we’ll discuss some preventive measures that businesses need to take to prevent cyberattacks during coronavirus pandemic. 

Tips

Cybersecurity Tips for Companies and Remote Workers Amid Covid-19 Lockdown

Businesses need to go on, work has to be done, so effective security measures have to be observed for businesses implementing WFH policy. Due to the current crisis, employees are pushed to work from their homes and get their work done effectively in inconducive environments and protect company data from unauthorized access. Cybercriminals are smart and will not let a good crisis go to waste. They will do whatever they can to exploit data and hardware device security vulnerabilities that can arise due to remote workers. 

Tips

Here are some ways businesses can protect cyberattacks while implementing remote work policy:

Check for Security Vulnerability

To detect vulnerabilities and offer solutions, ethical or white-hat hacking is the act of legal penetration testing done by a cybersecurity expert on organizations’ information systems. Relevant solutions are suggested based on that hacking for enhanced cybersecurity. Ethical hackers must be hired to check for potential security threats. Moreover, this gives companies a better sense of understanding their security vulnerabilities so that they can implement more robust defense measures to prevent data breaches.

Protection for Malware/Ransomware

Malware is malicious software that allows the cyber attackers to gain control of the desired computer or system. Ransomware is a type of malware in which the attacker demands a ransom to give control of the computer or system back to the victim who is the rightful owner. If the victim fails to pay the ransom, the hackers release small amounts of data to force the victims to pay. Remote employees can protect themselves against such attacks in the following ways:

  • Always inform the company’s security experts when moving or using a different computer than the one provided to them. 
  • Avoid using open public Wi-Fis.
  • Do not open suspicious emails or attachments.
  • Always update all software and use reputable antivirus software or firewalls.

Online Security

Use of VPNs

A virtual private network (VPN) allows organizations to safely connect to a computer when they are using a less secure network. Using a VPN offers privacy and protection for company’s data from being accessed by unauthorized sources.

Cloud Storage

Companies should use cloud-based services authorized by security experts to store data and encourage their remote workers to do so. In case the computer malfunctions or is stolen, this will protect any kind of data loss.

Deploy Identity Verification Solutions

Identity verification solutions assist businesses to comply with Anti-Money Laundering (AML) and Know Your Customer (KYC) regulations. To mitigate the risk of scams while working remotely these solutions play a vital role. Knowing who you are dealing with is an uphill task but it is very crucial especially when you are operating online. Moreover, as the staff is working from their homes how can the businesses be a step ahead to properly secure the company from fake identities? Digital ID verification solutions provide contactless technology to conveniently carry out cumbersome procedures of KYC, KYB, and AML. This technology provides a remote solution by authenticating identities and other businesses in real-time using document verification and biometric technology. Knowing your employees remotely through biometric identification service can harden your WFH process. 

With a face verification solution using a 3D liveness detection feature, you can always authenticate an employee working from afar.

Read More: Working from Home Spikes Demand for Digital Identity Verification

Educate Employees about CyberSecurity

Businesses must give awareness to their employees about the basics of cybersecurity such as phishing emails, ransomware, malware, antivirus software, avoiding using public Wi-Fi, etc. There should be an emergency response team that remote workers should contact when something suspicious takes place. As it is said that a stitch in time saves nine.

Software Updates & Strong Passwords

Remote workers must update their software to the latest version in line or the security team should set your system to update automatically when there is a new version available. This will save businesses from falling in the pit of scammers. Moreover, strong passwords must be used by remote workers to minimize the chances of being hacked. There are many online password generators that individuals can turn to create strong passwords using upper case and lower case letters, numbers, and symbols. To reduce the probability of being hacked through brute-force attacks the passwords need to be changed periodically.

In addition, 2-factor authentication is strongly recommended to avoid unauthorized access in case if the hacker has got your credentials.

In a Nutshell

These are unprecedented times in which both businesses and the government are still navigating their way around this Covid-19 pandemic. It is through these tough times that cybercriminals will exploit those businesses who drop the guard. It is the duty of both businesses and employees to protect private data from falling in the wrong hands. 

five billion unique credentials circulating

5 Billion Unique Credentials Circulating on Darknet

According to the report released by security firm Digital Shadows, a total of 15 billion user credentials are circulating on the darknet forums. Among those, 5 billion are unique that do not have any repeated username and password pair. Cybercriminals are selling access to online bank accounts and domain administrator rights to corporate networks. 

A threat researcher at Digital Shadows, Kacey Clark says, “More often than not, credentials that are exposed are reposts or amalgamations of previously exposed credentials,” 

“Security teams that monitor for these types of issues, therefore, may well have already remediated the risk. Unique credentials, however, represent a higher risk and so are likely of greater concern for security teams.”

The cyber crimes are increasing and the number of stolen credentials advertising on the underground forums has increased by 300% since 2018. Extensive research of 18 months done by Digital Shadows shows that nearly 10,000 data breaches have taken place in two years in which credentials are compromised.  

Creator of the HaveIBeenPwned breach notification service, Troy Hunt tells Information Security Media Group,

“I’m not overly surprised by the numbers,” 

He added, “Anecdotally, I’ve noticed a lot more credential stuffing lists in circulation recently, and just like the [COVID-19] pandemic itself, they seem to be replicating at a fierce rate.”

15 Billion Stolen Logins From 100,000 Breaches – Reveals New Dark Web Audit

15 billion – a figure published demonstrates the stolen logins came about through the 18 months of Digital Shadow’s Security researchers. They audited the criminal’s marketplace over the dark web and found that the stolen credentials have increased 300% since the audit done previously in 2017. The audit reveals 15 billion stolen credentials from 100,000 breaches. 

Among those 15 billion records, about 5 billion are unique. These records estimate an average of $15.43 as an individual record selling. These data breaches highlight most of the compromised data belongs to banks and financial accounts which accumulate an average of $70.91 per piece. Also, about 25% of all dark web advertisements offer such records as they carry more valuable data.

In the audit, researchers have also found that the stolen credentials are provided as a service. Now instead of buying the credentials, criminals rent the identity for a particular time period for less than $10. 

The chief information security officer, Rick Holland, said in a statement,

“The sheer number of credentials available is staggering and in just over the past 1.5 years, we’ve identified and alerted our customers to some 27 million credentials – which could directly affect them,”  Also, he said, “Some of these exposed accounts can have (or have access to) incredibly sensitive information. Details exposed from one breach could be re-used to compromise accounts used elsewhere.”

He added by giving a simple message: “Consumers should use different passwords for every account and organizations should stay ahead of the criminals by tracking where the details of their employees and customers could be compromised.”

Certified information systems security professional and senior vice president of global business and corporate development at digital identity firm ForgeRock Inc., Ben Goodman, told in a statement that passwords are traditional user authentication method for decades and that a user has an average of 130 online accounts.

“It’s unlikely that users can remember 130 unique sets of login credentials and as a result, most opt to reuse the same passwords and usernames across most if not all of their accounts,” he said. “In fact, 57% of people who have already been scammed in phishing attacks still haven’t changed their password, enabling fraudsters to leverage compromised login credentials from one account to access additional profiles with more critical data, including banking and healthcare information.”

His advice: Organizations must recognize the security risks of passwords and usernames and adopt technology to enable passwordless and username-less logins.

Hacker Group Profited

Hacker Group Profited $7M in Crypto by Selling Stolen Credit Cards

A hacker group “Keeper” developed an interconnected network of over 570 eCommerce sites to steal credit cards. Since 2017, the gang has profited about $7 million in crypto by selling the information of stolen credit cards through the dark web. 

According to the study conducted by threat intelligence firm, Gemini Advisory, on July 7, the hacker gang created 64 attacker and 73 exfiltration domains. Using these domains, the credit card data was retrieved from various eCommerce sites of about 55 countries. In these malicious domains, a login panel for each eCommerce site was hosted and malware payload was injected into it to get credit card data.

The United States, Netherlands, and the United Kingdom are the most affected countries due to these cyberattacks. Between July 2018 and April 2019, about 184,000 credit cards were compromised. However, still, the exact numbers are not known. The gang is still active to perform cyberattacks and researchers say that now the gang has improved technical skills to attack.  

Ameet Naik, security expert at PerimeterX, a cybersecurity firm, told Cointelegraph:

“Digital skimming and Magecart attacks are a lucrative business for hackers yielding rich bounties. Large scale operations like these can still compromise hundreds of thousands of credit cards even though they don’t target major high traffic stores. Businesses need to remain vigilant to Magecart attacks by locking down their infrastructure, using strong multi-factor authentication whenever possible and  leveraging client-side application protection solutions that can detect and stop such attacks in real-time.”

Visa: CBDC is the most important trend in payments

According to Visa’s Head of Crypto, Central Bank Digital Currencies, or CBDC, seems to be one of the most important trends over the next couple of years.

Cuy Sheffield, who runs Visa, the credit card giant’s crypto projects, tweeted that “as governments evaluate CBDC, the path they decide to take will have major implications for privacy, monetary sovereignty, geopolitics, and financial inclusion, as well as the global adoption of crypto dollars and Bitcoin.” 

He stated that although he could argue on central bank digital currency (CBDC) as being one of the most important trends for the future of money and transactions. However, in spite of anyone’s personal views regarding it, in reality, the global interest in CBDC does not seem to go away.

Sheffield has been an advocate of CBDC for some time now. In May, Sheffield stated that central banks are not inclined towards consumer-facing digital currency solutions. Visa has shown its keen interest in digital currencies and even filed a digital currency patent application earlier this year.

A number of central banks have been experimenting with the idea of providing digital currencies themselves. The Bank of Japan claimed that it would test out the feasibility of a digital Yen to make sure it can provide universal access and resilience to those who want to use the virtual currency. 

Japan is just one of the few countries to consider digital currencies. China also has plans of coming up with a digital Yuan soon, although no date has been disclosed yet.

DC lawyers can now accept cryptofor legal fees

DC lawyers can now accept crypto for legal fees

According to a report by Bloomberg Law, cryptocurrency can now be used to pay for legal services as long as the fee agreement is fair and is only permissible if the lawyer can safely store the payment, stated the District of Columbia Bar.

The organization said, “[Attorneys] cannot hold back the tides of change even if they would like to, and cryptocurrency is increasingly accepted as a payment method by vendors and service providers, including lawyers.”

The committee agreed to the unpredictable nature of cryptocurrencies and stated that honesty to the client should be maintained in fee arrangements. The clients of District lawyers are permitted to discuss with outside legal counsel on any crypto-payment deal, and attorneys need to obtain written consent from clients regarding the fee agreement.

Lawyers also must be proficient in blockchain, the underlying technology of bitcoin and other cryptocurrencies, to maintain the security and protection of all advance fees. The bar wants lawyers to understand and safeguard against the numerous ways how cryptocurrency can be misused, stolen, or lost.

Bar associations in other jurisdictions, such as New York City, North Carolina, and Nebraska have approved the acceptance of cryptocurrency as payment earlier.

California university pays a million dollar crypto ransom

California university pays a million-dollar crypto ransom

As per reports, the University of California reportedly paid a huge ransom of $1.14 million in cryptocurrencies to the hackers behind a ransomware attack on June 1.

CBS San Francisco claimed that the UCSF IT staff initially noticed the security incident, stating that the attack initiated by the NetWalker group affected a limited number of servers in the School of Medicine.”

Even though the areas were secluded by experts from the internal network, the hackers made the servers inaccessible and managed to successfully deploy the ransomware. The University of California stated that the encrypted data that was crucial to some of the academic work pursued by the university to serve the public. Therefore, the difficult decision to pay a portion of the ransom was made, which was about $1.14 million, to the hackers behind the malware attack in return for a decryption tool to unlock the encrypted data.

BBC News reported that a secret negotiation took palace between the UCSF officials and the gang, but was unsuccessful.

The university’s officials initially proposed the gang to decrease the ransom payment amount to $780,000, but the hackers did not accept the offer, claiming that if they accepted the proposed amount, it would be as if they had “worked for nothing.”

Netwalker group claimed that they will not accept an amount less than $1.5 million. A few hours later, the UCSF staff asked for the method to send the payment and gave a final offer of $1,140,895, which was accepted by Netwalker.

A ransomware payment of 116.4 Bitcoin (BTC) was then made to the ransomers’ wallets by the university and the decryption software was received by them.

At the beginning of June, Michigan State University had been attacked by the NetWalker ransomware gang, which had threatened to reveal students’ data and financial information. At the time, university officials stated that they would not pay the ransom.

Bitcoin scam exposes thousands to a data breach

Bitcoin scam exposes thousands to a data breach

Fraud websites have successfully stolen the personal records of a number of individuals from the United Kingdom, Australia, South Africa, the United States, Singapore, Malaysia, Spain, and more. The attack was carried out as a targeted multistage Bitcoin (BTC) scam circulated by a number of fake websites.

As per a Singapore-based intelligence company Group-IB, the attack revealed personal data for thousands of people.

Victim’s phone numbers, which in most cases came with names and emails, were contained in personalized URLs to redirect people towards websites. These sites constituted as local news outlets, even including fabricated comments from key local personalities.

Analysis performed on the leaked numbers allowed Group-IB to find out where most of the data had leaked from. It was discovered that the U.K. was the most affected place with 147,610 personal records.

The report states that victims commonly received a text message which mentioned the name of the recipient. This was followed by a phishing message meant to impersonate a recognized media outlet.

The head of Group-IB’s brand protection team, Ilia Rozhnov, stated:

“Fraudulent schemes have become more complicated. They now involve several stages, complex distributed infrastructure, and abuse of personal and corporate brands that are hard to track down and block using traditional detection methods. Companies and celebrities whose names were hijacked by fraudsters suffer reputational damage and face diminished customer trust.”

Researchers identified six active domains with the same Bitcoin investment platform. Each however operated with a unique name. Some of these are Crypto Cash, Bitcoin Supreme, Banking on Blockchain, and Bitcoin Rejoin.

The Group-IB team has detected the exposed data through a number of data breach repositories. They have also examined a number of underground marketplaces for the presence of this data. So far, they have not found any evidence of the information.

The source of the leak has not yet been established. The team has reported the study’s findings to the proper authorities in each affected country.

Massive Cyberattack

Massive Cyberattack on Australia Uses Cryptojacking Exploits

According to the Australian Cyber Security Centre, a group of “state actors” hacked Australian networks on June 19 and one of the vulnerabilities they exploited is related to cryptojacking malware attacks.

As per a report, the threat actors utilized four crucial vulnerabilities in Telerik UI, including CVE-2019-18935, which was influenced by the Blue Mockingbird malware gang to damage thousands of systems with a Monero (XMR) mining software called XMRRig.

It was not mentioned if hackers had installed cryptojacking malware during the recent cyberattack, such susceptibility is preferred by cybercriminals for the installation of crypto-mining applications within the corporate systems. 

The vulnerability of CVE-2019-18935 has been explained by the report, which is also similar to the ones on the Blue Mockingbird’s attack, although it doesn’t suggest that such a gang participated in the cyberattack against Australia.

About 10 Chinese hacker groups – took part in espionage activities and reportedly have links with the Chinese government – have PlugX malware along with their weapons, which was one of the malware identified in the report of the Australian government.

According to some Australian officials, China could be responsible for the massive cyberattack, as the diplomatic issues have been increasing between the two countries. It was claimed that the attack could have come after Australia sought for an investigation on the origins of the Coronavirus, something that was not well-received the dragon nation officials, as they considered it a “discriminatory” allegation and responded with trade retaliation against the Oceanic country.

The Chinese government has rejected the claims.

More posts