Search This Blog

Showing posts with label Phishing Attacks. Show all posts

Microsoft Issues Alert Over Rise in Advanced Phishing Scams

Microsoft has issued a warning regarding a surge in sophisticated phishing scams targeting individuals and organizations. These scams employ advanced tactics to deceive users and steal sensitive information. With an increasing number of people falling victim to such attacks, it is crucial to stay vigilant and implement necessary precautions.

Phishing scams involve cybercriminals impersonating trusted entities to trick individuals into revealing personal information, such as passwords, credit card details, or social security numbers. The scams typically rely on social engineering techniques and fraudulent emails or messages designed to appear legitimate.

According to Microsoft, the new wave of phishing scams has become more sophisticated and harder to detect. Attackers are utilizing residential internet protocol (IP) addresses instead of traditional data center IPs to evade detection by security systems. By operating through residential IPs, scammers can bypass security filters that typically flag suspicious activity from data center IPs.

These phishing campaigns often target high-value individuals, such as company executives or employees with access to sensitive data. Scammers employ persuasive language, urgency, and personalized information to deceive their targets and convince them to take action, such as clicking on malicious links or providing confidential information.

To protect against these sophisticated phishing attacks, Microsoft advises individuals and organizations to implement multi-factor authentication (MFA). By enabling MFA, users must provide additional verification, such as a unique code sent to their mobile device, in addition to their password. This adds an extra layer of security and makes it significantly harder for attackers to gain unauthorized access.

Furthermore, individuals should remain cautious when interacting with emails or messages, especially those that request sensitive information or seem suspicious. It is essential to scrutinize sender addresses, look for signs of grammatical errors or inconsistencies, and avoid clicking on links or downloading attachments from unknown sources.

Organizations must prioritize cybersecurity awareness training for employees to educate them about the latest phishing techniques and the potential risks they pose. Regular training sessions and simulated phishing exercises can help individuals develop a strong sense of skepticism and recognize the warning signs of a phishing attempt.

Beware of WhatsApp Scam Calls From International Numbers

A growing number of people have recently reported getting unexpected calls on WhatsApp from foreign numbers. These calls frequently originate from unknown or unfamiliar parties and may be a part of a fraud or scam. 

It is crucial to exercise caution and act quickly to safeguard yourself from any threats. Here are five crucial actions you should do if you get such calls or messages.
  • Do not answer or respond: When you receive a call from an international number that you don't recognize, it's advisable not to answer or respond. Engaging with unknown callers can put you at risk of falling victim to scams or unauthorized access to your personal information.
  • Block the number: Use the block feature available on WhatsApp to prevent further calls or messages from the specific international number. Blocking the number will ensure that you do not receive any more unwanted communication from that source.
  • Report and flag the number: WhatsApp provides users with the option to report and flag suspicious or unwanted calls or messages. Utilize this feature to notify WhatsApp about the incident. Reporting the number can help the platform take appropriate action and prevent similar occurrences.
  • Be cautious with personal information: Avoid sharing any personal or sensitive information with unknown callers, especially those from international numbers. Scammers may attempt to extract personal details or financial information under the guise of a legitimate conversation.
  • Stay updated and educate yourself: Stay informed about the latest scams and frauds targeting WhatsApp users. Educate yourself about the tactics used by scammers to recognize and avoid potential threats. Regularly check reliable sources for updates on new scams and best practices for protecting yourself online.
It's important to note that WhatsApp is actively working to enhance security measures and prevent such fraudulent activities. However, users must also take responsibility for their own safety and be vigilant while using the platform. By following these precautions, you can minimize the risk of falling victim to scams or unauthorized access to your personal information.

If you encounter any suspicious or fraudulent activities on WhatsApp, it is recommended to report the incident to your local law enforcement agencies or the cybercrime helpline. Prompt reporting can help in raising awareness and assisting authorities in their efforts to combat such scams effectively.

Always be vigilant and take the appropriate safety measures when using WhatsApp or any other communication platform because your privacy and security are very important. Keep yourself aware, vigilant, and protected from any threats connected to WhatsApp's unrecognized international calls.

Microsoft 365 Phishing Attacks Made Easier With 'Greatness'


It is a method of stealing money, or your identity, by attempting to get you to reveal personal information through websites that pretend to be legitimate websites, such as credit cards, bank details, or passwords, that aim to get you to reveal your personal information. Cybercriminals often pose as reputable companies, friends, or acquaintances and send fake messages with a link to a phishing website.  

By enticing people to reveal personal information like passwords and credit card numbers, phishing attacks are intended to steal sensitive data or damage it by damaging users' computers. 

Even script kiddies have constructed convincing, effective phishing attacks against businesses using a service never heard of before, called phishing-as-a-service (PaaS). 

As many organizations around the world use the Microsoft 365 cloud-based productivity platform, it has become one of the most valuable targets for cybercriminals. These criminals use it to steal data and credentials to compromise their networks. 

During a Cisco Talos research update, researchers explained how phishing activity on the Greatness platform exploded between December 2022 and March 2023. This was when the platform was launched in mid-2022. 

Since the tool was introduced in mid-2022, it has been used in attacks on several companies across a variety of industries. These industries include manufacturing, healthcare, technology, and banking. 

At this point, approximately half of those targeted are in the United States. Attacks have also been carried out around Western Europe, Australia, Brazil, Canada, and South Africa, but the majority are concentrated in the US. 

As a result of these attacks, a wide range of industries, including manufacturing, healthcare, technology, education, real estate, construction, finance, and business services, are being targeted. 

It contains everything you will ever need to conduct a successful phishing campaign if you intend to play at being a phishing actor in the future. 

Using the API key that they have acquired for their service, the users will have access to the 'Greatness' admin panel and provided a list of email addresses that they wish to attack. 

It is the PhaaS platform, or as it is often called, that allocates the infrastructure needed to host the phishing pages and also to build the HTML attachments. This is like the server hosting the phishing pages. 

Afterward, the affiliate builds the content for the email and provides any other material needed, and changes any default settings if necessary. 

The process of taking on an organization is simple. A hacker simply logs into the enterprise using their API key; provides a list of target email addresses; creates the content of the email (and changes any other default details as they see fit). 

Greatness will authenticate on the real Microsoft platform based on the MFA code supplied by the victim once the MFA code is provided. This allows the affiliate to receive an authenticated session cookie through the Telegram channel provided by the service or through access to their web panel. 

As a result, many companies find that stolen credentials can also be used to breach their network security. This results in more dangerous attacks, like ransomware, being launched.

Dish Network Hit by Cyberattack and Multiple Lawsuits

Satellite TV provider, Dish Network, recently suffered a ransomware attack that compromised the sensitive data of its customers and employees. The attack occurred in February 2023 and was only revealed by the company in April. Since then, the company has been hit with multiple lawsuits from affected customers, which could have serious financial and reputational consequences.

According to Dish Network, the attackers accessed a database that contained names, addresses, phone numbers, and email addresses of its customers and employees. While there is no evidence that the attackers stole financial information, social security numbers, or passwords, the theft of personal information alone is a major cause for concern.

The company has not disclosed how the attack occurred or which ransomware group was responsible. However, security experts have noted that many ransomware attacks start with a phishing email or a vulnerability in software that is not patched in time.

Dish Network has said that it immediately launched an investigation and informed law enforcement about the attack. It has also offered affected customers two years of free credit monitoring and identity theft protection services. However, this may not be enough to assuage customers’ concerns, as the stolen information can be used for a range of malicious activities, from phishing scams to identity theft.

The lawsuits filed against Dish Network accuse the company of failing to secure customer data and being negligent in protecting it. The plaintiffs are seeking damages and compensation for the potential harm that could result from the theft of their personal information. The lawsuits also allege that Dish Network did not inform customers about the attack promptly, which delayed their ability to take measures to protect themselves.

This incident serves as a reminder of the importance of cybersecurity for businesses of all sizes. Cyberattacks can cause significant harm to a company’s reputation, finances, and customers. It is crucial for companies to have robust security measures in place, regularly update their software, and educate employees about cyber threats. It is also important to have a plan in place to respond to a cyber incident, including notifying affected customers promptly and offering them appropriate support.

In the case of Dish Network, the full extent of the damage caused by the cyberattack remains unclear. However, the lawsuits against the company highlight the serious consequences that can result from a breach of personal data. It is up to companies to take responsibility for the security of their customers’ information and take all necessary measures to prevent cyberattacks from occurring in the first place.

IPFS Phishing Attacks: How Cybercriminals Exploit Decentralized File Storage

IPFS Phishing Attacks are becoming increasingly common as more users adopt the InterPlanetary File System (IPFS) technology to store and share files. This decentralized file storage system is designed to provide users with more control over their data and protect them from censorship, but it can also be exploited by cybercriminals to conduct phishing attacks.

How do IPFS Phishing Attacks Work?

Phishing attacks involve tricking users into providing sensitive information such as login credentials or financial data by posing as a trustworthy entity. IPFS phishing attacks work in a similar way, with cybercriminals creating fake IPFS gateways to steal user data.

Here’s how it works: when users want to access files stored on the IPFS network, they typically use a gateway to retrieve them. These gateways act as intermediaries between the user and the IPFS network, serving as a proxy for the user's requests. Unfortunately, cybercriminals can create fake gateways that look just like the real ones, tricking users into sending their requests to the malicious gateway.

Once a user sends a request to a fake gateway, the attacker can intercept the request and replace the legitimate file with a fake one that contains malicious code. The user is then prompted to enter their login credentials or other sensitive information, which the attacker can steal.

How to be safe from IPFS Phishing Attacks?

To avoid falling victim to IPFS phishing attacks, there are several best practices to follow:

1. Always check the URL of the IPFS gateway before entering any sensitive information. Be wary of URLs that look suspicious or slightly different from the real gateway.

2. Use a trusted IPFS gateway. Check the list of recommended gateways from IPFS or use a gateway recommended by a reputable source.

3. Be cautious when accessing files from unknown sources. Verify the source of the files and check if they are known to be safe.

4. Enable two-factor authentication whenever possible. This adds an extra layer of security to your login process.

5. Keep your software and security tools up-to-date to prevent known vulnerabilities from being exploited.

IPFS phishing attacks are a growing threat that can be mitigated by following best practices for online security. By being vigilant and cautious when accessing files on the IPFS network, users can protect themselves from cybercriminals.

Enterprise Targeted by Akira Ransomware's Extortion Techniques

A new ransomware operation called Akira has been found targeting enterprise organizations. According to reports, Akira ransomware is a relatively new strain that is used in targeted attacks and is designed to infiltrate enterprise networks.

The ransomware is primarily distributed through phishing emails that contain a malicious attachment or a link that, when clicked, will download the malware onto the victim’s computer. Once inside the network, the ransomware is capable of moving laterally and infecting other machines, encrypting all the files it can access.

The attackers behind Akira ransomware are known for using double extortion tactics. After encrypting the victim’s files, they threaten to publish the stolen data on the dark web if the ransom is not paid. This tactic adds another layer of pressure to the already stressed-out victims.

Akira ransomware has already caused significant damage, targeting various companies across the world, including a Taiwanese mobile phone manufacturer, a Canadian software development company, and an American e-commerce firm.

Experts warn that this ransomware is particularly dangerous for companies that have weak cybersecurity protocols and are not regularly updating their software. The attackers behind Akira ransomware are always looking for vulnerabilities to exploit, and companies with outdated software are easy targets.

To prevent becoming a victim of Akira ransomware, companies are advised to update their software regularly, use strong passwords, implement multi-factor authentication, and train employees on how to identify and avoid phishing emails.

The rise of Akira ransomware is yet another reminder of the importance of cybersecurity. With cyber threats becoming increasingly sophisticated, it is essential for organizations to take the necessary precautions to protect their valuable data and networks from cybercriminals.

ChatGPT: A Game-Changer or a Cybersecurity Threat

The rise of artificial intelligence and machine learning technologies has brought significant advancements in various fields. One such development is the creation of conversational AI systems like ChatGPT, which has the potential to revolutionize the way people communicate with computers. However, as with any new technology, it also poses significant risks to cybersecurity.

Several experts have raised concerns about the potential vulnerabilities of ChatGPT. In an article published in Harvard Business Review, the authors argue that ChatGPT could become a significant risk to cybersecurity as it can learn and replicate human behavior, including social engineering tactics used by cybercriminals. This makes it challenging to distinguish between a human and a bot, and thus, ChatGPT can be used to launch sophisticated phishing attacks or malware infections.

Similarly, a report by Ramaon Healthcare highlights the concerns about the security of ChatGPT systems in the healthcare industry. The report suggests that ChatGPT can be used to collect sensitive data from patients, including their medical history, which can be exploited by cybercriminals. Furthermore, ChatGPT can be used to impersonate healthcare professionals and disseminate misinformation, leading to significant harm to patients. 

Another report by Analytics Insight highlights the risks and rewards of using ChatGPT in cybersecurity. The report suggests that while ChatGPT can be used to improve security, such as identifying and responding to security incidents, it can also be exploited by cybercriminals to launch sophisticated attacks. The report suggests that ChatGPT's integration into existing security systems must be done with caution to avoid unintended consequences.

While ChatGPT has immense potential to transform the way people communicate with computers, it also poses significant risks to cybersecurity. It can be used to launch sophisticated attacks, collect sensitive information, and spread misinformation. As such, organizations must ensure that appropriate security measures are in place when deploying ChatGPT systems. This includes training users to identify and respond to potential threats, implementing strong authentication protocols, and regularly monitoring the system for any suspicious activity.

Deepfake Apps Remain Popular in China Despite Crackdown

The Chinese government has recently launched a crackdown on deepfakes, a type of synthetic media that involves manipulating images, videos, or audio to make them appear to be real. Despite these efforts, however, several Chinese apps that utilize deepfakes are finding a large audience in the country.

Deepfakes have become a significant concern in recent years due to their potential to spread misinformation and manipulate public opinion. Cybersecurity experts warn that deepfakes can be used for nefarious purposes such as identity theft, fraud, and even political propaganda.

China's new laws aim to prevent the spread of false information and improve cybersecurity. However, the government's efforts have not deterred developers from creating deepfake apps that remain popular among Chinese consumers. These apps allow users to create deepfake videos and images with ease, making it possible to manipulate content in ways that were previously impossible.

While these apps are designed to be entertaining and harmless, they can pose significant risks to personal privacy and security. Deepfake technology is becoming increasingly advanced, and it is becoming more difficult to distinguish between real and fake content.

To protect themselves, users should exercise caution when using deepfake apps and be aware of the potential risks. They should also ensure that they are downloading apps from reputable sources and regularly update their devices to the latest software version to mitigate any vulnerabilities.

The proliferation of deepfake apps highlights the importance of continued vigilance in the fight against cyber threats. Governments, organizations, and individuals must work together to stay ahead of evolving threats and take steps to mitigate risks.

China's crackdown on deepfakes has not stopped the popularity of deepfake apps in the country. Cybersecurity experts warn that these apps can pose significant risks to personal privacy and security, and users should exercise caution when using them. The continued proliferation of deepfakes emphasizes the importance of continued vigilance in the fight against cyber threats.

Ransomware Attacks Surge in March 2023

According to recent reports, March 2023 saw a record-breaking number of ransomware attacks globally, with a staggering 459 incidents reported. This highlights the increasing prevalence and sophistication of cyber-attacks and the need for robust cybersecurity measures.

Ransomware attacks involve hackers encrypting a victim's data and demanding a ransom payment in exchange for the decryption key. Cybercriminals typically gain access to systems through phishing emails or exploiting vulnerabilities in software.

One such attack in March involved a zero-day vulnerability in the GoAnywhere MFT software used for secure file transfer. Cybersecurity firm Fortra completed an investigation into the incident and confirmed that the vulnerability had been exploited by attackers.

The incident emphasizes the importance of promptly identifying and patching vulnerabilities to prevent cyber attacks. With the increasing use of software and internet-connected devices, cybercriminals have more opportunities to exploit weaknesses.

Cybersecurity experts recommend implementing best practices such as regular security assessments, employee training, and security controls to minimize the risk of cyber attacks. In addition, having an incident response plan in place can help organizations quickly respond to and contain any attacks.

The prevalence of ransomware attacks underscores the importance of investing in robust cybersecurity measures to protect sensitive data and prevent business disruption. Cybersecurity threats are constantly evolving, and organizations must remain vigilant and proactive in their approach to cybersecurity to stay ahead of cybercriminals.

A recent surge in ransomware attacks and the GoAnywhere MFT incident serve as reminders of the vulnerabilities that exist in software and the need for proactive cybersecurity measures. Organizations must prioritize cybersecurity to protect themselves against these evolving threats and prevent potentially catastrophic consequences.

Mass Layoffs and Corporate Security Risks


Mass layoffs have become increasingly common in recent years as companies look to cut costs and remain competitive. While these layoffs can provide short-term financial benefits, they can also create new risks for corporate security.

One of the key vulnerabilities of mass layoffs is that they can lead to disgruntled employees who may be motivated to engage in malicious activity. This can include stealing sensitive information or launching cyber attacks against their former employer.

Another potential risk of mass layoffs is that they can lead to a loss of institutional knowledge. When key employees are let go, they may take critical knowledge and expertise with them. This can make it difficult for companies to maintain their security posture and respond effectively to new threats.

To mitigate these risks, it is important for companies to have robust security measures in place before conducting mass layoffs. This can include implementing access controls and monitoring systems to detect and prevent unauthorized access to sensitive data.

In addition, companies should provide training and resources to remaining employees to help them identify and respond to potential security threats. This can include educating employees about phishing scams, social engineering tactics, and other common methods used by cyber criminals.

The Cybersecurity and Infrastructure Security Agency (CISA) has also been pressuring tech vendors to ship secure software out of the box. This can help to reduce the risk of security vulnerabilities in software products that may be used by companies during mass layoffs.

It is important for companies to carefully consider the potential security risks associated with mass layoffs and take proactive steps to mitigate those risks. By implementing robust security measures and providing ongoing training and resources, companies can help to protect their sensitive data and maintain their security posture in the face of new threats.

IPFS Network Technology is Being Used in More Phishing Attacks


Due to fresh Kaspersky research, fraudulent use of the InterPlanetary File System appears to have surged recently. Since 2022, fraudsters have leveraged IPFS for email phishing attacks. IPFS is a peer-to-peer network protocol that allows for the creation of a decentralized and distributed web. Unlike standard web protocols, which rely on centralized servers, IPFS allows users to share and access files without the need for a centralized authority. IPFS identifies files based on their content, not their location. 

Each file is assigned a unique cryptographic hash called CID; the content identifier can be used to get the file from any network node that has a copy. This makes it simple to distribute and access content even when the original source is unavailable.

IPFS is also a content-addressed system, which means that any modifications to a file generate a new hash. This keeps files immutable and tamper-proof.

IPFS material can be accessed via a specialized application programming interface or gateways, which are accessible via any web browser. The URL used to reach the gateway contains the CID and the gateway name, however, it may differ from one gateway to the next. For instance, it may be:
  • https://gateway/ipfs/CID
  • https://CID.ipfs.gateway
In a typical phishing attack, the target is lured to visit a false phishing page, which steals their passwords and possibly their credit card information; however, this fraudulent page can be hosted on IPFS and accessed through a gateway.

The implementation of such a mechanism allows attackers to minimize the expense of hosting the phishing page while also making it more difficult to remove false information from the internet because it may be present on multiple machines at the same time.

If a user clicks on a phishing link and provides their credentials, it is critical that the user reset their password as soon as possible and investigates whether there has been any fraudulent activity with that account. According to Kaspersky, most IPFS phishing attacks are similar to traditional phishing, however, in certain circumstances, IPFS is utilized for intricate targeted attacks.
The eradication of phishing pages from IPFS material is more difficult. Typical phishing pages can be removed by requesting that the web content provider or owner delete them. Depending on the host, that operation can take a long time, especially if it is hosted on bulletproof providers, which are illegal hosting providers who assure their customers they do not respond to law enforcement requests and do not remove information.

IPFS content takedown operations differ in that the content must be removed from all nodes.IPFS gateway providers try to counteract fraudulent pages by deleting links to those files on a regular basis, although this may not always happen as quickly as blocking a phishing website. On March 27, 2023, Kaspersky researcher Roman Dedenok wrote that the company has "observed URL addresses of IPFS files that first appeared in October 2022 and remain operational at the time of this writing."

There were 2,000-15,000 IPFS phishing emails per day as of late 2022. In 2023, IPFS phishing began to grow in Kaspersky's volumetry, with up to 24,000 emails per day in January and February; however, the levels soon returned to the same values as in December 2022. In accordance with monthly statistics, February was a busy month with about 400,000 phishing emails, while November and December were roughly 228,000 and 283,000, respectively.

How to Avoid the IPFS Phishing Threat

Anti-spam systems, such as Microsoft Exchange Online Protection or Barracuda Email Security Gateway, will assist in detecting IPFS phishing and blocking links to it, just as they would in any other phishing situation.

Users should be taught about phishing emails or any other type of phishing link that may be sent to them via various channels such as instant messaging and social networks. To prevent unauthorized access, use multifactor authentication. Even if attackers gained login credentials through phishing, this will make it more difficult for them to get access.

'BEC 3.0' Is Here With Tax-Season QuickBooks Cyberattacks

Researchers from Avanan, a Check Point company, have identified a new wave of business email compromise (BEC) attacks, which they refer to as "BEC 3.0." 

In these attacks, cybercriminals sign up for free accounts with legitimate services and use email addresses from domains that are unlikely to be flagged by scanning tools. This evolution in phishing tactics demonstrates how cybercriminals continue to adapt and evade security measures as detection improves. 

The Researchers have discovered evidence of similar attacks coming from PayPal and Google, as well as previous attacks from legitimate QuickBooks accounts. 

These attacks are coupled with carefully written and socially engineered emails that lack the typical bad grammar or typos found in phishing emails. This makes them more difficult for users to spot, as the sender's address, links, spelling, and grammar are all legitimate, deviating from typical phishing hygiene tricks. 

Phishing attacks remain a primary initial access vector due to attackers' increasing use of legitimate SaaS and cloud offerings, such as LinkedIn, Google Cloud, AWS, etc., to host malicious content or direct users to it. 

In the recent QuickBooks attack, victims are informed about the renewal of Norton LifeLock subscriptions and are prompted to call a phone number for verification or cancellation. This detail may not raise suspicion even among savvy email users, as Norton LifeLock is commonly used by both consumers and businesses. 

The phishing campaign in question not only harvests payment credentials but also victims' phone numbers for future attacks via chat apps like WhatsApp. The attackers are adept at creating messages that are convincing to end users and difficult for security protections to detect, as they come from legitimate sources like QuickBooks. 

By placing malicious content within a safe receptacle, such as a legitimate website, the attackers can easily evade detection by security services. Standard checks like domain, SPF, and DMARC may not be effective in detecting these attacks, making them highly deceptive and challenging to prevent. 

To counter the evolving tactics of attackers in phishing attacks, organizations need to enhance their security protections and educate employees about new types of phishing attacks, such as BEC 3.0. This may involve changing the approach to employee education, such as being cautious of all links and verifying phone numbers through Google searches. 

Implementing policies for independent verification of actions requested in BEC emails and data-protection policies can also help detect suspicious activities. Additionally, utilizing browser security that traces links through their intended actions can be beneficial in preventing compromise from advanced phishing attacks.

Ukrainian Police Arrests Suspects Accused of Stealing $4.3M From Victims Across Europe

The Ukrainian police have detained 10 suspects, arresting two for allegedly being involved in a cybercrime group that conducted phishing campaigns and was a part of fraudulent online marketplaces, stealing more than $4.3 million from over 1,000 users across Europe. 

According to Ukraine’s cyber police unit, which collaborated with Czech Republic law enforcement on the bust, the threat group created more than 100 phishing sites to acquire victims’ bank credentials and access to their accounts. 

These websites provided a range of products for sale at discounts from market value. But, instead of obtaining a good price when customers entered their bank card information to pay for the fraudulent products, they had their account information stolen and probably had all of their money stolen from them. 

Additionally, the scammers established two Ukrainian call centers, in Vinnytsia and Lviv, and employed operators to persuade clients to make purchases as part of the scam. Too bad they were not assisting to defend their country instead of taking advantage of people. As per the police report, the victims include individuals from several European countries like the Czech Republic, France, Spain, and Portugal. The threat group scammed the victims of 160 million hryvnias or more, i.e. nearly $4.36 million. 

Following the event of the arrest, the Ukrainian police also shared a video where the police officers were seen busting down doors of a suspect’s residence and an empty call center. 

The law enforcement teams searched the houses, cars, and two call centers of the accused in a total of around 30 searches, seizing mobile phones, SIM cards, and computer hardware involved in illicit activity. 

The two suspected heads of the crime gang are facing up to 12 years in prison on charges of fraud and establishing a criminal organization. The European Union has captured ten more accused gang members, and according to international law enforcement organizations, the investigation is still underway. 

The aforementioned arrest is followed by another call center scan in Europe, that was announced by Europol in January this year. In the case, the European police detained 15 suspects and closed down a multi-country channel of call centers selling fabricated cryptocurrency that the law enforcement claimed to have stolen more than hundreds of million euros from victims.  

Are Chatbots Making it Difficult to Trace Phishing Emails?

Chatbots are curbing a crucial line of defense against bogus phishing emails by rectifying grammatical and spelling errors, a key attribute to trace fraudulent mails, according to experts. 

The warning comes as international advisory published from the law enforcement agency Europol concerning the potential criminal use of ChatGPT and other "large language models." 

How Does Chatbot Aid Phishing Campaign? 

Phishing campaigns are frequently used as bait by cybercriminals to lure victims into clicking links that download malicious software or provide sensitive information like passwords or pin numbers. 

According to the Office for National Statistics, half of all adults in England and Wales reported receiving a phishing email last year, making phishing emails one of the most frequent kinds of cyber threat. 

However, artificial intelligence (AI) chatbots can now rectify the flaws that trip spam filters or alert human readers, addressing a basic flaw with some phishing attempts—poor spelling and grammar. 

According to Corey Thomas, chief executive of the US cybersecurity firm Rapid7 “Every hacker can now use AI that deals with all misspellings and poor grammar[…]The idea that you can rely on looking for bad grammar or spelling in order to spot a phishing attack is no longer the case. We used to say that you could identify phishing attacks because the emails look a certain way. That no longer works.” 

As per the data, ChatGPT, the market leader that rose to fame after its launch last year, is being used for cybercrime, with the development of "large language models" (LLM) finding one of its first significant commercial applications in creating malicious communications. 

Phishing emails are increasingly being produced by bots, according to data from cybersecurity specialists at the UK company Darktrace. This allows crooks to send longer messages that are less likely to be detected by spam filters and to get beyond the bad English used in human-written emails. 

Since the huge prevalence of ChatGPT last year the overall volume of malicious email scams that attempt to trick users into clicking a link has decreased, being replaced by emails that are more linguistically complicated. According to Max Heinemeyer, the company's chief product officer, this indicates that a sizable proportion of threat actors who create phishing and other harmful emails have developed the ability to create longer, more complicated prose—likely using an LLM like ChatGPT or something similar. 

In Europol’s advisory report in a study on the usage of AI chatbots, the firm mentioned similar potential issues, such as fraud and social engineering, disinformation, and cybercrime. According to the report, the systems are helpful for guiding potential offenders through the processes needed to hurt others. Since the model can be used to deliver detailed instructions by posing pertinent questions, it is much simpler for criminals to comprehend and ultimately commit different forms of crime. 

In a report published this month, the US-Israeli cybersecurity company Check Point claimed to have created a convincing-looking phishing email using the most recent version of ChatGPT. By instructing the chatbot that it wanted a sample phishing email for a program on staff awareness, it got beyond the chatbot's safety procedures. 

With the last week's launch of its Bard product in the US and the UK, Google has also entered the chatbot race. Bard cooperated gladly, if without much finesse when the Guardian asked him to write an email that would convince someone to click on a suspicious-looking link: "I am writing to you today to give a link to an article that I think you will find interesting." 

Additionally, Google highlighted its “prohibited use” policy for AI, according to which users are not allowed to use its AI models to create content for the purpose of “deceptive or fraudulent activities, scams, phishing, or malware”. 

In regards to the issue, OpenAI, the company behind ChatGPT mentioned its terms of use, which says users “may not use the services in a way that infringes, misappropriates or violates any person’s rights”.  

How Threat Actors are Using IPFS for Email Phishing

InterPlanetary File System (IPFS) is a peer-to-peer distributed file system, that allows users around the world to exchange files. Instead of using file paths for addressing like centralized systems do, IPFS uses unique content identifiers (CID). The file itself stays on the user’s computer which had “uploaded” it to IPFS and downloaded directly from the computer. By default, a special software is needed to upload or download a file to IPFS (IPFS client). The so-called gateways are offered so users can browse the files stored in IPFS freely without installing any software. 

In 2022, threat actors conducted malicious activity by using IPFS for email phishing campaigns. They upload HTML files containing phishing forms to IPFS and use gateways as proxies so that users can access the files whether or not an IPFS client is installed on their devices. In addition, the scammers included file access links through a gateway into phishing messages forwarded to targeted victims. 

A distributed file system is used by attackers to reduce the cost of hosting phishing pages. Moreover, IPFS makes it impossible to erase files that have been uploaded by third parties. One can request that a file's owner delete it if they want it to totally disappear from the system, but cybercriminals will almost certainly never comply. 

IPFS gateway providers manage to tackle IPFS phishing attacks by consistently deleting links to fraudulent or suspicious files. 

Still, the detection or deletion of links at the gateway level do not always happen as quickly as blocking phishing emails, cloud files, or document. The URL addresses initially came to light in October 2022. As of right now, the campaign is still ongoing. 

The objective of phishing letters with IPFS links is often to gain the victim's account username and password, the reason why they barely contain very creative content. What is interesting about this tactic is where the HTML page links go. 

The recipient's email address is contained in the URL parameter. The email address given in the login box and the corporate logo at the top of the phishing form will both change, once modified. This way, one link can be utilized in a number of phishing campaigns targeting a variety of users. 

In late 2022, Kaspersky discovered two – 15,000 IPFS phishing letters a day for most of the time. This year, IPFS campaigns have begun to escalate, reaching more than 24,000 letters a day in January and February. February became the busiest month in terms of IPFS phishing activities, where researchers discovered a whooping 400,000 letters, a 100,000 increase from November and December 2022. 

In regards to this, Roman Dedenok, a security expert at Kaspersky commented “Attackers have and will continue to use cutting-edge technologies to reap profits. As of late, we have observes an increase in the number of IPFS phishing attacks — both mass and targeted. The distributed file system allows scammers to save money on domain purchase. Plus, it is not easy to completely delete a file, although, there are attempts to combat fraud at the IPFS gateway level. The good news is that anti-spam solutions detect and block links to phishing files in IPFS, just like any other phishing links. In particular, Kaspersky products employ a number of heuristics to detect IPFS phishing.”  

Rising Cyberattacks Increase Stress on Healthcare Industry


The health industry has recently come under increasing pressure to protect sensitive data from cyberattacks as these attacks become more frequent and sophisticated. Healthcare providers have been targeted by cybercriminals seeking to obtain sensitive patient data such as medical records and financial information. This is a worrying trend that is posing a significant risk to patient privacy and could potentially harm the reputation of healthcare providers.

The rise in cyberattacks on the healthcare industry is not surprising given the vast amounts of sensitive data that are collected, stored, and shared within the sector. Patient data is highly valuable on the black market, with medical records often fetching high prices. Cybercriminals are using a variety of tactics to gain access to healthcare systems, including phishing emails, ransomware attacks, and exploiting vulnerabilities in software.

Healthcare providers must take proactive steps to protect themselves from these threats. This includes implementing robust cybersecurity measures such as firewalls, intrusion detection systems, and data encryption. Staff training is also critical to ensure that employees are aware of the risks and understand how to detect and respond to potential cyberattacks.

In addition to these measures, healthcare providers should also be regularly testing their cybersecurity defenses. This can be done through simulated cyberattack scenarios, which allow providers to identify weaknesses in their systems and make improvements before an actual attack occurs.

It is important to note that protecting patient data is not only a legal and ethical obligation but also a critical aspect of maintaining patient trust. Patients expect their healthcare providers to keep their personal and medical information confidential and secure. A data breach can have significant consequences for patient trust and can harm the reputation of healthcare providers.

In conclusion, cyberattacks on the healthcare industry are becoming more common, and healthcare providers must take proactive steps to protect patient data from these threats. This includes implementing robust cybersecurity measures, staff training and regularly testing their defenses. Protecting patient data is a legal and ethical obligation, and failure to do so can have significant consequences for patient trust and the reputation of healthcare providers.

San Francisco Battles Cybercrime Surge


San Francisco is currently battling a surge in cybercrime, which officials are calling a 'tsunami.' The recent attack on Oakland has been one of the biggest hits in the area, and authorities are working tirelessly to prevent similar incidents.

The Oakland attack was a ransomware attack, where hackers demanded payment in exchange for unlocking the city's computer systems. This attack caused significant disruptions to city services and resulted in a large financial cost.

The attack on Oakland is just one example of the increasing number of cyber attacks happening in the San Francisco area. Cybercriminals are using more sophisticated tactics, making it challenging for law enforcement to keep up.

To combat this surge in cybercrime, San Francisco officials are ramping up their efforts to prevent and respond to attacks. This includes increasing funding for cybersecurity and working with law enforcement agencies to share information about threats.

However, preventing cybercrime is not just the responsibility of officials. Individuals and businesses must also take steps to protect themselves. This includes using strong passwords, regularly updating software, and being cautious about opening suspicious emails or clicking on unknown links.

Furthermore, businesses should take additional steps to protect their data, such as backing up important files and implementing security protocols for remote workers.

While the rise in cybercrime is concerning, it is important to remember that there are steps that individuals and businesses can take to protect themselves. By working together, San Francisco can continue to combat this "tsunami" of cybercrime and protect its citizens and businesses from harm.

SVB Collapse: An Attackers Paradise you Should Beware of

Lately, the Silicon Valley Bank has been closed down by the California Department of Finance Protection and Innovation. This was apparently the result of a bank run that followed the risk of insolvency and a stock crash. 

Customers of SVB will be able to access the insured portion of their deposits through the deposit insurance national bank, which has been established by the Federal Deposit Insurance Corporation, which has been designated as the receiver. 

Naturally, this problem is receiving a lot of attention. However, it is primarily concerned with the finances, namely what brought SVB to this point and what the risk is currently to the deposit owners. 

The Cyber Fraud Potential of the SVB Collapse 

In most effective cases of cyberattacks social engineering, deception, and fraud to take advantage of humans are used as bait, at least in part. According to IBM's Cost of Data Breach Study 2022, the initial attack vector is compromised credentials in around a third of cases. These credentials are typically acquired through phishing or other fraudulent activity. Business email compromise (BEC), on the other hand, is the second most lucrative assault method for organized cyber criminals. 

These attacks are most often fueled by chaos and confusion. Cybercriminals are well-organized and have a reputation for seizing openings. They now have a fantastic opportunity to target both current and past SVB consumers in addition to ex-SVB account holders. Customers of SVB are now easy targets for fraud and phishing campaigns. 

The fact that founders, CEOs, CFOs, and finance teams are currently dealing with uncertainty and a lack of information only serves to fuel the fire of attackers. When this happens, people tend to let their guard down and are more susceptible to being scammed by an email that contains any news (and preferably good news). Attacks like these can occur via email and other platforms catering to the founders and financial communities, such as forums and groups on Signal, Telegram, and WhatsApp. Everything becomes a potential point of assault. 

This type of social engineering, or other more conventional methods of gaining access, is merely a prelude to the primary effort we anticipate seeing: a sizable BEC campaign that takes advantage of the astronomical amount of account modifications already in progress. 

SVB account holders will provide their clients with their new account information for future wires when they shift their finances and activities to other banks over the coming weeks. Additionally, given the number of suppliers that businesses use in today's supply chains, finance departments will be inundated with demands to change these accounts. 

How can you Protect Yourself from SVB Related Attacks? 

Phishing campaigns, BEC, and similar attacks are all forms of fraud. They include some or the other kind of impersonation (most likely through a website, email, text message, Slack, or other messaging technologies), which entices victims to take action. Here, we are listing some ways through which one can protect themselves from SVB Related Attacks: 

  • Your awareness is your first line of protection against these assaults. Potential victims will remain more vigilant and be less likely to fall for such schemes if they are aware of the warning indicators to look for in these attacks. 
  • It is highly advised to mandate refresher phishing and BEC training for those who work directly for your business, including the founders, C-level executives, finance departments, customer success reps, etc. 
  • Ensure that your payment modification processes are reliable, and if necessary, add an additional layer of manual verification or signature—at least for the ensuing 30 to 60 days. It's crucial to ensure that no vendor you work with can update a bank account without making a real phone call and engaging in one-on-one communication. 
Moreover, it would be highly beneficial to set up additional monitoring of both account (phishing) and financial activities (BEC). In terms of phishing, be careful to increase the level of awareness of any prospective phishing assaults within your SOC. Pay close attention to failed multifactor authentication (MFA), unsuccessful login attempts, etc. Executive accounts and finance departments should be given extra attention because they are the most potential targets for these attacks.  

Korean University Disclosed a Potential Covert Channel Attack

The School of Cyber Security at the Korean University in Seoul has developed a novel covert channel attack called CASPER that may leak data from air-gapped computers to a nearby smartphone at a pace of 20 bits per second. 

What is CASPER?

Casper is a 'recognition tool,' built to characterize its targets and decide whether or not to keep tracking them. Prior to introducing more advanced persistent malware into the targeted systems for espionage, the Casper surveillance virus was employed as a starting point.

Data leak

The target needs to first be infected with malware by a rogue employee or a cunning attacker with physical access, which is the case with nearly all personal channel attacks that target network-isolated systems.

Attacks utilizing external speakers have been created in the past by researchers. External speakers are unlikely to be employed in air-gapped, network-isolated systems used in harsh settings like government networks, energy infrastructure, and weapon control systems.

The malicious software has the ability to search the target's filesystem on its own, find files or data formats that match a hardcoded list, and make an exfiltration attempt.

Keylogging is a more realistic option and is better suited for such a slow data transmission rate. The malware will use binary or Morse code to encrypt the information to be stolen from the target and then transmit it through the internal speaker utilizing frequency modulation to create an undetectable ultrasound between 17 kHz and 20 kHz.

The researchers tested the proposed model using a Samsung Galaxy Z Flip 3 as the receiver and an Ubuntu 20.04-based Linux computer as the target. Both were running a simple recorder application with a sampling frequency of up to 20 kHz.

In the Morse code study, the researchers employed 18 kHz for dots and 19 kHz for dashes, with a length per bit of 100 ms. The smartphone, which was 50 cm away, was able to interpret the word 'covert' that was sent. In the binary data study, each bit had a length of 50 ms and was transferred at a frequency of 18 kHz for zeros and 19 kHz for ones. Nonetheless, the overall experiment findings demonstrate that the length per bit impacts the bit error rate, and a max reliable transmitting bit rate of 20 bits/s is possible when the length per bit is 50 ms.

A standard 8-character password could be transmitted by the malware in around 3 seconds at this data transfer rate, while a 2048-bit RSA key could be transmitted in roughly 100 seconds. Even under ideal conditions and with no interruptions, anything larger than that, such as a little 10 KB file, would take longer than an hour to escape the air-gapped system.

"Because sound can only transmit data at a certain speed, our technology cannot transmit data as quickly as other covert channel technologies using optical or electromagnetic methods." – Korea University.

The attack is limited since internal speakers can only emit sound in a single frequency band. Changing the frequency band for several simultaneous transmissions would be a solution to the slow data rate. The simplest method of defense against the CASPER assault was to turn off the internal speakers in mission-critical computers, which was disclosed by the researchers. The defense team could also use a high-pass filter to keep all created frequencies inside the range of audible sound, preventing ultrasonic transmissions. 

Demanding Data Privacy Measures, FBI Cyber Agent Urges Users


The FBI maintains a close eye on cyber security risks, but officials emphasized that in order to be more proactive with the prevention, they need the assistance of both people and businesses.

Every one of us can simply navigate that large and somewhat disorganized ecology thanks to algorithms. These algorithms are really beneficial at their best. At their worst, they are tools of mass deception that might seriously harm us, our loved ones, and our society.

These algorithms don't result in immediate or obvious improvements. Instead, they encourage persistent micro-manipulations that, with time, significantly alter our culture, politics, and attitudes. It makes little difference if you can fend off the manipulation or decide not to use the apps that use these algorithms. Your environment will change, but not in ways that are advantageous to you; rather, it will change in ways that are advantageous to the people who own and manage the platforms, when enough of your neighbors and friends make these very imperceptible adjustments in attitudes and conduct.

Over the years, numerous government officials have voiced comparable cautions, and two presidential administrations have made various attempts to resolve these security worries.TikTok has long maintained that it does not adhere to Chinese government content filtering regulations and that it retains user data from American users in the United States. But, the business has come under more and more criticism lately, and in July it finally admitted that non-American staff members did indeed have access to customer data from Americans.

Data privacy advocates have long raised concerns about these algorithms, but they have had little luck in enacting significant change. The American Data Privacy and Protection Act (ADPPA) would, for the first time, begin to hold the developers of these algorithms responsible and force them to show that their engagement formulas are not damaging the public. Because to these worries, the U.S. Senate overwhelmingly passed a law barring the software on all federally-issued devices. At least 11 other states have already ordered similar bans on state-owned devices.

Consumers currently have little control over how and by whom their equally important personal data is used for the benefit of others. A law similar to the ADPPA would offer a procedure to begin comprehending how these algorithms function, allowing users to have an impact on how they operate and are used.