Search This Blog

Showing posts with label Phishing and Spam. Show all posts

Why Hackers are Taking Advantage of COVID-19?


Cybersecurity threats have seen a massive upsurge since the outbreak of the COVID-19 pandemic that forced a majority of people to work from home which now is leading to attacks on remote workforces. Amid the anxiety it created, hackers have devised multiple ways to take advantage of the coronavirus and continued to exploit the fear amongst people in a number of ways, one being the distribution malware in the facade of Covid-19 or Corona related emails.

The threat posed by the Coronavirus has been seen to be scaling beyond human health, job losses and the collapsing global economy as it also set the stage for hackers to scam people for monetary and other gains. The urgency revolving around the novel biological virus robbed tech vendors and corporate systems of their ability to effectively tackle the risks. Scammers are well aware of the overwhelmed state of cybersecurity groups that led to a dramatic rise in phishing attempts and cyberattacks. Notably, hackers are exploiting the Covid-19 charged environment in various ways such as malicious infiltration of organizations, voice phishing, WhatsApp phishing, email phishing, social media, fake apps, and websites. As per the warnings given by WHO, criminals are also acting as WHO officials in order to scam people for financial gains or sensitive data.

Problems Arising with Security Operation Centers (SOC)? 

Security Operation Center is a centralized function set up across a company's IT infrastructure. The objective of the security operation team here is to detect and then respond to cybersecurity risks in order to safeguard important assets such as business systems, employee data, and intellectual property. Upon detecting a confirm threat, the SOC immediately isolates endpoints in an attempt to terminate harmful actions such as execution or deletion. It does do while ensuring no disruption is faced by the business continuity or lessening the impact to the best of its ability.

However, as the process of strengthening an organization's security requires sophisticated infrastructure (SIEM system), coordinated efforts and continuous monitoring by people and technology-with limited staff and people made to work from home, it has become difficult to prevent, detect, analyze and respond to cybersecurity incidents.

The SOC relies upon cybersecurity tools whose operations require complete understanding and expertise making the overall workflow complex, therefore the prevention and security can not take place whilst being at home.

Adverse Impact on IT Sector

IT sector is the lifeline of almost every global economy, it plays a vital role in the functioning of nearly every other major sector including human resources, manufacturing, finance, security, and health care. It's a well-known fact how heavily IT organizations rely on manpower to function, however, due to the lockdowns, quarantine periods and stringent curbs in the movement of people, many businesses are being shut down as the global supply chains of manufacturing are being heavily disrupted. IT professionals are not able to deliver on the projects, as a result of which production dropped by a significant margin and is expected to drop even further.

The coronavirus situation worsens with the security vendors not being paid timely and as a result of halted work, gates are being left unmanned providing potential hackers with an opening. Companies are advised to stay prepared for security breaches and individuals should consider sticking to strong passwords and keeping their systems updated as the number of scams is expected to rise amid the tremendous uncertainty of the crisis.

Group-IB informed about the distribution of fake news about 20 thousand coronaviruses infected in Moscow


A fake audio recording appeared on the Internet, where the girl reports about 20 thousand cases of coronavirus COVID-19 in Moscow and asks to spread this information as much as possible. This was announced on March 2 by the Chairman of the Commission of the Public Chamber of the Russian Federation for the development of the information community, Alexander Malkevich.

Group-IB's cyberattack prevention team urge not to trust information from unconfirmed sources.
This information is distributed in the social networks Vkontakte and Facebook from different users but in identical formulations. The audience that took this news seriously became mainly female groups in messengers at kindergartens and schools. Group-IB specialists recorded more than 9500 publications with this news and started searching for performers and customers of this information attack.

This is not the first time such fake news about the coronavirus has appeared since the beginning of 2020. In some regions of Russia, rumors spread that "because of the high level of danger, the whole family had to leave the city", "official sources report hundreds of deaths". Moreover, fakes about coronavirus are spread not only in Russia but also around the world. In particular, more than 40 media reported false information that the Pope became infected with the coronavirus.

According to experts, information about 20 thousand cases in Moscow may be the result of the work of the information forces of Ukraine.

In addition, information security experts of Group-IB have already identified the fact of artificial distribution of voice messages.

Official authorities have repeatedly noted that only a few cases of coronavirus infection have been confirmed throughout Russia: two in Chinese citizens, as well as three Russians evacuated to Kazan from the Diamond Princess liner.

Group-IB spottted new fake messages about the coronavirus during the day


Group-IB, a company that specializes in preventing cyberattacks has revealed new fake messages about the spread of coronavirus over the past day.

Company Group-IB reported that information about accounts spreading fakes about the coronavirus was transmitted to law enforcement agencies.

"The data obtained by Group-IB specialists about the accounts involved in the distribution of fake audio messages about the coronavirus was transmitted to law enforcement agencies. The bots were focused on the active distribution of a specific fake, although some bots were registered a couple of years ago with the same creation date," reported press service of the company.

In addition, Group-IB experts have identified new fake messages about the coronavirus over the past day and warned that there is still a possibility of new fakes. "It is important to use information from trusted sources and be critical of rumors and possible misinformation," added the press service said.
Group-IB works closely with the administration of social networks, including Facebook and VKontakte, and with forum moderators to remove misinformation about the spread of a new type of coronavirus.

Group-IB launched an investigation into the spread of information about a large-scale infection of Moscow residents with coronavirus in early March. By March 2, the company's experts had recorded 9500 posts, reposts, and publications that broadcast fake news about allegedly 20,000 sick Russians.
On March 4, Roskomnadzor began blocking access to resources that spread fake information about the coronavirus in Russia. The Agency has already entered several messages in social networks in the register of information prohibited in Russia at the request of the Prosecutor General's office.

It is worth noting that Russian President Vladimir Putin at a meeting with the government said that false reports of coronavirus in Russia are spread from abroad. According to Putin, in fact, nothing critical in terms of the coronavirus is happening.

According to Putin, "the purpose of such fakes is clear - to spread panic among the public", and this can only be countered by timely and reliable information of the country's citizens.

The official representative of the Russian Foreign Ministry responded to the US accusations about Russian fakes about the coronavirus


Russian Foreign Ministry spokeswoman Maria Zakharova commented on the US statement that Russia is spreading fakes about the coronavirus. The diplomat called such accusations "deliberate stuffing".

Earlier, the Straits Times reported that the US State Department suspected Russia of spreading fakes about the coronavirus. U.S. officials said that thousands of Russian-related accounts have spread false information about the disease on social networks, undermining global efforts to fight the epidemic. In addition, such users promote the idea that the US government is behind the COVID-2019 epidemic, thus damaging the country's reputation, according to the State Department.

According to media reports, the State Department intends to deal with fake accounts on Twitter, Facebook and Instagram.

The First Deputy Chairman of the State Duma Committee on International Affairs Dmitry Novikov said that there are different accounts on the network, including those that are trying to gain subscribers at any cost. Also, a politician did not rule out US involvement in the coronavirus epidemic in China. The politician noted that Washington has succeeded in creating biological weapons.

He also said that everything secret becomes clear sooner or later, and today's assumptions may be confirmed in the future.

Andrey Suzdaltsev, Deputy Dean of the faculty of World Economics and World Politics at the Higher School of Economics, explained the US accusations of disinformation against Russia as attempts to take a convenient media position.

At the same time, he called the evidence base, which is supposed to confirm Russia's guilt in disinformation, strange. He said that the statement saying that some millions of user accounts in social networks were specifically sponsored by the Kremlin for an information war against the White House, is unfounded.

At the same time, the very accusations against Russia indicate that Moscow is perceived as a threat in the West, the expert concluded.

Security Experts warn about threats before Black Friday


Experts of the antivirus company Kaspersky Lab reported that in the discount season, also known as Black Friday, the number of threats from cyber fraudsters has grown significantly.

"According to Kaspersky Lab, the number of phishing threats related to Black Friday has increased significantly over the past two weeks. On the eve of big sales and the upcoming holiday shopping season, cybercriminals are increasingly trying to attack users who prefer to shop online," said the antivirus company.

So, in the period from 18 to 24 November, the company recorded almost twice as many fraudulent resources, compared to the previous week.

The number of phishing attacks on online stores has also increased.“This growth is especially noticeable in Russia: if approximately every 20th phishing attack was sent to the e-commerce section in Runet two weeks ago, last week phishers tried to attack Russian online stores in every 11th case,” concluded company.

As Kaspersky Lab content analyst Tatyana Sidorina noted, an increase in the percentage of phishing attacks is also expected in the upcoming New Year's sales. In addition, there are about 12% more such attacks in the fourth quarter than at other times of the year.

It is interesting to note that earlier, Roskomnadzor warned about the appearance on the eve of Black Friday fraudulent sites that illegally collect personal data under the guise of sales.

"Roskomnadzor experts note that the main purpose of collecting such data (name, phone number, email address, bank details, etc.) is to use them later as spammer databases and to steal bank card data,” stated the regulator.

To avoid identity theft, Roskomnadzor recommends checking the originality of the domain of the online store and checking the presence of an SSL certificate. If the site address begins with http://, and not with https://, this is a reason to doubt the originality of the page.

Cyber Criminals Stealing Customer Data By Tricking Bank Employees


Kaspersky Lab experts described a recently discovered method of corporate phishing. Attackers send an employee or organization email inviting them to pass an assessment of knowledge and skills on the fake HR portal. To do this, the victim is asked to log in to the site using a working username and password. The potential victim has the impression that it is a mandatory procedure, for the successful passage of which he will receive a monetary reward.

According to the senior content analyst of Kaspersky Lab Tatyana Shcherbakova, in this way, fraudsters get access to corporate mail, which may contain personal data of customers.

Employees of large banks are regularly trained, tested and certified, so they can take a fake invitation for a real one. For this reason, the new phishing method threatens to take on a massive scale.

According to analyst Anton Bykov, at the moment several thousand corporate accounts could already be hacked.

Sergey Terekhov, director of the Technoserv information security competence center, noted that in this case, the employees of the credit departments of banks, in whose mailbox client profiles are stored, are in the risk zone.

At the same time, Denis Kamzeev, head of the information security department of Raiffeisenbank, stressed that all emails in the financial institution are checked through anti-spam and anti-virus and blocked in case of suspicion.

VTB, in turn, said that they delimit access to customer information for employees and keep records of employees who have access to confidential information.

Arseniy Shcheltsin, CEO of Digital Platforms, noted that this type of social engineering is tied directly to a person, not to technology. "Therefore, regardless of security systems, a person can always give a login and password from the mail to attackers."

Cybercrime goes out of control in India



Phishing, data theft, identity theft, online lottery, cyber attacks, job frauds, banking frauds, cyberbullying, online blackmailing, morphing, revenge porn, cyber hacking, child pornography, cyber grooming, cyberstalking, data diddling, software piracy, online radicalisation — the dark web of cybercrimes is spreading across the world and India is one of the hotspots of this digital crime.

With increasing mobile coverage and cheaper data, more and more Indians now access the internet even while on the move. This has exposed unsuspecting ones to fall prey to online fraudsters. Many become victims of sexual exploitation after being made to share personal details while some others use the new media like WhatsApp to spread fake news to create trouble for political and other gains. There have been several lynching incidents in the country in the past couple of years after fake messages about child lifting and cow slaughter were spread through social media.

In spite of an alarming rise in cybercrime in the country, the most recent Government statistics available on this is from 2016. Cybercrimes touched 12,317 cases in 2016 which was an increase from 9,622 reported in 2014. The National Crimes Record Bureau is yet to release the statistics for 2017 and 2018.

The data available is just a tip of the iceberg and the numbers might be much more, says a senior government official. “Many even do not report loss of money or honour out of shame. Many cannot even tell their families that they have lost money in online frauds,” the official said.

Officials say the problem is that common people are not aware of the risks involved while dealing with the internet. Many are unaware, they say, and exercise no caution while using the net. They click unwanted links, unknowingly give the cyber fraudster their personal details and get cheated.

Beware of new phishing scam that’s attacking Google Calendar

No matter which corner of the internet you visit, you'll find scammers trying to take advantage of you. You may already know to be skeptical of emails, Facebook posts, and dating profiles that seem too good to be true. And some times they even try to take control of our data - primarily the financial data - using the alleged calls from customer care executives. Quite frankly, no one is immune to receiving such unsolicited messages or emails. But thanks to their popularity, everyone knows the drill to safeguard themselves. Just don't click on suspicious emails or links and don't reveal your financial information to anyone and you are good to go. You know this. I know this and even scammers know this. And so now, reports are that there's a new type of security threat that targets your Google Calendar.

Scammers are using Google Calendar and other calendar apps to target innocent users in a new type of phishing scam, according to a global security firm.

Findings from the threat intelligence firm Kaspersky show there's been a recent wave of scam artists using hyperlink-embedded events to gain access to people's sensitive information. They start by spamming Google Calendar users with seemingly benign calendar invites. Anyone can accept the invitations, but the real targets are users with the default setting that automatically adds every event they're invited to to their Google Calendar. Once it's been added, Google sends notifications related to the event, making it seem more trustworthy.

The scam is thought to have happened throughout May this year.

The fake invitations contained a malicious website link that encouraged users to input their personal details, often in the form of a simple questionnaire that promised the chance to win money or other prizes if completed.

Kaspersky researchers say that users can safeguard themselves by turning off the automatic adding of invites to your Google Calendar app.

Former Head of a Country as a Brand of Malware?




It is unusual for sure as it so occurred interestingly in the historical backdrop of Ransomware swarming the home systems of the users that the face of a former Leader of a nation was taken up as the brand of a malware.

Truly, first tweeted by the MalwareHunterTeam, this ransomware has the peculiar title of,

"Barack Obama's Everlasting Blue Blackmail Virus"

This Windows-based malware is distributed through spam and phishing efforts with the aim to initially examine an infected system for processes related with antivirus solutions.Whenever executed, this ransomware is capable of terminating different procedures related with antivirus programming, for example, Kaspersky, McAfee, and Rising Antivirus.

The Obama ransomware then scans for documents ending with .EXE, before encoding them. It’s done as such that the registry keys related with the executable records are likewise influenced which thusly helps for instigating the virus each time an .EXE document is introduced and launched.

The message in the ransomware interface is shown alongside a picture of the previous US President Obama which states that users should contact the attacker at the mail 2200287831@qq.com for payment related directions.

Hello, your computer is encrypted by me! Yeah, that means your EXE file isn't open! Because I encrypted it.
So you can decrypt it, but you have to tip it. This is a big thing. You can email this email: 2200287831@qq.com gets more information.

The Ransomware more often than not encodes content, like documents and media to force victims to pay a blackmail 'expense' to recover their records and files and is distinguished by 45 out of 68 antivirus solutions, as indicated by VirusTotal, a virus scanning service.

Cybersecurity firms however prescribe for the affected users to not surrender in and pay if their system is infected with ransomware and for that they have even begun releasing free decoding keys consistently.