Search This Blog
Load More
Trendy Right Now

Popular Posts

Showing posts with label Cybersecurity. Show all posts
Youtube
Android Cyberattacks Cybersecurity DogeRAT iOS malware Netflix. Instagram Passwords Ransomware Social Media Youtube

Unveiling DogeRAT: The Malware Exploiting Counterfeit Netflix, Instagram, and YouTube

 


In a recent study, Indian analysts discovered a powerful malware known as DogeRAT. This malware infects several devices and targets a wide range of industries.

Social media apps spread this malicious software by pretending to be popular Android applications such as YouTube, Netflix, Instagram, and Opera Mini.  The operators of DogeRat are running a malicious campaign in which hackers try to steal information from victims, including banking details. They are also trying to control their devices to harm them. 

In this digital era, smartphones have become an integral part of our everyday lives. With the help of a few taps on the screen, it is possible to perform multiple tasks on the device. Even though smartphones are becoming more popular, many people are still unaware of the dangers lurking online. 

Furthermore, cybercriminals are continually devising innovative tactics to deceive even the smartest and most tech-savvy individuals when it comes to cybercrime. A number of these criminals have created dangerous counterfeit apps that mimic popular brands' logos, typefaces, and interfaces, creating worrisome counterfeit versions of popular apps. 

False applications, such as these, are loaded with malware designed to steal sensitive information about users. It has been reported that DogeRAT malware has been disguised to appear as legitimate mobile applications, such as a game, productivity tools, or entertainment apps, including Netflix, YouTube, and so on. It is disseminated through social networking sites and messaging apps, such as Telegram, where it is distributed. 

It is a new Android virus that infects Android smartphones and tablets using open-source software to spy on businesses and steal sensitive data such as financial information and personal information. 

When malware is installed on a victim's device, it has the potential to steal sensitive information, including contacts, messages, and other personal information. Even when a device has been infected, hackers can even gain remote access to the device, which can then be used to conduct malicious activities, such as spam messages, payments that are not authorized, modifying files, viewing call records, and even taking photos using the infected device's rear and front cameras. 

In addition to the modified Remote Access Trojans (RATs), they are now repurposing malicious apps and distributing them to spread their scams. It is not only cost-effective and simple to set up these campaigns, but they also result in significant profits because they only take a bit of time to execute. 

A guide to protecting against malware threats

In the past few months, malware attacks have been noticeable, even though they are not novel. To protect your device from malware, being aware of and precautionary against the latest threats is essential. 

Depending on the device you use, you need to consider some points to protect your device's data and your personal information from malware attacks, such as:

There are warnings about links and attachments that could contain malware or lead to malicious websites, so be careful about which links and attachments you open. 

The most effective defense against malware is to keep your software updated. Update your operating system and applications regularly to ensure security vulnerabilities are protected. 

Make sure your security solutions are reliable. Buy antivirus tools to protect your computer from malware and other threats. 

Do not click on links or open attachments in emails that seem too unbelievable to be true or suspicious: Be aware of suspicious messages and offers, and take precautions to avoid clicking on them. 

You need to become familiar with malware to protect yourself against cyberattacks, so you need to learn about some common attack techniques.   

Taking proactive measures and exercising caution are the most effective ways for individuals to combat this threat effectively, so using precaution is imperative. It is necessary to source applications exclusively from trusted and verified platforms and conduct in-depth authentication of developers and maintain vigilance regarding suspicious links, emails, and messages to ensure such elements are avoided.

To ensure overall security, it is essential to keep up to date with device updates, operating system upgrades, and antivirus software updates as often as possible. 

Moreover, it is strongly recommended that cyber-security practices are implemented, including utilizing strong passwords and enabling two-factor authentication as well as implementing strong and unique passwords. 

Users can significantly reduce their susceptibility to malware such as 'DogeRAT' by staying informed about emerging cybersecurity threats. This is done by consistently applying these precautionary measures to protect themselves from cyber threats.
Read more »
UK Government
Apple Cybersecurity iOS Music Industry Music Streaming Royalty Spotify Technology UK Government

Music Streaming Royalties To Be Examined by The UK Government

 


Since the early days of the music industry, musicians, writers, and other creatives have spoken out about the unfairness of royalty share payments. This is when their works are played on Spotify and Apple Music. There will be a discussion of these issues within the government after an investigation was conducted in 2019. 

To investigate suggestions that the music streaming industry is not remunerated fairly for artists, the government is investigating the streaming industry. Musicians and artists are worried that they are not receiving as much money as record labels when their tracks are played on streaming services like Spotify, as there are concerns that their tracks may be stolen. 

It is essential to provide high-quality metadata for a track in the era of digital music to ensure that the people who contributed to the creation of a track are accurately credited and compensated. This is the most effective way to ensure music makers are properly credited. The metadata for songwriters and their works, however, lacks precision and completeness. It is often out of date or incomplete, especially regarding specifics. In some cases, insufficient or incorrect metadata can cause a significant delay in creators' payment for the use of their work. In some cases, no payment to the creators at all. 

There have recently been meetings brought together by experts from across the UK music industry. These meetings were to develop positive steps for improving music metadata for everyone involved. 

Despite many aspects of metadata provision working well, and positive steps taken by several industry participants to improve it, there are still significant challenges to be overcome in several areas. To achieve this, it is essential that data is collected from creators promptly and that industry-standard identifiers are adopted and made accessible, particularly regarding metadata associated with work and songwriters. This is especially true of the links between sound recordings and musical works. 

The report has also stated that there have been reports that session musicians have not been paid for streams. This issue will be investigated by a working group of industry representatives tasked with looking into these concerns. There has been an investigation by the government into streaming music since 2019, and an imbalance in royalties was discussed in 2021 as the cause of the investigation. 

A member of the Digital, Culture, Media, and Sport (DCMS) Select Committee, who is investigating the music industry on behalf of the government, has said that she considers this a "welcome step towards understanding the frustrations of musicians and songwriters whose pay often falls below a fair level." 

Despite this, she added, the talk shop should produce concrete change and not just an opportunity for "talking heads to talk". Nile Rodgers, a guitarist, producer, and songwriter who helped create the music for the film Goodfellas, will be addressing the government in 2020. Among the royalties record labels receive as a result of streaming services, he said that they should keep up to 82% of the proceeds.

Earlier this year, Sir John Whittingdale, the minister for creative industries, described the project as a way of offering the UK an "enriching career opportunity".

As he went on to say, "This exceptional agreement on streaming metadata is an important step forward in making sure the contributions and creativity of UK musicians in the digital age are considered and fairly compensated for their contributions and creativity." 

Former chief economist at Spotify, Will Page, said music business officials are at the moment debating the way the money is being allocated in the industry. According to Page, if artists get to receive even 1% of what is generated in the United Kingdom through streams, they are also entitled to receive any cash generated there. 

A certain amount is not paid to the artist every time a song is heard on Spotify, because the artist is not paid a certain amount per instance that the song is played. 

Depending on the way the music is streamed and the rights that are held by labels or distributors, royalties that artists receive may differ depending on the agreement they have with the label or distributor or the way their music is distributed. 

To conclude, the UK government's decision to investigate streaming royalties for music is a great step forward in the direction of resolving long-standing issues regarding the streaming of music. 

As a result of digital streaming platforms, how music is consumed has changed greatly in recent years. However, it has also brought forth several challenges, especially when it comes to fair compensation for songwriters and artists who work on those platforms. 

With the government's initiative to examine streaming royalties, the government recognizes that right now, in this rapidly evolving landscape, it is critical to ensure that revenues are distributed more equitably. Record labels and streaming platforms have been criticized for disproportionately benefitting from the current royalty model, which is described as a rip-off. A songwriter or artist who is creating a song may receive minimal compensation for their work, while the artists receive no compensation at all. 

Taking this action by the UK government is a strong statement that the government is listening to the concerns of artists, songwriters, and musicians. It also states that their concerns are addressed. Throughout the document, all parties involved in the music industry are urged to create an ecosystem that supports sustainable and fair business. This is where everyone can survive and thrive. 

As part of the investigation, existing legislation on music streaming royalties will likely be examined in detail. In addition, license agreements and the dynamics of power between stakeholders and the industry.

Furthermore, the company might also explore alternative models, such as user-centric payment systems. These systems aim to ensure that royalties are distributed directly based on an individual user's listening habits, rather than pooling their revenues and distributing them randomly to each user.

It is anticipated that the outcome of this investigation will ultimately lead to reshaping the music industry in a way that is more transparent and equitable for artists and songwriters while also creating a more competitive environment for them. If there were reforms to reflect the value of creative work and to provide artists with more sustainable income streams resulting from that, that would be of great benefit to all. 

No doubt finding a solution to this complex issue will not be easy, however, and that will prolong the issue. There will also be a need for careful deliberation and collaboration between the interests of artists, songwriters, streaming platforms, and consumers in balancing these interests. Although, it is a positive development to see the UK government take action to address these concerns, which may have a lasting impact on the global music industry in the long run. 

Having made this decision, the UK government has achieved a significant milestone in its ongoing efforts to transform the music ecosystem into a more sustainable and fairer one exemplified by its decision to examine music streaming royalties. In essence, it is a step towards ensuring that artists and songwriters receive their fair share of revenues in the digital age, and to foster and sustain an industry that is thriving both for creators and for consumers, benefiting both of them.
Read more »
WordPad Vulnerability
Cybersecurity Malicious DLL hijacking Qbot Operators Windows 10 Exploit WordPad Vulnerability

Threat Actors Exploit Qbot Malware: Evolving Tactics for Stealthy Attacks

Qbot malware

Qbot operators using .DLL malware to exploit windows systems

In the ever-evolving scenario of cyber threats, hostile actors continue to use sophisticated methods to enter computer systems and exploit sensitive data. One such example is the utilization of Qbot operators, who use a crafty approach by leveraging a malicious .DLL malware to hijack Windows WordPad.

This strategy allows them to evade detection and carry out their malicious activities undetected. In this blog post, we will delve into the workings of Qbot operators and explore how they exploit WordPad as a covert tool.

Threat actors exploit vulnerability in Windows 10 WordPad

According to researchers, hackers have started exploiting a vulnerability in the Windows 10 preloaded WordPad text editor to distribute the Qbot malware. ProxyLife, a member of Cryptolaemus and a cybersecurity researcher, recently uncovered an email campaign where hackers are distributing the WordPad program along with a malicious .DLL file.

After launching WordPad, the application searches for specific .DLL files required for proper functioning. Initially, it looks for these files in its folder. If the necessary .DLL files are found, WordPad automatically executes them, even if they are malicious.

What is DLL Hijacking

The technique involved in this practice is commonly known as "DLL sideloading" or "DLL hijacking" and has been utilized by hackers before. Previously, attackers were observed using the Calculator app for a similar purpose.

In this case, when WordPad executes the DLL, the malicious file leverages an executable called Curl.exe, located in the System32 folder, to download a DLL disguised as a PNG file. However, this DLL is Qbot, an old banking trojan capable of stealing emails for use in phishing attacks and initiating the download of additional malware like Cobalt Strike.

Using Wordpad to evade detection

By using legitimate programs like WordPad or Calculator to execute malicious DLL files, threat actors aim to evade antivirus programs and maintain a stealthy presence during the attack.

It's worth noting that this method relies explicitly on Curl.exe, limiting its effectiveness to Windows 10 and newer versions, as earlier iterations of the operating system did not have this program preinstalled.

Even so, considering that older versions are nearing their end of support and users are transitioning to Windows 10 and 11, this limitation provides little respite

According to recent reports from BleepingComputer, the QBot operation has transitioned to employing alternative infection methods in recent weeks. This indicates that the threat actors behind QBot are continually adapting their tactics to evade detection and improve their success rates.

As cybercriminals evolve their strategies, it becomes increasingly crucial for individuals and organizations to stay vigilant and employ robust cybersecurity measures to protect against emerging threats.

Read more »
virus
Advanced Encryption Standard Android Phone CERT-In Cyber Attacks CyberCrime Cybersecurity Daam Government Hacked SMS URL virus

Android Phone Hacked by 'Daam' Virus, Government Warns

 


It has been announced by the central government that 'Daam' malware is infecting Android devices, and the government has issued an advisory regarding the same. CERT-IN, the national cyber security agency of the Indian government, released an advisory informing the public about the possibility of hackers hacking your calls, contacts, history, and camera due to this virus.

The virus' ability to bypass anti-virus programs and deploy ransomware on targeted devices makes it very dangerous, according to the Indian Computer Emergency Response Team or CERT-In, which provided the information. 

As quoted by the PTI news agency, the Android botnet is distributed primarily through third-party websites or apps downloaded from untrusted or unknown sources, according to the Federal Bureau of Investigation. 

The malware is coded to operate on the victim's device using an encryption algorithm known as AES (advanced encryption standard). The advisory reports that the other files are then removed from local storage, leaving only the files that have the extension of ".enc" and a readme file, "readme_now.txt", that contain the ransom note. 

To prevent attacks by such viruses and malware, the central agency has suggested several do's and don'ts. 

The CERT-IN recommends that you avoid browsing "untrusted websites" or clicking "untrusted links" when they do not seem trustworthy. It is advisable to exercise caution when clicking on links contained within unsolicited emails and SMS messages, the organization stated. Specifically, the report recommends updating your anti-virus and anti-spyware software regularly and keeping it up to date.

Once the malware has been installed, it tries to bypass the device's security system. In the case it succeeds in stealing sensitive data, as well as permissions to read history and bookmarks, kill background processing, and read call logs, it will attempt to steal sensitive information of the user. 

"Daam" is also capable of hacking phone calls, contacts, images, and videos on the camera, changing passwords on the device, taking screenshots, stealing text messages, downloading and uploading files, etc. 

In the Sender Information field of a genuine SMS message received from a bank, the Sender ID (abbreviation of the bank) is typically mentioned instead of the phone number, according to the report. 

A cautionary note was provided to users warning them to be aware of shortcut URLs (Uniform Resource Locators) such as the websites 'bitly' and 'tinyurl', which are both URLs pointing to web addresses such as "http://bit.ly/" "nbit.ly" and "tinyurl.com" "/". 

To see the full domain of the website the user is visiting, it is recommended that they hover over the shortened URL displayed. As suggested in the consultation, they may also be able to use a URL checker that allows them to enter both a shortened URL and the complete URL when completing the check. 

This is being viewed as a serious warning by the government to Android phone users throughout the world to remain vigilant and to take all necessary precautions to protect their mobile devices.

The Central Government strives to educate citizens about "Daam" malware, as well as its potential impacts, so citizens can take proactive measures to protect their Android devices and stay safe from cyber threats in the ever-evolving environment we live in today.
Read more »
Technology
ChatGPT Cyber Crime CyberCrime Cyberfraud Cybersecurity European Market Garante Google Microsoft OpenAI Technology

OpenAI, the Maker of ChatGPT, Does not intend to Leave the European Market

 


According to the sources, the CEO of OpenAI, manager of ChatGPT, and creator of artificial intelligence technology, Sam Altman, in the past, has publicly favored regulations on AI technology development. However, more recently, he has indicated that he opposes overregulation of this technology. Reports indicate that Altman, who led Microsoft's AI research initiative, has stated that his company may leave the European Union (EU) if it can not comply with the EU rules. There has been a sudden change of heart by the top executive about his threat to leave the region in the recent past. 

In a conversation on Friday, Altman retracted a statement saying that the company might leave Europe if pending laws concerning artificial intelligence make it too difficult to comply with them. This is in response to a threat earlier in the week that OpenAI might leave the region. 

Currently, the European Union is working on the first global set of rules governing artificial intelligence. Altman on Wednesday dubbed the current draft of the EU Artificial Intelligence Act over-regulatory and “over-regulated." 

In terms of regulating artificial intelligence globally to ensure a set of rules is established, the European Union is well on its way.

Furthermore, this action by the EU is in tandem with the advocacy of OpenAI, the ChatGPT development company. This company has sought regulation of 'superintelligent' artificial intelligence. Guardian reports that the IAE has the power to prevent humanity from accidentally creating something that can destroy it if not controlled correctly. As a result, the IAE needs to act as the equivalent of the IAE. 

It is proposed that these laws would require generative AI companies to disclose copies of the content used to train their systems. This would enable them to create text and images protected by copyright. 

AI companies want to imitate performers, actors, musicians, and artists. This is to train their systems to act as though they perform the work of those individuals. 

According to Time Magazine, Mr. Altman is concerned that if OpenAI complied with the AI Act's safety and transparency restrictions, it would be technically impossible to comply. 

Rules for AI in the EU 

A set of rules for artificial intelligence in the EU has already been developed. It is estimated that within the next few years, a significant amount of copyrighted material will have been used to develop the algorithms deployed by companies, such as ChatGPT and Google's Bard, as it is determined by these regulations. 

A draft of the bill has already been drafted and approved by EU officials earlier this month, and it will be discussed by representatives of the European Parliament, the Council of the European Union, and the European Commission to finalize the details for it to be enacted into law. 

It has been reported that Google CEO Sundar Pichai has also met with European Commission officials to discuss AI regulation. According to reports, he is working with legislators in Europe to develop a voluntary set of rules or standards. This will serve as a stopgap set of guidelines or standards while AI innovation continues in Europe. 

There has been a lot of excitement and alarm around chatbots powered by artificial intelligence (AI) since Microsoft launched ChatGPT, a powerful chatbot powered by AI. Its potential has provoked excitement and concern, but it has also caused conflict with regulations around AI applications.

OpenAI CEO Sam Altman irritated EU officials in London when he told reporters that if any future regulations forced OpenAI to stop operating in the bloc because they were too tight, it might have to cease operations. 

In March, the OpenAI app was shut down by Italian data regulator Garante. Garante accused OpenAI of violating EU privacy rules, leading to a clash between OpenAI and its regulators. After instituting enhanced privacy measures for users, ChatGPT has returned online and continues to serve its customers. 

In a blitz against Google, Microsoft also made several announcements like this the following month. It announced that it would spend billions of dollars supporting OpenAI and use its technology in a variety of its products.

In recent weeks, New York-based Altman, 38, has been greeted rapturously with rapturous welcomes from leaders across the globe, such as Nigerian leaders and London politicians. 

Despite that, Thierry Breton, the bloc's industry commissioner, found his remarks on the AI Act, a regulation aimed at preventing invasive surveillance and other technologies from causing people to fear for their safety, frustrating. 

In a recent statement, OpenAI said it would award ten grants of equal value from a fund of $1 million. This was to measure the governance of AI software. Altman described it as "the process of democratically determining AI systems' behavior. 

On Wednesday, Mr. Altman attended a University College London event. He stressed that he was optimistic AI would lead to increased job creation and decreased inequality across the world.

Several meetings took place between him and Prime Minister Rishi Sunak, along with DeepMind and Anthropic AI heads. These meetings were to discuss the risks of artificial intelligence - from disinformation to national security to "existential threats" - as well as the voluntary actions and regulatory framework needed to address these risks. Some experts are concerned that super-intelligent AI systems may threaten mankind's existence. 

To implement a 'generative' Large Learning Model (LLM) system, massive sets of data are analyzed and generated to create resources.

If the law is put into effect, companies like OpenAI will be required to reveal the types of copyrighted materials they used to train their artificial intelligence systems. This is so they can produce text and images. 

According to the proposed legislation, facial recognition in public places and predictive policing tools may also be prohibited under an updated set of regulations. 

ChatGPT, backed by Microsoft, was introduced late last year and since then has grown exponentially, reaching 100 million users monthly in a matter of weeks. It is the fastest-growing consumer application in history. 

As part of its commitment to integrate OpenAI technology into all of its products, Microsoft acquired a 13 billion dollar stake in the company in 2019. 

As a result of a clash with European regulator Garante in March, OpenAI first faced regulators during its domestic launch. The company was accused of flouting data privacy rules in Europe. In an updated privacy measure, ChatGPT has committed to users' privacy and restored the chat service.
Read more »
RB Bank
Cyber Frauds Cyberattacks CyberCrime Cybernews Cybersecurity Data Breach Financial Information NCB Management Services RB Bank

American Financial Data Exposed by Debt Collector

 


An NCB breach notification letter has been sent to affected customers informing them that their data has been hacked. Over 1.1 million people have been exposed by this breach. On February 1st, a US-based company claimed that its systems were breached by attackers, claiming they had penetrated its network. After the company's systems were breached, NCB noticed it within three days of the incident.

Cybernews reported this morning that debt collection agency NCB Management Services has begun notifying customers of data breaches following a breach in February. The breach was first reported by the agency in early 2017. 

It has been reported that an unauthorized third party gained access to confidential information NCB maintains on client accounts recently. The company's letter to potential victims began with the statement: "In the wake of this incident, we are unaware that any of the information you have provided has been misused." 

A report has emerged claiming that NCB had its systems hacked in February. Despite this, it took the company three days to realize this security breach had occurred. 

As a result of cybercriminals stealing personal information from consumers, cybercriminals have launched targeted phishing campaigns via email, phone or text message to defraud those individuals. 

Based on the debt collector's investigation, the type of data accessed from April 19th until now has been determined. Upon reviewing information the company provided to the Maine Attorney General, it appears that the attackers gained access to financial account numbers or payment card numbers. This was done by using security codes, access codes, passwords, or PINs associated with the accounts.

There is a trend of stolen financial data being sold on dark web forums. This is so criminals can mask their illicit activities using others' names. This is done by using stolen information from their bank accounts. 

In my opinion, the amount of financial information exposed is quite concerning as users' credit card numbers could be sold on the dark web if there is no hacking involved. 

In the event hackers are also able to access sensitive data on affected users, it may be possible for them to use their own data to commit crimes such as identity theft or fraud. 

In fact, NCB is a debt collection agency that banks hire to get rid of outstanding amounts owed to them. This is due to its nature as an enforcement agency. This looks like TD Bank and Bank of America have also been indirectly affected by this data breach. 

According to a recent report by JD Supra, the legal advice site, TD Supra, has detailed the possibility that NCB's data breach might impact TD Bank customers as well. This is in a similar manner to that of TD Bank. 

The Toronto-based bank also notified the US Attorney General that the hackers responsible gained access to its customers' names, addresses, account numbers, dates of birth and Social Security numbers. In addition, they gained access to their account balances. This is based on an official filing the bank made with the Main Attorney General. 

One of the recent companies to be breached is Dish, another highly regarded satellite broadcaster in the US. The company has also tried to reassure its affected customers by stating that it had "received confirmation that the extracted data has been deleted." 

Cyber security experts say organizations should never succumb to criminals' demands, as the results are usually high-frequency attacks by the criminals themselves. The FBI and other law enforcement agencies also believe ransomware payments should not be made.

It has been announced that NCB is offering free services to affected users for two years. This will enable them to monitor identity theft for two years and prevent further attacks. 

The National Bank of Boston, in a sample notification letter submitted to the Maine Attorney General, revealed that the bank may also affect Bank of America through the same problem.  

Bank of America has said that if TD Bank offers free access to one of the most effective identity theft protection services, Bank of America will also offer the same to its customers. Bank of America has assured affected customers that it will provide a two-year Experian IdentityWorks subscription. If you have received a data breach notification from NCB, you will have all the information you need about how to set up the subscription. This information is in that notification. 

In the coming year, users affected by this data breach should carefully review their credit reports and account statements. They should look for any unusual activity associated with the breach. 

NCB is working closely with federal law enforcement agencies to figure out who is responsible for the breach and what group of hackers are responsible. Despite that, it is highly likely that the company could pay a fine. This is because hackers accessed its systems for several days before being discovered and getting their hands on them.
Read more »
SEROUC
Cyber Attacks CyberCrime cybercriminals Cyberfraud Cybersecurity Ransomware SEROUC

Using Ransomware to Extort Employers by Impersonating a Gang

 


In a court in Fleetwood, Hertfordshire, a 28-year-old United Kingdom man has been found guilty of serving his employer with a forged document and unauthorized access to his computer with criminal intent. 

SEROCU has released a press release explaining the conviction of Ashley Liles, a 29-year-old IT Security Analyst at a company in Oxford that was the victim of a ransomware attack in February 2018. According to the press release, Liles worked as an IT Security Analyst at the time. 

The cybercriminals contacted the company's executive team to demand a ransom payment, the same plan used in many ransomware attacks.

As part of the company's internal investigation efforts and the incident response initiative, Liles, as well as other company members and members of the police, joined the investigation and incident response effort. 

As a result, during this period, it is said that Liles tried to enrich himself from the attack by tricking his employer into paying him a ransom instead of the actual external attacker to enrich himself. 

The SEROCU announcement reads, "Instead of pursuing a criminal case against the company, Liles also began a further and secondary attack against the company unbeknownst to the police, his colleagues, or his employer." 

In addition to accessing more than 300 times the private emails of a board member, he also altered the original blackmail email sent by the original attacker and changed the payment information provided by the original attacker. 

A plan had been hatched to take advantage of the situation by diverting the payment from the payment account and sending it to Liles' cryptocurrency wallet. 

In addition to creating an almost identical email address, Lite created another email address that looked almost identical to the original attacker, and sent emails to his employer asking for payment, said SEROCU. 

Although the company owner refused to pay the attackers, a later internal investigation that had been underway at the time revealed that Liles had access to private emails, as evidenced by the IP address of his home, suggesting that he was responsible for the attack. 

By the time SEROCU's cyber-crime team stormed into Liles' home to take his computer, Liles was well aware of the investigation and had wiped all data from his devices. However, restoring incriminating data from Liles' computer was still possible, even though he had realized the investigation was closing in on him. 

During the hearing at Reading Crown Court, Liles pleaded guilty five years after he first denied any involvement in the case and pleaded guilty a second time. There is going to be a court date for this rogue employee on July 11th, 2023, he will be sentenced at that time.

Accusing someone of hacking into a computer without their permission is punishable by up to two years in prison in the UK, while blackmail is punishable by up to 14 years in prison.
Read more »
UK Police
Criminal Digitisation Cyberattacks CyberCrime Cybersecurity GDPR Technology UK Police

Criminal Digitisation: How UK Police Forces Use Technology

 


Researchers and law enforcement communities have yet to fully understand cybercrime's scope and implications, even though it is a growing issue. As a result of the perception that the police were ill-equipped to deal with these types of crimes, according to reports issued by the UK government, victims of cybercrime are unlikely to report the crimes immediately. These reports also identify a lack of cybercrime knowledge among police officers according to the reports. 

In recent days, there have been numerous reports of people falling victim to online fraudsters despite being cautious about doing so. Marc Deruelle almost became one of them due to his actions. He was eager to visit Liverpool this May for the 2023 Eurovision Song Contest. He didn't immediately suspect that someone contacting him via WhatsApp was the receptionist at the accommodation he'd booked online. However, a few days later, he received a call from someone claiming to be the receptionist so he decided to contact them.  

It was good that Deruelle's bank noticed something was going on. It refused to permit £800 to be transferred to Uganda at the last moment. The situation has not been as fortunate for other victims. 

As late as 2022, a woman from North Wales forwarded almost £2,000 over Whatsapp to a scammer pretending to be her daughter and pretending to be based out of Nevada. The mother of two from North Lanarkshire, Scotland, told STV News how she sold her home to repay the loans she had invested in a bogus cryptocurrency investment scheme advertised on Facebook. Jennifer said she had to sell the house to pay. To invest in the bogus scheme, scammers coerced her into taking out further loans - and ultimately she owed £150,000 for the scam. 

Earlier this year, the NCA released the Cyber Crime Assessment 2016. This highlights the need for more partnerships between law enforcement and the private sector to fight cybercrime. Even though cybercrime accounts for only a small proportion of all reported crimes in the U.K., the National Crime Agency has found that cybercrime has overtaken all other types of crime, accounting for 36 percent of all reported crimes, and 17 percent of crimes committed with computers.

There is no denying the fact that cybercrime reports have been growing in the U.K. One explanation for this may be that the British are becoming more skilled at detecting this kind of crime than they used to be. According to the report, there is a conclusion that there is increasing evidence of cybercrime occurring in the U.K., as it was briefly covered in the most recent Crime Survey for England and Wales conducted by the U.K. Office of National Statistics last year. 

As of 2022, fraud will account for more than 40% of all crimes in England and Wales, making it the most common crime committed in the country.    

Moore believes that, when the government launched Action Fraud in 2009, the government had the right intentions. However, the government did not realize how fast fraud would grow, Moore explains. As a result, Moore and Hamilton believe that law enforcement may have lacked funds and expertise. This has caused law enforcement officers to struggle to keep up with cybercrime's rapidly evolving pace, an issue that has left them struggling to keep up. As a result, it has been challenging for public agencies, particularly rural police departments, for a long time to recruit and retain cybersecurity professionals. There is not much money to be made by the police and the local government. As an IT professional, why on earth would you stay in the police force when you can join the private sector if you’re in cybersecurity?   

Despite the growing scale and complexity of cybercrime as well as the intensifying attacks, the report concludes that "so far, the visible financial losses and damage do not have the potential to significantly impact the value of a company's equity over the long run." Cyber attacks on businesses in the UK have not been as damaging and as publicly visible as the ones that were carried out on the Target retail chain in the United States. 

A large, multinational European company would probably be hard-pressed to conceal a breach of the same magnitude as the breach at Target in 2013 if it was similar to that breach. Generally speaking, European nations have not been required to comply with the same kind of data breach disclosure laws on the books in nearly every state in the United States. U.S. companies are forced to publicly acknowledge data breaches each week by laws in effect in nearly every U.S. state.

As the new General Data Protection Regulation of the European Union comes into force, companies that conduct business in Europe or with European customers will be required to provide written notification if, as a result of a breach of security, personal data was accidentally or unlawfully destroyed, lost, altered, or unauthorizedly disclosed, or access was unauthorized. 

As it stands, there may still be some time before British businesses start coming forward about data breaches, especially since the GDPR requirements won't fully come into effect until 2021. Although the GDPR requirements will not take full effect until April 2018, the implementation is expected to take place sooner rather than later.   
Read more »
Micron
Chinese Government Cyber Attacks Cyber Technology CyberCrime Cybersecurity Cyberspace Micron

China's Assessment of Micron's Security Was Rejected

 


As a result of Micron's failure to pass a security review, the Chinese government has banned the company from supplying memory chips to local industries that are critical to the country. 

The Chinese cyberspace regulator has announced that it will bar operators of key infrastructure from buying products made by American memory chipmaker Micron Technology Inc. (MU.O). Micron Technology Inc. is an American memory chip maker with international reach. 

Washington is looking to cut off Beijing's access to the most advanced semiconductors to limit its access to the United States' advanced chip manufacturing facilities. Despite the ongoing chip war between the two nations, the probe represents the latest effort by investigators to escalate the crisis. 

As a result of the incident, China tightened its enforcement of anti-espionage and national security laws, tightening its control over international espionage. 

In a report by the news agency Reuters, the US government has instituted a series of export controls on certain American components and chipmaking tools to prevent them from being used to advance China's military capabilities, following a series of export controls by the USA on certain American components and chipmaking tools. 

There was an additional phase in the bitter chip war between the United States and China. Washington was attempting to prevent Beijing from having access to top-of-the-line semiconductors and the latest technology.    

Chinese authorities launched a review of Micron, one of the world's largest chip manufacturers, in March last year. This was following several complaints related to its products available in the country.   

From transportation to healthcare, critical information infrastructure is broadly defined as the network infrastructure that supports the system of the country.   

On Monday, shares in several local chipmaker-related companies rose as a result of the move. Shares in corporations including Gigadevice Semiconductors, Ingenic Semiconductors, and Shenzhen Kaifa Technology opened up by 3% to 8% on Monday, according to Reuters. 

Based on Micron's financials for the year ended March 31, 2013, it was estimated that China contributed approximately 10 percent of Micron's USD 30.8 billion revenue. 

It was unclear whether the cybersecurity watchdog's decision would affect sales to foreign customers since a large portion of Micron products sold in the country were purchased by foreign manufacturers, analysts said earlier. Even if the decision does affect sales, the effect may not be felt for some time. 

Earlier this year, the Chinese government announced that it would pay more attention to protecting the critical infrastructure of its information systems by enforcing stricter data security regulations. There has been a recent intensification of its enforcement of its anti-espionage and data security laws, which have been implemented as well. 

During the last year, China and the United States stepped up their chip war by imposing restrictions on Chinese access to high-end chips, chipmaking equipment, and software used in the design of semiconductors. Yangtze Memory Technologies Co Ltd, a rival of Micron, was also placed on a blacklist by the United States government. 

Despite the high level of risk that the Chinese armed forces and intelligence services may possess technology that could be used in developing advanced military equipment, Washington cited national security concerns and insisted that it wanted to prevent the acquisition of such technology. 

One of the largest chip manufacturers in the world, Micron, has been surveyed by Chinese authorities regarding products sold within the country by the company. 

Based on the review, the Cyberspace Administration of China (CAC) concluded that Micron's products pose significant security risks to China's critical information infrastructure supply chain, affecting the safety and security of the country's key infrastructure, an influence that could adversely affect China's national security. 

Several manufacturers of semiconductor technology equipment, such as the Netherlands and Japan, have recently announced new restrictions on the export of certain products, although neither of them named China as a major source of these restrictions. 

There has been a lot of opposition from Beijing to Washington's controversial move, which Beijing has called "bully tactics" and declared as "technological terrorism", saying it is not only strengthening its resolve to self-sufficiency in the sector but also strengthening US business interests.

There have been billions of dollars invested in domestic chip companies over the past few decades by the Chinese government to build up a robust semiconductor industry domestically. 

It is expected that by the year 2030, the chip industry in the world will generate a $1 trillion market, a figure that can be attributed to the fact that chips are the lifeblood of modern global economies, powering everything from cars to smartphones. 

In response to the ban, the United States opposes it; Micron is committed to engaging in negotiations with China. There was strong opposition to the Micron ban from the US Commerce Department. 

A spokesperson for the Commerce Department said in a statement that "we strongly oppose restrictions that have no basis in fact." China claims that they are open to a transparent regulatory framework and that they are committed to a transparent regulatory framework, which contradicts this action, along with raids and targetings of other American firms that have been reported in the past. 

It is now the department's responsibility to clarify the actions of the Chinese authorities in Beijing directly through direct communication with them.  

Beijing, which is China's largest manufacturer of semiconductors, has been forbidden from buying cutting-edge semiconductors as part of the US-China trade dispute. It's the latest escalation between the two countries. 

Despite Micron's review by the CAC, the company said it was looking forward to engaging with Chinese authorities in further discussions following its receipt of the review. The company said in a statement that it is evaluating the conclusion of the investigation and determining what we should do next.
Read more »
ransomware attacks
Babuk Cisco Talos Cyberattacks CyberCriminal Cyberfrauds Cybersecurity malware RA Ransomware ransomware attacks

Babuk is Customized by RA Ransomware Group


 

It has recently been discovered that an actor called the RA Group uses leaked Babuk source code in its attacks. The wrath of the same jas been faced by the companies in the United States and South Korea. Manufacturing, wealth management, insurance providers, and pharmaceuticals are among the compromised industries. 

Cybercriminal gang Babuk continues to cause havoc with the leaked source code it uses to launch cyberattacks against its targets. 

RA Group has been expanding its operations at the rate of 200 stores per month since April 22 as a result of an evaluation conducted by Cisco Talos this week. Several companies have been targeted in the US and South Korea by this threat, particularly in manufacturing, wealth management, insurance coverage, and pharmaceuticals. There have already been a few RA victims since it became prevalent in April. 

Four Companies Have Been Attacked by RA Ransomware

As per Cisco Talos’s research, “RA Group started leaking data on April 22, 2023, and we observed the first batch of victims on April 27, followed by the second batch on April 28, and we noticed more victims on April 29, 2023."

It is imperative to draw your attention to the fact that Babuk ransomware's complete source code was leaked online in September 2021. As a result of its success, several new threat actors have created ransomware by leveraging it to do business with them. Over the past year, 10 different ransomware families have gone down that route - a particular example would be a group of individuals who used it for developing lockers that were designed to work with VMware ESXi hypervisors. 

In addition, there have been others who have modified the code in other ways, using the fact that it is designed to exploit several known vulnerabilities to do so. As an example of this, there are vulnerabilities in Microsoft Exchange, Struts, WordPress, Atlassian Confluence, Oracle WebLogic Server, SolarWinds Orion, Liferay, and other popular web applications. 

In light of the news, it is important to remember that the report from SentinelLabs published last week revealed that there was growing evidence of ransomware groups still targeting ESXi hypervisors and that the disclosure of Babuk source code in September 2021 offered a unique insight into the development operations of a ransomware group that had previously been unavailable to threat actors. 

As part of the monitoring system, victims are also reported on a dark web blog to encourage data leakage on their behalf.

A ransom note published in the report indicates that the gang is ruthless and sells the data after three days, and in that letter, they state that "Your data is encrypted when you read this letter." In addition to copying your data onto our server, you should feel comfortable knowing that no information about you is going to be compromised or made public unless you want it to be, the note stated. Most criminals give victims weeks or months to pay up. 

The Cisco Talos team of security experts on May 15 compiled a timeline of attacks using ransomware families that were derived from the leaked Babuk source code, conducted by different actors. 

Several custom malicious code families have evolved out of the ransomware, discovered in the Babuk data breach. This is according to Timothy Morris, Chief Security Advisor at Tanium. Several software vulnerabilities are exploited by the attacker, including Exchange, Struts, WordPress, Atlassian Confluence, Oracle WebLogic Server, SolarWinds Orion, and Liferay, as well as interfering with backups and deleting volume shadow copies. Morris claims this exploit was discovered last year. 

According to RA Group’s ransom note, victims have only three days left to settle the debt; accordingly, it is using a standard double-extortion model that threatens to leak exfiltrated data if they do not pay up; however, according to the ransom note, victims have just three days remaining to settle their debt. 

Several details in the leak site divulge the identity of the victim, the name of the organization from which the data was obtained, the total size of the data downloaded, and even the official URL of the victim. As Cisco Talos has explained in its analysis of the ransomware group, this is a typical leak site among other ransomware groups of the same type. Nevertheless, RA Group is actively selling the victims' exfiltrated data through their leak site which is hosted on a secured Tor site used for selling the victims' leaked data.   

Several details are disclosed at the leak site, such as the identity of the victim, the name of the organization that provided the data, the size of the data downloaded, and even the official URL of the victim, all of which reveal the identity of the victim. Cisco Talos has explained in its analysis of this ransomware group that this is essentially a typical leak site. This is similar to those used by other ransomware groups. Despite this, the RA Group is currently selling the exfiltrated data of the victims through a leak site. This is hosted on a secure Tor site and has been used to sell the exfiltrated data of the victims.
Read more »
Technology
Business Cyberattacks CyberCrime Cybersecurity Outdated Technologies Technology

Outdated Technology Could Cost Your Business a Lot


Owners and managers are constantly faced with tough choices in today's fast-paced business environment when cash allocation becomes one of the most pivotal factors in maintaining smooth operations. 

Business owners often take short-term approaches to saving money and reducing costs. However, many of these approaches ignore the cost of things such as outdated technology that introduces inefficiencies and vulnerabilities to their business. This results in increased costs in their operations. 

The truth is that newer technology is more expensive sometimes. However, by not updating to the latest technology, you will get stuck in a situation where your costs escalate over time. In such a case, it becomes extremely difficult to make an informed decision. This is because it is impossible to consider what long-term costs may be associated with outdated technology but you will have to do what's right for your business, not only what's expedient today. 

There are many VPN services out there, but Atlas VPN has gathered data from Skynova, a provider of small business software. Skynova conducted an online survey to understand what tech workers use at work, and it found lots of interesting information. 

By multiplying the average daily time lost by the typical number of workdays in a year, the Millennial generation achieved the maximum headline figure for hours lost. This gave them the highest headline figure for hours lost. A year's worth of working days is just over ten.  

Brands Suffer From Outdated Technology 

Productivity declines 

A time is money statement that states that if someone works for you or your company is unproductive, they are wasting their own time. In today's competitive business environment, technology plays a vital role in increasing productivity and efficiency. However, outdated systems can make it difficult for a company to get the most out of its technology. 

Outdated technology has its downsides

A lot of time is spent completing administrative tasks rather than participating in value-adding engagement with customers and each other as a collective.

It's impossible to compete today if you're still using outdated technology. However, this is the changing world of technology. 

When it comes to technology interaction, people expect an exceptional user experience, thanks in no small part to Apple products. When you judge people based on their mobile devices, your technological user experience doesn't meet up, you fail. 

As a result, when your organization uses outdated or cobbled-together technologies, it cannot take advantage of market changes and respond to the needs and needs of your organization. 

Atlas VPN, one of the most reliable VPN companies on the market, gathers information from Skynova. This company specializes in low-end business software. Skynova surveyed over a thousand residents in the US and gathered data about what type of technology they use during their daily work schedules. 

As a result, millennials were responsible for the highest headline estimate of time lost per day. This was calculated by multiplying the average time lost per day by the number of workdays in a year. This was done to get a headline figure for it. During a year, this would equate to approximately 10 days of work. 

There is an unwritten rule among most businesses that they must replace outdated equipment and software when it meets the criteria for being outdated or when it breaks down in the process. There are often reasons why this occurs, namely because people are worried that if they make a wholesale change, it will cause too much disruption in their lives, while if they make gradual changes, they would be happier. In more than one way, you probably have a piece of hardware or software that is old and needs to be replaced. However, you are just not getting around to it yet because you haven't had the time. 

Investing in cutting-edge technology is something that many business owners put off for several reasons, including    

Inflation 

Some recognize that replacing aging technology can involve considerable financial investment. Businesses are right to be concerned, as businesses worldwide are expected to spend over 2 trillion dollars per $1 on digital transformations by 2020, a huge amount.   

Productivity loss

Business owners are understandably concerned about how long it takes to update their hardware and software. It was stated that 65 percent of businesses believe they are prepared for and ready for the changes that are going to occur in the next few years,2 but it is also said that 35% of businesses are not certain about how they can cope with them. Additionally, you will need to train your team on how to use the updated technology effectively. This will also take a lot of time and effort that you cannot ignore.  

Intimidation 

In the face of the fears associated with the fear of problems arising from implementing a brand-new concept, it is natural to want to keep things the same. Business owners refrain from changing their businesses to preserve their current balance. To do this, it is more common for them to stick to old systems for as long as possible. 

It should be remembered that older hardware and software do not have security updates like their newer counterparts do. Using data stored by the Identity Theft Resource Center, 1,579 data breaches occurred in 2017 a record level. As a result, the overall number of people grew by 44,7% over the past year. 

As technology evolves, cybercriminals' methods to penetrate your system are also evolving to stay one step ahead and achieve their goals. Cyber attacks can occur at any time, and when you use old technology, you will be deeply unprepared for it if it occurs. To protect yourself and your team from cyberattack threats, you have to stay on top of security demands. You also need to keep up with cybercriminal activity. You need to keep up with security demands and cybercriminal activity. If you are looking for the most effective defense against security threats for your business, the most recent version of any technology will serve you best. 

Using outdated technology is incompatible with the new generation of cyber threats and will not protect you. The problem with outdated systems is that in many cases, the company that designed them no longer supports them and therefore makes them more vulnerable since new issues cannot be removed through security updates and it is unlikely that you will ever be able to plug the hole until it is too late and by then the damage has already been done.
Read more »
Ukraine
Cyber Attacks Cyber-Espionage Cybercrimes Cybersecurity FSB Microsoft Military Cyber Defense Ukraine

A US Cyber Team's Perspective on US Military Cyber Defense of Ukraine

 


Despite analysts' numerous predictions, Russia could not destroy Ukraine's computer systems in this year's invasion with a massive cyber-attack. This may be because an unknown US military branch hunts down rivals online to enforce their interests. To cover these global missions, the BBC was granted exclusive access to the cyber-operators who carried them out. 

The US military landed in Ukraine in December last year on a recon mission led by a young major who led a small team. There were plans to deploy more troops ahead of this deployment. 

On Thursday, the Ukrainian government's premier counterintelligence and law enforcement agency revealed the real identities of five individuals allegedly involved in cyber-espionage activities attributed to the Gamaredon cyber-espionage group. According to the agency, these members are connected to the Russian Federal Security Service (FSB). 

It has been apparent in recent months that Gamaredon is very active in the threat actor community. When you open Twitter and type in #Gamaredon, you'll find several tweets a week with updated information on the IOC and samples it has created. 

Gamaredon Group is another advanced persistent threat (APT) group targeting the Ukrainian government today. It is also known as Shuckworm, Iron Tilden, Primitive Bear, Winter Flounder, and Accinium. 

A common attack tool is phishing emails with attachments of Microsoft Office documents. These emails can be used to gain access to the victim's system through initial attacks using phishing emails. 

In recent months, there have been reports of Russian troops amassing along the Ukrainian border, raising fears of war breaking out. As much as Russia denies any plans to invade, it demands sweeping security guarantees, including a guarantee that NATO will never admit the Ukrainians to NATO. 

The Ukrainian security services, who believed that the act of terrorism had been committed by officers of the Russian Federal Security Service from Crimea, publicly attributed the act of terrorism to Gamaredon in November. An online comment request was sent to the Russian Embassy in Washington regarding Gameredon; however, there was no immediate response from the Russian Embassy. 

A spokesperson for Ukraine's Security Service (SSU) said in a statement today that the hacker group had been depicted as "an FSB special project that specifically targeted Ukraine," at the same time confirming that many of the perpetrators of the hack were "Crimean FSB officers and traitors who defected to the enemy during the occupation of the peninsula in 2014." 

According to the country's authorities, over 1,500 government entities, public entities, and private enterprises have been targeted by actors in the past seven years in Ukraine. This group aims to gather intelligence, disrupt operations, and take control of critical infrastructure facilities to collect critical data. 

Between 2020 and the present, Malwarebytes has identified five operations that have taken place. They were victims of armed clashes between Russian-aligned individuals and Ukrainian citizens who had taken part in the discredited referendums called for by Moscow on September 2022. These referendums were called for in the Ukrainian territories of Luhansk, Donetsk, Zaporizhzhia, and Kherson. In the Dnepropetrovsk, Lugansk, and Crimea regions, there has been a massive outbreak of infections in state, agricultural, and transportation ministries. 

Ukrainian intelligence agencies track Armageddon, a threat group that launched the attacks, as responsible for the attacks. While it is known by the names Gamaredon, Primitive Bear, Winterflounder, BlueAlpha, Blue Otso, Iron Tilden, and Sector C08 in the cybersecurity community, it operates by many other names as well. 

Several campaigns in eastern Ukraine involved Malwarebyte attackers exfiltrating snapshots, USB flash drives, keyboard strokes, and microphone recordings, depending on the campaign. 

On Wednesday, Anne Neuberger, a White House cyber official, said Russia could destabilize and invade Ukraine using cyberattacks. 

In early 2013, it appeared that Russia had sponsored the Gamaredon Group, which is a misspelled anagram of the word "armageddon" and has been sporadically perpetrating cyberattacks on Ukrainian military, government, and non-profit organizations since then. 

Threat actors leverage legitimate Microsoft® Office documents to inject remote templates into legitimate Microsoft® Office documents. The technique works even when Microsoft® Word security features have been turned on. There is a way to bypass Microsoft Word macro protections, which are designed to prevent attackers from compromising sensitive systems with malware, infecting them with the infection, accessing the data, and then spreading the infection to other systems.
Read more »
Technology
API Cyber Attacks CyberCrime Cybersecurity Education Microsoft 365 Phishing Attacks Technology

Microsoft 365 Phishing Attacks Made Easier With 'Greatness'

 


It is a method of stealing money, or your identity, by attempting to get you to reveal personal information through websites that pretend to be legitimate websites, such as credit cards, bank details, or passwords, that aim to get you to reveal your personal information. Cybercriminals often pose as reputable companies, friends, or acquaintances and send fake messages with a link to a phishing website.  

By enticing people to reveal personal information like passwords and credit card numbers, phishing attacks are intended to steal sensitive data or damage it by damaging users' computers. 

Even script kiddies have constructed convincing, effective phishing attacks against businesses using a service never heard of before, called phishing-as-a-service (PaaS). 

As many organizations around the world use the Microsoft 365 cloud-based productivity platform, it has become one of the most valuable targets for cybercriminals. These criminals use it to steal data and credentials to compromise their networks. 

During a Cisco Talos research update, researchers explained how phishing activity on the Greatness platform exploded between December 2022 and March 2023. This was when the platform was launched in mid-2022. 

Since the tool was introduced in mid-2022, it has been used in attacks on several companies across a variety of industries. These industries include manufacturing, healthcare, technology, and banking. 

At this point, approximately half of those targeted are in the United States. Attacks have also been carried out around Western Europe, Australia, Brazil, Canada, and South Africa, but the majority are concentrated in the US. 

As a result of these attacks, a wide range of industries, including manufacturing, healthcare, technology, education, real estate, construction, finance, and business services, are being targeted. 

It contains everything you will ever need to conduct a successful phishing campaign if you intend to play at being a phishing actor in the future. 

Using the API key that they have acquired for their service, the users will have access to the 'Greatness' admin panel and provided a list of email addresses that they wish to attack. 

It is the PhaaS platform, or as it is often called, that allocates the infrastructure needed to host the phishing pages and also to build the HTML attachments. This is like the server hosting the phishing pages. 

Afterward, the affiliate builds the content for the email and provides any other material needed, and changes any default settings if necessary. 

The process of taking on an organization is simple. A hacker simply logs into the enterprise using their API key; provides a list of target email addresses; creates the content of the email (and changes any other default details as they see fit). 

Greatness will authenticate on the real Microsoft platform based on the MFA code supplied by the victim once the MFA code is provided. This allows the affiliate to receive an authenticated session cookie through the Telegram channel provided by the service or through access to their web panel. 

As a result, many companies find that stolen credentials can also be used to breach their network security. This results in more dangerous attacks, like ransomware, being launched.
Read more »
Phishing Attacks
Cyber Attacks Cybersecurity Decentralized File Storage IPFS Online Security Phishing Attacks

IPFS Phishing Attacks: How Cybercriminals Exploit Decentralized File Storage


IPFS Phishing Attacks are becoming increasingly common as more users adopt the InterPlanetary File System (IPFS) technology to store and share files. This decentralized file storage system is designed to provide users with more control over their data and protect them from censorship, but it can also be exploited by cybercriminals to conduct phishing attacks.

How do IPFS Phishing Attacks Work?

Phishing attacks involve tricking users into providing sensitive information such as login credentials or financial data by posing as a trustworthy entity. IPFS phishing attacks work in a similar way, with cybercriminals creating fake IPFS gateways to steal user data.

Here’s how it works: when users want to access files stored on the IPFS network, they typically use a gateway to retrieve them. These gateways act as intermediaries between the user and the IPFS network, serving as a proxy for the user's requests. Unfortunately, cybercriminals can create fake gateways that look just like the real ones, tricking users into sending their requests to the malicious gateway.

Once a user sends a request to a fake gateway, the attacker can intercept the request and replace the legitimate file with a fake one that contains malicious code. The user is then prompted to enter their login credentials or other sensitive information, which the attacker can steal.

How to be safe from IPFS Phishing Attacks?

To avoid falling victim to IPFS phishing attacks, there are several best practices to follow:

1. Always check the URL of the IPFS gateway before entering any sensitive information. Be wary of URLs that look suspicious or slightly different from the real gateway.

2. Use a trusted IPFS gateway. Check the list of recommended gateways from IPFS or use a gateway recommended by a reputable source.

3. Be cautious when accessing files from unknown sources. Verify the source of the files and check if they are known to be safe.

4. Enable two-factor authentication whenever possible. This adds an extra layer of security to your login process.

5. Keep your software and security tools up-to-date to prevent known vulnerabilities from being exploited.

IPFS phishing attacks are a growing threat that can be mitigated by following best practices for online security. By being vigilant and cautious when accessing files on the IPFS network, users can protect themselves from cybercriminals.


Read more »
Subscribe to: Posts (Atom)