Search This Blog

Showing posts with label User Security. Show all posts

North Korean Hackers Target Crypto Users with Phony Job Offers

 

In an effort to commit cryptocurrency heists, North Korean hackers are exhibiting a "startup mentality," according to a report released on Wednesday by cybersecurity company Proofpoint. 

The Sunnyvale, California-based company claimed that in December, a group they call TA444, which is similar to the notorious hacking gang Lazarus, unleashed a massive wave of phishing assaults against the banking, education, government, and healthcare sectors in the United States and Canada. 

The group's emails adopted strategies that were distinct from the methods researchers had previously connected them with, such as attempts to obtain users' passwords and login information. 

According to the study, "this extensive credential harvesting operation is a variation from standard TA444 activities, which normally include the direct deployment of malware." 

The hackers generated information like job offers and salary modifications to entice targets and employed email marketing tools to get through phishing systems. In addition, they used LinkedIn, a social networking site, to communicate with victims before sending them links to malware, the report further reads. 

According to Proofpoint, the spam wave in December nearly doubled the number of emails the group sent over the whole year.

TA444 has a "startup attitude," according to Greg Lesnewich, senior threat researcher at Proofpoint, and is "trying a variety of infection chains to help grow its revenue streams." 

He claimed that the threat actor "embraces social media as part of their M.O. and quickly ideas new attack tactics." By bringing in movable money, TA444 "leads North Korea's cashflow generation for the leadership." 

North Korea, which is still subject to strict international sanctions, has grown more dependent on cybercrime to fund its illegal weapons programme. 

The astonishing heist of more than $600 million in bitcoin from an online video game network in March was perpetrated by a group with ties to Pyongyang, according to the FBI. 

On Monday, the FBI also declared that the Lazarus Group was in charge of a $100 million theft from Horizon Bridge, a cryptocurrency transfer service run by the American Harmony blockchain, in June. North Korea has stolen bitcoin assets worth $1.2 billion worldwide since 2017, with the majority of that value coming in 2022, as per South Korea's National Intelligence Service, which made the revelation last month. 

The spy service forewarned that Pyongyang was likely to speed up its efforts this year to obtain vital defence and intelligence technology from the South.

How to Safeguard Your Data in the Era of Privacy Violations

 

When our information falls into the wrong hands, it could cause a lot of harm, especially since con artists frequently prey on helpless victims. More evidence that widespread fraud and scams are on the rise comes from the recent data breaches at Optus and Medibank. According to the Attorney-office, General's identity theft, con artists, and credit card fraud cost Australians $900 million annually. However, there are extra precautions we can take to safeguard ourselves. How? Read on.

Invest in a password manager

Don't make it simple for con artists to figure out. The word "password" is one of the most popular passwords, did you know that? one more typical one? 123456. Although they are simple to remember, none of us can expect to remember every password we have. There are fortunately some excellent password manager products available. The best cloud-based password manager, according to Finder.com.au, is LastPass, which is also reasonably priced. 1Password was singled out as a flexible password manager that's particularly useful for iPhone or Mac users. Both are capable of creating passwords and checking accounts for security holes. Additionally, they advise changing insecure passwords and synchronising your passwords between your computer and smartphone.

Multi-factor authentication 

We should all use multi-factor authentication whenever possible, according to the Cyber Security Stakeholder Group (CSSG), a group made up of the ATO, tax practitioner industry groups, governmental organisations, and industry partners. Users must provide multiple pieces of information, such as a text message sent to your phone when logging into a website, as part of multi-factor authentication. Your accounts may become more difficult for others to access by adding this extra layer of security. 

Consider a credit ban 

Think someone has stolen your identity? By obtaining a credit ban, you can prevent scammers from taking out loans in your name. It is a gratis service. IDCare.org, an independent organisation that offers free assistance to people affected by fraud or scams, suggests that you can apply to credit reporting agencies for a credit ban to prevent people from obtaining credit or loans in your name. The 21-day suspension can be extended. When a bank or credit provider verifies your eligibility for credit, they consult credit reporting agencies, and if you have placed a ban on your credit report, the check will be unsuccessful if someone attempts to take out a loan in your name. 

Maintain software updates

The Australian Tax Office reports an increase in the use of malicious software. Accidentally clicking on an email or website link that can infect your computer can be simple.

"Your device might occasionally be affected by ransomware. When you use ransomware, your computer can be locked until you pay a fee to let criminals install software that gives them access to your bank accounts and lets them steal your money," the ATO warned. The response? Install the most recent security updates, perform routine antivirus scans, and use a spam filter on your email accounts to protect yourself. Weekly malware and anti-virus scans should be conducted, and security software should be current. 

Consult your bank 

You may have received correspondence from your bank about enhancing security as a result of the most recent data breaches. For instance, Westpac requires the presentation of forms of identification. So that no one can pretend to be you, request additional checks from your financial institution. 

In order to alert you to any unusual activity on your accounts, The Commonwealth Bank advises customers to activate location-based security, set notification preferences, and review registered devices. Yet another wise move? If you're worried about your accounts right now, you might want to think about lowering your daily withdrawal caps.

Internet Security: How to Defend Yourself Against Hackers

 

When was the last time you used WiFi in a public setting? Nowadays, almost every coffee shop, library, airport, and hotel provides a way for you to use your phone or other mobile devices to access the internet. That implies that, unless you have taken precautions to protect your data, the information on your phone may be accessible to hackers in the area. 

To safeguard your devices and sensitive data, abide by the following advice:

Utilize a firewall 

Firewalls are programmes that are integrated into Windows and macOS in order to erect a wall between your data and the outside world. Firewalls protect the network of your company from unauthorised access and notify you of any intrusion attempts. 

Before you go online, make sure the firewall is turned on. Depending on your broadband router, which additionally protects your network with a built-in firewall, you can also buy a hardware firewall from companies like Cisco, Sophos, or Fortinet. An additional business networking firewall can be bought if your company is bigger. 

Install antivirus protection 

Malware and computer viruses are pervasive. Computers are protected from malicious software and unauthorised code by antivirus programmes like Bitdefender, Panda Free Antivirus, Malwarebytes, and Avast. Viruses can cause effects that are obvious, like slowing down your computer or deleting important files, or they can be less obvious. 

By identifying real-time threats and protecting your data, antivirus software is crucial to safeguarding your system. Some cutting-edge antivirus programmes offer automatic updates, further safeguarding your computer against the fresh viruses that surface daily. Do not forget to use your antivirus programme after installing it. To keep your computer virus-free, run or programme routine virus scans. 

Set up a spyware removal programme 

Spyware is a special kind of software that covertly monitors and gathers data from individuals or businesses. It tends to present unwanted advertisements or search results that are intended to direct you to specific (often malicious) websites and is built to be difficult to detect and remove. In order to access passwords and other financial information, some spyware logs each keystroke. Even though anti-spyware focuses solely on this threat, it is frequently offered as part of popular antivirus packages from companies like Webroot, McAfee, and Norton. Through the scanning and blocking of threats, anti-spyware packages offer real-time protection. 

Create strong passwords 

The key to preventing network intrusions is to use strong passwords. It is more difficult for a hacker to access your system the more secure your passwords are. Longer and more complex often equates to more security. Use a password with at least eight characters, a mix of uppercase, lowercase, and computer symbols, and at least one number.

Hackers have a variety of tools at their disposal to quickly crack short, simple passwords. Never use recognisable words or phrases that stand in for birthdays or other personally identifiable information. Do not use the same password twice. Consider using a password manager like Dashlane, Sticky Password, LastPass, or Password Boss if you have too many passwords to remember.

Ransomware Gangs are Starting to Forego Encryption

 

Criminal organisations are now employing a new strategy to ensure ransomware payouts: they skip the step of encrypting target companies' systems and instead go straight to demanding the ransom payment for the company's valuable data.

Malicious hackers are constantly looking for less-flashy but still effective ways to continue their ransomware attacks as law enforcement's focus on the problem grows.

Typically, a ransomware attack begins with the installation of malware that encrypts files onto a company's networks, followed by the appearance of a ransom note on each screen.

By concentrating only on data extortion, hackers can launch their attacks more quickly and without the need for encryption tools, which can occasionally go down in the middle of an attack. 

According to Drew Schmitt, a principal threat analyst at GuidePoint Security, law enforcement is also more interested in looking into attacks that use encryption because it results in more damage.

Schmitt added that businesses that have strong endpoint security tools, firewalls, ongoing monitoring, and security plans that restrict employees' access to internal files will be the most successful at thwarting ransomware attacks.

Security leaders must know how to lessen the effects of a ransomware attack. Here are a few of our suggestions: 

  • Keep encrypted backups of your data offline and make sure that your team consistently performs backups. Additionally, your team should prioritise restoring all crucial systems and data first and routinely test backups to determine how long data restoration efforts will take. 
  • Make it a company-wide rule that no device should be used to store corporate data locally. Unlike data stored in the cloud, if a device is infected, you risk losing all locally stored data. 
  • To prevent ransomware from spreading to other network devices, immediately isolate the infected device.
  • If at all possible, determine the type of ransomware used and/or the threat actors who carried out the attack to see if a decryption key may already be in existence. Engage an external incident response provider with digital forensics capabilities to lead the charge if you lack the expertise to carry out this investigation internally. 
  • Your team should have the relevant source code or executables backed up in addition to system images (or escrowed, have a licence agreement to obtain, etc.) so that you don't lose the application code entirely if the ransomware infection affects it. 

Hackers Release Private Information Following an Attack on the San Francisco Transit Police

 

Malicious hackers have uploaded a vast collection of private documents from the police department of a San Francisco Bay Area transit system to the internet, including specific claims of child abuse. 

The Bay Area Rapid Transit (BART) Police Department is responsible for the breach. BART's chief communications officer, Alicia Trost, stated in an email that authorities were looking into the uploaded files and that there had been no impact on BART services as a result of the hackers. The exact date of the hack is unknown. 

The culprits are part of a well-known ransomware hacker group that targets particular businesses and either encrypts private files or threatens to post them on the dark web. A review by NBC News found that the website where the BART Police leaks were posted contains more than 120,000 files.

Among the files are at least six scanned, unredacted reports describing alleged child abuse. These reports include the names and dates of birth of the children who are in danger, as well as descriptions of the alleged adult abusers in some cases. 

To prevent file sharing, ransomware hackers frequently demand money. Trost declined to provide more details, but Brett Callow, an analyst at the cybersecurity company Emsisoft, believes that the fact that the files are currently accessible online suggests that BART declined to make payment. 

A police officer can recommend a person for a mental health evaluation using the website's mental health record form. Other files include hiring paperwork for potential officers, police reports that name suspects in various crimes, and the names and licence numbers of contractors who have worked on BART projects.

Even though cyber extortion attacks on American public sector organisations, including police departments, have increased in frequency, such sensitive police file leaks are still uncommon. According to a survey conducted by Emsisoft, ransomware hackers successfully attacked over 100 networks connected to local government organisations last year. 

According to a Treasury Department estimate, ransomware attacks cost American businesses $886 million in 2021, the most recent year for which data is available. 

“Unfortunately, not enough progress has been made in securing public sector organizations,” Callow stated. “They can compromise investigations, resulting in exceptionally sensitive information leaking online, and even put people’s lives at risk — both officers and the public's.” 

A different hacker group broke into the Washington, D.C., Metropolitan Police Department in 2021 and released private information about 22 officers after the department refused to pay. 

Such hackers frequently target school districts in their attacks. Due to a "cyber security incident," which is a phrase frequently used to refer to a ransomware attack, Des Moines Public Schools cancelled classes on Tuesday. According to Emsisoft, ransomware affected nearly 2,000 American schools in 2022.

What Exactly is DNS-over-HTTPS and Do you Need to Use it?

 

Traditional Domain Name System (DNS) traffic, such as user requests to visit specific websites, has been largely unencrypted throughout the history of the internet. This means that every party involved in the DNS value chain that your request goes through has the ability to examine your queries and responses, and even change them, whenever you look up a web address in the "internet telephone book." This is altered by DNS encryption, such as DNS over HTTPS (DoH).

Many of the major internet service providers, including Apple, Mozilla, Microsoft, and Google, have integrated encrypted DNS through DoH into their offerings. While Apple implemented DoH with the iOS 14 and macOS 11 updates in the autumn of 2020, Mozilla was an early adopter, integrating it into its browser in the US as early as late 2018. DoH has also been made available on Chrome for Android by Google. 

A global phone directory on the internet 

The Domain Name System (DNS) essentially serves as the internet's version of the phone book. If you think of it a little like this, the operation of DNS will soon become clear. Therefore, the second-level domain (in the case of international.eco.de, this would be.eco.) is the corporate switchboard number, and the top-level domain (the far right part of a web address, like.com,.org, or.info) is the equivalent to the country code or area code. The third level (international) is the particular extension, meanwhile.

It's much simpler to gain a better understanding of how this directory is put together if you keep that in mind as you work. You can also learn how computers locate the websites they want to visit in order to connect you to the website of your choice.

A website or other internet resource that you have typed into your computer or phone will be located by DNS resolvers. The router at your house or place of business, or a public hotspot, is the first DNS resolver to which your device is locally connected.

Following a series of steps, this resolver looks for any preconfigured settings on the device or a history of previous visits to the specified website (called a cache). If this doesn't work, the resolver will pass the DNS request on to the resolver after it, which could be your current internet service provider (ISP). The same steps will be followed by this resolver, and if all else fails, it will look up the domain in the "internet phone book." 

What dangers is DoH shielding users from?

By preventing DNS data manipulation and eavesdropping, one goal in the development of the DoH protocol was to increase user privacy and security. You are shielded from the possibility that a malicious actor could reroute your DNS traffic to another (malicious) location thanks to DNS traffic encryption. Instead of the actual bank website you wanted to visit, it might be a fake one or something similar. 

Man-in-the-Middle (MITM) attacks are the term used to describe this type of cyberattack. The only practical solution at this time is DNS encryption via DoH (or the related DoT protocol). The monetization of DNS data, for example, when it is used for marketing purposes, is another issue that DoH has been able to address. This is a potential and real privacy concern that should be of interest to everyone. 

User safety in public networks 

An analysis of your behaviour and cross-network tracking may be done using the DNS query data from your mobile device when you use a public wireless (Wi-Fi) network in a hotel, coffee shop, or another location. These DNS services are frequently included in an all-inclusive, globally accessible Wi-Fi solution, but they may not be well-suited to abide by local privacy laws.

Additionally, it is possible that the privacy-protecting configurations are not turned on either. Free public Wi-Fi services are also frequently ineffectively managed in terms of security and performance, particularly when they are run or offered by smaller businesses. You could end up exposed to attacks coming from their own networks if this happens. 

The good news is that DoH safeguards users on these open wireless networks because the Wi-Fi network's DNS resolver is avoided. As a result, user tracking and data manipulation at this level are prevented. That ultimately means that DoH provides a chance to safeguard communications in an unreliable setting. It's a fantastic and incredibly useful solution. 

What alters due to DoH? 

Only the transport mechanism by which your device and the resolver communicate changes with the DNS over HTTPS protocol. The well-known HTTPS protocol is used to encrypt both the requests and the responses. DNS requests using DoH currently avoid the local resolver because there aren't many DoH resolvers in use and technical work is still being done to make it possible for DoH resolvers to be "discovered." Instead, they are handled by a third-party DoH service provider that has been recommended by the relevant software maker or developer. The decision to offer their own DoH services is currently being considered by an increasing number of providers. 

DoH in my company's network—do I want it?

DoH is unquestionably a helpful method of self-protection, particularly when using a public hotspot, but it might not be the best choice in environments with trusted network infrastructure. Corporate networks or using internet access services that you get from a reputable ISP are good examples of this.

For instance, your firm may have good cause to forbid an application that deviates from and overrides the system default. Given that the network administrator has no control over it inside the network, this might even be considered potentially harmful. If DoH is implemented at the system level as opposed to the application level, many of the issues with corporate networks vanish. At the system level, for instance, a corporate network administrator can configure the system and create a policy to ensure that the corporate resolver should be used for as long as the device is connected to the corporate network.

However, DoH should be used to increase security and privacy once the device is connected to a public network. These different configurations are, however, avoided if DoH is applied by default at the application level. 

Concerning factors 

Other issues with the use of external DNS resolution through DoH include potential slow response times, circumvention of parental controls, and legally required blocking, among others. However, depending on the situation, many of the DoH's potential drawbacks are balanced out by just as many benefits. 

There is no question that DNS encryption enhances user security and privacy. DoH can offer a simple method for carrying this out. If you choose to activate DoH, you should make sure to research who will be handling the resolution, how they will handle your data, and whether you can easily turn it off when necessary.

Top Cybersecurity News Stories of the Week

 

Data breaches have been a worry ever since Elon Musk invested $44 billion in Twitter and fired a sizable portion of the workforce. Now it appears that a security incident from before Musk's takeover is giving people trouble. This month, information about the release by hackers of a database containing 200 million email addresses and links to Twitter handles that was most likely gathered between June 2021 and January 2022. The sale of the data could put anonymous Twitter accounts at risk and subject the company to more regulatory scrutiny. 

With the launch of a new anti-censorship tool, WhatsApp hopes to assist Iranians in getting around restrictions placed on the messaging app by their government. The business has made it possible for users to access WhatsApp through proxies and get around government censorship. The tool is offered everywhere.

Another cybersecurity company this month disclosed that it had observed the Russian cyberespionage group Turla using cutting-edge new hacking techniques in Ukraine. The group, which is thought to be affiliated with the FSB intelligence agency, was observed riding other hacker groups' dormant USB infections. The command-and-control servers of outdated malware were taken over by Turla after they registered their expired domains. But that’s not all. 

Here is the latest security news that you may have missed. 

Slack suffers a new year data breach 

Slack published a fresh security update to its blog on December 31 as millions of people were getting ready for the start of 2023. The organisation claims in the post that it discovered a "security issue involving unauthorised access to a subset of Slack's code repositories." It discovered that an unidentified threat actor had started stealing Slack employee tokens on December 27 and using them to access the company's external GitHub repository and download some of its code. Slack's disclosure states that the hacker did not access customer data and that there is no need for action on the part of users. "When we were made aware of the incident, we immediately invalidated the stolen tokens and started investigating the potential impact to our customers," it adds. 

According to cybersecurity journalist Catalin Cimpanu, the incident is similar to a security incident that occurred on December 21 and was disclosed by the authentication company Okta. Okta disclosed that its code repositories had been accessed and copied just before Christmas. The incident was quickly found and reported by Slack. Slack's security disclosure didn't appear on its regular news blog, as noted by Bleeping Computer.

Additionally, the company added code to prevent search engines from including it in their results in some regions of the world. After a bug exposed hashed passwords for five years in August 2022, Slack compelled password resets. 

Police Face Recognition Used Once More to Arrest the Wrong Man 

A Black man in Georgia was imprisoned for nearly a week after police allegedly used a face recognition match that wasn't accurate. In a theft case they were looking into, Louisiana police used technology to obtain an arrest warrant for Randal Reid. "I've never spent a day in Louisiana in my life. I was then informed that it was for theft. Reid told the local news outlet Nola, "I don't steal, so I haven't been to Louisiana either.

A detective "took the algorithm at face value to secure a warrant," according to the publication, and little is known about how Louisiana police use face recognition technology. None of the systems' names have been made public. But this is merely the most recent instance of face recognition technology being misused to make erroneous arrests. While the use of face recognition technology by the police has rapidly expanded across US states, studies have repeatedly shown that it more frequently misidentifies women and people of colour than white men.

User ID mandatory for pornographic websites in Louisiana 

A recent Louisiana law requires pornographic websites to confirm the ages of users from the state to confirm they are older than 18. A website must use age verification, according to the law, if there is 33.3 percent or more pornographic content there. The largest pornographic website in the world, PornHub, now offers users the chance to link their government-issued ID, such as a driver's licence, through a third-party service to demonstrate that they are of legal age. Although PornHub claims that it does not gather user data, the move has sparked concerns about surveillance. 

Countries all over the world are passing laws requiring visitors to porn sites to show they are old enough to view the explicit content. If the measures are not implemented, lawmakers in France and Germany have threatened to block pornographic websites. Because age verification systems were lacking, Twitter began to censor German producers of adult content in February 2022. Similar age-checking initiatives were attempted in the UK between 2017 and 2019, but failed due to admins' confusion, design flaws, and concerns over data breaches.

Russian spies expelled from Europe 

By its very nature, the world of spies is shrouded in secrecy. Nations send agents into other nations to collect intelligence, find other resources, and sway events. However, sometimes these spies are discovered. More Russian spies in Europe have been found and expelled from countries since Russia's full-scale invasion of Ukraine in February 2022. Since 2018, known instances of Russian spies operating in Europe have been compiled in a new database from open-source researcher @inteltakes. The database includes information on 41 exposed spies, including their nationality, occupation, and the service they were recruited by, whenever available.

UAE's Sincere Efforts to Combat Cybercrime

 

The Abu Dhabi Judicial Department (ADJD) held an awareness-raising lecture on "Cybercrime and its Dangers to Society" in conjunction with "Majalis" Abu Dhabi at the Citizens and Community Affairs Office of the Presidential Court as part of its initiatives to foster legal awareness among the constituents of society in order to ensure their protection and to shield them from the risks conveyed by crimes involving the use of contemporary technologies and social media. 

The lecture, delivered by Chief Prosecutor Dr. Abdulla Hamad Al Mansouri, covered the nature and definition of cybercrime, the risks of cyber-extortion, and the legal sanctions. The lecturer also concentrated on the reasons and circumstances that cause members of society to fall victim to cyber-extortionists and provided a number of useful examples drawn from actual prosecution cases. 

In accordance with the terms of Federal Decree-Law No. 34 of 2021 on Combating Rumors and Cybercrime, Dr. Al Mansouri covered the dangers linked with the exploit of social media networks and the responsibility of users. On January 2, 2022, the Federal Decree Law No. 34 of 2021 on Combating Rumors and Cybercrimes went into effect.

It aims to increase protection against online crimes committed using networks, platforms, and information technology. Additionally, it aims to protect the databases and websites of the UAE's government, stop the spread of rumours and false information, protect against electronic fraud, and uphold individual rights and privacy. 

The Abu Dhabi Judicial Department has previously drawn attention to the risks posed by cybercrime. In order to ensure the defence and safety of society from crimes utilising modern technologies, particularly through the pervasive use of social media, the ADJD organised two lectures on "Cybercrime and its Risks to Society" in July of last year. One occasionally comes across news of people who fall prey to online predators or scammers; even children are a target of these crimes. 

The Dubai Police General HQ has urged the public to use social media platforms responsibly and to be on the lookout for online scammers and cybercriminals. These statements were made by Expert Major General Khalil Ibrahim Al Mansouri, Assistant Commander-in-Chief for Criminal Investigation Affairs at Dubai Police, as he discussed Operation "Shadow," which was carried out nearly three years ago and resulted in the arrest of 20 African gangs for extortion crimes against social media users and for blackmailing and cyber extortion. He added that the police had detained a married couple who had fooled users of social media by pretending to be a domestic helper recruitment agency. 

The world's largest trade fair for safety, security, and fire protection, Intersec 2023, will take place over 47,000 square metres at the Dubai World Trade Center from January 17 to 19, and the Dubai Electronic Security Centre (DESC), which works to ensure the emirate becomes a leader in cybersecurity and the protection of information from external cyber threats, has been named the official government partner. 

At Intersec's Cyber Security sector, specialists in the public and private sectors, national leaders, advisors, economists, and corporate buyers will be present. According to Dr. Bushra Al Blooshi, Head of Research & Innovation at DESC, "Given the rapidly developing technology of today, cybersecurity is an absolute necessity for businesses, especially with remote working culture and digital transformation."

Think Twice Before Downloading App From Unauthorised App Store

 

Do you become frustrated when you can't find the desired app on the official Google Play Store or App Store as a frequent smartphone user? For instance, if you wanted to check out TikTok while you were in India, you wouldn't be able to do so because TikTok has been blocked by the Indian government due to security concerns. 

Third-party app stores are a convenient option and fantastic locations for installing such apps for millennials. These unidentified sources lure users or developers to download apps with lower prices or freebies. These unofficial app stores are not secure, though, and you run the risk of damaging your device or losing personal information. 

Be wary of apps from unofficial stores

The two largest official app stores, Google Play and Apple App Store allow users worldwide to download native Android or iOS mobile applications. Both platforms have third-party developer apps as well, which are carefully reviewed before being made available to users. Are these apps safe to download? 

Google and the App Store adhere to strict guidelines and inspect each application for malware. Users have a better chance of downloading secure applications because even the third-party apps in these official app stores adhere to strict development standards. However, things can become challenging.

Although third-party stores provide a wide variety of safe applications, there is also a greater likelihood that they will also provide risky ones. Additionally, those apps contain malicious code like adware or ransomware that can harm your smartphones or tablets. Malicious apps have occasionally been discovered in official app stores, and users have also been encouraged to install fake versions of the app. 

This gives rise to an argument—if hackers can bypass Google & Apple’s strict vetting procedures, can you imagine the kind of unrestrained playing fields they get on unauthorized mobile app stores? For instance, the BHIM (Bharat Interface for Money) app from India was initially only accessible through Google Play. But did you know that the app was duplicated in the store as well as on unauthorised app stores? 


Mitigation Tips 


When downloading apps from unauthorised app stores, there are several risks involved. Some may slow down your system to the point where you can no longer access it, while others may have more sinister intentions, such as accessing your personal information and sending it to the app's owner or another attacker group.

Malicious apps may include backdoors that allow threat groups to access your device or even prevent you from using it. Even downloading apps from official app stores can be dangerous. That is why, regardless of what they offer, you should never consider accessing unauthorised mobile app stores. Also, when downloading apps from official app stores, check the reviews and the manufacturer details; and, during the installation process, look at what permissions are granted.

Scammers Target Indian Users Posting Complaints on Social Media

 

The latest report from Cyble Research and Intelligence Labs (CRIL) revealed that scammers are targeting Indian residents who submit complaints on social media accounts belonging to various local firms.

Fraudsters keep an eye out on Twitter and other social media sites for customers asking for reimbursements for problems they may have had with services offered by businesses like the Indian Railway Catering and Tourism Corporation. 

Researchers claim that once fraudsters discover a victim's contact details, they would start a scam. 

"When users report complaints on social media, scammers take advantage of the opportunity to carry out phishing attacks by asking them to download malicious files to file their complaints and steal their funds from bank accounts," CRIL stated. 

Users of other popular Indian brands and organisations, including e-commerce platform Flipkart, payment service provider MobiKwik, budget airline Spicejet, and various banks, were targeted in addition to the IRCTC. 

In one case, after posting a complaint on the IRCTC's Twitter account, a user was contacted by someone impersonating an IRCTC customer service representative. While the user in this case refused to provide their information to the scammer, CRIL stated that fraudsters would use a variety of techniques to defraud victims.

Scammers, for example, may attempt to link a victim's mobile number or account via the Unified Payments Interface (UPI), send a Google form to collect sensitive information or forward a WhatsApp link to a malicious website.

"Scammers have been using Android malware in addition to other fraudulent tactics. They may send a phishing link that downloads a malicious APK file to infect the device, or they may send the malicious file via WhatsApp," the researchers added.

Fraudsters, according to the researchers, use malicious APK files with names like "IRCTC customer.apk," "online complaint.apk," or "complaint register.apk" to trick victims into revealing their banking credentials. 

They also want the victim's UPI details, credit/debit card information, and one-time passwords used for two-factor authentication. CRIL discovered one such phishing website that asked victims to enter basic information such as their name, mobile number, and complaint query before prompting them to enter sensitive banking information. It also requested the victim to install a malicious application that would allow it to steal incoming text messages from the infected device. 

According to CRIL, the scheme was perpetrated by "a group of financially motivated scammers" based in India. While it was first observed in late 2020, researchers say it has only recently begun targeting social media complaints to identify potential victims. 

"It is critical that users are aware of these scams and exercise caution when providing personal information or downloading files online," CRIL warned. 

To Keep you Secure, Google Chrome is Releasing a Critical Update

 

The popular web browser Google Chrome will now automatically block insecure downloads from HTTP sites thanks to a recent code change. Several HTTP sites have since been updated to use HTTPS encryption in an effort to protect the extensive data that we share about ourselves on the web, which was previously the norm. 

Google, which is now the preferred option, has already implemented a series of changes that allow its users to retrieve and share data more securely. One of those updates is the recently added "Always use secure connections" checkbox, which instructs Chrome to switch all connections from HTTP to HTTPS. The address bar of older websites that solely use HTTP will also show a "Not Secure" warning.

According to the code change discovered by 9To5Google, the toggle will now warn users against downloading anything from an HTTP connection. Chrome users were previously notified when an HTTPS website downloaded a file in HTTP format, which is known as mixed content. 

Given the nature of a toggle button, it will primarily act as a warning rather than a complete preventative measure, letting users use the web as they see fit, which in some situations may still include an insecure HTTP connection. 

The update is unlikely to appear in Chrome 111, which is scheduled for release in March 2023, but it could be included in the company's next release later that year. 

Google's dedication to its browser, whether through security enhancements or other features such as the recently announced memory and energy saver modes, has been lauded by web users, with the company now accounting for two-thirds (66%) of all desktop browsers installed, according to StatCounter.

Beware of These Five Banking and Payment Frauds in 2023

 

UK consumers are being cautioned by Which? money watchdog experts as con artists continue to take advantage of the rising cost of living. The top five banking and payment scams to avoid in the new year have been disclosed. 

With household finances being squeezed owing to inflation, skyrocketing energy bills, and rising food prices, the last thing anyone needs is to be duped. Sadly, though, it's a golden opportunity for heartless con artists, who profit from folks looking for a deal. 

"Scammers are relentless when it comes to wanting our personal information and ultimately our money. And while their tactics will no doubt continue to evolve, we think these scams are the main ones to watch out for,” said Jenny Ross, Which? Money Editor. 

“Banks will never ask you for personal information, nor will they try to hurry you into making a decision. If this happens to you - whether by text, email, or over the phone, step back and think about what they’re asking. If it looks too good to be true, it usually is." 

Here are the five banking and payment scams that Brit consumers should look out for: 

1. Requests for money mules 

Intentionally or unintentionally allowing a criminal to use their bank account to transfer stolen funds is known as a "money mule request." These will frequently show up in targeted emails or social media posts. In its most recent fraud report, the banking industry association UK Finance noted a considerable rise in online user-generated posts inviting people to sign up to become money mules. 

Money mule tactics include getting people to apply for credit or bank cards on someone else's behalf, sending money "in error" that they are then requested to return to a separate bank account, and persuading people to move money given to their account in exchange for a fee. 

2. "Shoulder surfing" and credit card fraud 

Although a sizable part of the fraud is committed online, customers must continue to be on the lookout for "offline" crimes like card theft and retail fraud. 

According to data from UK Finance, losses from contactless and face-to-face card theft at retail stores totaled £33.6 million in the first half of this year, an increase of 72% over the same period last year. Fraudsters will "shoulder surf," which is when they watch victims as they input their PIN number or entrapment tools like PIN pad cameras at ATMs. 

During the same time frame, incidents of credit and debit card ID theft more than doubled, with associated losses rising by 86% to a total of £21.4 million. In order to apply for a card in the victim's name or take over their existing account, scammers who steal cards will use the information to fake paperwork. 

3. Malicious apps 

Consumers are advised by experts to be on the lookout for any strange activity in their financial accounts and personal credit reports and to alert their banks right away. The majority of banks provide free text or email alerts for balance and payments. Use ATMs inside bank branches whenever possible as they are less likely to have been tampered with. 

This additional layer of security is well-known to fraudsters. At the start of this year, Pradeo researchers at a mobile security company found a bogus app called "2FA Authenticator" on Google Play that had been downloaded more than 10,000 times before it was taken down. The virus known as "2FA Authenticator" stealthily installed on victims' devices disabled system security checks and collected their banking login information. 

The safest sites to download apps continue to be official stores like Apple's App Store and Google Play Store, but caution is still advised. Read reviews of the app and the person who created it because they may provide information regarding its reliability. Never click an unsolicited link in an advertisement, email, or text message, and always look at the "app permissions" before downloading an item. 

4. Fake impersonation 

A classic fraud strategy involves imitating real businesses, notably banks, or "spoofing" them. A recent Which? investigation discovered that six major banks' phone numbers were susceptible to spoofing. 

In order to speak with them about a problem, such as a suspicious payment, scammers conducted automated "robocalls" with pre-recorded phrases urging victims to hit digits on the keypad. 

Criminal groups frequently have personal information about victims, which makes the fraud seem more legitimate. Another technique used by con artists to get victims to click on websites that initially seem real is the use of fake texts. They seek access to the victim's personal information or money sent to a "secure account" under their control. 

According to security experts, never rely on the Caller ID that appears when you receive a call. Also, keep in mind that banks will never request your personal information over the phone. 

5. Online shopping fraud 

Scammers primarily spend money on false or deceptive advertisements on search engines and social media, frequently promising reduced costs for pricey things like mobile phones or laptops. 

According to UK Finance statistics, Authorized Push Payment fraud involving purchases was the most prevalent in the first half of 2022. These can be challenging to identify because some scammers do an excellent job imitating well-known retailers' websites. 

However, there are frequently some telltale indicators of fraudulent websites, such as grammatical problems in the "About Us" part or a missing or insufficient "Contact" page. While it may be tempting to grab a deal, it is best to stick with reputable merchants. Bank transfer payments are less secure than credit card payments.

What is a Pretexting Attack, and How can you Avoid it?

 

Pretexting is one of the most prevalent methods employed by cybercriminals, despite the fact that you may not frequently hear the phrase. 

The strategy is crucial to phishing fraud. These attacks, in which malicious messages are conveyed to unsuspecting victims, are a widespread hazard. Phishing accounts for 90% of all data breaches, according to CISCO's 2021 Cybersecurity Threat Report. 

What exactly is a pretexting attack? 

The underlying framework of social engineering tactics is pretexting. Meanwhile, social engineering is the process through which fraudsters persuade people into undertaking specific acts. 

In the context of information security, this typically takes the form of phishing scams, which are messages from a purportedly legitimate sender asking the receiver to download an attachment or click a link that brings them to a fraudulent website. 

Social engineering can also be used to induce various types of data breaches. A fraudster, for example, might access an organization's grounds posing as a delivery person, and then slip into a secure area of the property. 

All of these social engineering techniques have one thing in common: the attacker's request appears to be legitimate. In other words, they have the pretext to contact people - therefore 'pretexting'. Because gaining the victim's confidence is vital to the attack's success, the attacker will conduct research on their target and fabricate a plausible narrative to increase their credibility. 

Modus operandi 

In pretexting scams, the fraudster establishes a relationship with the victim in order to earn their trust.

Consider the following scenario: your company's financial assistant receives a phone call from someone pretending to be from a current supplier. The finance assistant delivers all the details the caller requires after a series of phone calls in which the caller describes the need to verify financial information as part of a new process. 

In this case, the caller developed a friendship with the victim and used a convincing tale to deceive the target into disclosing the information. 

In other instances, building the target's confidence over time is unnecessary. This is frequently the case if the attacker has compromised or is spoofing a senior employee's account. The prospect of an urgent message from a director is frequently sufficient to ensure that the employee complies with the request. 

Prevention tips 

Avoiding interactions with messages from unknown or dubious senders is the most efficient strategy to protect yourself and your organization from scammers. 

The goal of scammers is to deceive individuals into clicking on links or downloading contaminated attachments. Any communication requesting you to do one of these things should be approached with extreme caution. 

If you're ever unsure whether a message is real, seek secure ways to confirm it. If you receive a request from an employee, for example, speak with them in person, by phone, or over an instant messaging application. Although you may be hesitant to do this for a senior employee, especially if their message indicates that the request is urgent or that they will be in meetings all day, it is better to be safe than sorry. 

Your organization's information security policy should include instructions similar to this to ensure that you are adhering to best practices. This guidance should be reinforced in any information security worker awareness training you receive.

Cyberattacks on Municipalities Have Reportedly Cost Taxpayers a $379M Since 2020

 

The municipality of WestLake-Gladstone in Manitoba suffered a loss of over $450,000 as a result of a series of cyberattacks in December 2019 after one of its employees opened a malicious link in a phoney email. 

Saint John, New Brunswick spent $2.9 million in November 2020 updating its website after scammers gained access to the network of the municipality. In January 2021, numerous gigabytes of private information were stolen and ransomed in Durham Region, Ontario. Wasaga Beach, Ont., Midland, Ont., Stratford, and other communities have all been the target of cyberattacks in the previous four years, to name a few. Scams and fraud increased by 130% between 2020 and 2021, costing Canadians an estimated $379 million, according to the Canadian Anti-Fraud Centre (CAFC).

“Municipalities are a very good target for bad guys,” says Ali Ghorbani, a cyber security professor at the University of New Brunswick and the director of the Canadian Institute for Cyber Security.

As per Ghorbani, municipalities are appealing since they deal with financial resources that are far larger than those of an individual and frequently top millions of dollars. Through services like bylaw, permitting, and others, they also store the private information of residents. Ransomware is the most typical form of assault, according to Ghorbani. Through social engineering, which entails tricking someone into doing something or sharing sensitive information, fraudsters can enter a municipality's network.

Scams involving phishing come into this category. An email will be sent to a municipality employee from what appears to be a reliable source. There will be a link in the email. The municipal network is infected with ransomware when the employee clicks the link.

"They’re establishing admin access to the infrastructure, and then they take over the data and encrypt it so no one else can open it,” Ghorbani says.

The fraudsters then demand payment from the municipality in exchange for their promise to divulge the sensitive information. The stakes are larger, yet it's the same tactic that fraudsters use to target specific people. Through a phishing scheme, criminals in WestLake-Gladstone gained access to the municipal system and began draining bank accounts, transferring the money to Bitcoin, and making it vanish. In Saint John, scammers shut down all online services and demanded $17 million in Bitcoin to unfreeze the network. The municipality's usage of the Accellion File Transfer Appliance software, a product that sparked a massive wave of cyberattacks around the world, enabled fraudsters access to Durham Region.

These municipalities would have each had a set of cyber security guidelines, however they were unsuccessful. There are no general cyber security regulations that municipalities must abide by in Canada. The Association of Municipalities Ontario (AMO) provides guidance and highlights important security considerations in its cyber security toolkit. The level of protection, however, is up to the municipality.

For rural municipalities, this may provide difficulties. An urban area like Toronto will have a far larger budget than a municipality like WestLake-Gladstone, therefore it will have more money to spend on cyber security. Tech talent also has a tendency to migrate to positions in large cities, requiring rural governments to increase wages in order to recruit professionals. Ghorbani asserts that those fields need IT expertise.

However, this does not imply that rural administrations should not be safeguarded. Ghorbani proposes splitting the cost of hiring a cyber security expert with other nearby municipalities for municipalities with limited budgets wishing to strengthen their online defenses. To hire a specialist to remodel their IT department and ensure their infrastructure is up to date for several months, two or three neighboring municipalities may pool their resources.

Education is yet another important barrier. According to Ghorbani, municipal employees and residents can benefit much from training. They have then instructed staff to operate their system correctly. Ghorbani suggests posting education advice on the town's website and holding workshops on safety every few months to inform workers and residents.

Ghorbani stated, “Municipalities shouldn’t have the mindset that they’re small, so they’re not going to spend money on doing anything because they may not be a target. They miss the point that bad guys don’t really care. They take whatever they can. In fact, a smaller fish is more attractive to them because it’s less publicity than attacking a big fish.”

Here's How a Lost Wallet Becomes a Nightmare for Your Credit and Identity

 

Theft of identity and the establishment of bank accounts in your name can result from losing your wallet. That can result in years of battling false creditors and claims, building up bad credit. Jessica Roy, an assistant editor on the utility journalism team at the Los Angeles Times, experienced this. 

In 2018, she claims that her wallet was stolen from her purse at a pub, but she didn't pay it much attention. 

I actually didn't keep that much in there. My driver's license, some cash, and a few credit cards were all there. The following day, I discovered they had completed a few transactions. I changed the cards and got those backward. I initially believed it to be the conclusion, Roy stated. 

But in the middle of January 2019, she began receiving a tonne of letters. “It was like, ‘Congratulations on your new Bank of America account. Congratulations on your new Wells Fargo account. We're following up on your Target card inquiry.’ And I realized they were using my identity to start opening new accounts.” 

Roy speculates that the hackers might have secured her social security information through the dark web. According to her reporting, that is typical. Many people dismiss the frequent data breaches and online intrusions that result in the theft of personal information like passwords or social security numbers. 

Roy claims that nobody is secure. She discussed the 2017 Equifax hack, which affected 147 million Americans, in her blog. That comes from a credit bureau and is private information. Our every financial move is being tracked by the credit bureaus, who aren't even protecting our data, which is why we need to keep our identity so secure. 

She always believed that because she was a reporter and was being thorough, she would be able to thwart false claims and transactions. 

I never imagined that I would experience this. And when it happened, I said to myself, "You know what, I'm going to start doing something." I'll be in control of this. I'm going to call the banks and demand that they put things right. And that will be the conclusion of it. And they're going to take care of it and shut these accounts in a really friendly manner. And everything will be a closed book. But it persisted. 

In Roy's instance, some arrests eventually took place, which she claims is unusual. “It wasn't because ‘oh, the police dug into my crime and worked night and day to solve this.’ It's because [the suspects] were pulled over and arrested for something else. And incidentally, they happened to have a bunch of my identity material in the car with them.” 

Roy claims that despite their repeated attempts, the criminals were unable to access her bank and email accounts because they were secured. Things like two-factor authentication stopped future problems from getting worse. 

“They called me impersonating my bank and asked me to repeat my password as if it were a security question. And I realized I was like, ‘Oh my God, this is them. They're calling me on Christmas to try and steal my identity some more,” she further added. I really think the conclusion that I came to in experiencing this and reporting this story is that yes, there are steps you can take. Nothing is foolproof, and this is a systemic issue that has to be addressed.” 

Roy advises users to proactively freeze their credit cards and set up two-factor authentication for each account, including email and bank accounts, to lessen the risk of identity theft.