now browsing by tag


#infosec | UK Spies Hunt Down Covid-19 Threats

Source: National Cyber Security – Produced By Gregory Evans

The UK’s National Cyber Security Centre (NCSC) has stepped in to remove malicious and phishing websites linked to Covid-19 scams, but warned that attacks could increase if the outbreak does.

The GCHQ body said that phishing efforts using the Coronavirus as a lure have led to victims losing money and sensitive data across Europe.

It urged businesses and consumers to consult its advice on email scams and dealing with malware to better insulate them from the threat of ransomware, credential theft and fraud.

“The NCSC has seen an increase in the registration of web pages relating to the Coronavirus suggesting that cyber-criminals are likely to be taking advantage of the outbreak,” it said.

“Continued global susceptibility to phishing will probably make this approach a persistent and attractive technique for cyber-criminals. Moreover, if the outbreak intensifies, it is highly likely that the volume of such attacks will rise.”

Security vendors have been sounding the alarm over phishing attacks for more than a month. Emails are often spoofed to appear as if sent from the World Health Organisation (WHO), the US Center for Disease Control (CDC) or other official bodies, and claim to contain new information on the outbreak in an attachment or via a link.

Some are laden with malware while others request the user enter their email and password, Outlook log-ins or other credentials to proceed. There are also reports, cited by the NCSC, of fraudsters requesting Bitcoin donations to fund a fake vaccine, and even scam sites selling fake antiviral equipment.

“We know that cyber-criminals are opportunistic and will look to exploit people’s fears, and this has undoubtedly been the case with the Coronavirus outbreak,” said NCSC director of operations, Paul Chichester.

“Our advice to the public is to follow our guidance, which includes everything from password advice to spotting suspect emails. In the event that someone does fall victim to a phishing attempt, they should look to report this to Action Fraud as soon as possible.”


#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity

Source link

The post #infosec | UK Spies Hunt Down Covid-19 Threats appeared first on National Cyber Security.

View full post on National Cyber Security

Big BEC Bust Brings Down Dozens

Source: National Cyber Security – Produced By Gregory Evans

Two dozen individuals have been named in the latest arrests of alleged participants in a business email compromise scheme that cost victims $30 million.

Federal officials have arrested two dozen individuals on charges related to a series of business email compromise (BEC) fraud and money-laundering schemes. The individuals, most of whom live in or around Atlanta, are alleged to have committed fraud against individuals and companies using BEC schemes, romance fraud scams, and retirement account scams, among others.

According to a statement released by the Justice Department, those arrested this week join 17 individuals already in federal custody as charged in the series of alleged crimes. The department says that those charged collected more than $30 million from their victims, laundering the money through accounts often opened in victims’ names and used to both defraud the victim and launder the criminal proceeds.

More than two dozen local, state, and federal law enforcement agencies participated in the investigation of the defendants.

For more, read here.

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

More Insights

Click here for the Source link

The post Big BEC Bust Brings Down Dozens appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Malware volume drops, crytptojacking down 78%, stealthy attacks on web apps double

Source: National Cyber Security – Produced By Gregory Evans

Good news as volumes of attacks drop, but bad as attackers turn to stealthier attacks on softer targets

Global malware attacks fell for only the second time in five years, dropping six percent to 9.9 billion, down from 10.5 billion, according to a new report. 

This seeming good news is not all it seems however, with attackers eschewing large volume attacks in favour of more evasive and targeted attacks on soft targets. In other ‘good’ news, ransomware attacks also dropped nine  percent to almost 188 million, while the volume of cryptojacking incidents plummeted 78 percent in the second half of 2019. This last is probably due to the volatile crypto market directly impacting revenues for hackers, as well as the shuttering of browser-based Monero-mining service Coinhive in March 2019. 

However, the bad news is that hackers have turned their attention to more lucrative targets, with web apps such as Dropbox and Slack seeing a huge uptick in attacks, up 52 percent in the past year to 40.8 million. According to the 2020 SonicWall Cyber Threat Report the overall internet trend towards encrypting traffic has been reflected in hacking too, with a rise in encrypted threats of 27 percent, totalling up to almost four million.

In addition, fileless malware and a range of new techniques (including code obfuscation, sandbox detection and bypass) saw a rise in popularity, with new threats hiding in common and trusted file types such as Office (20.3 percent) and PDFs (17.4 percent). Indeed, these two file types represented 38 percent of new threats detected by SonicWall.

Terry Greer-King, VP EMEA at SonicWall told SC Media UK that cyber-criminals are becoming smarter and more ambitious than ever before: “They now spend more time honing their craft, targeting vulnerable IoT devices and aiming ransomware at the highest-value targets most likely to payout. With hackers doubling their attacks on popular web apps used for work and everyday needs, financial and personal information within those services is now more vulnerable than ever. Sold on the dark web for a profit, there’s no telling where these details will end up.”

Interestingly, another trend highlighted by the report is a rise in IoT attacks, which saw a moderate five percent increase, with a total volume of 34.3 million attacks in 2019. With IoT Devices widely tipped for an exponential rise (one industry study predicts the global IoT security market will to reach or exceed £27 billion by 2023, a spike of 33.7 percent), the stage is set for increased volumes of IoT attack traffic as device penetration and deployment increases. 

“Total end-to-end security is key, including a layered approach to security across wired, wireless, mobile and cloud networks. It will continue to be crucial to secure and manage IoT devices to prevent tampering and unauthorised access. As the report testifies, data will continue to be put under threat by malicious actors, often across changing vectors, and so it is hugely important that businesses and governments are proactive in protecting this.”, summarised Greer-King.

The report found that the most popular ransomware family of 2019 (making up 33 percent of all ransomware attacks), was Cerber, also boasting four of the top 10 ransomware signatures of the year, including the top two spots totaling more than 77 million hits. 

Source link

The post #deepweb | <p> Malware volume drops, crytptojacking down 78%, stealthy attacks on web apps double <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Police in Midlands praised for bringing down Dark Web paedophile ring

Source: National Cyber Security – Produced By Gregory Evans A SPECIALIST police unit in the West Midlands has been credited with helping bring down one of the most shocking online paedophile rings in recent history. Yesterday (23 Jan) Portuguese police held a press conference praising the cooperation of law enforcement agencies across the world in […] View full post on

#cybersecurity | #infosec | WeLeakInfo, the site which sold access to passwords stolen in data breaches, is brought down by the FBI

Source: National Cyber Security – Produced By Gregory Evans

FBI seizes control of which sold passwords stolen in data breaches

Law enforcement agencies have seized control of the domain of WeLeakInfo, a website offering cheap access to billions of personal credentials stolen from approximately 10,000 data breaches.

For as little as $2 per day, anyone could search the controversial website’s database of records and in many instances extract names, email addresses, phone numbers, and passwords. These passwords could then be used by unscrupulous hackers to break into other accounts where users had made the mistake of reusing the same credentials.


With the seizure of the domain, the website’s operations are effectively suspended.

Visitors to the website are now greeted by a message from the various law enforcement agencies who have been investigating the website’s activities.

Seized website

A 22-year-old man was arrested by police on Wednesday in Fintona, County Tyrone, Northern Ireland, in connection with the website, and another 22-year-old male has been arrested by East Netherland Cyber Crime Unit (Politie) in Arnhem.

According to an NCA press release, the two individuals are suspected by police of having made profits in excess of £200,000 from the site.

Prosecutors are likely to argue that those behind the website were profiting from the unlawful sale of stolen data, and assisting third-parties in also accessing sensitive details.

It’s important to recognise that there is a clear difference between the likes of WeLeakInfo and legitimate services like Troy Hunt’s HaveIBeenPwned.

WeLeakInfo allowed anyone to scoop up the passwords of those involved in a data breach, meaning they could be used in future security breaches.

HaveIBeenPwned, on the other hand, doesn’t store or share anybody’s password – instead the service, which I heartily recommend individuals and organisations sign up for, informs you if your email address has been included in a data breach. And that’s it. The onus is then on you to take steps to protect yourself (which may mean resetting passwords, and ensuring that you are not using the password you use on the hacked website anywhere else).

Authorities say they continue to investigate WeLeakInfo, and one can’t help but wonder if there will be more arrests if the site’s customer details are extracted from the seized infrastructure.

Source link

The post #cybersecurity | #infosec | WeLeakInfo, the site which sold access to passwords stolen in data breaches, is brought down by the FBI appeared first on National Cyber Security.

View full post on National Cyber Security

Malicious npm package taken down after Microsoft warning – Naked Security

Source: National Cyber Security – Produced By Gregory Evans

Criminals have been caught trying to sneak a malicious package on to the popular Node.js platform npm (Node Package Manager).

The problem package, 1337qq-js, was uploaded to npm on 31 December, after which it was downloaded at least 32 times according to figures from npm-stat.

According to a security advisory announcing its removal, the package’s suspicious behaviour was first noticed by Microsoft’s Vulnerability Research team, which reported it to npm on 13 January 2020:

The package exfiltrates sensitive information through install scripts. It targets UNIX systems.

The data it steals includes:

  • Environment variables
  • Running processes
  • /etc/hosts
  • uname -a
  • npmrc file

Any of these could lead to trouble, especially the theft of environment variables which can include API tokens and, in some cases, hardcoded passwords.

Anyone unlucky enough to have downloaded this will need to rotate those as a matter of urgency in addition to de-installing 1337qq-js itself.