Hackers launched a notorious Christmas Eve cyberattack against Arnold Clark, a car dealership. The network issue that has affected computer and telephone services has caused customers who had appointments this week for maintenance and repairs to be rescheduled.
Uncertainty surrounds the issue's timing as the vehicle manufacturer operates two dealerships in the town both on Annan Road. This incident is just one indication of how susceptible businesses can be to online crime, especially over the holidays when many firms are less watchful of security precautions than they typically would be.
The company's IT security staff confirmed that, as of right now, there is no proof of client data being compromised when the system fault first surfaced on Christmas Eve.
On Wednesday, an official told the newspaper: "Over the Christmas holiday, we experienced a network issue that had an impact on both our computer and phone systems. Through their investigations so far, our IT security team has verified that there is no proof that any customer data has been hacked. We want to take this chance to express our gratitude to our clients for their understanding and our regret for any trouble this may have caused."
The attack's origin is still an enigma, but it might have been brought on by various factors. It is possible that an employee unintentionally clicked a harmful link or attachment in an email, allowing hackers to access the company's networks. Another theory is that the attack occurred via a zero-day exploit, which refers to a software flaw previously unknown and used by hackers to enter networks before it is too late.
If sufficient cybersecurity precautions are not taken, cyberattacks such as the one Arnold Clark experienced can occur at any moment and cause significant harm. Businesses must ensure they have sufficient safeguards in place, including multi-factor authentication and frequent system updates, as well as educate their personnel on fundamental cybersecurity concepts like avoiding clicking links from unknown sources and maintaining passwords safe and secure.
The most popular social networks and messengers for hacking attempts are VKontakte (VK), Instagram, Telegram and WhatsApp, while the price can vary from $10 to $2,300. This is stated in a study conducted by Bi.Zone.
"We analyzed ads on the darknet from May 2020 to August 2021. In different months, the cost of hacking varied dramatically. This could be due to a situation where some sellers are not actually providing a service but are simply scamming people. They are the ones who can actively dump on the market. Real hackers set their prices based on the time spent. Sometimes they can search for a password in a leak which will significantly reduce the search price. If there is an insider attacker from the developer company, then most likely the high price will be due to the usual risk for the criminal", said Evgeniy Voloshin, director of BI.ZONE expert services block.
The analysis showed that the price of the offer to hack an account in VK varies from $10 to $160. Scammers most often offer to hack this social network.
According to experts, the social network Instagram remains in second place in popularity among hackers. The scammers estimate the cost of their services at $540.
Among messengers, Telegram and WhatsApp hacking offers are leading in popularity. For violating the privacy of these applications, scammers charge from $410 to $2,300 and from $270 to $1,770.
Hacking a personal mailbox, according to analysts, remains another popular service among scammers, the cost of which ranges from $40 to $1,500, respectively.
Voloshin recommends using long passphrases, password managers and a two-factor authentication system to avoid hacking personal accounts. Also, in his opinion, it is important not to store data in cloud services and not to send it in messengers, connecting to an unknown Wi-Fi source.
Financial Regulator of UK was spammed by almost a quarter of a million (240,000) malicious emails in the Q4 of the year 2020. The FOI data gives important highlights about the tremendous pressure that big organizations are facing to protect their assets. Griffin Law, a litigation firm, has filed an FOI with an influential London-based agency, the FCA (Financial Conduct Authority). As per Gov.UK, "The Financial Conduct Authority (FCA) regulates the financial services industry in the UK. Its role includes protecting consumers, keeping the industry stable, and promoting healthy competition between financial service providers."
The owners of the Telegram channels noted that scammers under the guise of advertising offers send malicious files.
" In particular, they can be represented by advertising managers of the GeekBrains educational platform", Nikita Mogutin, the co-founder of the Telegram channel Baza (more than 310,000 subscribers), wrote on Facebook. Owner of the Telegram channel Madonna (more than 9500 subscribers) Madonna Moore said that five scammers write to her a day. She also published the text of correspondence with a person who introduced himself as a representative of GeekBrains.
GeekBrains has received many complaints about fraud on behalf of the company and has already sent out warnings to agencies and bloggers, said Elena Toropina, head of the company's marketing department. In her opinion, the attack on the channels is connected with the growth of the online education industry, which spends a lot of money on advertising.
Kaspersky Lab reported that the attachments sent by the attackers contain a Trojan virus.
"If the victim runs the file, a program will be installed on the computer that will steal the accounts stored on it and provide fraudsters with hidden remote control of the Telegram channel", told Yaroslav Kargalev, deputy head of the Group-IB incident response center. According to him, scammers can also change the phone number in the channel's account to get full control over it.
Most often, channel theft is needed to publish links to malicious resources in the Telegram channel or to get a ransom, said Sergey Trukhachev, head of the special services unit of Infosecurity a Softline Company.
"The increase in the activity of scammers may be associated with the influx of new users to Telegram", noted Kargalev.
Telegram downloads have increased dramatically as WhatsApp has added a clause to its rules that allows users to share their personal data with Facebook. Moreover, the growing popularity of Telegram is due to the fact that supporters of Donald Trump, who was blocked in many social networks, have "flowed" there.
Telegram founder Pavel Durov called the sharp increase in the number of new users "the largest digital migration" in human history. In the first week of January, Telegram's monthly audience overcame the mark of 500 million active users.
Earlier, E Hacking News reported that Pavel Durov advised users to remove WhatsApp from smartphones. He called the WhatsApp application unsafe.
The Russian-language Darknet site sells a program that allows you to distribute spam messages bypassing traffic and email protection tools. The program uses a function in the IMAP protocol
A new tool for spammers is actively being sold on the Darknet, which allows you to bypass the standard protection of e-mail accounts. By exploiting a feature in the Internet Message Access Protocol (IMAP), attackers upload the messages they need directly into the mailboxes of victims.
To trigger the attack, it is necessary that the attackers already have access to the victim's account. The Email Appender malware has been actively promoted on Russian-language hacker forums since the fall of 2020.
The author offers to use the program through a subscription — $50 for one day, $300 for a week or $1000 per month. This is very expensive, but judging by the latest campaigns, the demand for this service is very high.
Experts of the information security company Vade Security indicate that companies in Italy, France, Denmark and the United States have already been subjected to full-scale attacks by spammers using Email Appender. One of the affected organizations claims that it received 300 thousand spam messages in one day and was forced to spend very substantial resources to disable compromised accounts or change usernames and passwords.
Databases of usernames and passwords to mail are actively sold out on hacker forums. According to Gemini Advisory, an attacker can upload such a database to Email Appender, after which the program will try to connect to accounts that match pairs of usernames and passwords via IMAP. Next, it remains to use the IMAP function, which allows hackers to upload ready-made mail messages to the mailbox.
"There are a number of ways to block such spam campaigns, but the main one is to regularly change passwords and not use the same combination (or similar to it) more than once," said Alexey Vodiasov, technical Director of the company SEC Consult Services.
In addition, according to Vodiasov, two-factor authorization is effective, so that even a compromised account cannot be connected without attracting the attention of its rightful owner.
The expert added that it is also possible to enable notifications of cases of logging into an account from unusual IP addresses. Mail systems are quite capable of doing this.