As per reports, a telecommunication provider that is owned by Russia rerouted traffic which was intended for the most imminent Content Delivery Networks (CDNs) and cloud host providers of the globe.

The entire re-direction kept on for around an hour during which it affected over 8,500 traffic routes of the internet. The concerned organizations happen to be few of the most celebrated ones.

Per sources, the brands range across well-known names like Cloudflare, Digital Ocean, Linode, Google, Joyent, Facebook, LeaseWeb, Amazon, GoDaddy, and Hetzner.

Reportedly, all the signs of this attack indicate towards its being a case of hijacking the Border Gateway Protocol, also known as, BGP hijacking. It is the illegitimate takeover of IP prefixes by a hijacker to redirect traffic.

This gives a lot of power in the hands of the hijacker because they could at any time “publish an announcement” stating that the servers of a particular company are on their network. As a result of which all of e.g. Amazon’s traffic would end up on the hijacker’s servers.

In earlier times when Hypertext Transfer Protocol wasn’t as widely used to encrypt traffic, BGP hijacking was a lucrative way to carry Man-in-the-Middle (MitM) attacks and catch and modify traffic.

But in recent times, analysis and decryption of traffic later in time has become easier because of BGP hijacking, as the encryption gets weaker with time.

This predicament isn’t of a new kind. It has been troubling the cyber-world for a couple of decades, mainly because they aim at boosting the BGP’s security. Despite working on several projects there hasn’t been much advancement in improving the protocol to face them.

Google’s network has been a victim of BGP hijacking by a Nigerian entity before. Researchers mention that it is not necessary for a BGP hijacking to be malicious.

Reportedly, “mistyping the ASN” (Autonomous System Number) is one of the other main reasons behind a BGP hijacking, as it is the code via which internet units are recognized and ends up accidentally redirecting traffic.

Per sources, China Telecom stands among the top entities that have committed BGP hijacking, not so “accidentally”. Another famous one on a similar front is “Rostelecom”.

The last time Rostelecom seized a lot of attention was when the most gigantic of financial players were victimized by BGP hijacking including HSBC, Visa, and MasterCard to name a few.

The last time, BGPMon didn’t have much to say however this time, Russian Telecom is in a questionable state, per sources. They also mention that it is possible for the hijack to have occurred following the accidental exposure of the wrong BGP network by an internal Rostelecom traffic shaping system.

Things took a steep turn when reportedly, Rostelecom’s upstream providers re-publicized the freshly declared BGP routes all across the web aggravating the hijack massively.

Per researchers, it is quite a difficult task to say for sure if a BGP hijacking was intentional of accidental. All that could be said is that the parties involved in the hijack make the situation suspicious.

Amid this Covid-19 lockdown, the use of video conferencing software has seen a rapid rise- be it work-related, teaching or just socializing. Our use of video chats has increased and with it, the security concerns have risen diligently.


One such software "Zoom", which is quite popular for video conferencing has been drawing attention from security researchers and journalists recently over privacy and security issues. Even United States investigative agency FBI issued a warning to the citizens to be cautious while using zoom app citing cases of zoombombing where calls were interrupted by "pornographic and/or hate images and threatening language," and the agency also asked the software companies to practice "due diligence and caution" in their security measures.

 Zoombombing is an incident when your video conference calls are interrupted by unwanted/uninvited attendee and disrupts the meet. 

Measures by Zoom to prevent Zoombombing

On Wednesday, Zoom CEO Eric Yuan published a blog post addressing these security concerns. He mentioned that Zoom will freeze feature updates and focus on coming up with security solutions for the next 90 days. Quoting to dedicate these ninety days to "the resources needed to better identify, address and fix issues proactively." He wrote that these initiatives will focus on "conducting a comprehensive review with third-party experts and representative users to understand and ensure the security of all of our new consumer use cases," according to the post.

Steps you can take to prevent "Zoombombing" 

There are some simple settings you can change on your Zoom app for your calls from being interrupted by unwanted individuals.

1. Don't use your personal meeting ID, instead use a pre-meeting ID exclusive for that meeting. There are Zoom tutorials to help you understand how to generate a random meeting ID for a meeting. 
2.  Enable the "waiting room" feature in Account Management. It will allow you to see who is attempting to join the meeting and give them access. 
3. Once the meeting begins and everyone is in it, lock the meeting to outsiders. 
4.  Make sure you don't publish or post the meeting ID on public platforms. 
5.  If any outsider does barge in- 

You can lock them out by going to Participants List in the navigation sidebar, scroll to more and click to Lock Meeting. You can also shut them up, by clicking on Mute all control in the Participants List.

The Russian-based cyber platform known as DEER.IO has for quite some time been facilitating many online shops where illicit products and services were being sold.

A little while back, there happened the arrest of Kirill Victorovich Firsov as revealed by authorities, he was the supposed main operator behind Deer.io, a Shopify-like stage that has been facilitating many online shops utilized for the sale of hacked accounts and stole user data. Convicts ware paying around $12/month to open their online store on the platform.

When the 'crooks' bought shop access through the DEER.IO platform, a computerized set-up wizard permitted the proprietor to upload the products and services offered through the shop and configure the payment procedure by means of cryptocurrency wallets.

Arrested at the John F. Kennedy Airport, in New York, on Walk 7, Firsov has been arrested for running the Deer.io platform since October 2013 and furthermore publicized the platform on other hacking forums.

“A Russian-based cyber platform known as DEER.IO was shut down by the FBI today, and its suspected administrator – alleged Russian hacker Kirill Victorovich Firsov – was arrested and charged with crimes related to the hacking of U.S. companies for customers’ personal information.” - the official statement distributed by the DoJ.

While Feds looked into around 250 DEER.IO stores utilized by hackers to offer for sales thousands of compromised accounts, including gamer accounts and PII documents containing user names, passwords, U.S. Social Security Numbers, dates of birth, and victim addresses.

A large portion of the casualties is in Europe and the US. The FBI agents effectively bought hacked information from certain stores facilitated on the Deer.io platform, offered data were authentic as indicated by the feds.

When asked to comment for the same FBI Special Agent in Charge Omer Meisel states, “Deer.io was the largest centralized platform, which promoted and facilitated the sale of compromised social media and financial accounts, personally identifiable information (PII) and hacked computers on the Internet. The seizure of this criminal website represents a significant step in reducing stolen data used to victimize individuals and businesses in the United States and abroad.”

More than 30 members of an interregional criminal group engaged in cloning and selling credit and payment cards of Russian and foreign banks were detained by the Federal security service (FSB). Hackers gained access to data by hacking user accounts and payment systems. The detentions took place immediately in 11 regions of Russia.

The group created more than 90 online stores where it was possible to buy data from other people's bank cards. The cards of both Russian and foreign banks, including credit cards, were compromised.
According to the FSB, the criminal group has been operating for at least the past three years. Criminals obtained the necessary data of real cardholders by accessing user accounts on the Internet and payment systems.

One of the most common ways to get them was to create websites selling various products at below-market prices. Customers interested in these cheap offers paid for the purchase directly on the site with a bank card. At the same time, using a special program, hackers gained access not only to its number but also to the pin code, as well as the CVC code of the cardholder. The seller immediately canceled the transaction itself, referring to the fact that the product is out of stock and the customer will be notified of its appearance by SMS.

After that, cloned Bank cards with a balance, usually, not less than several hundred thousand rubles or several thousand dollars or euros went on sale in one of the 90 online stores organized by members of the group in the Darknet. For example, a copy of the card with a balance of $3 thousand to $25 thousand fraudsters offered to buy for 30% of the face value. They even gave a 30-day guarantee for their product, promising to exchange the card in case of blocking. At the same time, courier delivery of cards with the entire package of documents was offered to any city in the world. Withdraw money was recommended as soon as possible so that its real owner did not have time to suspect anything.
25 detainees were charged under the article on illegal turnover of payment funds. Among the detainees are citizens of Ukraine and Lithuania.

Law enforcement officers seized more than $1 million and 3 million rubles during their detention, as well as weapons, drugs, gold bars and servers hosting fraudulent websites. According to the statement, the site hosting equipment was "liquidated". The FSB added that the seized property included fake documents, including fictitious Russian passports and law enforcement documents.

In order to ruin the users' stay at home during their work from home period brought about by COVID-19, the hackers have hit gaming giant "Blizzard" with a colossal DDoS attack causing worldwide service disruption.

The attack, as per reports was carried out on March 18th around 2:20 AM (GMT) when Blizzard users took the issue to Twitter and the Customer Support handle for Blizzard on Twitter additionally affirmed enduring the DDoS attacks.

The company further clarified that it is “currently investigating an issue affecting our authentication servers, which may result in failed or slow login attempts.”

As indicated by DownDetector's live map, Blizzard is as yet enduring the result of the attack particularly in the US, Israel, Bahrain, Iraq, China, Singapore, Malaysia, and Denmark and a few other countries.

Image credit: Down Detector’s live map

Furthermore, it is very unclear whether the DDoS attack has halted as there has been no update tweet from the company. It is, however, worth noting that Blizzard is home to probably the most mainstream games including World of Warcraft, Overwatch, Heroes of the Storm and Diablo Immortal, and so on.

The gaming monster has a strong customer base with in excess of 32 million active users across the global. Aside from these EA Sport, a division of Electronic Arts is likewise enduring a worldwide service blackout.

It is indistinct on the off chance that it is an aftereffect of a DDoS attack or the company is confronting technical challenges within however there have been various tweets from EA Sports customers complaining about lagging and connectivity issues.

As indicated by DownDectector's live map, EA Sports is as yet enduring lagging issues in the US, United Kingdom, France, Spain, Denmark, Japan, and Israel, and so forth.

Image credit: Down Detector’s live map

By and by, it is most likely not a smart decision to DDoS Blizzard but rather users are encouraged to remain tuned for any further news with respect to the attack.

The Security Service of Ukraine (SBU) announced the termination of the acclivities of hackers who stole an average of 1.2 million dollars a year from the accounts of banking institutions.

According to the investigation, the attackers found vulnerabilities in the electronic payment document management system of banks, illegally transferred money of clients to the accounts of fictitious persons or transferred it to cryptocurrency. Hackers created a bot network of infected computers to conduct illegal operations on the Internet. "Thus, the members of the group stole from the accounts of banking institutions on average 30 million hryvnias ($1.2 million) a year," reported the press service of the SBU on Tuesday.

During 10 searches in Kiev and the region, as well as in Lviv, law enforcement officers seized computer equipment and mobile devices that were used by members of the group during illegal activities. Now the seized equipment is sent for examination.

A criminal case has been opened. If the attackers are found guilty, they face up to six years in prison.
It is worth noting that the Security Service of Ukraine recently exposed a large group of hackers associated with the Darknet.

Members of the group and third parties used server hosting equipment to conduct cyberattacks on the authorities and administration of Ukraine, critical infrastructure of Ukraine, as well as Ukrainian and world banks.

During the investigation, operatives detained the organizer of the group, who since 2011 provided its own server equipment for hosting, administering and distributing malware, bot networks and conducting cyberattacks.

In particular, DDoS attacks were carried out on strategic facilities in Ukraine and banking institutions of other states. The specified hosting was known on the Darknet network under the name "ProHoster" and "Bulletproof.space".

The Federal Bureau of Investigation arrested a Russian citizen who allegedly supported the sale of hacked accounts and personal data of Internet users. The arrest occurred at the John F. Kennedy Airport.

"We received information from American law enforcement agencies that he was detained on March 7. He is in New York now in a Manhattan detention center," said Alexei Topolsky, a spokesman for the Russian Consulate.

According to him, the initial initiative for the arrest comes from the San Diego FBI. The Russian has not yet contacted the Consulate.

According to the FBI, Mr. Firsov managed the platform Deer.io where online stores engaged in illegal activities were located. The arrest warrant indicates that Firsov took part in the work Deer.io since its launch (October 2013).

According to the prosecution, Firsov is the administrator of this platform, which is located in Russia and provides an opportunity for criminal elements to sell their "products and services". The prosecution claims that the platform is selling the hacked American and international financial and corporate information, personal data, stolen accounts of many American companies.

The prosecution said that a cybercriminal who wants to sell contraband or offer criminal services through the platform can do it for $12 a month. The monthly fee is paid in bitcoins or via a number of Russian payment systems, such as WebMoney. According to Firsov, more than 24 thousand stores worked on the site, which brought in more than $17 million.

American law enforcement officers opened a criminal case, according to which Deer.io almost completely used for cybercrime purposes. FBI found stores on the Firsov site that sell access to hacked accounts, servers and personal data of users.

The Bureau said that Kirill Firsov was aware of who uses his platform, and more than once advertised Deer.io on cybercrime forums.

According to an indictment in a court database, US authorities accuse Nikita Kislitsin, manager of a Russian cybersecurity company Group-IB, of hacking the Formspring social network. Group-IB, which does not appear in the charge, found the charges against its employee unfounded.

Kislitsin was the editor-in-chief of magazine Hacker from 2006 to 2012. In 2012, he worked for some time in the United States, and since 2013, he has been working at Group-IB, where he is engaged in security threat intelligence. The indictment against Kislitsin dates back to 2014 but was declassified and uploaded to the San Francisco court database only this week.

Kislitsin was charged with two counts related to the use of illegal access devices. One article assumes up to 10 years in prison, another - up to 5 years, also Kislitsin faces a fine of 250 thousand dollars.

The indictment states that Kislitsin received the names, email addresses and passwords of Formspring customers from an accomplice-hacker, and then tried to sell them to another accomplice for 5.5 thousand euros. In total, the case involves three accomplices of Kislitsin, not one of them is named.

Group-IB issued a statement on its website linking the charges against Kislitsin to the case of Yevgeny Nikulin, whose trial opens in California next week. Nikulin is accused of illegally accessing data from the social network LinkedIn, Dropbox and Formspring servers.

Group-IB states that it supports its employees. Moreover, the company and its employee Nikita Kislitsin did not receive the official summons, notifications or invitations to the upcoming court hearing in the Nikulin case.

The company said that Group-IB is currently consulting with international lawyers for a legal assessment of the situation and making a decision on further actions.

Of all the horrible things a pervert could do using the cyber means, Cyber Flashing is by far the most debauching and harassing of all.

For all those who aren’t well aware of this concept, cyber flashing is like every other form, a highly disgusting method of “image-based sexual abuse”.

This technology backed crime doesn’t stand on a particular pedestal as to the legality of it hence, the fact that people don’t know much about it let alone it being a crime.

You may be sitting somewhere in peace and quiet, supposedly on a much-wanted vacation cruising your lazy fingers on your phone and Bam! A stranger’s genitals cover your phone screen via an AirDrop file.

The initial shock, getting grossed out and the eventual sickening feeling you get is all well understood. Because the moment you try to close the file it only gets sent, again and again, a good number of times.

The nastiest part about this is that the person who sent it to you could be sitting close by, watching you see their nether regions and could be taking some sort of nauseating pleasure out of it.

According to several polls and researches, in England, Scotland and Wales combined, 40 percent of the women have, in one form or the other experienced cyber-flashing by having received repulsively uncalled for pictures of male private parts.


Disappointingly enough, notwithstanding the pervasiveness of the situation not many governments have special legal provisions to contend with cyber-flashing. Several countries’ existing laws don’t cover the subject wholly and only in the light of “sexual harassment or communication”.

Nevertheless, Scotland, Singapore and the American state of Texas did get something done for this but only under the pressure of women’s rights campaigns.

In the years that have passed, groups have suggested pretty fervently the need for the introduction of a new law that solely focuses on “image-based sexual abuse” and legally forbids cyber-flashing.
But it never had a toll on the government and the recommendations got rejected.

Contemplating over the severity of the not-at-all trivial crime and the neglect it has undergone in terms of its legal consequences is desperately needed to frighten away any potential partakers.

The degenerates require getting this into their head that sending someone an unsolicited picture of their genitals is simply not okay and that they can be legally punished for it.

Cyber-flashing could seriously distress the receivers and make them think that they are not safe even in public spaces. It also empowers men to accept the anonymous nature of the ill-act and just show off their genitals, without the fear of getting immediately caught.
Women need to be emboldened about fighting back against it.

Moreover, girls and women need to know that these “dick-pics” are definitely not imprudent tries at flirting and the men need to understand that this is not a pathway of getting nudes in return or appallingly enough, some twisted way of showing off.

The current laws need to keep up with the expeditious changes in technology. Also, how people embrace the ill-usages of it especially for harassment and sexual abuse.

The universe is lazy, everything that occurs follows the principle of least action. It should be no surprise that living things have evolved to obtain the most benefit for the least work; consider the intersection of intelligence and energy. And the same is true for humans, we are inherently lazy - choosing the path of least resistance. No matter the work, we will choose the shortest, most easy and least time-consuming way to do it. No matter the path, we will take the most direct and simplest route.

The same could be said for the cyber world wizards, the hackers who would take the easiest path to hack and earn and hence have chosen a new way to earn and steal - "Loyalty Points".


Loyalty Points 

Digital Banking systems nowadays is as safe and impenetrable as their physical counterparts and require planning, knowledge and a load of luck to hack. And when there are easily accessible, far less secure targets like Loyalty Points, then why do so much work?

 Loyalty Points and schemes are rewards given to customers that they can swap for goods and offers much like currency. Since these are less secure, easy to steal our lazy hackers are now attacking these points instead of the highly secure bank accounts and vaults.

Need to be taken seriously

Andy Still, CTO Netacea writes for Infosecurity Group Website, "People don’t treat loyalty points in the same way as they treat other financial products. When our wallet or purse is stolen or lost, we immediately cancel our credit and debit cards. Our loyalty cards can wait. Retailers tend to treat loyalty points in the same way—logging into an account doesn’t have the same level of security, and two-factor authentication is rare."

People are often careless with their reward accounts, they leave it for months before they check it and the theft goes unnoticed. There's also a benefit that the stolen points will be refunded. In this scam, both the businesses and the customers are affected. The customer doesn't get the benefit of loyalty points nor does the business get what they want- repeat business, customer loyalty and branding. Business needs to take their loyalty points scheme like bank accounts and ask their customers to do the same.

Attackers broke into the terminal of the Odessa airport and scolded the eco-activist.
Law enforcement authorities in Odessa (Ukraine) said that they found the hackers of the Odessa airport information system, who posted pictures with insulting or obscene language on the organization’s scoreboard against eco-activist Greta Thunberg.

According to police, on February 25, officers with the support of the special forces unit of the National Police of Ukraine searched the houses of the participants and founders of the Ukrainian Cyber Alliance public organization. The search was authorized by a decision of the Odessa court. The seized equipment was sent for examination. Law enforcement officers opened a criminal case on the fact of unauthorized interference in the work of the Odessa terminal. The attackers face imprisonment for a term of three to six years.

Ukrainian Cyber Alliance associates such actions of the National Police of Ukraine with political pressure on its activists.

It is worth noting that the Ukrainian Cyber Alliance is a community of Ukrainian cyber-activists that emerged in the spring of 2016 from the Association of two groups of cyber-activists FalconsFlame and Trinity. Later, a group of cyber activists RUH8 and individual cyber-activists of the CyberHunta group joined the Alliance.

The fact of hacking the Odessa airport information system occurred in October last year. At that time, a new terminal was installed in the renovated hall of the Odessa airport. Hackers posted a photo of the Swedish eco-activist with the inscription "F*** you, Greta" on the new terminal.

Recall that Time magazine awarded 16-year-old Swedish eco-activist Greta Thunberg the title of "Person of the Year". She began her fight for ecology in the late summer of 2018. Every Friday, the girl went on a single picket near the walls of the Swedish Parliament with a poster "School strike for climate", and a year later, similar pickets were staged around the world.

Screenshot of a VA claims document released in a data dump by hacking group Maze as part of a ransomware attack against U.S. law firms. (Screenshot/Brett Callow)

Screenshot of a pain diary document released in a data dump by hacking group Maze as part of a ransomware attack against U.S. law firms. The image has been redacted by Military Times. (Screenshot/Brett Callow)

Beware! People who have blind faith in the internet and tend to believe almost anything that they view or come across online, for there has surfaced a new medium for fearless dissemination of misinformation.

Fake news and modified pictures have already been wreaking havoc on social media and real lives of people for quite a long time now; leading to serious after-effects and reactions. Mob lynching, hate speeches and violent masses are few of the many upshots of such news and pictures.

At a time when the county was freshly getting used to fighting fake news and misinformation, a leading player joined the race, which goes by the name of “deepfake”.

Deppfake videos employ artificial intelligence to alter fake videos in such a way that they seem real to viewers. These videos are crafted with such ability that it becomes difficult for people to identify any possible lacunae.

These videos are so absolutely deceitful that the common person viewing them can’t remotely recognize or realize if, then what is wrong with them.

In latest times, the concept of morphed images is not new and hence people started to rely more on videos. But with deepfake, altering videos is possible too. In fact the operator could even manipulate actions and what is being said in the video.


Like every other fad that social media and its users accept with open arms, deepfake videos have a strong probability of making significant trouble on platforms like WhatsApp and Facebook to name a few.

Another issue with these videos is the resolution they are available in. Most videos that are found on Facebook or WhatsApp are quite low on quality and hence it becomes all the more challenging to identify their bogusness.

These days political or any other kind of speeches of influential personalities are circulated generously across all of social media. With threat actors like deepfake videos, the ordinary speeches could be malformed to enflame the masses.

Sources mention that genuine looking fake porn videos could also be circulated online via deepfake. Especially the porn clips that are recorded through spy cameras can be effortlessly manipulated into any sort of personal or professional hazard.

The extremely effective notion of targeted adverting refers to placing information according to the needs of the audience. Deepfake videos open new avenues for negative targeted advertising and people who are looking forward to creating unrest in otherwise peaceful situations.

These videos are outstandingly dangerous because along with being imperceptible as fake they also hold the capacity to instigate populaces for a cause that may not even exist.

The investigating authorities completed a criminal investigation into the theft of data from Russian Railways employees. This was reported by the press service of the Investigative Committee of Russia.

According to the Committee, in June 2019, the accused, using illegally obtained accounts of two employees of Russian Railways and 96 unique IP addresses, was able to get to the internal website of the state company. There, he copied several hundred thousand photos and information of the Russian Railways management, as well as other employees of the organization. Later, he posted the data on one of the sites that have hosting in Germany.

Investigators were able to identify the computer genius. It turned out to be a 26-year-old IT specialist from Krasnodar, who admitted his guilt. It was possible to establish the identity of the attacker through joint work with the K department of the Ministry of Internal Affairs of Russia and the security service of Russian Railways. In December 2019, he was charged under the article "illegal receipt and disclosure of information constituting a trade secret".

The leak of data of Russian Railways employees became known in August 2019. They were published on the website infach[dot]me, which allowed users to anonymously publish personal data of other people. Among the data of Russian Railways employees published on the site were their names, phone numbers, positions, photos in the uniform and pictures of the insurance documents. The attackers added a note to the publication "Thank you to Russian Railways for the information provided by carefully handling the personal data of their employees". Later, the information was hidden.

Later, Ashot Hovhannisyan, the founder and technical Director of DeviceLock, a company specializing in preventing data leaks from corporate computers, said that unknown people had posted personal data of 703 thousand people for free access. He also suggested that the leak occurred from the database of the security service of the state company. According to the report for the first half of 2019, the number of employees of Russian Railways amounted to 732 thousand people.
After the leak, Russian Railways assured that the passenger data was not stolen.

With the rise of phishing attacks, business email compromise (BEC) campaigns and gift scams bring along with it the rise in the amount of money being lost.

Investigation by researchers at Agari, an email security enterprise, published in the cybersecurity organization's most recent 'Quarterly Fraud and Identity Deception' trends report – found that gift card cheats picked up footing especially during the end of 2019, accounting 62% of all BEC attacks, up from 56% during the previous quarter.

These attacks frequently include cybercriminals assuming control over business email accounts and utilizing a 'stolen identity' to email others in the association to demand the acquisition of gift cards. A common tactic is to act like somebody in the management requesting an employee to help them out – in light of the fact that by and large, the employee won't scrutinize a solicitation that is apparently coming from their boss.

The 'run-up' to the holiday season simply presented the criminals with the ideal chance to go ahead with their gift- card attacks, as they could easily do with the solicitation being framed as that for Christmas presents. The normal sum mentioned in gift-card attacks has risen somewhat to $1,627, with the base sum tending to come in at $250. In some progressively ambitious cases, cybercriminals have requested gift cards worth $10,000 to be transferred – by focusing on employees over different departments simultaneously.

Criminals are pulled in to BEC attacks since they end up being fruitful and they're easy to carry out. In any case, associations can go far to forestalling phishing and other email-based attacks from being successful by implementing additional security on accounts, very much like the multi-factor authentication, as well as human-level 'checks- and balances'.

As per, Crane Hassold, senior director of threat research at Agari, "Gift cards have become the preferred method of cashing out for a number of reasons. First, it makes everyone at any company the potential target of a BEC attack, not just the finance and HR departments. We've seen campaigns that have targeted 30-40 employees at a single company at one time in gift-card BEC scams,"

The value of the gift cards mentioned may show up small when considered individually, yet the total costs add up, particularly given how the attacks remain so fruitful and simple to cash out.

The most widely recognized solicitations are for gift cards for Google Play and eBay, very closely followed by Target, iTunes, and Walmart. Best Buy, Amazon, Steam and the Apple Store additionally make for some very well-known requests.

Scammers have a new target and this time its CoinDesk as they try to impersonate CoinDesk reporters and editors in the last few months, promising inclusion of projects in return for a fee.

At least two unique victims have paid hundreds of dollars in bitcoin and ether to these convicts and reached CoinDesk just subsequent to acknowledging that something wasn't right.

Thus CoinDesk makes it explicitly clear through an announcement that the news site doesn't, and will never, accept payment for coverage. They cautioned their users by informing them that in the event that they are being reached out by somebody professing to be one of CoinDesk's reporters on Telegram or LinkedIn, and that individual requests payment, then they should know that the account connecting to them is a fraud and should report it to the concerned social media platform right away, and to CoinDesk immediately, by emailing fraud@coindesk.com.

If possible, it would be ideal if the users could incorporate screenshots of what was written. On the off chance that the user has to affirm that they are, indeed, in contact with a CoinDesk staff member they are welcomed to at email news@coindesk.com.

Now that CoinDesk has been ensnared in various scams, they wish to clarify what is being done and how. Most of the victims are said to have received a Telegram message like this one:


This to and fro between the scammer and the news editor is generally well disposed and, in certain nations where associations regularly pay for news coverage, 'expected'.

The opportunity is straightforward and simple: Send the scammer $500 or so in bitcoin and get onto CoinDesk's front page.

There is typically some 'to and fro' and a portion of these scammers have come 'sophisticated' to the point that they are mocking CoinDesk email addresses to "confirm" their identities. One 'con-artist' even forged a CoinDesk editor's passport to "confirm" their identity.

Hence, CoinDesk advises its users that it's working with the new site's legal counsel and tech group to discover ways for impeding these impostors and in the meanwhile, requests the users to kindly verify the handles of the accounts contacting them.

The clients can likewise email the writer or the editor directly in the event that they have any inquiries.

The court issued a verdict on February 3 in the case of theft of fuel at Rosneft gas stations.
The court and investigation found that there were ten people in the hacker group, two women and eight men. They divided criminal roles, came up with a scheme using special equipment and software in order not to top up gasoline at gas stations.

Attackers stole at "Rosneft-Kubannefteprodukt" gas stations. They launched the equipment and modified the information on the computer, which gave them the opportunity not to top up the fuel to customers. They sold the surplus again and divided the profits.

The damage to Rosneft gas stations amounted to more than 1.7 million rubles ($27,000). Its size was calculated based on the price of spare parts that were damaged by attackers in the fuel dispensers.
A criminal case has been opened on the creation, use and distribution of malicious computer programs. The court found the defendants guilty. Depending on the role of each, they were assigned from 1.5 years to 4 years in prison with fines of 200 to 500 thousand rubles ($3,000-$8,000).

Earlier, EhackingNews reported that employees of the Ministry of Internal Affairs in the Khabarovsk region detained 13 employees of one of the companies engaged in retail and wholesale of petroleum products. The hackers introduced the virus into the control system of gas stations. This allowed hackers to steal part of the product purchased by customers.

It is worth noting that in 2018, the FSB found viruses in dozens of gas stations in the South of Russia that allow to not top up fuel. The creator and distributor of viruses was Russian hacker Denis Zaev. In August 2019, Zaev hid several times from law enforcement agencies and was on the Federal wanted list, and then hid on the territory of Georgia. In total, 24 defendants are involving in this criminal case.

According to the deputy head of the National Coordination Center for Computer Incidents of the FSB, Nikolai Murashov, encryption viruses decreased their activity last year and were replaced by malware. In particular, these programs have changed for crypto-jacking or hidden cryptocurrency mining.

Murashov noted that the software for hidden mining uses up to 80% of the free power of the device, and the user may not know about it. According to him, the seizure of server capacities of large organizations for the purpose of mining cryptocurrencies threatens to severely reduce their productivity and harm their main activities.

Murashov said that hackers attack not only large companies but also ordinary users, for example, by mining through a browser while visiting infected web pages. Browser companies have already begun to struggle with this problem. So, in April of last year, the Mozilla Firefox introduced protection against crypto-jacking.

In addition, the number of installations of shadow miners on computers of ordinary users has increased. Last year alone, more than 50,000 such incidents were recorded.

"The scope of activities of shadow miners expanded over the past year. Hackers started using new software that is difficult to track because of the special code structure. Some applications are developed specifically for government servers and gaining control over them. Programs use computing power for mining, but administrators can only notice this during a detailed audit," said Murashov.

In Russia, the most high-profile incident last year was an incident with miners who mined cryptocurrency on the computers of the nuclear center in Sarov. The attackers, who turned out to be employees of the organization, used the equipment for their own purposes for several years.

Companies around the world are being attacked by ransomware viruses and crypto-jacking. Recently, a cybersecurity company Proofpoint, reported that in 2019, more than half of all public and private organizations in the United States were subjected to virus attacks and phishing. In this regard, regulators are beginning to take decisive action.

Researchers simulated a real-looking “Industrial prototyping” organization with fake employees, PLCs, and websites to study the types of cyber-attacks that commonly on such networks.

The elaborately fake organization’s website and the network worked on a highly advanced interactive “honeypot” network that worked extensively on attracting the attention of potential hackers.

The plan was to create such a legitimate-looking network that no one could even doubt it's being phony and to accumulate serious information related to cyber-threats and attacks to study and analyze them.

Behind researching these threats and attack mechanisms the motive was to dig out the threats that the “Industrial control system” (ICS) sector faces today.

Per sources, the sham company specifically let some ports of its network be susceptible to attack and Voila! It got hit with the most cliché of attacks that any IT network faces, including, Ransomware, Malware, Remote Access Trojans (RAT), Crypto-jacking, Online fraud and the “botnet-style” malware which hit the network’s robotic workstation.

A couple of the attackers went as far as shutting the factory via the HMI, locking the screen and opening the “log view of the robot’s optical eye”.
While one of the few attackers of the more mischievous inclinations worked on tactics like circumventing the robotics system to shut the HMI application and ultimately powering down the entire system, the others started the company network back and shut the bogus conveyor belt and then shut the network back again.

Per sources, the fake factory network was constructed of real ICS hardware and an amalgamation of physical hosts and virtual devices, mainly a Siemens S7-1200 PLC, an Omron CP1L PLC and two Allen-Bradley Micrologix 1100 PLCs.

The researchers as bait also used the common exposed passwords on the internet for the network’s administrative security, which happens to be a very basic mistake in the ICS sector.

The PLCs were used to imitate real processes like controlling the burner, the conveyor belt and palletizer for piling pallets using robotic arms. The plant network had three VMs including an engineering workstation for programming, a robotics workstation and HMI for controlling the factory.

Allegedly, per reports, later on, the fake network also opened up Remote Desktop Protocol, EtherNet/IP, and Virtual Network Connection ports to lure in more attackers.

Another attack that the researchers found out which deeply exhausted the server’s capacity, was for crypto-currency mining unlike what they thought it to be.

Per reports, the network was also attacked with ransomware called “Crysis”, which kept the network down for around four days while negotiating which led to HMI being locked down and loss of visibility into the plant operations.

If only the network were real, this ransomware would have wreaked major havoc owing it to 4 entire days of no production. This clearly reflects the kind of jeopardy the ICS sector could face.

One of the researchers pretending to be a worker at the fake company emailed the attackers to return their files and also mentioned that how they were working for a very important client and wanted to immediately run the production back.

The ransom stopped at $6,000 in email-exchange which didn’t need to be paid given that they already had backups and therefore were able to re-construct their systems. Following this little incident, another ransomware which goes by the name of “Phobos” tried to binge on the network.

And then came the attacker with quite a sense of humor. With a data destruction attack disguised as ransomware, the attacker renamed the network’s ABB Robotics folder. And when they didn’t agree to pay the ransom the attacker wrote a script that made browsers to porn sites appear whenever the network was started.

Hence, pretty evidently, in addition to never letting VNCs open without passcodes and reusing passwords across different systems, the researchers say, that this fake “Network” had everything that must NOT be done to keep the ICS sector safe and secure.