Search This Blog
Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyber Fraud. Show all posts
TTP
bOOKcOVE Cyber Fraud Cyberattacks Kimsuky NIS Software Updates Spear-Phishing Emails TTP

Kimsuky's Attacks Alerted German and South Korean Agencies

 


In a joint warning issued by the German and South Korean intelligence agencies, it has been noted that a North Korean hacker group named Kimsuky has been increasing cyber-attack tactics against the South Korean network. With sophisticated phishing campaigns and malware attacks, the group has been suspected of being behind the attacks. It is believed that the North Korean government is behind them. Cyberattacks continue to pose a major threat to businesses and governments throughout the world as a result of increasing cyberattacks. 

Kimsuky (aka Thallium and SmokeScreen) is a North Korean threat group that has developed a reputation for utilizing cutting-edge tools and tactics in its operations. There have been two upcoming attack tactics developed by the group that enhances the espionage capabilities of the organization. These tactics raise no red flags on security radars. There are several malicious Android apps and YouTube extensions being abused as well as Google Chrome extensions.   

Kimsuky is believed to have expanded its tactics to attack a wide range of organizations in both countries, according to the German Office for Information Security (BSI) and South Korea's National Intelligence Service (NIS). Initially targeting U.S. government agencies, research institutions, and think tanks, the group has now spread to businesses in the technology and defense sectors as well. 

Kimsuky appears to be using a new malware called "BookCove" to steal sensitive information from its targets, according to a statement issued by the company. A spear-phishing email is designed to appear like it has been sent from a reputable source, but in reality, the message contains malware. Upon clicking the link or attachment in an email that contains malware, the user's computer is infected with the malware. The hacker can have access to the victim's data and can monitor the activities of the victim as a result of this. \

Various South Korean and German agencies suggest that organizations should implement the necessary precautions to safeguard themselves against these threats. Security measures must be taken, such as multi-factor authentication and regular updates, and employees must be educated on the risks associated with phishing. 

North Korean hacking group, Kimsuky, has been operating since 2013, providing malware for PCs. Several sources claim that the group is linked to the Reconnaissance General Bureau of the North Korean government. This Bureau gathers intelligence and conducts covert operations on behalf of the government. 

According to research, the apps, which embed FastFire and FastViewer, are distributed through Google Play's "internal testing" feature. This gives third-party developers the ability to send apps to a "small set of trusted testers." 

Nevertheless, it bears mentioning that these internal app testing exercises cannot exceed 100 users per app, regardless of the number of users. This is regardless of when the app is released into production. There is no doubt that this campaign has a very targeted nature, which indicates its focus. 

Two malware-laced apps use Android's accessibility services to steal sensitive information ranging from financial to personal information. APK packages for each app are listed below with their respective names in APK format:

  • Com. viewer. fast secure (FastFi) 
  • Com.tf.thinkdroid.secviewer (FastViewer) 
Organizations can take the following measures to protect themselves against Kimsuky's attacks 

A multi-factor authentication system protects the network and system from unauthorized access since it requires the attacker to possess at least two factors, such as a password and a physical device, such as a mobile phone. 

Even if cyber criminals could get past some existing security measures, this would make it far harder for them to access private data. In addition to the above-mentioned measures, organizations may also wish to consider taking the following measures to protect themselves: 
  • Maintaining a regular software update schedule is important. 
  • The best practices for protecting your company's information are taught to your employees. 
  • It is essential to use tools and techniques to detect and respond to advanced threats. 
A robust incident response plan is a crucial tool for organizations to develop to be prepared in case of an incident. If cyberattacks occur, they should be able to respond rapidly and effectively to mitigate their impact.

A growing number of companies are attacked by state-sponsored groups like Kimsuky due to cyberattacks. To reduce their risk of falling victim to these sophisticated cyber-espionage tactics, businesses and governments in Germany need to take proactive steps to protect themselves, including improving their security systems. 

Operating silently, Kimsuky has continuously evolved its TTPs to keep up with changing threats, as well as developing efficient tactics. The majority of attacks are conducted using phishing or spear-phishing. The most significant priority that must be addressed against this threat is to protect the accounts of individuals or organizations and other critical assets. Those involved in organizations and individuals are advised to keep abreast of the latest tactics and adhere to relevant agencies' recommendations.
Read more »
Social Engineering Attack
Cyber Fraud HP Threat Research Malicious PDF Attachment Microsoft QR code scan scam campaigns Social Engineering Attack

Cyber Scammers now Experimenting With QR Codes


Microsoft started limiting macros in Office files by default in February 2022, making it more difficult for attackers to execute malicious code. According to data gathered by the HP Threat Research team, attackers have been changing their methods since Q2 2022 in an effort to identify new ways to hack devices and steal data. 

The Rise of QR Scan Scams 

The research findings were based on data collected from millions of endpoints using HP Wolf Security: 

Since October 2022, HP has witnessed QR code “scan scam” campaigns almost daily. These frauds persuade users to scan QR codes with their mobile devices while connected to their PCs, potentially exploiting the lack of phishing protection and detection on such devices. Users can access fraudulent websites that request credit and debit card information by scanning QR codes. Examples from Q4 include phishing attempts that pose as parcel delivery services seeking money. 

38% Rise in Malicious PDF Attachment: 

The recent assaults avoid web gateway scanners by using embedded images that link to malicious ZIP files that are encrypted. The PDF instructions fool the user into providing a password to unpack a ZIP file, allowing QakBot or IcedID malware to gain access to systems unauthorization and serve as beachheads for ransomware. 

42% of Malware was Delivered Inside Archives Files Like ZIP, RAR, and IMG: 

Archives have gained a whooping 20% rise in popularity since Q1 2022, as threat actors use scripts to execute their payloads. In contrast, 38% of malware is distributed via Office documents like Microsoft Word, Excel, and PowerPoint. 

Alex Holland, Senior Malware Analyst at HP Wolf Security threat research team said, “We have seen malware distributors like Emotet try to work around Office’s stricter macro policy with complex social engineering tactics, which we believe are proving less effective. But when one door closes, another opens – as shown by the rise in scan scams, malvertising, archives, and PDF malware.” 

“Users should look out for emails and websites that ask to scan QR codes and give up sensitive data, and PDF files linking to password-protected archives,” added Holland. 

Threat Actors Still Rely on Social Engineering 

HP researchers also discovered eight malware families imitated in 24 popular software projects in Q4's malvertising efforts, as compared to just two such operations in Q3's. The attacks rely on people clicking on search engine adverts that take them to malicious websites that resemble legitimate websites nearly identity. 

Dr. Ian Pratt, Global Head of Security for Personal Systems, HP says “While techniques evolve, threat actors still rely on social engineering to target users at the endpoint.” 

“Organizations should deploy strong isolation to contain the most common attack vectors like email, web browsing and downloads. Combine this with credential protection solutions that warn or prevent users from entering sensitive details onto suspicious sites to greatly reduce the attack surface and improve an organization’s security posture,” concludes Pratt.  

Read more »
Voice Cloning
Cyber Fraud data security Fraud Safety Scam Voice Cloning

Is Your Child in Actual Danger? Wary of Family Emergency Voice-Cloning Frauds

 

If you receive an unusual phone call from a family member in trouble, be cautious: the other person on the line could be a scammer impersonating a family member using AI voice technologies. The Federal Trade Commission has issued a warning about fraudsters using commercially available voice-cloning software for family emergency scams. 

These scams have been around for a long time, and they involve the perpetrator impersonating a family member, usually a child or grandchild. The fraudster will then call the victim and claim that they are in desperate need of money to deal with an emergency. According to the FTC, artificial intelligence-powered voice-cloning software can make the impersonation scam appear even more authentic, duping victims into handing over their money.

All he (the scammer) needs is a short audio clip of your family member's voice—which he could get from content posted online—and a voice-cloning program. When the scammer calls you, he’ll sound just like your loved one,” the FTC says in the Monday warning.

The FTC did not immediately respond to a request for comment, leaving it unclear whether the US regulator has noticed an increase in voice-cloning scams. However, the warning comes just a few weeks after The Washington Post detailed how scammers are using voice-cloning software to prey on unsuspecting families.

In one case, the scammer impersonated a Canadian couple's grandson, who claimed to be in jail, using the technology. In another case, the fraudsters used voice-cloning technology to successfully steal $15,449 from a couple who were also duped into believing their son had been arrested.

The fact that voice-cloning services are becoming widely available on the internet isn't helping matters. As a result, it's possible that scams will become more prevalent over time, though at least a few AI-powered voice-generation providers are developing safeguards to prevent potential abuse. The FTC says there is an easy way to detect a family emergency scam to keep consumers safe. "Don't believe the voice. Call the person who allegedly contacted you to confirm the story. 

“Don’t trust the voice. Call the person who supposedly contacted you and verify the story. Use a phone number you know is theirs,” the FTC stated. “If you can’t reach your loved one, try to get in touch with them through another family member or their friends.”

Targeted victims should also consider asking the alleged family member in trouble a personal question about which the scammer is unaware.
Read more »
Russian intelligence
APT28 ChipMixer cryptocurrency cryptomixer Cyber Fraud Europol FBI German Police Homeland Securities Investigation Identity Theft Money Laundering Russian intelligence

ChipMixer: Cryptocurrency Mixer Taken Down After ‘Laundering $3bn in Cryptocurrency’


Darknet cryptocurrency mixer, ChipMixer has been shut down as a result of a sting conducted by Europol, the FBI, and German police, which investigated servers, and internet domains and seized $46 million worth of cryptocurrency. 

During the raid, it was discovered that wallets connected to North Korean cybercriminals and Russian intelligence services had evidence of digital currencies. 

The US criminal prosecutors have booked a Vietnamese man they claim to have run the service since its August 2017 creation. Potentially contaminated funds are gathered by mixers and sent at random to destination wallets. 

Minh Quoc Nguyen, 49, of Hanoi has been accused of money laundering, operating an unlicensed money-transmitting business, and identity theft. The FBI has included him on the wanted criminal list. 

Criminals laundering more than $700 million in bitcoin from wallets identified as stolen funds, including money taken by North Korean hackers from Axie Infinity's Ronin Bridge and Harmony's Horizon Bridge, were among the service's customers. 

It has also been reported that APT28, the Russian military intelligence, and Fancy Bear also utilized ChipMixer in order to buy infrastructure used from Kremlin Drovorub malware. Moreover, according to Europol, the Russian RaaS group LockBit was also a patron. 

ChipMixer joins a relatively small group of crypto mixers that have been shut down or approved, enabling criminals to conceal the source of the cryptocurrency obtained illegally. The list presently includes Blender.io, which was probably renamed and relaunched as Sinbad, and Tornado Cash, a favorite of cybercriminals that helped hackers launder more than $7 billion between 2019 and 2022. 

The Federal Criminal Police Office of Germany seized two ChipMixer back-end servers and more than $46 million in cryptocurrencies, while American investigators seized two web domains that pointed to the company. 

According to court documents, ChipMixer has enabled customers to deposit Bitcoin, which would then be mixed with other users’ Bitcoin in order to anonymize the currency. 

Court records state that ChipMixer allowed users to deposit Bitcoin, which was then combined with Bitcoin from other users to make the currency anonymous. But, this mixer took things a step further by converting the deposited money into tiny tokens with an equal value called "chips," which were then combined, further anonymizing the currencies and obscuring the blockchain trails of the funds. This feature of the platform is what attracted so many criminals. 

The domain now displays a seizure notice, stating: “This domain has been seized by the FBI in accordance with a seizure warrant.” 

“Together, with our international partners, we are firmly committed to identifying and investigating cybercriminals who pose a serious threat to our economic security by laundering billions of dollars’ worth of cryptocurrency under the misguided anonymity of the darknet,” adds Scott Brown, special agent in charge of Homeland Securities Investigations (HSI) Arizona.  

Read more »
Scam McAfee
Cyber Data Cyber Fraud Data Safety data security Fraud Scam McAfee

McAfee Invoice Fraud Email Pretending to be a Subscription Renewal Receipt

 

Readers should beware of clicking links in a McAfee invoice scam email that claims to be a "confirmation receipt" for the subscription renewal of the company's products. This email does not come from McAfee Corp. Email scams that use the names of antivirus and security companies are probably as old as the internet, but this particular one for McAfee apparently tried to combine two different threats into one: malware and phishing. 

Snopes reviewed one of the McAfee invoice scam emails. The subject line read, "Confirmation Receipt ID.6030955553." The following message came from an email address associated with uilsducoach.com, not the official company website mcafee.com:
  • Reassure your McAfee is up to date.
  • Check now as it may have ended.
  • Your subscription of McAfee for your computer may ended soon.
  • After the ending date has passed your computer will become susceptible to many different virus and threats.
  • Your PC might be unprotected, it can be exposed to viruses and other malware...
  • You are eligible for discount: -70%*
A malicious URL scanner scan of the links revealed that the email was "hosting malware" and contained a "phishing link."

The link started on an Amazon Web Services page. Vestingsupper.com was one of the redirects. More information was not available at the time this story was published. McAfee has previously published several articles about these types of scams, including details on what to do if you believe you've been a victim of one.

It's recommended, "if you accidentally enter data in a webpage linked to a suspicious email, perform a full malware scan on your device. Once the scan is complete, backup all of your files and change your passwords. Even if you only provided a phishing scammer with the data from one account, you may have also opened the door to other personal data, so it's important to change all the passwords you use online in the wake of a suspected phishing attack."

Malwarebytes and Norton are two other companies that are recommended for malware scans. If readers provided financial information to scammers, such as a credit card number, we recommend contacting that financial institution right away to notify them of the problem. To ensure that scammers do not use the compromised card in the future, a new credit card with a new number may need to be mailed to you in some cases.
Read more »
User Security
Cyber Fraud Email Fraud Psychological Tricks Scam User Privacy User Security

How Scammers Trap Businesses

 

With significant ramifications for South African businesses that have vulnerabilities in their payment systems, the growth in financial and accounting hacking through phishing and Business Email Compromise (BEC) has made headlines. 

However, strong financial controls combined with strong server, IT, and email monitoring processes aren't enough if staff aren't savvy to the psychological tricks scammers use to manipulate people, making them more susceptible to tricker and deception,says Ryan Mer, CEO at eftsure Africa, a Know Your Payee™ (KYP) platform provider. 

The idea that only gullible people are victims of payment fraud and cybercrime is hazardous because it breeds complacency among highly educated people who hold senior positions in organisations. Criminals that engage in paying are frequently highly talented, well-equipped, and knowledgeable enough about their field to pass for professionals, Mer added. 

Manipulating credibility and trust

In order to obtain information or persuade targets to act, con artists rely on human instincts to be kind, avoid conflict, and find quick and efficient solutions to problems. An attempt to gain the trust of a potential victim by posing as a well-known or reliable individual is a common modus operandi. Examples include a worker getting a letter from the finance director of a company telling them to make a quick payment to a vendor or an HR manager getting a nice email from a worker asking that their bank information be altered for payroll purposes.

According to Mer, “an employee’s desire to perform their duties swiftly and competently, especially for a trusted figure of authority, is manipulated by criminals who rely on an instruction being actioned without question for a scam to be successful. In such instances, only an automated system for detecting red flags in outbound payments can offer the level of protection organisations really need to counter human error.” 

Making use of urgency 

Despite scammers' increasing creativity, a tried-and-true strategy that hackers frequently use is making their victims feel as though something is urgent. According to Mer, phishing emails and business email compromise scams are made to increase the likelihood that employees will report a potential concern by coaxing them into doing so. Scammers entice victims into taking rapid action before they have time to stop and consider the actions they are taking. Establishing procedures that force employees to take their time and carefully review all actions involving payments is essential. 

Before granting an urgent request, one should exercise caution and carefully verify any abrupt changes in a customer's or supplier's business operations, such as the addition of a new point of contact or a change to their email address or banking information. Scammers frequently rely on the herd effect, in which individuals in organisations behave as their peers do. 

There is a chance that if one member of a team cooperates with a con artist, it could lead to similar deception of other team members. There is a chance that if one member of a team cooperates with a con artist, it could lead to similar deception of other team members. Even the most attentive teams can fall victim to sophisticated phishing and BEC scams, thus having sound business procedures and knowledgeable employees only goes so far in defending a company. 

Future threats

It is a moving target since cybercrime is always changing. South Africa ranked third globally in terms of the number of cybercrime victims, according to Interpol's most recent African Cyberthreat Assessment Report, which was published in 2021. The report estimated that the country's annual cost from cybercrime is an astounding R2.2 billion. For South African businesses, it is essential to maintain knowledge of the most recent scams and the methods used to carry them out. Moreover, independent third-party verification systems like eftsure can provide a much-needed additional layer of protection by automating payment checking and supplier verification, saving time on manual operations, and minimising human mistake.
Read more »
SVB Collapse
Bank customers BEC Attacks Cyber Fraud Phishing Attacks Silicon Valley Bank SVB SVB Collapse

SVB Collapse: An Attackers Paradise you Should Beware of


Lately, the Silicon Valley Bank has been closed down by the California Department of Finance Protection and Innovation. This was apparently the result of a bank run that followed the risk of insolvency and a stock crash. 

Customers of SVB will be able to access the insured portion of their deposits through the deposit insurance national bank, which has been established by the Federal Deposit Insurance Corporation, which has been designated as the receiver. 

Naturally, this problem is receiving a lot of attention. However, it is primarily concerned with the finances, namely what brought SVB to this point and what the risk is currently to the deposit owners. 

The Cyber Fraud Potential of the SVB Collapse 

In most effective cases of cyberattacks social engineering, deception, and fraud to take advantage of humans are used as bait, at least in part. According to IBM's Cost of Data Breach Study 2022, the initial attack vector is compromised credentials in around a third of cases. These credentials are typically acquired through phishing or other fraudulent activity. Business email compromise (BEC), on the other hand, is the second most lucrative assault method for organized cyber criminals. 

These attacks are most often fueled by chaos and confusion. Cybercriminals are well-organized and have a reputation for seizing openings. They now have a fantastic opportunity to target both current and past SVB consumers in addition to ex-SVB account holders. Customers of SVB are now easy targets for fraud and phishing campaigns. 

The fact that founders, CEOs, CFOs, and finance teams are currently dealing with uncertainty and a lack of information only serves to fuel the fire of attackers. When this happens, people tend to let their guard down and are more susceptible to being scammed by an email that contains any news (and preferably good news). Attacks like these can occur via email and other platforms catering to the founders and financial communities, such as forums and groups on Signal, Telegram, and WhatsApp. Everything becomes a potential point of assault. 

This type of social engineering, or other more conventional methods of gaining access, is merely a prelude to the primary effort we anticipate seeing: a sizable BEC campaign that takes advantage of the astronomical amount of account modifications already in progress. 

SVB account holders will provide their clients with their new account information for future wires when they shift their finances and activities to other banks over the coming weeks. Additionally, given the number of suppliers that businesses use in today's supply chains, finance departments will be inundated with demands to change these accounts. 

How can you Protect Yourself from SVB Related Attacks? 

Phishing campaigns, BEC, and similar attacks are all forms of fraud. They include some or the other kind of impersonation (most likely through a website, email, text message, Slack, or other messaging technologies), which entices victims to take action. Here, we are listing some ways through which one can protect themselves from SVB Related Attacks: 

  • Your awareness is your first line of protection against these assaults. Potential victims will remain more vigilant and be less likely to fall for such schemes if they are aware of the warning indicators to look for in these attacks. 
  • It is highly advised to mandate refresher phishing and BEC training for those who work directly for your business, including the founders, C-level executives, finance departments, customer success reps, etc. 
  • Ensure that your payment modification processes are reliable, and if necessary, add an additional layer of manual verification or signature—at least for the ensuing 30 to 60 days. It's crucial to ensure that no vendor you work with can update a bank account without making a real phone call and engaging in one-on-one communication. 
Moreover, it would be highly beneficial to set up additional monitoring of both account (phishing) and financial activities (BEC). In terms of phishing, be careful to increase the level of awareness of any prospective phishing assaults within your SOC. Pay close attention to failed multifactor authentication (MFA), unsuccessful login attempts, etc. Executive accounts and finance departments should be given extra attention because they are the most potential targets for these attacks.  

Read more »
Security
Cyber Fraud Data Data Safety phishing Security

Trezor Users: Target of a Major Cryptocurrency Wallet Phishing Campaign

 

Trezor users are being coerced into disclosing their seed phrases. A new phishing campaign targeting cryptocurrency hardware wallet firm Trezor has been discovered.

These wallets enable cryptocurrency users to keep their funds offline rather than in a "hot wallet" (a mobile or desktop app) or with a third party (an exchange, a custodial service, or a lending/borrowing firm). In comparison to the alternatives, hardware wallets, also known as "cold wallets," are widely regarded as a much safer way to store cryptocurrencies.

That also implies that anyone who is serious about cryptocurrencies (and has a significant amount) will most likely keep it in cold storage, making Trezor users an appealing target for cybercriminals.

"Securing" a compromised wallet

Trezor users began receiving SMS messages warning them of a "data breach" at the company and urging them to "secure" their devices immediately under this new campaign. The SMS message also includes a hyperlink that the victims should follow.

"Trezor Suite has recently endured a security breach, assume all your assets are vulnerable. Please follow the security procedure to secure your assets: [link]," the message reads. 

Anyone who clicks on the link will be directed to a bogus Trezor website with the message "Your assets may be at risk!" and a Start button where users can "secure" their assets. The recovery seed is entered as the first step in this process.

The recovery seed, which is typically a string of 12 or 24 words, is used to restore a wallet in the event that the old device is stolen or destroyed. Anyone with access to the seed phrase can restore the wallet and gain full control of the funds. If the victim enters this information into the phishing page, they are essentially giving the attackers complete access to their wallet, which they can then use to clear out any and all funds in the account.

Trezor was made aware of the new campaign and took to Twitter to warn its customers that it is being impersonated (opens in new tab) and that they should not fall for the ruse. The company also stated that it is not aware of any new data breaches, implying that the attackers obtained Trezor users' emails during the previous MailChimp incident.
Read more »
phishing
CAFC Cyber Fraud Cyber Scams Cyberattack Cybersecurity OPP phishing

Warnings About Scams, Tips for Avoiding Them

 


There have been several frauds and scams that have been presented on various platforms daily and the Ontario Provincial Police (OPP) and the Canadian Anti-Fraud Centre (CAFC) continue to promote awareness to reduce the incidents of community members being victimized by fraud and scams. 

A total of 90,377 fraud reports were received by the Canadian Anti-Fraud Centre (CAFC) in 2022, with losses reported totalling over $530 million as a result of fraud. As of February 2010, over 19,400 victims belonged to the identity theft and fraud category. Over 19,400 victims were victims of identity theft and fraud, while over 4,251 victims found themselves victims of investment fraud. 

Phishing: Recognizing the Signs

To steal your passwords, account details, or Social Security numbers, scammers use emails or text messages to intercept your information. It is possible that if they gain access to this information, they will be able to access your email, your bank, and other accounts. The scammers may also sell your information to other scammers to steal more money from you. The phishing attacks we see here are launched every day by scammers, and many of them succeed - which is why they are so common. 

Here are some common tactics used by scammers in emails or text messages that are phishing email and text messages and are often updated to keep up with the latest news or trends: 

Emails and texts that are phishing sell you a story to get you to click on a link. You can also open an attachment or click on one of their links. You can receive an unexpected email or text message from a company or source that appears to be a well-known or trusted company. Banks, credit card companies, utility companies, or other organizations can serve as reference points. 

What You Can do to Protect Yourself?

  • To protect your accounts, it is imperative to create strong passwords. 
  • The most effective way to ensure that someone cannot access your account without your permission is to set up multi-factor authentication. 
  • If you have any social network accounts linked to yours, make sure that your privacy settings are updated. 
  • If you plan to use one of the payment methods, you should familiarize yourself with their terms of service and how they work. Ensure that you have a policy that protects you from fraud. 
  • You should not accept money from a third party, nor should you send any money to them. A criminal offense is money laundering, and being involved in money laundering is a felony. 
  • It is imperative not to react automatically when something happens. You may want to spend five minutes asking more questions and listening to your instincts before making a decision. 
  • It is imperative to ask someone you trust if you feel something is amiss or does not seem right. 
  • You should stay up-to-date with the latest frauds and share what you know with others to help protect them. It is possible to cover the entire population of Canada with a chain of 25 people telling two people. 
  • If you have an issue with your call display, do not rely on it because it can be easily manipulated by someone else. 
  • If you are requested to provide information about personal or financial matters, please do not do so. 
  • An email or text message that you receive from an unknown sender may have an attachment or a link that you should not open. 
The Canadian Anti-Fraud Centre makes it easy to report incidents involving cybercrime and fraud, as well as file them online through their online reporting system or by calling them at 1-888-495-8501 if you suspect you have been the victim of either. Even though you have suffered fraud or cybercrime if you wish to report such crimes to the CAFC you must. This is regardless of whether you are a victim or not.
Read more »
Security
Cyber Fraud Data Fraud Research Safety Security

One-fifth of British Folks Have Fallen Victim to Online Fraudsters

 

As per F-Secure, millions of UK adults have been victims of digital scammers in the past, but a quarter has no security controls in place to safeguard their online activity. As part of a global Living Secure study into cybersecurity awareness and behavior, the Finnish security vendor polled 1000 Britons. 

It discovered that 19%, or approximately 12.6 million British citizens, had previously been duped by online fraud such as a phishing attack. According to F-Secure, the consequences of these incidents ranged from identity theft to data and password loss and even the theft of life savings. 

Despite spending an average of eight hours per day on the internet, a significant minority still do not protect themselves online, based on a report. One reason could be that many people are scared of the prospect: 60% of respondents said cybersecurity is too complicated.

The report also emphasized a disparity in respondents' attitudes and awareness. While more than three-quarters (77%) said they could spot a scam, nearly two-thirds said they are concerned about their own and their families' online safety, and half (48%) said they have no idea if their devices are secure or not.

According to the FBI, phishing was the most common type of cybercrime in 2021, with identity theft, romance fraud, tech support scams, and investment fraud also ranking among the top ten.

“Our research has highlighted a clear disconnect between what we do online and how vulnerable we feel online, versus the concrete actions we take to reduce that vulnerability,” argued F-Secure CEO, Timo Laaksonen.

“Despite many Britons often feeling unsafe online they still aren’t putting adequate security measures in place. In the physical world you wouldn’t willingly give out passwords and personal data to strangers, so why go online and do it, and risk being a target for online criminals?”

According to the same report, investment and romance fraud cost cybercriminals a total of $2.4 billion that year. The conclusions of the F-Secure report appear to indicate a risk for businesses if employees exhibit the same low levels of security awareness in the workplace as they do at home.
Read more »
User Security
Adware Cyber Fraud Cyber Scam Internet Fraud threat report User Security

Internet Users are Inundated With Adware and False Advise Frauds Thanks to Hackers

 


Avast, a leading provider of cybersecurity software, has released its Q4 2022 Threat Report, which closely examines the kinds of scams that prey on unsuspecting consumers. 

One of the most well-known scam types was social engineering, which highlights the human error, as well as techniques for refund and invoice fraud and purported tech support scams. Like in prior quarters, lottery-related adware campaigns were still widely used. In addition to scams, the business identified two zero-day exploits in Chrome and Windows, which have since been patched, underscoring consumers' need to maintain software updates. 

Widespread email fraud 

Jakub Kroustek, Director of Avast Virus Research, argued that hackers attribute a significant percentage of their success to human nature, which causes us to react with urgency, anxiety, and a desire to recover control of situations.

According to Kroustek, "at the end of 2022, we witnessed an increase in human-centered threats, such as scams tricking people into thinking their computer is infected, or that they have been charged for goods they didn’t order. It’s human nature to react to urgency, and fear and try to regain control of issues, and that’s where cybercriminals succeed.

When people face surprising pop-up messages or emails, we recommend they stay calm and take a moment to think before they act. Threats are so ubiquitous today that it’s hard for consumers to keep up. It is our mission to help protect people by detecting threats and alerting users before they can do any harm, using the latest AI-based technology.”

During the latter months of 2022 running up to Christmas, an alarming rise in the refund and invoice fraud was observed, with duped victims giving hostile actors access to their screens and online banking. Uncertain individuals may prefer to go directly to the platform's website and use a number they are sure of rather than dialing the number on the scam email. 

Along with the Arkei information stealer, which showed a startling 437% growth, other lottery-style popups and other sources of data theft also occurred. Among other places, Arkei is renowned for stealing data from autofill forms in browsers. Two zero-day vulnerabilities have also been discovered in Windows and Google Chrome. According to Avast, the risk to users was reduced because both businesses were alerted and responded quickly.
Read more »
Økokrim
Axie Infinity Hack Crypto heist Crypto Theft cryptocurrency Cyber Fraud Norwegian Authority Økokrim

Norwegian Authority Recovers Crypto Stolen in the North Korea Based Axie Heist


Civil authorities in Norway have announced this Thursday that they have recovered $5.9 million worth cryptocurrency. This enormous amount of crypto was apparently stolen in the Axie Infinity hack, largely believed to have been caused by the Lazarus Group, which as its ties to North Korea. 

According to the Norwegian National Authority of Investigation and Prosecution of Economic and Environmental Crime (Økokrim), this seizure is the largest-ever cryptocurrency-related money seizure ever made by Norway. 

"Økokrim are experts at following the money. This case shows that we are also good at following the money on the blockchain even though criminals use advanced techniques to avoid detection," says Marianne Bender, a senior public prosecutor. 

The firm added that that it would work in collaboration with Sky Mavis, owner of Axie Infinity game in order to get the funds back to its victims. 

Axie Infinity gives players the chance to win Ethereum. Its "flagship offering," according to Sky Mavis, is the "#1 game on Ethereum by daily, weekly, and monthly active players. 

Attackers who had access to five out of the nine private keys used by the transaction validators for Ronin Network, the Ethereum-based DeFi decentralized finance platform utilized by Sky Mavis, were able to steal $620 million in March 2022. The game, publisher describes its Ronin side chain as "a tool that allows game developers to deliver the benefits of blockchain to their players without any of the complications.

"Upon gaining access to the organization, the attackers approved cryptocurrency transactions and started promptly transferring the funds through the Ethereum-based cryptocurrency mixer Tornado Cash, which is currently the target of US sanctions. In September 2022, around $30 million worth of illicit proceeds were discovered and seized by US officials. 

The FBI and Økokrim allegedly collaborated to recover an additional $5.9 million. "This is money that can be used to finance the North Korean regime and their nuclear weapons program. It has therefore been important to trace the cryptocurrency and try to stop the assets from being converted into regular currency," explained Bender. 

More Crypto Comeuppance 

Cryptocurrency thieves with ties to the Korean peninsula had a tough day on Thursday. The same day, Terraform Labs and its wanted fugitive chief, South Korean national Do Kwon, were accused of scamming investors by the US Securities and Exchange Commission (SEC). 

"We allege that Terraform and Do Kwon failed to provide the public with full, fair, and truthful disclosure as required for a host of crypto asset securities, most notably for LUNA and Terra USD[…]We also allege that they committed fraud by repeating false and misleading statements to build trust before causing devastating losses for investors," says SEC chairman Gary Gensler. 

Moreover, the collapse of Terraform Labs' TerraUSD “stablecoin” and linked “Luna” tokens sparked the so called “crypto winter.” Since the cryptocurrency's value was tied to the US dollar, the crash was portrayed as being impossibly unlikely. But, that was not the case, and as a result, a lot of investors lost a loads of money. 

Apparently, Kwon has fled with the last known address in Singapore. While, the city-state claims he left the island in September 2022. His passport was revoked by the South Korean government and he has since been added to Interpol's Red Notice list. 

While this is going on, Terraform Labs continues announcing new findings as if it had not nearly brought about the end of the world. With its TerraLuna ecosystem, it introduced a decentralized automation layer function yesterday.  

Read more »
Social Media
Cyber Fraud Dark Web Data Safety Security Social Media

Whizcase Study: How $6 Can Buy Compromised Social Media & Streaming Accounts From the Dark Web?

 

The latest Whizcase review reveals that watching the latest film or Netflix series is more affordable than ever, with $100 buying a complete suite of hacked accounts on the Dark Web. Social media accounts are the most abundantly available, with darknet markets overflowing with hacked social media profiles selling for as little as $6 per hacked account. 

According to the report, there is a thriving market for hacked entertainment service accounts: 
  • LinkedIn account: $45
  • Facebook account: $14
  • Instagram account: $12
  • Discord account: $12
  • Snapchat account: $12
  • TikTok account: $6
The majority of these are obtained through social engineering or phishing campaigns after hackers have compromised users' registration email addresses. These accounts are typically linked to their original owners' payment processing solution, which hackers frequently compromise. The original owners have been locked out of these accounts and are unable to unlink their credit card information from them. In these cases, the only option is to cancel the attached credit or debit card.

Whizcase revealed that a hacked account from any major social media network could be purchased for $127. The cheapest is Reddit, which costs $6, and the most expensive is an Instagram account, which costs $12. LinkedIn was the most expensive social profile, costing $45.

When it comes to communication methods, hacked Gmail accounts are the most expensive, costing $45 each. This comes as no surprise given that most businesses use Gmail on a daily basis. Accounts for WhatsApp, Skype, and Telegram range from $18 to $8.

This opens the door for cybercriminals to use these accounts to reset passwords used by their original owners to sign up for various services. This could include both financial and payment accounts. According to the review, many hackers use compromised accounts to run "sophisticated bot farms" for manipulating social media engagement. The advantage is that the manipulation campaigns are much more difficult for social networks to detect.

Purchasing social media engagement is also extremely inexpensive. For only $25, one could purchase 1,000 Twitter retweets from what appeared to be legitimate accounts. Just $8 will get you 1,000 Facebook likes on a page or post. You can select the country of origin for the Likes or retweets for a few dollars more. This demonstrates the importance of exercising caution when looking at popular or highly engaging things on social media. 

Keeping social media and entertainment software accounts secure, as per Whizcase, reduces social disruption, identity fraud, and outright theft. Otherwise, cybercriminals can utilize cybercrime exploits or social media campaigns to disseminate false information, defraud or rob others of money or gaming tokens, or even embezzle their identity.
Read more »
User Security
Credentials Harvesting Cyber Fraud Fake Job Ads North Korean Hackers United States User Security

North Korean Hackers Target Crypto Users with Phony Job Offers

 

In an effort to commit cryptocurrency heists, North Korean hackers are exhibiting a "startup mentality," according to a report released on Wednesday by cybersecurity company Proofpoint. 

The Sunnyvale, California-based company claimed that in December, a group they call TA444, which is similar to the notorious hacking gang Lazarus, unleashed a massive wave of phishing assaults against the banking, education, government, and healthcare sectors in the United States and Canada. 

The group's emails adopted strategies that were distinct from the methods researchers had previously connected them with, such as attempts to obtain users' passwords and login information. 

According to the study, "this extensive credential harvesting operation is a variation from standard TA444 activities, which normally include the direct deployment of malware." 

The hackers generated information like job offers and salary modifications to entice targets and employed email marketing tools to get through phishing systems. In addition, they used LinkedIn, a social networking site, to communicate with victims before sending them links to malware, the report further reads. 

According to Proofpoint, the spam wave in December nearly doubled the number of emails the group sent over the whole year.

TA444 has a "startup attitude," according to Greg Lesnewich, senior threat researcher at Proofpoint, and is "trying a variety of infection chains to help grow its revenue streams." 

He claimed that the threat actor "embraces social media as part of their M.O. and quickly ideas new attack tactics." By bringing in movable money, TA444 "leads North Korea's cashflow generation for the leadership." 

North Korea, which is still subject to strict international sanctions, has grown more dependent on cybercrime to fund its illegal weapons programme. 

The astonishing heist of more than $600 million in bitcoin from an online video game network in March was perpetrated by a group with ties to Pyongyang, according to the FBI. 

On Monday, the FBI also declared that the Lazarus Group was in charge of a $100 million theft from Horizon Bridge, a cryptocurrency transfer service run by the American Harmony blockchain, in June. North Korea has stolen bitcoin assets worth $1.2 billion worldwide since 2017, with the majority of that value coming in 2022, as per South Korea's National Intelligence Service, which made the revelation last month. 

The spy service forewarned that Pyongyang was likely to speed up its efforts this year to obtain vital defence and intelligence technology from the South.
Read more »
User Privacy
Credit Card Fraud Cyber Criminal Cyber Fraud Dark Web US User Privacy

US Criminals Responsible for Widespread Credit Card Fraud

 

In a case that sounds like a script, US criminals stole more than $1 million by using hundreds of credit cards that were advertised for sale on the dark web. A portion of the details surrounding this complex criminal enterprise have become public after a federal indictment by the U.S. Department of Justice.

The defendant in the case of United States v. Trevor Osagie admitted to planning to steal credit card data between 2015 and 2018. Osagie worked with a gang of robbers to cause damages totaling more than $1.5 million. 

At least 4,000 people were affected. Osagie could be sentenced to up to 30 years in prison and must pay a $1 million fine, according to Bleeping Computer. May 25, 2023, has been designated as the judgement date. The top search engines do not index the websites and services found on the dark web, and only obscure methods are used to access them. The dark web isn't always used for illegal activities, but because of its encryption and anonymity, criminals are drawn to it. 

Using the dark web, Osagie was able to recruit and supervise additional conspirators who played different roles in the fraud. Hamilton Eromosele is charged with leading a criminal organisation that used social media to identify "employees" who would use stolen credit cards to make expensive purchases.

Ismael Aidara then opened fake bank accounts and credit cards while Malik Ajala provided the stolen card information. There are six additional characters in this story, all of whom went to the US to participate in any activity requiring their actual presence. The indictment's namesakes all entered guilty pleas, demonstrating the prosecution's strong case. 

This is what happened. Members of this criminal network received the information after it had purchased flights to the United States, rentals, and lodging using stolen credit and debit card information from the dark web. As the shopping spree continued, expensive items and gift cards would be purchased. 

Social media promoted travel and enormous profits alongside the "workers" who travelled and purchased items for other group members. A portion of the funds were given to the criminal organisation. The police caught the criminals after a chaotic three-year rampage.
Read more »
Scammers
Cyber Fraud Fraud Pig Butchering Scam Scammers

Pig Butchering Scam: Here's Everything you Need to Know

 

Criminals make billions of dollars via digital tricks including romance scams and business email hacks. And they always begin with a small amount of "social engineering" to deceive a victim into taking an unfavourable action, like transferring money into thin air or placing their faith in someone they shouldn't. These days, a new form of these schemes known as "pig butchering" is on the rise, entangling unwary victims to take all of their money and functioning on a big scale in large part due to forced labour. 

Due to a technique where attackers effectively fatten victims up and then take everything they have, pig butchering scams began in China, where they are known by the Chinese name shzhpán. The majority of these schemes use cryptocurrencies, however they can also incorporate other forms of financial trading.

Scammers use SMS texting or other social networking, dating, and communication platforms to make cold calls to potential victims. They frequently just greet you and say something like, "Hey Josh, it was great catching up last week!" The scammer takes advantage of the opportunity to start a discussion and lead the victim to believe they have a new friend if the recipient responds by saying that the attacker has the wrong number. After building a connection, the assailant will mention that they have been successful in investing in cryptocurrencies and urge the target to do the same while they still have the chance.

The scammer then installs a malicious app or web platform on the target that appears trustworthy and may even impersonate the platforms of legitimate financial institutions. Once inside the portal, victims are frequently presented with curated real-time market data designed to demonstrate the investment's potential. And, once the target has funded their "investment account," they can begin to watch their balance "grow." The creation of malicious financial platforms that appear legitimate and refined is a hallmark of pig butchering scams, as are other touches that add verisimilitude, such as allowing victims to make a video call with their new "friend" or withdraw a small amount of money from the platform to reassure them. The latter is a strategy used by scammers in traditional settings.

The swindle has some new twists, but you can see where it's going. The attackers close the account and disappear once the victim has deposited all of their money and everything the scammers can get them to borrow.

“That’s the whole pig butchering thing—they are going for the whole hog,” says Sean Gallagher, a senior threat researcher at the security firm Sophos who has been tracking pig butchering as it has emerged over the past three years. “They go after people who are vulnerable. Some of the victims are people who have had long-term health problems, who are older, people who feel isolated. They want to get every last bit of oink, and they are persistent.” 

Though carrying out pig butchering scams requires a significant amount of communication and relationship building with victims over time, researchers claim that crime syndicates in China developed scripts and playbooks that allowed them to offload the work at scale onto inexperienced scammers or even forced laborer's who are victims of human trafficking.

“We can already see the damage and the human cost both to scam victims and to forced laborers,” says Michael Roberts, a longtime digital forensic analyst who has been working with victims of pig butchering attacks. “That’s why we need to start educating people about this threat so we can disrupt the cycle and reduce the demand for these kidnappings and forced labor.”

The idea is similar to ransomware attacks and digital extortion, in which law enforcement encourages victims not to pay hackers' ransom demands in order to disincentive them from trying again.

Although the Chinese government began cracking down on cryptocurrency scams in 2021, criminals were able to relocate their pig butchering operations to Southeast Asian countries such as Cambodia, Laos, Malaysia, and Indonesia. Governments all over the world have been warning about the threat. The FBI's Internet Crime Complaint Center received over 4,300 submissions related to pig butchering scams in 2021, totaling $429 million in losses. In addition, the US Department of Justice announced at the end of November that it had seized seven domain names used in pig butchering scams in 2022.

“In this scheme, fraudsters, posing as highly successful traders in cryptocurrency, entice victims to make purported investments in cryptocurrency providing fictitious returns to encourage additional investments,” the FBI stated in an October alert.

Government officials and researchers emphasize the importance of public education in preventing people from becoming victims of pig butchering schemes. People are less likely to be taken in if they recognize the warning signs and understand the concepts underlying the scams. The challenge, they say, is reaching out to a larger audience and convincing people who learn about pig butchering to share their knowledge with others in their families and social circles.

According to researchers, pig butchering scams, like romance scams and other highly personal and exploitative attacks, take an enormous psychological toll on victims in addition to their financial toll. And the use of forced labor to carry out pig butchering schemes adds another layer of trauma to the situation, making it even more crucial to address the threat.

“Some of the stories you hear from victims—it eats you up,” says Ronnie Tokazowski, a longtime business email compromise and pig butchering researcher and principal threat advisor at the cybersecurity firm Cofense. “It eats you up really freaking bad.”
Read more »
User Security
Banking scam Cyber Fraud Payment Fraud UK Consumers User Privacy User Security

Beware of These Five Banking and Payment Frauds in 2023

 

UK consumers are being cautioned by Which? money watchdog experts as con artists continue to take advantage of the rising cost of living. The top five banking and payment scams to avoid in the new year have been disclosed. 

With household finances being squeezed owing to inflation, skyrocketing energy bills, and rising food prices, the last thing anyone needs is to be duped. Sadly, though, it's a golden opportunity for heartless con artists, who profit from folks looking for a deal. 

"Scammers are relentless when it comes to wanting our personal information and ultimately our money. And while their tactics will no doubt continue to evolve, we think these scams are the main ones to watch out for,” said Jenny Ross, Which? Money Editor. 

“Banks will never ask you for personal information, nor will they try to hurry you into making a decision. If this happens to you - whether by text, email, or over the phone, step back and think about what they’re asking. If it looks too good to be true, it usually is." 

Here are the five banking and payment scams that Brit consumers should look out for: 

1. Requests for money mules 

Intentionally or unintentionally allowing a criminal to use their bank account to transfer stolen funds is known as a "money mule request." These will frequently show up in targeted emails or social media posts. In its most recent fraud report, the banking industry association UK Finance noted a considerable rise in online user-generated posts inviting people to sign up to become money mules. 

Money mule tactics include getting people to apply for credit or bank cards on someone else's behalf, sending money "in error" that they are then requested to return to a separate bank account, and persuading people to move money given to their account in exchange for a fee. 

2. "Shoulder surfing" and credit card fraud 

Although a sizable part of the fraud is committed online, customers must continue to be on the lookout for "offline" crimes like card theft and retail fraud. 

According to data from UK Finance, losses from contactless and face-to-face card theft at retail stores totaled £33.6 million in the first half of this year, an increase of 72% over the same period last year. Fraudsters will "shoulder surf," which is when they watch victims as they input their PIN number or entrapment tools like PIN pad cameras at ATMs. 

During the same time frame, incidents of credit and debit card ID theft more than doubled, with associated losses rising by 86% to a total of £21.4 million. In order to apply for a card in the victim's name or take over their existing account, scammers who steal cards will use the information to fake paperwork. 

3. Malicious apps 

Consumers are advised by experts to be on the lookout for any strange activity in their financial accounts and personal credit reports and to alert their banks right away. The majority of banks provide free text or email alerts for balance and payments. Use ATMs inside bank branches whenever possible as they are less likely to have been tampered with. 

This additional layer of security is well-known to fraudsters. At the start of this year, Pradeo researchers at a mobile security company found a bogus app called "2FA Authenticator" on Google Play that had been downloaded more than 10,000 times before it was taken down. The virus known as "2FA Authenticator" stealthily installed on victims' devices disabled system security checks and collected their banking login information. 

The safest sites to download apps continue to be official stores like Apple's App Store and Google Play Store, but caution is still advised. Read reviews of the app and the person who created it because they may provide information regarding its reliability. Never click an unsolicited link in an advertisement, email, or text message, and always look at the "app permissions" before downloading an item. 

4. Fake impersonation 

A classic fraud strategy involves imitating real businesses, notably banks, or "spoofing" them. A recent Which? investigation discovered that six major banks' phone numbers were susceptible to spoofing. 

In order to speak with them about a problem, such as a suspicious payment, scammers conducted automated "robocalls" with pre-recorded phrases urging victims to hit digits on the keypad. 

Criminal groups frequently have personal information about victims, which makes the fraud seem more legitimate. Another technique used by con artists to get victims to click on websites that initially seem real is the use of fake texts. They seek access to the victim's personal information or money sent to a "secure account" under their control. 

According to security experts, never rely on the Caller ID that appears when you receive a call. Also, keep in mind that banks will never request your personal information over the phone. 

5. Online shopping fraud 

Scammers primarily spend money on false or deceptive advertisements on search engines and social media, frequently promising reduced costs for pricey things like mobile phones or laptops. 

According to UK Finance statistics, Authorized Push Payment fraud involving purchases was the most prevalent in the first half of 2022. These can be challenging to identify because some scammers do an excellent job imitating well-known retailers' websites. 

However, there are frequently some telltale indicators of fraudulent websites, such as grammatical problems in the "About Us" part or a missing or insufficient "Contact" page. While it may be tempting to grab a deal, it is best to stick with reputable merchants. Bank transfer payments are less secure than credit card payments.
Read more »
European Court of Justice
Amazon Christian Louboutin Cyber Fraud EU European Court of Justice

Amazon Could be Responsible for Fake Louboutin Shoe Advertisements


Online retailer Amazon may be deemed accountable for breaching luxury footwear brand Christian Louboutin’s EU trademark rights. 

According to the European Court of Justice's preliminary ruling in the case, third-party dealers were found to be advertising counterfeit red-soled stilettos on Amazon, without Louboutin's permission. 

The case came to light when the French designer filed lawsuits against Amazon in Belgium and Luxembourg, claiming that he did not authorize these products to be put on the market. 

Louboutin’s signature red-soled stilettos are apparently registered as a trademark within the EU and Benelux trademark. 

The top court of the EU stated that customers could be misled into believing that Amazon is selling shoes on behalf of Louboutin when, for example, Amazon places its logo on the ads of third-party sellers and stores and ships the products. 

“These circumstances may indeed make a clear distinction difficult, and give the impression to the normally informed and reasonably attentive user that it is Amazon that markets — in its own name and on its own behalf,” the court stated. The luxury brand says that the court’s decision is “a victory for the protection of its know-how and creativity.” 

“It initiated these proceedings to obtain recognition of Amazon’s responsibility for the offering for sale of counterfeit products on its platforms by third parties. It also brought this case to encourage Amazon to play a more direct role in the fight against counterfeiting on its platforms,” Maison Louboutin said in a statement. 

The EU court came to the conclusion that it is now up to the local governments in Belgium and Luxembourg to decide whether consumers of the online marketplace have believed that Amazon itself was running the advertising rather than third-party vendors.  

Read more »
Theft
Credentials Cyber Fraud Fraud Safety Scammers Scams Security Theft

How to Prevent Corporate Login Credential Theft?

 

Expenditure on enterprise cybersecurity is growing rapidly. According to the most recent estimates, the average figure for 2021 will be more than $5 million. Despite this, US organizations reported a record number of data breaches in the same year. 

So, what's the problem? Static passwords, user errors, and phishing attacks continue to undermine security efforts. Threat actors benefit greatly from easy access to credentials. And user training alone will not be enough to restore the balance. A strong credential management strategy is also required, with multiple layers of protection to ensure credentials do not fall into the wrong hands.

During the first half of this year, nearly half of all reported breaches involved stolen credentials. Once obtained, these credentials allow threat actors to disguise themselves as legitimate users in order to deploy malware or ransomware or move laterally through corporate networks. Extortion, data theft, intelligence gathering, and business email compromise (BEC) can all be carried out by attackers, with potentially huge financial and reputational consequences. Breaches caused by stolen or compromised credentials cost an average of $4.5 million in 2021, and they are more difficult to detect and contain (327 days).

It may come as no surprise that the cybercrime underground is rife with stolen credentials. In fact, 24 billion were in circulation in 2021, a 65% increase over 2020. Poor password management is one factor.  Since password reuse is common, these credential hauls can be fed into automated software to unlock additional accounts across the web, a technique known as credential stuffing. They are quickly put to use once they are in the hands of hackers. 

As per one study, cybercriminals gained access to almost a quarter (23%) of accounts immediately after the compromise, most likely through automated tools designed to quickly validate the credibility of the stolen credential.

Phishing is a particularly serious enterprise threat that is becoming more sophisticated. Unlike the error-ridden spam of yesteryear, some efforts appear so genuine that even a seasoned pro would have difficulty detecting them. Corporate logos and typefaces are accurately reproduced. Domains may use typosquatting to appear identical to legitimate domains at first glance.

They may even use internationalized domain names (IDNs) to imitate legitimate domains by replacing Roman alphabet letters with lookalikes from non-Latin alphabets. This enables fraudsters to register phishing domains that look exactly like the original.

The same holds true for the phishing pages that cybercriminals direct employees to. These pages are intended to be convincing. URLs will frequently use the same tactics mentioned above, such as letter substitution. They also intend to imitate logos and fonts. These techniques make pages appear to be the "real deal." To trick users, some login pages display fake URL bars that display the real website address. This is why you can't expect employees to know which sites are legitimate and which are attempting to dupe them.

This means that user awareness programs must be updated on a regular basis to account for specific hybrid-working risks as well as constantly changing phishing tactics. Short, bite-sized lessons with real-world simulation exercises are required. Creating a culture in which reporting attempted scams is encouraged is also important.

But be aware that there is no silver bullet, and user education alone will not reliably prevent credential theft. Bad actors only need to be fortunate once. And there are numerous ways for them to contact their victims, including email, social media, and messaging apps. It is unrealistic to expect every user to detect and report these attempts. Education must use technology and solid processes.

Credential management should be approached in layers by organizations. The goal is to reduce the number of sites where users must enter passwords. Single sign-on (SSO) should be implemented by organizations for all reputable necessary work applications and websites. SSO should be supported by all SaaS providers.

In the meantime, a password manager would be useful if there are logins that require different credentials. This also allows employees to determine whether a login page can be trusted, as the password manager will not provide credentials for a site it does not recognize. To secure logins, organizations should also enable multi-factor authentication (MFA).

FIDO2 is also gaining popularity. It will provide a more robust solution than traditional authenticator apps, though those apps will still be superior to text-message codes. Not everything is foolproof, and risky login pages may slip through the cracks. Employees should only be flagged for risky login pages as a last resort. 

This can be accomplished by analyzing threat intelligence metrics, webpage similarities, domain age, and how users arrived at a log in page in real-time. This rating can then be used to either block high-risk login pages or warn users to check again for less-risky ones. Importantly, because this technology only intervenes at the last second, security appears transparent to the user and does not make them feel watched.

A layered approach to credential management, when combined with an architectural approach to security across the entire stack, can help reduce the attack surface and mitigate risk from an entire class of threat.
Read more »
Subscribe to: Posts (Atom)