cyberfraud

now browsing by tag

 
 

#cyberfraud | #cybercriminals | WhatsApp is under attack and you should be aware of this growing risk

Source: National Cyber Security – Produced By Gregory Evans

Along with WhatsApp, other firms being targeted in these scams include PayPal, Facebook, Microsoft and Netflix.

If you are concerned about these types of online attacks then the UK’s National Cyber Security Center has some good advice for consumers.

Here’s their top tips for avoiding phishing scams online.

• Many phishing scams originate overseas and often the spelling, grammar and punctuation are poor. Others will try and create official-looking emails by including logos and graphics. Is the design (and quality) what would you’d expect from a large organisation?

• Is it addressed to you by name, or does it refer to ‘valued customer’, or ‘friend’, or ‘colleague’? This can be a sign that the sender does not actually know you, and that it is part of a phishing scam.

Source link

The post #cyberfraud | #cybercriminals | WhatsApp is under attack and you should be aware of this growing risk appeared first on National Cyber Security.

View full post on National Cyber Security

#cyberfraud | #cybercriminals | These Are The Most Rampant Windows And Mac Malware Threats For 2020: Here’s What That Means

Source: National Cyber Security – Produced By Gregory Evans

Seven weeks into 2020, and we are deep into the season for cybersecurity reporting. You can expect a wide range of summaries of the threat landscape from 2019 and forecasts as to what to expect this year. As threat actors from China, Russia, Iran and North Korea continue to probe network and system security around the world, we also have the rising threat of ever more sophisticated malware hitting individuals and the companies they work for, all fuelled by the scourge of social engineering to make every malicious campaign more dangerous and more likely to hit its mark.

BlackBerry Cylance has published its “2020 Threat Report” today, February 19, and its theme is the blurring lines between state actors and the criminal networks that develop their own exploits or lease “malware as a service,” pushing threats out via email and messaging campaigns, targeting industries or territories. This year, 2020, will be seminal in the world of threat reporting and defense—IoT’s acceleration is a game changer in cyber, with the emergence of a vast array of endpoints and the adoption of faster networking and pervasive “always connected” services.

The challenge with IoT is the limited control of the security layers within those endpoints—it’s all very well having smart lightbulbs, smart toys and smart fridges. But if every connected technology you allow into your home is given your WiFi code and a connection to the internet, then it is near impossible to assure yourself of the security of those devices. Current best practice—however impractical that sounds—is to air-gap the networks in your home: trusted devices—your phones, computers and tablets, and then everything else. If one family of devices can’t see the other, then you are much better protected from malicious actors exploiting casual vulnerabilities.

I have warned on this before, and the market now needs the makers of networking equipment to develop simple one-click multiple networking options, so we can introduce the concept of a separated IoT network and core network into all our homes—something akin to the guest networks we now have but never use on our routers, but simpler, more of a default, and therefore better used.

According to Cylance’s Eric Milam, the geopolitical climate will also “influence attacks” this year. There are two points behind this. First, mass market campaigns from state-sponsored threat actors in Iran and North Korea, from organized groups in Russia and China, and from criminal networks leveraging the same techniques, targeting individuals at “targeted scale.” And, second, as nation-states find ever more devious ways to exploit network defenses, those same tools and techniques ultimately find their way into the wider threat market.

The real threats haven’t changed much: Phishing attacks, ranging from the most basic spoofs to more sophisticated and socially engineered targeting; headline-grabbing ransomware and virus epidemics; the blurring between nation-state and criminal lines, accompanied by various flavors of government warnings. And then, of course, we have the online execution of crimes that would otherwise take place in the physical world—non-payment and non-delivery, romance scams, harassment, extortion, identity theft, all manner of financial and investment fraud.

But, we do also have a rising tide of malware. Some of that rising tide is prevalence, and some is sophistication. We also have criminal business models where malware is bought and sold or even rented on the web’s darker markets.

In the Cylance report, there is a useful summary of the “top malware threats” for Windows and Mac users. Cylance says that it complied its most dangerous list by using an “in-house tooling framework to monitor the threat landscape for attacks across different operating systems.” Essentially that means detecting malware in the wild across the endpoints monitored by its software and systems. It’s a volume list.

For cyber-guru Ian Thornton-Trump, the real concerns for individuals and companies around the world remain Business Email Compromise, “the fastest growing and most lucrative cyber-criminal enterprise.” He also points out that doing the basics better goes a long way—“there is little if any mention of account compromises due to poor password hygiene or password reuse and the lack of identifying poorly or misconfigured cloud hosting platforms leading to some of the largest data breaches” in many of the reports now coming out.

So here are Cylance’s fifteen most rampant threats. This is their own volume-based list compiled from what their own endpoints detected. There are missing names—Trickbot, Sodinokibi/REvil, Ryuk, but they’re implied. Trickbot as a secondary Emotet payload, for example, or Cylance’s observation that “the threat actors behind Ryuk are teaming with Emotet and Trickbot groups to exfiltrate sensitive data prior to encryption and blackmail victims, with the threat of proprietary data leakage should they fail to pay the ransom in a timely manner.”

There are a lot of legacy malware variants listed—hardly a surprise, these have evolved and now act as droppers for more recent threats. We also now see multiple malware variants combine, each with a specific purpose. Ten of the malware variants target Windows and five target Macs—the day-to-day risks to Windows users remain more prevalent given the scale and variety of the user base, especially within industry.

Windows Threats

  • Emotet: This is the big one—a banking trojan hat has been plaguing users in various guises since 2014. The malware has morphed from credential theft to acting as a “delivery mechanism” for other malware. The malware is viral—once it gets hold of your system, it will set about infecting your contact with equally compelling, socially engineered subterfuges.
  • Kovter: This fileless malware targets the computer’s registry, as such it makes it more difficult to detect. The malware began life hiding behind spoofed warnings over illegal downloads or file sharing. Now it has joined the mass ad-fraud market, generating fraudulent clicks which quickly turn to revenue for the malware’s operators.
  • Poison Ivy: A malicious “build you own” remote access trojan toolkit, providing a client-server setup that can be tailed to enable different threat actors to compile various campaigns. the malware infects target machines with various types of espionage, data exfiltration and credential theft. Again the malware is usually spread by emailed Microsoft Office attachments.
  • Qakbot: Another legacy malware, dating back a decade, bit which has evolved with time into something more dangerous that its origins. The more recent variants are better adapted to avoiding detection and to spreading across networks from infected machines. The malware can lock user and administrator accounts, making remove more difficult.
  • Ramnit: A “parasitic virus” with “worming capabilities,” designed to infect removable storage media, aiding replication and the persistence of an attack. The malware can also infect HTML files, infecting machines where those files are opened. The malware will steal credentials and can also enable a remote system takeover.
  • Sakurel (aka. Sakula and VIPER): Another remote access trojan, “typically used in targeted attacks.” The delivery mechanism is through malicious URLs, dropping code on the machine when the URL is accessed. The malware can also act as a monitor on user browsing behavior, with other targeted attacks as more malware is pulled onto the machine.
  • Upatre: A more niche, albeit still viable threat, according to Cylance. Infection usually results from emails which attach spoof voicemails or invoices, but Cylance warns that users can also be infected by visiting malicious websites. As is becoming much more prevalent now, this established legacy malware acts as a dropper for other threats.
  • Ursnif: This is another evolved banking trojan, which infects machines that visit malicious websites, planting code in the process. The malware can adapt web content to increase the chances of infection. The malware remains a baking trojan in the main, but also acts as a dropper and can pull screenshots and crypto wallets from infected machines.
  • Vercuse: This malware can be delivered by casual online downloads, but also through infected removable storage drives. The malware has adapted various methods of detection avoidance, including terminating processes if tools are detected. The primary threat from this malware now is as a dropper for other threats.
  • Zegost: This malware is designed to identify useful information on infected machines and exfiltrate this back to its operators. That data can include activity logging, which includes credential theft. The malware can also be used for an offensive denial of service attack, essentially harnessing infected machines at scale to hit targets.

Mac Threats

  • CallMe: This is a legacy malware for the Mac world, opening a backdoor onto infected systems that can be exploited by its command and control server. Dropped through malicious Microsoft Office attachments, usually Word, the vulnerability has been patched for contemporary versions of MacOS and Office software. Users on those setups are protected.
  • KeRanger: One of the first ransomware within the Mac world, the malware started life with a valid Mac Developer ID, since revoked. The malware will encrypt multiple file types and includes a process for pushing the ransom README file to the targeted user. Mitigation includes updates systems, but also offline backups as per all ransomware defenses.
  • LaoShu: A remote access trojan that uses infected PDF files too spread its payload. The malware will look for specific file types, compressing those into an exfiltration zip file that can be pulled from the machine. While keeping systems updated, this malware also calls for good user training and email bevavior, including avoidance of unknown attachments.
  • NetWiredRC: A favourite of the Iranian state-sponsored APT33, this malware is a remote access trojan that will operate across both Windows and Mac platforms. The malware focuses on exfiltrating “sensitive information” and credentials—the latter providing routes in for state attackers. Cylances advises administrators to block 212[.]7[.]208[.]65 in firewalls and monitor for “%home%/WIFIADAPT.app” on systems.
  • XcodeGhost: Targeting both Mac and iOS, this compiler malware is considered “the first large-scale attack on Apple’s App Store.” Again with espionage and wider attacks in minds, the malware targets, captures and pulls strategic information from an infected machine. its infection of “secure apps” servers as a wider warning as to taking care when pulling apps from relatively unknown sources.

In reality, the list itself is largely informational as mitigation is much the same: Some combination of AV tools, user training, email filtering, attachment/macro controls, perhaps some network monitoring—especially for known IP addresses. The use of accredited VPNs, avoiding public WiFi, backups. Cylance also advises Windows administrators to watch for unusual registry mods and system boot executions.

Thornton-Trump warns that we need constant reminding that cyber security is about “people, process and technology.” Looking just at the technology side inevitably gives a skewed view. For him, any vendor reports inevitably “overstate the case for anti-malware defences in contrast to upgrade and improvement of other defensive mechanisms, including awareness training and vulnerability management.”

And so, ultimately, user training and keeping everything updated resolves a material proportion of these threats. Along with some basic precautions around backups and use of cloud or detached storage which provides some redundancy. Common sense, inevitably, also features highly—whatever platform you may be using.

Source link

The post #cyberfraud | #cybercriminals | These Are The Most Rampant Windows And Mac Malware Threats For 2020: Here’s What That Means appeared first on National Cyber Security.

View full post on National Cyber Security

#cyberfraud | #cybercriminals | FBI Publishes 2019 Internet Crimes Report Causing 3.5 Billion Dollars Loss

Source: National Cyber Security – Produced By Gregory Evans


As the internet has become an indispensable part of our lives, crimes committed on the internet have started to increase significantly. In the 2019 report of the FBI, it was emphasized that cybercrime cost $ 3.5 billion.

The Federal Bureau of Investigation (FBI) published the ‘2019 Internet Crimes Report’. According to the published report, the number of crimes complained during the year reached 467 thousand 361. The cost of the crimes complaining exceeds $ 3.5 billion.

Cybercrime increased in 2019
The Internet Crime Complaints Center (IC3), an FBI source that reports suspected cybercrime activities, was established in May 2020 and reached a total number of 4,883,231 complaints with 2019 reports.

While the number of complaints received in the last five years has reached 1.7 million, the total annual loss has increased from $ 1.1 billion (2015) to $ 3.5 billion (2019). The damage of cybercrime to individuals and businesses in the US has exceeded $ 10 billion in the past five years. 2019 was the worst year in this respect. During the year, the highest cyber crime complaints ever made, while the victims of cyber crime have also suffered their greatest losses. In the fight against cybercrime, an amount of $ 300 million was saved.

Company emails
In the fraudulent activities carried out via company e-mails, more than $ 1.7 billion was lost. A total of 23,775 complaints were made in this area in 2019. Business email scams have become the most dangerous group in cybercrime.

“Many organizations have been vulnerable to email attacks because criminals are developing their methods to compromise traditional email,” said Cencornet CEO Ed Macnair. The attackers targeted the most CEOs and staff working in the financial department in these areas.

Macnair said that cybercriminals trick employees and steal valuable information by using e-mail addresses similar to trusted companies’ e-mails. Macnair said this method is very difficult to catch by traditional defense systems and companies need to improve their security techniques.

Ransomware
The FBI warned about the magnitude of the ransomware’s impact on businesses and organizations. In the ransomware attack against the city of New Orleans in December 2019, it was revealed that the FBI’s warnings were not taken seriously.

In 2018, there were some reductions in complaints about ransomware attacks, but this number increased again in 2019 and reached the highest number of complaints after 2016. Ransomware attacks caused $ 2.4 million of damage in 2016, up from $ 8.9 million in 2019.

Source link

The post #cyberfraud | #cybercriminals | FBI Publishes 2019 Internet Crimes Report Causing 3.5 Billion Dollars Loss appeared first on National Cyber Security.

View full post on National Cyber Security

#cyberfraud | #cybercriminals | MAS reminds of vigilance against cyber threats taking advantage of coronavirus situation

Source: National Cyber Security – Produced By Gregory Evans SINGAPORE: The Monetary Authority of Singapore (MAS) reminded financial institutions to remain vigilant on the cybersecurity front amid cases of “cyber threat actors” taking advantage of the coronavirus situation to conduct email scams, phishing and ransomware attacks.  In a media release on Sunday (Feb 9), MAS said […] View full post on AmIHackerProof.com

#cyberfraud | #cybercriminals | Cyber Security Today – Oscar movie scams, and make sure you update these products

Source: National Cyber Security – Produced By Gregory Evans Movie scams, and make sure you update Windows, WhatsApp and Cisco products Welcome to Cyber Security Today. It’s Friday February 7th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanada.com. To hear the podcast click on the arrow below:    On Monday’s podcast I warned […] View full post on AmIHackerProof.com

#cyberfraud | #cybercriminals | Safeonweb warns of new scam involving second-hand sites

Source: National Cyber Security – Produced By Gregory Evans Saturday, 08 February 2020 The online consumer protection organisation Safeonweb has warned of the latest technique used by fraudsters to steal the data of unsuspecting users of second-hand sites like 2dehands.be. The issue was highlighted by VRT presenter Sven Pichal on his Facebook page De Inspecteur. […] View full post on AmIHackerProof.com

#cyberfraud | #cybercriminals | Warning as bogus KCOM workers target Hull homes in new ‘spoofing’ scam

Source: National Cyber Security – Produced By Gregory Evans

Several people have been preyed on by bogus callers claiming to work for a major communications company.

The fraudsters have been targeting homes in the region posing as staff from KCOM in order to con unsuspecting individuals into handing over banking information.

The calls have been showing as local numbers in the practice known as “spoofing” but the IT provider made clear that they never ask individuals for card details.

A spokesperson for KCOM urged customers to be vigilant and said: “We’ve been made aware of a spate of scam calls recently from people posing as KCOM, calling from what appear to be local Hull phone numbers.

“This is known as ‘spoofing’ where the scammer can make it look as if they are calling from a 01482 number when in reality they are probably calling from abroad.

Watch: How to protect yourself from text message and cold call scams

Video Loading

Video Unavailable

“We have already blocked several numbers that have been reported to us by our customers. Fortunately, those customers we’ve spoken to have realised something is not quite right and ended the call – and have avoided losing money as a result.

“If you’re ever suspicious about a call, we recommend you hang up immediately and call us to check. Never give out any personal information or bank details and never allow anyone to take remote control of your computer.

“We never ask for customers’ credit or debit card details over the phone and will always transfer customers who wish to make a payment over to our secure, automated payment line.

“As well as calling KCOM on 01482 602555 anyone who believes they have been targeted by a scam caller should report it to Action Fraud, the National Fraud and Cyber Crime Reporting Centre, by calling 0300 123 2040 or by visiting www.actionfraud.police.uk.”

Providing Action Fraud with this information enables it to track and fight cyber crime.

Source link

The post #cyberfraud | #cybercriminals | Warning as bogus KCOM workers target Hull homes in new ‘spoofing’ scam appeared first on National Cyber Security.

View full post on National Cyber Security

#cyberfraud | #cybercriminals | State Department Official Condemns Harassment Of Iranian Journalists Abroad

Source: National Cyber Security – Produced By Gregory Evans

U.S. Assistant Secretary of State Roberto Destro has blasted Islamic Republic officials for threatening and persecuting Iranian journalists living abroad.

“The U.S. condemns the harassment and threats that Persian-language reporters are receiving from Iranian regime officials while working abroad,” Destro tweeted on Thursday, February 6.

Assistant Secretary of State in the Bureau of Democracy, Human Rights and Labor at the U.S. Department of State also asserted in his tweet, “We stand with the Iranian people in their right to freedom of information and with independent journalists fighting to inform the public.”

Reports on threats and harassment of Iranian journalists living and working outside the country have been rife in the past few months, leading to widespread international condemnation. The same kind of pressures were also intense prior to the start of nuclear negotiations in 2013.

Iran-linked hackers pose as journalists in email scams to obtain passwords and break into the email accounts of journalists, Reuters said in an exclusive report on Wednesday, February 5.

In a report published Wednesday, London-based cybersecurity company, Certfa, has named a hacking group nicknamed Charming Kitten, which has long been associated with Iran.

Israeli firm ClearSky Cyber Security provided Reuters with documentation of impersonations of two media figures at CNN and Deutsche Welle, a German public broadcaster. ClearSky also linked the hacking attempts to Charming Kitten, describing the individuals targeted as Israeli academics or researchers who study Iran. ClearSky declined to give the specific number of people targeted or to name them, citing client confidentiality, Reuters reported.

Source link

The post #cyberfraud | #cybercriminals | State Department Official Condemns Harassment Of Iranian Journalists Abroad appeared first on National Cyber Security.

View full post on National Cyber Security

#cyberfraud | #cybercriminals | Mobile phone scam warning – reminder to just hang up

Source: National Cyber Security – Produced By Gregory Evans If you receive a phone call from anyone claiming to be an employee of an online shopping site or ‘buy first – pay later’ business advising you there are issues associated with your account – just hang up and contact the company using an independently verified […] View full post on AmIHackerProof.com