Search This Blog

Showing posts with label Cyber Crime. Show all posts

Fake Crypto Website: Berkshire Hathaway Issues Warning




Warren Buffett's company Berkshire Hathaway Inc. issued a warning to investors on Friday stating that it is not associated with a fictitious cryptocurrency trading website that uses the Berkshire Hathaway brand.

According to the website's creator, a Texas-based broker was established in 2020 to offer investors the chance to earn a fully passive income through investments in cryptocurrency mining.

It concerns alleged client endorsements and claims that the broker is licensed in the US, UK, Cyprus, and South Africa while mispronouncing the names of two authorities. Its email format is different from Buffett's company's.

Buffett has always been wary of cryptocurrencies; despite a change in the public's opinion of bitcoin, Buffett still would not purchase it. He has a bias to view cryptocurrencies as passive investments that holders purchase with the expectation of long-term price growth.

At the Berkshire Hathaway annual shareholders meeting on Saturday, he said that the asset is not productive and produces nothing measurable.

"The entity that owns this web address has no affiliation with Berkshire Hathaway Inc. or its Chairman and CEO, Warren E. Buffett," according to a statement from Buffett's company, which claimed it learned about the website.

It has gained recognition as an investment asset in Western countries, especially during the past year as rates and inflation have increased. People continue to see great potential for its application as digital currency in other areas.

"Assets must provide someone with something in order to be valuable. Additionally, just one type of currency is recognized. You can think of all kinds of things; we can even put up Berkshire coins, but at the end of the day, this is money," remarked Warren Buffett, holding up a $20 bill.

Requests for comment from the website's owner were not immediately answered. Recent months have seen increased scrutiny of cryptocurrencies.

As a result of reports of $10 billion in client, assets were transferred from FTX to Bankman-trading Fried's firm Alameda Research, FTX declared bankruptcy and is now under investigation by American authorities.

German Citizen Suspected of Major Fraud Arrested by Greek Police

 


In a police announcement on Thursday, Greece police arrested a 35-year-old German citizen who has been charged with four cases of fraud and cybercrime, out of which three cases are from Germany and one International. The fraud was more than 1.4 million euros. 

On Wednesday, the man arrested for the fraud cases was stopped at Thessaloniki airport in Northern Greece. Later he was taken into custody in the afternoon on a European Arrest warrant and was arrested on Thursday, though police did not reveal his name. 

After further analysis, on Saturday, the organized division of crime and human trafficking of Thessaloniki police found 1,000 photos and videos of child pornography in the mobile of the suspect. The study also revealed that he was accused of leading a gang that included persuading the targeted people to invest large amounts of money. The fraudster made attractive promises of giving good returns. Later the invested amount was distributed to a Europe-wide network. 

The man was also charged with impersonating a police officer while checking into the hospital in a police uniform that was later found in his house. 

While investigating his house, his mother showed the police an ID of a German police officer. She claimed that he was associated with a specific unit investigating networks of pedophiles. After further analysis, the ID was found to be fake, and “the man” had to face a Greek prosecutor in next week for impersonating both a German and Greek police officer. 

On investigating his house and car, police found two license plates with numbers that belong to German state vehicles. Of those two license plates, one was fake, and along with it, fake payment statements of salary from German state authorities were also found. 

The report also mentioned that the fraud was not limited to only Germany, the gang has approached their targets through email and telephone from all across the globe. 

After analyzing the charges on the suspect, he has been convicted of 10 years in prison in Germany for the fraud of 1.4 million euros. According to authorities, the gang has defrauded at least 1,440.991 euros from its victims.

A Ransomware Attack Hit Two Michigan Schools

In response to a ransomware attack, two Michigan school districts have shuttered. Kevin Oxley, the superintendent of the Jackson County Intermediate School District, announced that until Wednesday school would remain closed.

In order to look into the incident and get support in re-establishing their systems in a secure manner, the schools alerted law enforcement and hired external cybersecurity advisors.

According to Det. Lt. Mike Teachout of the Michigan Cyber Command Center, the district got in touch with the organization. This organization is in charge of coordinating the joint efforts of the emergency response to cyber occurrences in Michigan.

The schools encouraged everyone to abstain from using any school-issued gadgets as a precaution.

According to Kevin Oxley, "This intrusion occurred because we were victims of a ransomware attack that was spotted over the weekend. Credits to overnight work by our tech staff and cybersecurity professionals. We actively shut down networks as soon as we noticed suspicious behavior in order to contain the situation."

While restoration efforts are ongoing, Oxley stated that getting students back in class on Thursday was the first priority. "We prioritized bringing vital systems back up to allow us to safely restart operations and reopen school buildings across Jackson and Hillsdale counties," Oxley said.

Over 24,000 pupils are enrolled in the district. According to officials, Hillsdale Community District Schools, whose technology services are provided by a county consortium, were also impacted by the incident.

A wide range of facility operations, including but not limited to heating, telephones, and classroom equipment, were affected by the cyberattack that transpired over the weekend of November 12–13, forcing schools in Jackson and Hillsdale counties to cancel classes for the whole week. As of yet, no cybercrime organization has been held responsible for the attack.

The Los Angeles Unified School District, one of the largest school systems in the US, was the victim of a ransomware attack in September. School districts that are a prime target for ransomware gangs now must exercise caution. 




Grade 9 Student Behind The Taguig School Bomb Threat


Taguig police have detained a 16-year-old student of 9th Grade for being involved in an online bomb threat. On Monday, November 14, the Philippine National Police (PNP) Anti-Cybercrime Group reported that it was the student who was running the Facebook account, commenting bomb threats on a flag-raising ceremony live stream. 

On the morning of November 7, the Taguig local government unit (LGU) was live streaming the city hall flag-raising ceremony for the National Children’s Month on its Facebook page ‘I Love Taguig.’ During this, an account by the name “Sofia Smith” started posting comments stating they would “kill all the students at Signal village” with an explosive. Consequently, the comments induced fright and panic among students, parents, and teaching staff present at the ceremony. 

In a video report shared on November 14, by Taguig Mayor Lani Cayetano and Chief of Police Colonel Robert Baesa, Lieutenant Colonel Jay Guillermo of the PNP Anti-Cybercrime group stated that following the bomb threats, the police tracked the IP address, location, mobile number, and real identity of the person behind the account “Sofia Smith.” 

After determining the identity of Sofia Smith, the 16-years-old student, and confiscating the cell phones belonging to the suspect, the police continued with the forensic investigation of the cell phones. Further investigation deduced that there were multiple log-ins on numerous Facebook accounts by the same IP address, indicating that the suspect’s account may as well have accomplices in making the bomb threats. 

Reportedly, the student sought support from a former street sweeper who was bitter over being fired by the school authority. The two accused are now in police custody facing charges for the threatening comments and act of terrorism, for which the accused could be charged with at least 12 years of imprisonment.

In regards to the case, Mayor Maria Laarni “Lani” Cayetano says that she will let the law take its course. Adding to this, she appealed to “not make the situation worse” by conducting any harmful action against “Sofia Smith,” taking into consideration that she is a minor.  

Patch ASAP: Critical Citrix and VMware Bugs Threaten Takeover of Remote Workspaces


Critical authentication-bypass vulnerabilities in Citrix and VMware offerings are threatening devices running remote workspaces with complete takeover, the vendors warned this week. 

Given both vendors’ history of exploitation, admits are warned of prioritizing patching, alerts both disclosures prompted CISA on Wednesday. 

Citrix Gateway, A Perfect Avenue for Infesting Orgs: 

As for Citrix, a critical vulnerability tracked as CVE-2022-27510 (with a CVSS vulnerability-severity score of 9.8 out of 10) allows unauthorized access to the Citrix Gateway when device is used as SSL VPN solution. Consequently, allowing access to the internal company applications from any device through the Internet, and offering single sign-on across applications and devices. 

This way the vulnerability would give a threat actor means to easily access initial data, then dig deeper into an organization’s cloud footprint and create nuisance across the network. 

In a published advisory, Citrix also noted that its Application Delivery Controller (ADC) product, that provides admin visibility into applications across multiple cloud instances, is vulnerable to remote desktop takeover (CVE-2022-27513, CVSS 8.3), and brute force protection bypass (CVE-2022-27516, CVSS 5.3). 

According to researcher Satnam Narang, Citrix Gateway and ADC have always been a favorite target to cybercriminals, thanks to how many parts of an organization they provide entrée into. Thus, marking the importance of patching. 

"Citrix ADC and Gateways have been routinely targeted by a number of threat actors over the last few years through the exploitation of CVE-2019-19781, a critical path traversal vulnerability that was first disclosed in December 2019 and subsequently exploited beginning in January 2020 after exploit scripts for the flaw became publicly available," Narang wrote in a Wednesday blog. 

"CVE-2019-19781 has been leveraged by state-sponsored threat with ties to China and Iran, as part of ransomware attacks against various entities including the healthcare sector, and was recently included as part of an updated list of the top vulnerabilities exploited by the People’s Republic of China state-sponsored actors from early October," he added. 

Users should be quick in updating to Gateway versions 13.1-33.47, 13.0-88.12, and 12.1-65.21 to patch the latest issues. 

VMware Workspace ONE Assist, a trio of cybercrime threat: 

On the other hand, VMware has reported three authentication-bypass bugs, all in its Workspace ONE Assist for Windows. The bugs (CVE-2022-31685, CVE-2022-31686, and CVE-2022-31687, all with CVSS 9.8) allows both local and remote attackers to gain administrative access privileges without the need to authenticate, giving them full run of targeted devices. 

Workspace ONE Assist is a remote desktop product that is mainly used by tech support to troubleshoot and fix issues relating to IT, for employees from afar. As such, it operates with the highest levels of privilege, potentially giving remote attackers an ideal initial access target and pivot point to other corporate resources. 

Moreover, VMware revealed two additional vulnerabilities in Workspace ONE Assist. One is a cross-site scripting (XSS) flaw (CVE-2022-31688, CVSS 6.4), and the other (CVE-2022-31689, CVSS 4.2) that allows a "malicious actor who obtains a valid session token to authenticate to the application using that token," notes vendor’s Tuesday advisory. 

VMware as well has a history of being a target to cybercriminals. A proof-of-concept (PoC) exploit was almost immediately published on GitHub and tweeted out to the world after a major Workspace ONE Access vulnerability (used to distribute corporate apps to distant employees) identified as CVE-2022-22954 was revealed in April. 

Consequently, researchers from multiple security firms started looking for probes and exploit attempts very soon thereafter — with an ultimate motive of infecting targets with numerous or establishing a backdoor via Log4Shell. 

Online users are advised to update their Workspace ONE Assist to version 22.10 in order to patch all of the most recently disclosed problems.   

Chrome Extensions That Record Keystrokes and Steal Personal Data Should be Avoided

 


Using their Zimperium zLabs research department, Zimperium researchers have discovered a malicious browser extension, dubbed Cloud9. This extension is designed to steal private and sensitive user information and to completely take over the victim's computer. 

Cloud9 is very unnerving because it steals data directly from your computer by monitoring your keystrokes (i.e. keylogging). Cybercriminals would delight in spying on victims' web browser activity since spying can be done through web browsers. After all, it is while you are browsing the web that you are more likely to input highly sought-after credentials, including your bank passwords and other sensitive information. 

Even though you are browsing the web during the time that you are more likely to input highly sought-after credentials, such as your bank passwords or other sensitive information, it is very easy to enter these credentials while you are online. 

In terms of Cloud9, what information do we have? 

As its name suggests, Cloud9 is a botnet that operates as a remote access trojan (RAT) because of the operation method employed. It was found that there were two different versions of Cloud9 that were encountered by researchers: the original and an improved version. The investigators focused their attention in the report, however, on the latter because it "contains all of the functionalities of both variants" according to the report. 

• This type of software runs on a computer to track your keystrokes to steal your credit card information, bank passwords, and more. 

• Using the clipboard, steal your data that was copied and pasted (e.g., you copied it and pasted it). 

• To compromise the user's session, steal your cookies and use them to do so. 

• Cryptocurrencies can be mined using the resources of your browser and computer.

• By inserting malicious code into your device, you will be able to take full control of it.

• From your PC, you can perform DDoS attacks against other websites. 

• A pop-up or an advertisement can be injected into the page. 

The Zimperium zLabs team claims that although Cloud9 is a malicious browser plugin, it cannot be found in any official repository for browser extensions (e.g. Chrome Web Store), despite it being a known malware on the internet. Researchers have found that Cloud9 has been masquerading as an Adobe Flash Player update on malicious websites more frequently than not, according to the research. 

What is the history of Cloud9 and where did it come from? 

A malware group called Keksec was connected to Cloud9 by the investigators to trace its origin. There have been many attacks targeted by this group that has been associated with mining-related malware, said Zimperium zLabs researchers. 

It seems as though the Cloud9 botnet is currently being sold for a few hundred dollars or for free on several hacker forums throughout the world. A report from the company warned that this malware was not targeting a specific type of group. To exploit as much valuable information as possible from all users, cyber criminals target all users to maximize their profits from their exploits. 

In a report released by Zimperium, it was said that because traditional endpoint security solutions do not monitor this vector of attack, browsers are susceptible. However, Cloud9 should remain a distant threat as long as you do not side-load extensions from malicious websites into your browser or use fraudulent executables that originate from malicious websites.

Australian Medibank Alert Customers After Private Data Leak

The major health insurer in Australia, Medibank Private Ltd (MPL.AX), revealed on Wednesday that the hacker may leak additional stolen data if the company continues to refuse to pay the demanded ransom. 

Prime Minister Anthony Albanese acknowledged that he is one of the millions of Australian Medibank customers who may have been impacted by the most recent cyberattack, but he supported the insurer's refusal to pay a ransom.

"For some, this is incredibly difficult. It will worry me that part of this information has been made public as I am also a Medibank Private customer," said Albanese.

According to Medibank, additional Australian customers' private medical information will likely be posted on the dark web as the perpetrators of the most recent cyberattack try to put more pressure on the insurance.

A sample of customer information, which included names, addresses, dates of birth, phone numbers, and email addresses, was discovered to have been placed online on the dark web this morning. In other instances, the passport numbers of foreign students who had registered with Medibank Group's partner company ahm were also made public.

If a hacker gained access to the prime minister's personal or medical information, it is not immediately evident. According to Medibank, information on 9.7 million of both current and former clients was exposed.

Federal Cyber Security Minister Clare O'Neil stated in a statement on Wednesday that Medibank's decision to forego paying a ransom is in line with the government's recommendation. Customers that were affected were encouraged to be extremely vigilant against extortion attempts. On Wednesday, Medibank Chief Executive David Koczkar called the occurrence 'a criminal crime.'

Since September, there has been an increase in cyberattacks in Australia, with at least eight businesses reporting intrusions, including the telecom company Optus, which is owned by Singapore Telecommunications (STEL.SI).

Must Follow Guidelines for API Security

An online store can collect payments via the PayPal API, for instance, rather than developing their own payment gateway. APIs serve the required function while sparing business time and effort, which is why it is evident they are useful. 

Protecting these APIs from security risks and breaches entails securing them together with all linked apps and users. 

APIs are used by businesses to link services and move data. Major data breaches are caused by compromised, broken, or exposed APIs. They make private and delicate financial, medical, and personal information available to the public. However, not all data is created equal, and not all data should be safeguarded in the same way. The type of data being exchanged will determine how you should approach API security. 

In the last 12 months, 95% of firms encountered an API security issue, according to the most recent Salt Labs State of API Security report. Additionally, during the past year, a variety of businesses—including Facebook, Experian, Starbucks, and Peloton—have experienced public API problems. Clearly, APIs need more protection against intrusions than the present crop of application security approaches can provide.

Security leaders need to carefully examine the way they are currently approaching API security to fix the issue. Understanding how a third-party application is sending data back to the internet is important if user API connects to one. 

Strategies for API Security

  1.  Put a secure authentication and authorization protocol into action: The first stage in an API security approach is authenticating and authorizing the appropriate users.
  2. Implement the "Least Privilege" Principle: The attack surface is decreased by restricting access to only essential tasks, which helps reduce the exposure to security breaches.
  3.  Constrain Data Sharing: To find weak spots, keep track of the data shared between apps, APIs, and users, and then secure them by restricting the shared data.
  4. Not utilize HTTPS: In order to communicate data securely, APIs employ HTTP connections and require Secure Sockets Layer (SSL) or Transport Layer Security (TLS) encryption.
  5.  Implement a policy of zero trust: We can leave out the zero-trust policy when discussing API security advice. It operates under the premise that no user, device, or server should be trusted until proven otherwise.
  6. Implement data logging: Logs provide admins with a wealth of information that can be utilized to enhance API security and assist with manual inspection and monitoring.
Security requires ongoing work in the age of technology and the internet. Unfortunately, security problems would not disappear, and as IoT technology grows more widespread, the dangers and vulnerabilities will only become worse. Beware of such ineffective strategies for API security. The security strategy must broaden to keep up with attackers' growing skill sets. 

Being proactive is vital, which means keeping an eye on current technology, patching up any flaws, and implementing cutting-edge cybersecurity measures.

A Game of Cyber Big Game Hunting

When a group of cybercriminals executes any kind of cyber attack or cyber scam, their target audience and methods of targeting are different. Sometimes, the group of threat actors targets random individuals in large numbers to increase their chance of getting a hit. However, cybercriminals do not follow this approach when it comes to 'big game hunting.'

Now, we need to learn what is big game hunting, and how does it put you at risk? According to a few studies, big game hunters are advanced and sophisticated cyber attackers, often working as part of an organized group to take down large firms and large audiences at once. 

Furthermore, study shows that cyber-criminals are achieving enormous success with their “big game hunting” (BGH) campaigns. The groups using the availability of commodity malware as a ransomware-as-a-service (RaaS) model has contributed hugely. There are 5 ransomware types that topped the list in 2020, they were Dharma, Medusa Locker, Phobos, REvil/Sodinoki, and Makop. 

There are certain other areas where industries have faced more intrusions than others such as technology, manufacturing, telecommunications, and finance. 

In many cases, it has been observed that these big hunter groups operate as highly structured and organized networks, not unlike corporate enterprises. Also, these groups are often state-sponsored and are suspected to have ties with prominent figures of government. 

As per the technical data, there is a number of legitimate software applications that are being used by threat actors often such as Process Hacker, Advanced IP Scanner, TeamViewer, ProcDump, Advanced Port Scanner, IObit Unlocker, PowerTool, GMER, PC Hunter, AnyDesk among others. 

Also, there is a list of pentesting tools that are being deployed by attackers are Mimikatz, PowerShell Empire, Cobalt Strike, PowerSploit, LaZagne, SharpHound, Meterpreter, PowerCat, Powerkatz, Rubeus, etc. 

Now we will learn the cost of cyber Big Game Hunters from examples of their previous targets. 

  • The average ransom demand from attackers is $6 million USD 
  • The average ransom payment increased by 63% in 2021 to $1.79 million (USD), compared to $1.10 million (USD) in 2020 
  • 96% of those who paid the initial ransom also had to pay extortion fees 
  • There was an 82% increase in ransomware-related data leaks in 2021, compared to 2020
  • 66% of respondents’ organizations suffered at least one ransomware attack this year 
  • 57% of those hit by ransomware didn’t have a comprehensive strategy in place to coordinate their response. 
Since the cost of ransomware attacks and the targets have increased, organizations need to develop a new approach to fight against cyber threats. Also, organizations should re-evaluate the techniques and tools they use for intruder detection and incident response. 

Cyberattacks Spam Child Abuse on Facebook

When a reputable martial arts instructor posts child exploitation content on his Facebook page and spends a lot of money on Vietnamese ads for angler rods, something is obviously wrong. However, according to Jihad Bekai, head of the G-Force martial arts school in Melbourne, it has been utterly hard to persuade Facebook's owner Meta of that. 

Bekai was a victim of Facebook hackers last month. They employed a well-known and popular ruse that involves uploading images of child sexual assault on a user's personal Facebook page. 

As a result, Facebook automatically responds by banning the user for breaking its 'community standards.' While the user is occupied with the aftermath and attempting to regain access to Facebook, the hackers pursue their true objective, which is typically a credit card connected to a business page the user manages.

In addition, Bekai claimed he had been caught in a frustrating feedback loop with Facebook, whose online customer service forms fail to recognize the absurdity of his situation. Over the course of a month, the hackers ran up more than 50 charges totaling more than $1000 on Bekai's credit card for Facebook ads. 

Bekai asked, "If their artificial intelligence is so good that it can detect child pornography, why can't it put two and two together and realize it would be unusual for me to be doing 10 years of martial arts videos and suddenly decide child pornography is my thing, so much so that I want to display it online for everyone to see in a public post."

The martial arts school of Bekai only uses social media for advertising. One of the main ways potential consumers learn about his company is through his Facebook profile. Bekai lost access to the Facebook and Instagram accounts for his martial arts school. He also oversees a Melbourne martial arts competition and a cafe. He is no longer able to access such social media profiles.

Hackers gained access

Bekai claimed that the thing that aggravates him the most about being a target of Facebook hackers is that he appeared to take all the necessary precautions to protect his accounts. He claimed that the hackers seem to have gained access to his accounts by somehow designating themselves as an admin on his Facebook Commerce account, which brings together personal and business sites as well as credit cards in one location.

The email, which Bekai initially dismissed as spam, was then followed by another informing her that a second person had been added to the account. He claimed that out of desperation, he had turned to a lawyer to draft a legal notice to Meta on his behalf. He had also reported the incident to the Australian Cyber Security Centre (ACSC) but has not yet heard back.

In Australia, the ACSC is receiving reports of cybercrime once every seven minutes as the number of incidents rises, according to a report released on Friday. It is important to note that major social media companies have faced criticism in the past for fake news, hate speech, and misinformation that spread on their platforms. There have also been repeated calls to hold these companies more accountable.

Ransomware Crimes: More Than $1 Billion Netted in 2021


Cybercrime victims shelled out a record $1.2 billion, in order to have their data returned last year for ransomware attacks have significantly increased in size and intensity, as per the latest released federal data. 

According to a report by Financial Crimes Enforcement Network (FinCEN), banks processed over a billion dollars in transactions last year that were assumingly ransomware payments. The report concluded that this amount is more than double the amount of money from 2020. The top five highest-paid ransomware incidents all involved attackers with connections to Russia, FinCEN added.
 
The report “reminds us that ransomware- including attacks perpetrated by Russia-linked actors – remains a serious threat to our nation and economic security,” says Himamauli Das, FinCEN’s acting director, in a statement given this week. 

Ransomware is a kind of malware that allows hackers access to its victims’ digital devices, restricting the owner of their own files and data. Consequently, the hacker threatens victims, demanding a ransom payment from them, in order for them to restore access to the files. 

FinCEN, established in the year 1990, is an arm of the U.S. Department of Treasury. It is in charge of tracking international money laundering, terrorist financing, and other financial crimes. 

According to a report by FinCEN, hackers initially targeted people with ransomware attacks, but later advanced to targeting company giants and demanding bigger ransom payouts. In the year 2019, hackers created variations of ransomware attackers, namely ‘double extortion’, where they restrict owners to access their files and threaten to leak personal/ humiliating data to the public – if the demands are not met. 

The year 2021 witnessed some of the biggest ransomware attacks on record, aimed at large companies and nonprofits. A Russian hacking group, for example, attacked the Colonial Pipelines, one of the largest pipelines in the U.S. in May 2021. The company later paid the ransom amount of $4.3 million in order to retrieve its stolen data. However, the federal authorities eventually recovered at least $2.3 million of the paid ransom. Additionally, hackers also attacked organizations like Planned Parenthood, Sinclair Broadcasting, Shutterfly, and payroll processing company Kronos last year. 

According to FinCEN, organizations reported 1,489 ransomware assaults in total in 2021, up 188% from the year 2020. 

More recently, a ransomware attack last May marked the last straw for Lincoln College, a historically Black College in rural central Illinois that opened in 1865. The school gave hackers a $100,000 ransom, a payout that compounded financial troubles caused by plummeting enrollment in recent years. The 157-year-old institution shuttered in May. 

Ransomware attacks have recently increased in frequency, with the growing remote work and e-learning, and with educational institutions becoming more prone to the attacks. 

In regards to the ongoing ransomware attacks, the Biden administration this week conducted a two-day summit, attended by around three dozen nations, the European Union, and a number of private-sector organizations, in order to find the best ways to combat the attacks. 

U.S. President Biden as well signed a new law, earlier this year, that requires owners of factories, banks, nuclear reactors, and other critical infrastructure operations to report when (or if) their computer systems or servers are attacked by ransomware. However, reporting is currently optional for the ransom victims, making it difficult to calculate full impact of the crime.  

German Police Arrests Student Operator of Dark Web, Likely to Face 10 Years


Student operating biggest dark web forum arrested

A 22-year-old student, that German federal police suspect to be the leader of one of the biggest German-speaking, dark-web forums has been captured.

The accused, whose identity has not yet been disclosed, is charged with operating a criminal trading platform and will face up to 10 years in prison if found guilty. 

He was caught in October when officers and federal cops from the Central Office for Cybercrime Bavaria (ZCB) inspected two homes and seized systems, smartphones, and other evidence. 

Dark web responsible for shooting rampage at Munich Mall

As per German law enforcement, the student is from Lower Bavaria, and who worked as an operator of the third variant of Deutschland "im Deep Web" since November 2018. 

The initial version's tor website surfaced on the criminal underground landscape in 2013. After three years, an 18-year-old bought a gun and 300 rounds of ammo via the illegal marketplace before killing at least 9 people in a shooting frenzy at a Munich mall. 

Police closed the operation, however, new versions appeared

German police closed down Deutschland im Deep Web in 2017 after the murderous rampage, and also captured the operator during the time, who was convicted to seven years in prison in 2018. 

After that, however, two new variants of the marketplace surfaced, selling weapons, illegal goods, and weapons, under the motto "No control, everything allowed." 

The police closed down the latest version of the dark-web souk in March 2022. During the time, it had nearly 16,000 registered users and 72 active traders, as per law enforcement. 

The site currently shows a banner that says: "The platform and the criminal content have been seized by the Federal Criminal Police Office and the Bavarian Central Office for the Prosecution of Cybercrime."


Deutschland Arrest, joint effort by federal agencies

The Deutschland im Deep Web arrest comes after another dark web shut down earlier this year through a joint effort by German federal police and US law enforcement agencies. 

In April, the two countries slayed Hydra, the longest-operating known dark-web marketplace trafficking in illicit drugs and money-laundering services. 

First, German police captured Hydra servers and cryptocurrency wallets having $25 million in Bitcoins, therefore closing down the online souk. 


Charges pressed, dark web sanctioned


Also, the US Justice Department declared criminal charges against one of the suspected Hydra leaders and system admins, 30-year-old Dmitry Olegovich Pavlov from Russia, and the US treasury Department sanctioned the dark-web atrocities. 

The U.S. Department of the Treasury in its press release said:

"Russia is a haven for cybercriminals. Today’s action against Hydra and Garantex builds upon recent sanctions against virtual currency exchanges SUEX and CHATEX, both of which, like Garantex, operated out of Federation Tower in Moscow, Russia. Treasury is committed to taking action against actors that, like Hydra and Garantex, willfully disregard anti-money laundering and countering the financing of terrorism"

Indianapolis Housing Authority Hit by Ransomware

According to a senior agency official, a ransomware attack on the federal organization in Indianapolis which manages low-income housing has caused a delay in the distribution of rent payments to landlords.

During the attack, which started weeks ago, every employee of the Indianapolis Housing Agency blocked access to their email. That concerned its executive director, Marcia Lewis, who was unable to access her email for days before being able to do so again on Tuesday, according to a message she wrote to The Indianapolis Star.

The inability to send October rent payments to landlords under the federal housing choice voucher program, generally known as Section 8, on which 8,000 Indianapolis families rely, was caused by the ransomware attack on the Indianapolis Housing Agency. The organization oversees the administration of the Section 8 program in Indianapolis, which offers rental help to very low-income families, the elderly, and people with disabilities for housing on the private market.

Marcia Lewis stated that the attack was still continuing as of Wednesday and that an investigation by data security professionals, police enforcement, and the agency's IT service providers is in progress. The housing authority has not disclosed information regarding the purpose or identity of those responsible for the ransomware attack, which utilizes software to encrypt files within a victim organization in order to demand payment.

With the help of Section 8 or through residing in one of the organization's public housing complexes, almost 25,000 people rely on the Indianapolis Housing Agency for a variety of housing services.

Lewis claimed that as of Monday, the organization had successfully paid every Section 8 landlord's rent for the month of October. The company had to manually send out client power allowance checks and important vendor payments during the previous week since the IT system was unavailable.

The Indianapolis Star has previously written about the abuse that residents of Indianapolis Housing Agency buildings have experienced. Some of the issues residents have encountered include bed insect infestations, air conditioner outages on some of this summer's hottest days, or a lack of hot water at the beginning of October.

Landlords are prohibited from evicting residents for nonpayment by the agency under Section 8 laws set forth by the U.S. Department of Housing and Urban Development, including in the present instance.

Hacker Group Cranefly Develops ISS Method

The novel method of reading commands from seemingly innocent Internet Information Services (IIS) logs has been used to install backdoors and other tools by a recently leaked dropper. Cybersecurity experts at Symantec claimed an attacker is utilizing the malware known as Cranefly also known as UNC3524 to install Trojan. Danfuan, another undocumented malware, as well as other tools.

Mandiant reported that Cranefly mainly targeted the emails of individuals who specialized in corporate development, merger and acquisitions, and significant corporate transactions when it was originally founded in May. Mandiant claims that these attackers remained undetected on target networks for at least 18 months by using backdoors on equipment without support for security measures.

One of the main malware strains used by the gang is QUIETEXIT, a backdoor installed on network equipment like cloud services and wireless access point controllers that do not enable antivirus or endpoint monitoring. This allows the attacker to remain undetected for a long time.

Geppei and Danfuan augment Cranefly's arsenal of specialized cyber weapons, with Geppei serving as a dropper by collecting orders from IIS logs that look like normal web access requests delivered to a compromised host.

The most recent Symantec advisory now claims that UNC3524 used Hacktool-based backdoors in some instances. Multiple advanced persistent threat (APT) clusters use the open-source technology Regeorg.
Additionally, Symantec has cautioned that Cranefly is a 'pretty experienced' hacking group as evidenced by the adoption of a new method in conjunction with the bespoke tools and the measures made to conceal their activity.

On its alert and Protection Bulletins website, Symantec lists the indicators of compromise (IoC) for this attack. Polonium is another threat actor that usually focuses on gathering intelligence, and ESET recently saw Polonium utilizing seven different backdoor variants to snoop on Israeli firms.

Cranefly employs this sneaky method to keep a foothold on compromised servers and gather information covertly. As attackers can send commands through various channels, including proxy servers, VPNs, Tor, or online development environments, this method also aids in avoiding detection by investigators and law enforcement.

It is unclear how many systems have been compromised or how often the threat actors may have utilized this technique in ongoing operations.



Spidark Stole Ed Sheeran’s Unreleased Songs, Sentenced To 18 Months In Prison

A 23-year-old hacker, named Adrian Kwiatkowski who allegedly stole two unreleased songs from English singer-songwriter Ed Sheeran and 12 songs from American rapper Lix Uzi Vert has been sentenced to 18 months in prison. 
 
The hacker is charged with hacking the artists’ cloud-based accounts, the stolen songs were then sold for cryptocurrencies. He allegedly generated a sum of $147,000 from these nefarious transactions. 
 
Kwiatkowski pleaded guilty to a total of 19 charges, including copyright infringement and possessing criminal property. The hacker was charged with three instances of unauthorized access to computer data, 14 of making an article that violates copyright available for sale, one of converting criminal property, and two of possession of the criminal property, as per a report by the CPS. 
 
A search in the hacker’s laptop also unveiled 565 audio files, seven devices storing 1,263 unreleased songs by 89 different music artists, including the unreleased songs from Ed Sheeran and Lix Uzi Vert. Additionally, the hacker also admitted to receiving bitcoins in return for the unreleased songs. 
 
“Kwiatkowski had complete disregard for the musicians’ creativity and hard work producing original songs and the subsequent loss of earning” says Joanne Jakymec from the CPS. “He selfishly stole their music to make money for himself by selling it on the dark web […] We will be pursuing ill-gotten gains from these proceeds of crime.” 
 
According to a press release, Kwiatkowski was arrested on October 21st, Friday at Ipswich Crown Court, England. The hacker has been operating under the mononym Spirdark, and his operations were allegedly reported by numerous music companies. 
 
In 2019, an investigation took place by the Manhattan District Attorney’s Office, after a few musicians reported of someone with the name Spirdark has hacked their accounts. The investigation then led to the convict’s identification as Kwiatkowski via his email address and IP address. Later that year, London police detained the hacker. Eventually, he pleaded guilty to the charges.

Mewat: The New Cybercrime Hub in India

 

The Mewat region, situated between the Rajasthan and Haryana states of India is emerging as the new cyber fraud hub in India. 
 
After Jamtara, the infamous hotspot for cyber fraud cases where the young fraudsters involved in the racket would acquire SIM cards, open bank accounts, and dupe victims by posing as bank officials or representatives of telecom service providers, Mewat fraudsters have turned up with more malicious ways to dupe the online victims. 
 
Apparently, the Mewat fraudsters leverage sextortion, a blackmail category of cybercrime, as a weapon in order to deceive victims. 
 
The scammers target online victims while posing as young women, engaging them in conversations, and enticing the targets into sharing sexually explicit images. The scam is then followed by victims being threatened to leak the shared images unless paid.  
 
On being asked about the case's method of operation, Yusuf, one of the suspects held for the charges of sextortion revealed his gang's modus operandi. 
 
“It starts by writing a ‘hi’. He (the target) would usually ask about a video call. I’d do the video call. He’d be lured into going explicit. The woman on the phone does the same,” Yusuf says. 
 
On being asked about the ‘woman', Yusuf tells the investigating officer “It’s (actually the video) on the other phone. That device is placed right under the back camera of my phone, with a video of a woman playing over. It’s like a web call.” 
 
Reportedly, a phone on the other side uses screen recording software in order to capture the events. The victims are then threatened, and if they comply, the money is typically credited into a third party's account. 

In another cyber fraud case, a suspect was held for duping online victims via digital marketplaces.  
 
The scammer, Rahul Khan explains his fraud tactics as: Advertising expensive products for sale at deep discounts on online marketplaces such as OLX, claiming to be certain defence personnel, and fabricating a plausible story about distress. 
 
With the stats going higher in recent years, India recorded a total of 52,974 cases of cybercrime in 2021, up from 50,035 in 2020, 44,735 in 2019, and 27,248 in 2018.  
 
As per a report by the National Crime Records Bureau, nearly 60 percent of similar cybercrime cases were witnessed, pertaining to fraud followed by sexual exploitation (8.6 percent) and extortion (5.4 percent) in 2021.

Web3: Cybercrime May Come to an End, Here’s How

 

Cybercrime has increasingly surged at a high rate in the U.S. Annually, cybercrime amounts to damage worth trillion dollars. One of the top cyber threats has been digital identity theft, in which threat actors leverage the stolen personal information of the victims, with the intent of causing financial havoc. 
The issue of cybercrime has persisted over the years and is certainly not going away anytime soon. In regard to the issue, the CEO of Sony, said, “the solution to cybercrime isn’t two-factor identification or your mother’s maiden name. The solution to cybercrime lies in the transition to Web3.” 

What is Web3?  


Web3, also known as Web 3.0 serves as the succeeded iteration of the internet after Web 2.0. While Web 2.0 is marked as a centralized internet model in which most of the data, content, and other services are controlled by some of the internet giants, also referred to as ‘Big Tech.’ 

WWe3 on the other hand can be described as a decentralised version of the internet, allowing users to communicate with one another in a secure, peer-to-peer environment.  

How are users vulnerable to Web2? 

Since a “digital identity” in Web2 includes more than just a username and a profile picture, a user is supposed to enter a verifiable email address in order to create an identity.  

Certainly, there is no limit to how many email addresses can one user make. Most of the users have multiple email addresses, serving different purposes, such as personal usage, work communication, spam filtering, etc. 

As there is no method to confirm that the person logging in is who they claim to be, beyond the two-factor identification, employing this means anyone with the credentials can get into any of these emails.  

Adding to the misery, once a company gets hold of a user’s personal data, he practically has no control over it. Thus, personal information is sold for the sake of targeted adverts. The data access and secondary sale increase the opportunities for a threat actor to exploit it. 


How is Web3 solving the problem?  


Login security: Centralized authorities would not control the user in the future. It will be as simple as utilising a biometric unlock with the use of DIDs and Blockchain-backed verification.  

Bots are always searching the internet for stray credentials that they may use to access bank accounts, emails, and other accounts. This will be stopped in its tracks by consolidated digital identities that are accessed by biometric logins.  

Control and Monetization of User Data


With the consolidated digital identity, a user can now utilize the data as they see fit, since he has overall control over who sees the data and who has to pay for the same. For an instance, one could build a decentralised ad network on Web3 and allow users to either opt in or out of the system.  

Although, Web3’s growing popularity is being considered the ‘next big revolution’, in digital tech, for its take on making lives easier for the unbanked and others involved in it. It still needs much improvement in regard to risks pertaining to the loopholes and potential vulnerabilities that could cause a great many problems in the future.

Five Suspects Charged for $2.5 million Worth NFTs Theft, Targeting Bored Ape NFT Owners

 

On Wednesday, October 12, five crypto scammers in France faced allegations of collaborating in a phishing scam and were consequently charged. Allegedly, the suspects have audaciously acquired and resold $2.5 million worth of blue chip non-fungible tokens (NFTs). The phishing scam prominently targeted Bored Ape Yacht Club (BAYC) and Mutant Ape Yacht Club (MAYC) owners. 
 
As per the prosecution, the alleged suspects leveraged a phishing scam in order to steal the assets, enticing victims through a fake website, while promising to animate their NFTs, reports Agence France Presse (AFP) in a post by Barrons. 
 
The charged suspects aged between 18 and 24, are residents of Paris, Caen, and Tours. Two of the five scammers are charged with manufacturing the fraudulent phishing site that enabled the theft. The rest three were accused of taking charge of advertising and money laundering aspects of the phishing, says deputy chief of France’s cyber-crime authority, Christopher Durand. 
 
The prosecution charges included “fraud committed as a part of criminal gang, concealing fraud and criminal association.” The subjects have been placed in pre-trial detention by the French authorities, along with their parents. The parents of one of the accused have also been arrested, but later they were released without charge. 
 
The deputy chief says that the probe was initially started as a result of an investigation by well-known Twitter user “ZachXBT" ZachXBT, describing himself as an “on-chain sleuth" in a blog post mentioned how the Twitter user “Dilly Dilly" had clicked on a link shared by “a verified member of the BAYC Discord" and consequently had his BAYC NFT stolen after approving a transaction on website that “he was lead to believe would produce an animated version” of his NFT.  
 
ZachXBT claims that after selling the stolen tokens on the NFT marketplace Opensea, the accused tried to hide the tracks by using the now-sanctioned Tornado Cash protocol. 
 
A report by blockchain analytics firm Elliptic suggests that over $100 million worth of NFTs being stolen between July 2021 and July 2022. Along with these recent incidents, NFT fraud seems to be rapidly booming in general and thus has sparked security concerns.  
 
This news sees the light of day when the firm behind the Bored Ape collection, Yuga Labs is under investigation for its business practices. Although the organization has not yet been charged with any misconduct, the Securities and Exchange Commission (SEC) is now investigating the start-up, to check if the anonymous sources reported by Bloomberg are true.

UK Issued New Cybersecurity Guidelines on Emerging Supply Chain Attacks

A surge in the number of instances has prompted cyber security experts to issue a fresh warning about the danger of supply chain hacks. Businesses have been advised by the UK's cybersecurity agency to take additional precautions against supply chain assaults. In response to what it claims to be a recent increase in supply chain threats, the National Cyber Security Center (NCSC) has produced fresh advice for enterprises.

Although the advice is applicable to businesses in all industries, it was released in collaboration with the Cross-Market Operational Resilience Group (CMORG), which promotes the enhancement of the operational resilience of the financial sector. The advice, which is intended to assist medium-sized and larger enterprises, evaluates the cyber risks of collaborating with suppliers and provides confirmation that mitigation techniques are in effect for vulnerabilities related to doing business with suppliers.

The 2020 hack on SolarWinds' software build system, the 2021 ransomware attack on Kaseya clients, and the 2017 NotPetya attack via a Ukraine accounting program are a few notable recent incidents. President Joe Biden of the United States issued an executive order to improve cybersecurity in response to SolarWinds.

In a document titled 'Defending the Pipeline' published by NCSC in February, the agency recommended businesses and programmers use continuous integration and delivery (CI/CD) to automate software development. The CEO of NCSC ranked ransomware as the top cyber danger in October of last year, while also warning that supply chain concerns will persist for years.

The new guidance is assisted medium and bigger enterprises in "evaluating the cyber risks of collaborating with suppliers and gaining assurance that mitigations are in place," according to NCSC in an announcement.

According to the UK government's report on security breaches in 2022, more than half of companies, big and small, contract out their IT and cybersecurity needs to outside companies. However,  s evaluated the dangers posed by immediate suppliers. These respondents claimed that the importance of cybersecurity in procurement was low.

According to Ian McCormack, NCSC deputy director for government cyber resilience, supply chain attacks represents a significant cyber danger to organizations and incidents can have a significant, ongoing effect on companies and customers.

The advice is broken down into five stages that address why businesses should care about supply chain cybersecurity, how to identify and protect one's private data when developing an approach, how to apply the approach to new suppliers, how to apply it to contracts with current suppliers, and continuous improvement.

The US intelligence agency, NSA, released its software supply chain recommendations last month with a focus on developers. New standards for the purchase of software were also released in the same month by the US Office of Management and Budget.

Child Protection Scot Cop Alarmed Parents Towards Online Crimes

Child Protection Scot Cop released a report in which it urged parents and caretakers to proactively take steps forward to ensure children are safe online. 

The risk of kids falling victim remains “a high threat” — as paedophiles are using social media platforms and chatroom apps to share sickening images. The details of the issue emerged in the Scottish Multi-Agency Strategic Threat Assessment (SMASTA), which was published yesterday. 

In the report, the researchers explained the developing situations because of the growing presence of worldwide links. Additionally, it also talks about the scale of the underworld menace and the growing threat posed by major gangs with worldwide links. “Snapchat is the social media platform used in the majority of crimes,” the report reads. 

The report also highlighted the other areas where people are at risk including fishing and seafood firms, and labor exploitation in farming. As we know the presence of social media has significantly increased in children's and young people's lives, also because of the pandemic children started spending more time online than usual. 

Digital devices such as mobile phones, laptops, tablets, and computers are valuable tools for education and for entertainment purposes. Nevertheless, this increases the higher risk of exploitation and abuse according to Child Protection Scotland making it more important than ever to protect children and youth from internet-savvy online abusers. 

“Everyone has a role to play in child protection, not just core professionals. There were more than 2,700 children on the child protection register in July 2016. Child protection is part of Getting It Right For Every Child (GIRFEC) – our national approach to improving outcomes and supporting the wellbeing of children and young people”, the blog post of the scot government explained

As per the Scots cops, they are currently investigating almost 100 organized crime groups (OCGs) made up of more than 1,800 hoods, including teenagers women, and OAPs. They make cash from drug dealing, illegal immigration, human trafficking, fraud, money laundering, and cybercrimes.