Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Malicious Software. Show all posts

Fraudulent Antivirus Software Faces FTC Lawsuit After Raking in Millions

 

The US Federal Trade Commission filed a lawsuit alleging that two antivirus software packages, Restoro and Reimage, are counterfeit goods that have defrauded customers out of "ten of millions" of dollars. 

FTC investigators apparently went undercover and purchased the alleged malicious software four times. They discovered that the software consistently lied, telling them that they had a slew of viruses and security issues on their machines when, in fact, they did not. 404Media and Court Watch were the first to report the news.

One Restoro scan reported to the FTC that their test PC had 522 vulnerabilities that needed to be repaired. A Reimage scan discovered 1,244 so-called "issues," which the software classified as "PC privacy issues," "junk files," "crashed programs," and "broken registry issues." According to the complaint, these flaws were part of a larger scheme to offer buyers fraudulent "repair" tools. 

After installation, the software prompted the user to call a phone number to "activate" the software. However, the FTC claims that this is also part of the scheme, as the phone call sends users to a person who attempts to upsell the customer on further computer "repair services" over the phone, the lawsuit alleges. 

The FTC claims that the two software programs, which originate from the same place in Cyprus, have successfully tricked clients out of "tens of millions" of dollars. Reimage was added to a risk-monitoring program in 2019 because so many customers used credit card chargebacks to demand refunds. A large number of people also complained online, claiming the products are a scam.

According to the lawsuit, Visa also claimed in 2020 that the developers of the programme were involved in "fraudulent activities." Due to the large volume of customer chargeback requests, Visa later placed one of the Restoro-affiliated companies on a watch list in 2021. 

Restoro and Reimage are now facing charges from the FTC for allegedly misrepresenting their products and breaking laws pertaining to US telemarketing. Concerning the possibility that the developers of Restoro and Reimage will "continue to injure consumers and harm the public interest" in the absence of action, it expresses concern that the threat actors behind it won't stop.

QR Code Phishing Attacks: A Rising Threat

Leading cybersecurity firms have reported a startling 587% increase in QR code-based phishing assaults in recent times. This concerning pattern demonstrates how fraudsters are changing their strategies to take advantage of people's confidence in QR codes for a variety of objectives.

QR codes, initially designed for convenience and efficiency, have become an integral part of our digital lives. From accessing websites to making payments, these two-dimensional barcodes have streamlined numerous processes. However, this surge in phishing attacks signifies that cybercriminals are adapting and finding innovative ways to exploit this technology.

Cybersecurity experts have identified several strategies employed by attackers in these QR code phishing campaigns. One common tactic involves distributing malicious QR codes via emails or social engineering techniques. Unsuspecting victims scan these codes, unwittingly granting cybercriminals access to sensitive information or infecting their devices with malware.

Furthermore, attackers are increasingly using QR codes in conjunction with fake landing pages that mimic legitimate websites. These convincing replicas deceive users into entering their credentials or personal information, which is then harvested by the attackers. This method has proven to be highly effective, as even cautious individuals can be easily tricked by sophisticated phishing pages.

To combat this rising threat, experts emphasize the importance of user education and awareness. Individuals should exercise caution when scanning QR codes, especially if received from unknown or unverified sources. Employing reputable security software that includes QR code scanning capabilities can also provide an additional layer of protection.

Additionally, businesses and organizations should implement multi-factor authentication measures and conduct regular security audits to identify and mitigate potential vulnerabilities. By staying vigilant and adopting proactive cybersecurity measures, individuals and businesses can help curb the success of QR code phishing attacks.

The surge in QR code-based phishing attacks serves as a stark reminder of the ever-evolving landscape of cyber threats. As technology advances, so do the tactics of cybercriminals. Vigilance, education, and robust cybersecurity practices are crucial in safeguarding against these sophisticated attacks.






3 Vital Cybersecurity Threats for Employees

Cybersecurity is no longer just the IT department's job in today's digitally connected society. Protecting confidential firm information is the responsibility of every employee, from the CEO to the newest intern. Cybercriminals are growing more skilled, and their methods are changing. It's crucial that every employee is knowledgeable of potential hazards if your company is to be protected. The following three cyber threats are ones that every employee should be aware of:

1. Phishing Attacks

Phishing attacks are one of the most common and dangerous threats organizations face. Cybercriminals use deceptive emails or legitimate messages to trick employees into revealing sensitive information, such as login credentials or financial data. These emails often contain urgent requests or appear to be from trusted sources. Employees should be cautious and verify the sender's identity before clicking on any links or providing personal information. Regular training on recognizing phishing attempts is crucial in the fight against this threat.

2. Ransomware

Ransomware attacks have been on the rise in recent years. In a ransomware attack, malicious software encrypts an organization's data, rendering it inaccessible. Cybercriminals then demand a hefty ransom to provide the decryption key. Employees should be cautious about downloading attachments or clicking links from unknown sources. Regularly backing up data and keeping software up to date can help mitigate the impact of a ransomware attack.

3. Social Engineering

Social engineering attacks involve manipulating employees into divulging confidential information or performing actions that compromise security. This can involve impersonating colleagues, superiors, or even IT support. Employees should always confirm the identity of individuals making unusual requests, especially those involving sensitive data or financial transactions. Training programs should include simulations of social engineering attacks to prepare employees for real-world scenarios.

Educating employees about these cybersecurity threats is not a one-time effort; it should be an ongoing process. Regular training sessions, email reminders, and updates on emerging threats are essential components of a robust cybersecurity awareness program. Additionally, employees should be encouraged to report any suspicious activity promptly.

A cybersecurity breach doesn't just result in financial losses, keep that in mind. It may damage a company's reputation and undermine client and partner trust. Organizations can greatly minimize their risk and better safeguard their sensitive data by prioritizing cybersecurity knowledge for all employees.

Each employee must be aware of potential dangers because cybersecurity is a shared responsibility. Among the risks that businesses today must deal with include phishing attempts, ransomware, and social engineering. Employees can become a key line of defense in the ongoing fight against cybercrime by remaining alert and knowledgeable.

Operation Cookie Monster Shuts Down a Global Dark Web Marketplace



A multinational coalition of 17 law enforcement agencies has cracked down on the largest illicit dark web market in the world in an extensive operation dubbed Operation Cookie Monster. Thousands of stolen identities and online login passwords that were being sold on the marketplace were found thanks to this international investigation. The FBI and Dutch National Police-led operation has significantly hindered global efforts to combat cybercrime.

The platform in question was Genesis Market, founded in 2018, which harvested data from malicious software deployed by hackers into computer networks. It advertised and sold stolen data such as usernames, passwords, bank account details, and device fingerprints like computer and mobile phone identifiers. According to law enforcement agencies, the site had offered over 80 million account access credentials from more than 1.5 million compromised computers worldwide since its inception, including thousands of credentials stolen from over 460,000 devices that were advertised for sale when it was taken offline.

Rob Jones, Director General and Threat Leadership of Britain’s National Crime Agency (NCA) stated, "Behind every cybercriminal or fraudster is the technical infrastructure that provides them with the tools to execute their attacks and the means to benefit financially from their offending. Genesis Market was a prime example of such a service and was one of the most significant platforms on the criminal market.” 

The operation seized not only stolen identities but also browser fingerprints which can be used for identity theft. Louise Ferrett, an analyst at British cybersecurity firm Searchlight Cyber said that these browser fingerprints are harvested from computers infected with malicious software.

Europol’s Head of the European Cybercrime Centre Edvardas Å ileris said, "Through the combined efforts of all the law enforcement authorities involved, we have severely disrupted the criminal cyber ecosystem by removing one of its key enablers.” 

The importance of this operation cannot be understated – it has set a valuable precedent for international cooperation in cybercrime-fighting initiatives. In addition to tracking down those responsible for malicious software deployment and identity theft activities on this platform, police have also taken measures to prevent future occurrences with preventative activity such as searches and arrests. 

While Operation Cookie Monster may have been successful in taking down one marketplace selling stolen identities, it is essential to remain vigilant against other forms of cybercrime that are still out there – such as hacking and phishing attacks – in order to ensure secure online transactions and prevent identity theft in the future.


Commscope Ransomware Attack Exposes Sensitive Employee Data

Hackers have once again targeted a company, this time Commscope, and stolen sensitive employee data during a ransomware attack. According to reports, the hackers have published the stolen data online, including personal information, job titles, and email addresses of Commscope employees.

The attack on Commscope, a US-based network infrastructure provider, highlights the continued threat of cybercrime and the vulnerabilities that companies face in terms of data protection. Cybersecurity experts warn that companies need to be proactive in their approach to cyber defense and invest in robust security measures to prevent such attacks.

The hackers behind the Commscope attack have not been identified, but it is believed that they used ransomware to gain access to the company's systems. Ransomware attacks involve the use of malicious software to encrypt a company's data, making it inaccessible until a ransom is paid.

The publication of the stolen data online has caused concern for the affected employees, who now face the risk of identity theft and other cybercrimes. This incident serves as a reminder that companies must not only focus on preventing cyber attacks but also prepare for the aftermath, including data recovery and notification of affected individuals.

In the wake of this attack, Commscope has urged its employees to be vigilant and monitor their personal accounts for any suspicious activity. The company has also stated that it is working with law enforcement and cybersecurity experts to investigate the incident and mitigate the damage.

This attack on Commscope highlights the need for companies to take a proactive approach to cybersecurity, including implementing robust security measures, conducting regular risk assessments, and training employees to be aware of potential threats. With the increasing sophistication of cyber attacks, companies must remain vigilant and invest in cyber defense to protect their data and reputation.

Preventing a USB Killer Threat

A USB Killer is a USB drive that was altered to emit an electrical surge that can break or destroy hardware when a modified flash drive is plugged into a computer's USB port.

The concept for USB Killers was created by a Russian researcher named Dark Purple with the stated objective to eliminate delicate computer parts. When a USB Killer device is inserted into a USB port, it draws power from the devices' USB power sources and stores it in its own capacitors. It holds this procedure until a high voltage is reached. Once finished, it discharges the accumulated negative 220 volts of high voltage onto the USB data pins. An estimated 215–220 volts can be produced by the USB Killers that are now on the market. The host device's circuitry is harmed or destroyed as a result.

Its capacitors rapidly accumulate this enormous voltage. As long as the gadget is connected and hasn't been damaged to the point that it can no longer charge itself, the charge/discharge cycle also continues numerous times per second.

This approach makes nearly any unprotected equipment susceptible to high voltage attack. For years, malicious software has been spread via USB sticks, including viruses that can infect computers. This is probably because they are easy and affordable to design and buy. Unaware users frequently utilize them to store and transport data.


A USB Killer Attack: How to Prevent It

1. Keep Unknown Drives Out of the Plug

Social engineering, or using deceptive techniques to persuade people to connect a malicious device, is at the heart of many USB risks.

2. When possible, turn off USB ports

If it is possible, disabling USB ports is a great way to stop USB attacks, including USB Killer attacks.

3. Register online

A computer's virtual environment that hosts a mockup of your computer inside of your computer. It won't have an impact on your data or network if you connect to the drive and open it in the virtual environment.

It swiftly ruins a PC once you plug it into a USB port. Moreover, refraining from using unknown USB devices on computers is the greatest approach to stop USB Killers from causing PC damage. The majority of USB-related attacks can be effectively prevented by following the best cybersecurity measures. For complete security, you can physically cap and disable the USB ports in your business.

Even measures implemented to guard against USB assaults are not 100% secure. Never trust unknown disks, periodically examine those you do use, and utilize security features like passwords, PIN codes, and data encryption. Ideally, being informed of the strategies that hackers employ as well as having strong hardware and software security can keep you safe from any unpleasant digital illnesses.

Hackers Using Malicious Versions of Popular Software Brands to Propagate RomCom RAT

 

The RomCom RAT (remote access trojan) hacker has launched a new campaign impersonating the official websites of popular software brands SolarWinds, KeePass, and PDF Technologies to propagate malware. 

Researchers from BlackBerry uncovered the malicious campaign while analyzing network artifacts linked with RomComRAT infections resulting from attacks targeting Ukrainian military institutions and some English-speaking nations including the United Kingdom. 

According to Mike Parkin, senior technical engineer at Vulcan Cyber, given the targets and the nature of the attack, there's more than just a cybercriminal motivation in play. It's quite likely there’s state-level planning behind the scenes. 

"At its core, though, this is an attack against human targets,” Parkin said. “They are primarily relying on victims being socially engineered through email to go to a malicious site disguised as a legitimate one. That makes the users the first line of defense, as well as the primary attack surface.” 

The RomCom hacker installed clone websites on malicious domains similar to the legitimate ones that they registered. Subsequently, the threat actor trojanized a legitimate application and propagated via the decoy website, deploying targeted phishing emails to the victims. In some cases, the attackers used additional infector vectors. 

The malicious campaign seems like a direct copycat of some attacks we examined during the pandemic where we witnessed a number of vendor products and support tools being impersonated or "wrapped" with malware, stated Andrew Barratt, vice president at Coalfire. 

“The wrapping means that the underlying legitimate tool is still deployed, but as part of that deployment some malware is dropped into the target environment,” Barratt explained. “Major APTs like FIN7 have used these tactics in the past. Leveraging well-known brands that they have probably identified are in use gives an intruder a high possibility of a positive response by a user they mislead.” 

Earlier this year in August, Palo Alto Networks’ Unit 42 linked the RomCom RAT with an affiliate of the Cuba Ransomware named 'Tropical Scorpius,' as this was the first actor to employ the malware with features like ICMP-based communications, commands for file manipulation, process hatching and spoofing, data exfiltration, and activating a reverse shell.

However, the BlackBerry researchers said that there was no evidence for that assumption, and its report mentions Cuba Ransomware and Industrial Spy as possibly related to RomCom RAT. Hence, it remains unclear who is behind RomCom RAT or what are the motives behind the attacks.