Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Database Breach. Show all posts
Two Factor Authentication
Cyber Fraud Cybersecurity CyberThreat Database Breach SIM SIM- Swap SMS Two Factor Authentication

Two Factor Authentication Under Threat as Sim Swap Fraud Escalates Sharply


 

It has been estimated that SIM-swap fraud has increased by more than 1,000% in the United Kingdom in just a year, a shocking increase that has resulted from the recent surge in reported cases. Using newly released data from the National Fraud Database, it has been estimated that incidents increased from 289 in 2023 to almost 3,000 in 2024, a staggering 1,055% increase in incidents. 

It is clear from this sharp increase in cybercrime that a growing trend is emerging among cybercriminals who are increasingly exploiting the widespread adoption of two-factor authentication by businesses as a security measure to protect sensitive customer information. SIM-swap fraud, also known as sophisticated identity theft, is where fraudsters gain control of a victim's mobile phone number by transferring it to a new SIM card, usually without the victim's knowledge. 

When criminals hijack the phone number, they can intercept security codes sent via SMS and one-time passwords sent by SMS, thus gaining access to online banking, email, and other personal accounts protected by two-factor authentication (2FA), thereby gaining unauthorised access. In a world where businesses continue to heavily rely on mobile-based authentication to safeguard user data, this increasing threat underscores the urgent need for cybersecurity strategies that are more resilient and layered. 

There are critical concerns about the vulnerability inherent in current digital security protocols in light of the dramatic increase in such cases, and it is evident that cybercriminals are evolving their methods of bypassing these protocols as well. A serious warning has been issued by CIFAS, the most prominent fraud prevention organisation in the UK, regarding a dramatic increase in SIM-swap fraud reported through 2024, with a 1,055% increase reported in cases.

In its latest report, Fraudscape, which examines the UK's fraud landscape and presents a detailed and data-driven analysis of emerging threats, particularly among mobile and telecommunications companies, the organisation released the concerning figures, which are based on the latest figures. According to the National Fraud Database (NFD), there were nearly 3,000 incidents of SIM swaps that were registered during the year 2024, a significant increase over the previous year's 289 cases. 

Fraudsters acan illicitly transfer the victim's phone number SIM card in order totheir communication, which enaenablingeffectively take control of their communications. Criminals can intercept security verification codes, such as two-factor authentication codes, when they have access to a victim's calls and text messages. This allows them to perform more extensive fraud, including app takeovers, unauthorised account access, and a wider array of identity theft attacks. 

A new report, Fraudscape, indicates an unprecedented number of fraud cases will be filed with the National Fraud Agency (NFF) in 2024, demonstrating that fraud in all sectors has increased significantly. The telecommunications industry in particular has become a prime target, with identity fraud involving mobile services going up 87% year-on-year over the last five years alone. As a result of this surge, more than 16,000 new fraud cases have occurred in the industry, which suggests that stronger fraud defences within the industry are urgently needed. 

It is not uncommon for facility takeover fraud to be on the rise in the last few years, an insidious technique in which criminals seize complete control of an individual's financial and service accounts, compounding the problem. In 2024, the number of account takeover cases soared by 76%, with e-commerce and the telecommunications sectors bearing the greatest burden. During the year, nearly half (48%) of all account takeover incidents involving mobile phones were reported. 

As a result, reports of unauthorised upgrades to mobile phones soared by 96%, indicating that fraudsters are becoming increasingly sophisticated in their manipulation of telecom infrastructure to gain illicit benefits. In light of this upward trend in mobile-related fraud, it is clear that there is a growing threat landscape within the UK, prompting calls for urgent action and innovation to improve the digital security frameworks. 

SIM-swap fraud refers to a meticulously planned cybercrime that usually involves the acquisition of a victim's personal and financial information as a key part of the fraud scheme. This sensitive information, such as national identification numbers, mobile phone numbers, bank account numbers, and card details, is often collected by criminals through deceptive phishing schemes and sophisticated social engineering tricks. 

In other words, the scammer tricks victims into disclosing their credentials voluntarily by using fraudulent websites, impersonating them over phone calls, messages, or emails, or by a convincing impersonation over the phone. Once this information is in their possession, fraudsters proceed to make a SIM swap request or a number port-out request. The victim may have to convert their existing physical SIM card to an eSIM card with the same telecom provider, or they may have to transfer the number to another local operator. 

It is common for these requests to be performed remotely through the official apps provided by the telecom provider. This streamlines the process and allows criminals to circumvent in-person authentication procedures. It is important to know that in jurisdictions with advanced digital safeguards, a SIM swap is usually governed by a government-regulated electronic verification platform. Before any SIM replacements or number porting requests can be approved, identity authentication is required. 

The most common methods of verification include biometric authentication, secure login prompt approvals, or one-time authorisation codes; however, fraudsters have developed methods by which to exploit even these protective measures. An attacker commonly manipulates victims into unintentionally authorising the swap as a way to circumvent verification requirements. In the role of representatives from trusted organisations such as banks, telecom providers, or employers, they create urgent scenarios involving job applications, account updates, or fraud alerts by pretending to be representatives of such organisations. 

When victims are unaware of what is going on, they approve verification requests, allowing the fraudsters to gain control of their mobile numbers. After the SIM swap is completed, the victim's original SIM is deactivated, and then a new SIM card, which is now controlled by the fraudster, is activated. Utilising SMS-based two-factor authentication codes (2FA), which are commonly used for securing online accounts, financial services, and critical communications, the criminal can access all of the victim's information. This means that fraudsters can easily execute unauthorised transactions, gain access to sensitive digital platforms, and perpetrate identity-related crimes using these credentials, often without the victim being aware of it at all. 

Because SIM-swap fraud is an escalating threat that needs to be addressed in light of the rapid escalating threat, organisations as well as individuals must reassess their digital security practices and move away from relying exclusively on SMS authentication to protect themselves. Although two-factor authentication is an important layer of security, its dependence on mobile networks has become a critical vulnerability that cybercriminals are increasingly exploiting to their fullest extent. Businesses must adopt more secure methods of authentication, including biometric verification, authenticator apps, and hardware security keys, so that they can protect customer data and digital access points with greater security. 

Additionally, telecom providers must play a more proactive role in their customer verification protocols, monitor for unusual SIM activity, and make sure that SIM swaps and port-out requests are thoroughly checked through multi-step procedures. Additionally, policymakers and regulators should consider putting in place stronger safeguards across the sector, including a uniform standard for digital identity verification and a real-time fraud alert system. 

Consumers must become aware of the risks associated with cybercrime to defend themselves. In addition to remaining vigilant against SIM tampering, individuals must avoid sharing sensitive personal information online or during unsolicited calls and report any loss of mobile service or suspicious activity of their accounts immediately. To counter fraud on a multi-layered scale, there must be an equally dynamic response rooted in education, innovation, and collaboration across all levels of the digital ecosystem. A concerted effort is required if the UK's digital economy is to continue to thrive in the face of this growing and extremely intrusive threat - and the wider digital economy as a whole.
Read more »
Singapore
Cyber Crime Cyber Safety CyberCriminal data security Data Stolen Data Theft Database Breach Hacker attack KYC Singapore

Cybercriminals Threaten Release of Stolen World-Check Database, Exposing Millions to Financial Risk

 

A financially motivated criminal hacking group, self-identified as GhostR, has claimed responsibility for the theft of a confidential database containing millions of records from the renowned World-Check screening database. The stolen data, totaling 5.3 million records, includes sensitive information used by companies for screening potential customers and assessing their links to sanctions and financial crime.
 
World-Check, a vital tool for conducting "know your customer" (KYC) checks, enables companies to identify high-risk individuals with potential ties to money laundering, government sanctions, or other illicit activities. The hackers disclosed that they obtained the data from a Singapore-based firm with access to the World-Check database, though the specific company remains unnamed. 

A portion of the stolen data encompasses individuals sanctioned as recently as this year. The compromised records include details of current and former government officials, diplomats, politically exposed persons (PEPs), individuals associated with organized crime, suspected terrorists, intelligence operatives, and even a European spyware vendor. These individuals are deemed high-risk for involvement in corruption, bribery, or other illicit activities. 

The stolen data comprises a wealth of sensitive information, including names, passport numbers, Social Security numbers, online cryptocurrency account identifiers, bank account numbers, and more. Such a breach poses significant risks, as it could potentially expose innocent individuals to unwarranted scrutiny and financial harm. 

Simon Henrick, a spokesperson for the London Stock Exchange Group (LSEG), which oversees World-Check, clarified that the breach did not originate from LSEG's systems but involved a third party's data set. While LSEG did not disclose the identity of the third-party company, they emphasized their commitment to collaborating with the affected party to safeguard data integrity and notify relevant authorities. 

Privately operated databases like World-Check are not immune to errors, raising concerns about the accuracy and fairness of their content. Past incidents, such as the 2016 leak of an older World-Check database, underscore the potential repercussions of erroneous data, including wrongful accusations and financial repercussions for innocent individuals. 

The breach highlights the critical need for enhanced cybersecurity measures and regulatory oversight to protect sensitive personal information and mitigate the risks associated with data breaches. As investigations into the incident continue, stakeholders must prioritize transparency, accountability, and proactive measures to prevent future breaches and safeguard consumer data privacy.
Read more »
USDoD
Data Breach Data Leak Database Breach Linkedin LinkedIn Users Personal Data US Government USDoD

Hackers Leaks Scraped LinkedIn Data of 35 Million Users


Threat actors have recently leaked personal information of over 35 million online users, by illicitly accessing a LinkedIn database. Apparently, the hackers are operating under the name ‘USDOD.’

The database, on the other hand, has been released in a popular cybercrime forum, Breach Forums. 

It is significant to note that USDoD is the same hacker who compromised the FBI's InfraGard security platform last year, revealing 87,000 members' personal information.

In a post on Breach Forums, the hacker verified that web scraping was used to access the most recent LinkedIn information. Web scraping is a software-driven, automated process that extracts data from websites, usually with the purpose of obtaining certain information from web pages.

As revealed by Hackread, the leaked data included publicly available information regarding the victims’ LinkedIn profiles, such as full names and profile bios. While this data also contains millions of email addresses, the hackers could not get hold of the passwords.

Email addresses from senior US government officials and organizations are exposed in the leak. Email addresses from other international government agencies have also been found.

Legitimacy of LinkedIn Data: Is it Authentic?

After analyzing more than 5 million accounts in the database, Troy Hunt of HaveIBeenPwned came to the conclusion that the data was a combination of information from other sources, including fraudulent email addresses and public LinkedIn profiles. Troy notes that the individuals, businesses, domain names, and a large number of email addresses are real, even though some of the information may be anecdotal or largely made up.

"Because the conclusion is that there’s a significant component of legitimate data in this corpus, I’ve loaded it into HIBP[…]But because there are also a significant number of fabricated email addresses in there, I’ve flagged it as a spam list which means the addresses won’t impact the scale of anyone’s paid subscription if they’re monitoring domains," Hunt explained.

This however was not the first time when the LinkedIn information was being leaked online by threat actors. A similar case happened back in April 2021, where 2 scrapped LinkedIn databases went on sale with 500 million and 827 million records. Also, in June 2021, a hacker sold a LinkedIn database that contained information about around 700 million users.  

Read more »
Unauthorized access
Asia bloomberg CCTV Cyber Security Dark Web Database Breach Telegram Unauthorized access

Data Centers Hacked to Collect Data from Multinational Firms

Over the past 18 months, there have been reports of cyberattacks against numerous data centers in various parts of the world, which have led to the leakage of information about some of the biggest corporations in the world and the publication of access privileges on the dark web.

Resecurity discovered several actors on the dark web, some of whom may have come from Asia, who were able to access customer records and exfiltrate them from one or more databases linked to particular apps and systems utilized by various data center firms during the campaign.

Initial access in at least one of the situations was probably obtained through a weak helpdesk or ticket management module which was connected with other programs and systems, allowing the threat actor to move laterally.

According to Resecurity, the threat actor was able to harvest credentials for data center IT personnel and clients, as well as a list of CCTV cameras and their corresponding video stream identifiers used to monitor data center settings.

Bloomberg said that two of the victim companies are GDS Holdings, based in Shanghai, and ST Telemedia Global Data Centres, based in Singapore. Resecurity did not identify the data center operators that were mentioned in the attack.

According to Bloomberg, GDS acknowledged that a customer assistance website was compromised in 2021 but insisted that there was no risk to the IT systems or data of its clients. It presented no risk to the clients, according to ST Telemedia.

According to Resecurity, businesses with a global presence in finance, investment funds, biomedical research firms, technology vendors, e-commerce sites, cloud services, ISPs, and content delivery network firms were among those whose information was exposed. According to the researchers, the companies are headquartered in the US, UK, Canada, Australia, Switzerland, New Zealand, and China.

Resecurity has not pinpointed any known APT groups as the perpetrators of the attacks. The experts point out that numerous, distinct perpetrators might compromise the victims.
Read more »
InfraGard
Cyber Security Database Breach FBI Finance InfraGard

Attacker Uses InfraGard Devices to Access FBI by Posing as Firm

According to experts that spoke to independent cybersecurity writer Brian Krebs, who first reported the incident, the hacker gained access to InfraGard's online site by pretending to be the CEO of a finance company. They described the screening procedure as surprisingly loose. 

Tens of thousands of contact info for public figures were advertised for sale on the dark web after hackers took advantage of a security flaw in one of the FBI's databases. 

According to reports, a hacker who pretended to be the CEO of a financial institution claims to have gained access to the than 80,000-member database of InfraGard, an FBI outreach program that communicates sensitive information on cybersecurity and threats to national security with public officials and private sector actors who manage critical infrastructure in the United States.

Last weekend, a hacker claimed to have samples from the database and posted them to a website forum frequented by internet criminals. They claimed to be seeking $50,000 for the complete database.

The FBI made no attempt to explain how the hacker managed to trick the organization into granting the InfraGard membership. When submitting an application to join InfraGard in November, the hacker reportedly will include a contact email address under its control as well as the CEO's actual mobile phone number. 

The FBI can interact with corporate leaders, entrepreneurs, lawyers, security personnel, military, and government officials, IT experts, academia, and state and local law enforcement through the InfraGard site. The Infragard homepage states that the portal is primarily intended for information exchange and education regarding new threats.   

The associated information from the hacker's chat has been submitted by KrebsOnSecurity so they can be taken down from the InfraGard forum. However, the hacker revealed to Krebs they had been contacting InfraGard personnel while assuming the role of the CEO of the financial institution in an effort to gather more private information that could be used in criminal activity.  
Read more »
Database Dumped
Darkweb Data Breach Database Breach Database Dumped

The number of Russian bank card sales on the darknet will decline, says Group-IB

Group-IB found out that carding is losing its appeal to cybercriminals. At the same time, sales of magnetic stripe content of bank cards and text data of bank cards decreased in Russia and the CIS, while the market for such data grew worldwide.

According to Hi-Tech Crime Trends Group-IB, the volume of the shadow carding market in Russia and the CIS has decreased by 77%. The number of bank card data posted for sale on the darknet and attributed to banks in Russia and the CIS decreased by 60%.

The market for text data of bank cards (number, expiration date, holder name, address, CVV) decreased by 44%.

A similar trend is typical for the global carding market: its volume decreased by 26%. Group-IB attributed this trend to a decrease in dump sales due to the closure of the largest cardshop Joker's Stash.

At the same time, in the global market, the amount of text data of bank cards in the shadow market increased by 36%.

Group-IB believes that the increase in the number of sold text data is associated with the increase in phishing during the pandemic. The company expects that the number of sales of bank cards will continue to gradually decline.

According to his experts, the activity of skimmers and online stores on the proliferation of these cards in Russia is declining. This is due to the development of banks, for example, introducing systems such as 3-D Secure. Moreover, such protection systems are not widespread in the world. This explains that the market for text data of bank cards has grown worldwide, while in Russia it has decreased.

Experts add that the share of Russian-language messages is growing on shadow forums: in order to minimize personal risks, hackers are trying to steal payment data from customers in other countries, which negatively affects global statistics.

Read more »
E-ticketing
Data Breach Database Breach Dutch E-ticketing

European E-Ticketing Platform TicketCounter Extorted In Data Breach

 

A Dutch e-ticketing network witnessed a data breach. The whereabouts came to be known after a customer’s database containing 1.9 million unique email addresses was stolen from an unprotected staging server. 

This Ticketcounter is a Dutch e-electronic platform which provides many facilities to its customers regarding tickets such as online tickets venue for parks, zoos, museums, and for various other events. 

On 21st February 2021, the malicious actors created a topic on a hacker forum to sell a hacked database of Ticketcounter but after some time they shut down the post. At first, it was believed that the threat actors had to remove their post because of the watchful eyes of the Netherlands Police however, in a conversation with the press – the attackers told that they are not afraid of law enforcement, they just did that when the database was sold privately. 

As per the inquiry, it has been observed that from the stolen database, the sensitive credential has been exposed including full names, IP addresses, phone numbers, email addresses, and hashed passwords. 

The whole incident of the data breach has been confirmed by the Ticketcounter owner to the press. 

“In what should be a model of transparency, Ticketcounter CEO Sjoerd Bakker has told. We copied a database to a Microsoft Azure server to test an 'anonymization process' that replaces personal data with fake data. Unfortunately, after copying the database, it was not secured properly, and the threat actor was able to download it”. 

Bakker added, “Shortly after the threat actor was selling the database, the hacker also contacted Ticketcounter and demanded seven bitcoins, or approximately $337,000, not to leak the data. The threat actor warned that if Ticketcounter did not make a payment, they would contact all of Ticketcounter's partners to alert them of the breach”. 

The Ticketcounter already contacted its clients and shared the information that has been hacked. “The Ticketcounter is creating various resources for his clients to facilitate these data breach notifications. These include lookup widgets, FAQs, and email templates that clients can share with customers to learn about the breach” Bakker told.
Read more »
Password Hashing
Cyber Crime Database Breach Database hacked Database Leaked Password Hashing

Here's why a Greece Hacker Easily Hacked Croatian University?

 

A hacker from Greece has published the database of the University of Rijeka in the context of Croatia supporting the anti-Serb movement. Reportedly, the hacker was fueled by the prevailing situation in the Balkans, and his acts were motivated by the same; addressing his Serbian brothers he wrote, "it's time to defend our land and our history". 

Hashing is a one-way road to security and a reliable password storage strategy that makes storing passwords less risky and complex by creating a strong foundation for securely storing passwords.
 
The database contains a table that compares every username with a password. The server receives a request for authentication with a payload containing a username and a password when a user logs in; then the username is being looked up in the database and matched with the stored password, and when the right match is being found, the user gets the access to the application or the website. 
 
The strength of security depends upon the format of storing the password, one of the most basic ways of password storage is 'cleartext', which however is also the least secure of all as it is readable data stored in the clear, for instance, unencrypted. To say, using cleartext for storing passwords is the real-world equivalent of writing them down on paper – here a digital one.  
 
Notably, the University website has been using Md5 to store the passwords which is yet another outdated format that can be easily cracked. Now coming back to hashing – it uses an algorithm to map data regardless of its size to a fixed length, one must not confuse hashing with encryption as encryption is a two-way function and hence reversible while hashing is a one-way function and hence is not reversible. The computing power required to reverse-hash something is unfeasible. 
 
What is salting?
 
Salting is a unique value that is added at the end of the password to distinguish its hash value from that of a similar password, without salting the same hash will be created for two identical passwords. It is done to strengthen security by complicating the cracking process. However, in the abovementioned hash, there are no additional values added to the passwords. 

They have simply used the md5 method without salting and as the main virtue of a secure hash function is to make its output difficult to predict, this method used by the University defies the whole purpose – making passwords weak and easy to crack. Some of the pre-cracked passwords are shown below. 



Read more »
Subscribe to: Posts (Atom)