The most popular social networks and messengers for hacking attempts are VKontakte (VK), Instagram, Telegram and WhatsApp, while the price can vary from $10 to $2,300. This is stated in a study conducted by Bi.Zone.

"We analyzed ads on the darknet from May 2020 to August 2021. In different months, the cost of hacking varied dramatically. This could be due to a situation where some sellers are not actually providing a service but are simply scamming people. They are the ones who can actively dump on the market. Real hackers set their prices based on the time spent. Sometimes they can search for a password in a leak which will significantly reduce the search price. If there is an insider attacker from the developer company, then most likely the high price will be due to the usual risk for the criminal", said Evgeniy Voloshin, director of BI.ZONE expert services block.

The analysis showed that the price of the offer to hack an account in VK varies from $10 to $160. Scammers most often offer to hack this social network.

According to experts, the social network Instagram remains in second place in popularity among hackers. The scammers estimate the cost of their services at $540.

Among messengers, Telegram and WhatsApp hacking offers are leading in popularity. For violating the privacy of these applications, scammers charge from $410 to $2,300 and from $270 to $1,770.

Hacking a personal mailbox, according to analysts, remains another popular service among scammers, the cost of which ranges from $40 to $1,500, respectively.

Voloshin recommends using long passphrases, password managers and a two-factor authentication system to avoid hacking personal accounts. Also, in his opinion, it is important not to store data in cloud services and not to send it in messengers, connecting to an unknown Wi-Fi source.

Since the beginning of the year, Kaspersky Lab has detected more than 1,500 fraudulent resources around the world aimed at potential crypto investors or users who are interested in mining cryptocurrency

Specialists of the Kaspersky Lab antivirus company warned about an increase in the volume of fraud, the potential victims of which may be crypto investors. Since the beginning of 2021, experts have identified more than 1,500 such fraudulent resources.

In addition, Kaspersky reported on its success: this year the company blocked more than 70 thousand attempts of users to go to fraudulent sites.

Criminals create phishing pages whose task is to steal private keys that allow access to all digital assets and crypto-wallets. Such web resources are usually located in popular domain zones like .com, .net, .org, .info or in cheap zones — .site, .xyz, .online, .top, .club, .live.

Kaspersky Lab noted the high level of detail of malicious sites. As an example, experts cite the loading of real data from existing cryptocurrency exchanges. This is easily explained by the higher level of technical knowledge that people interested in investing in digital currencies must have. Attackers understand this and try to improve their techniques.

Also, scammers often send notifications about fictitious sales of video cards and other digital currency mining equipment. In this case, the victim is persuaded to buy the hardware, which requires an advance payment.

As noted by experts, the topic of investing in cryptocurrencies is willingly used by cybercriminals in conjunction with the names of famous people. For example, people in the U.S. have recently lost several million dollars by being "hooked" on a scheme with the name of Elon Musk. Investors were promised a generous return on investment on behalf of the head of SpaceX.

According to the InfoWatch expert, the first wave of interest in cryptocurrencies in Russia began in 2016-2017. At the same time, fraudulent schemes aimed at deceiving people who were just beginning to get interested in digital assets, mining and blockchain platforms, as well as at deceiving the first investors became widespread.

Experts warn that scammers have begun to hack the accounts of citizens on the site of state services and using them to take loans and microloans.

"This is already a serious problem, and in the near future, it will only get worse. Hacking an account, password matching or data leakage can lead to an attacker gaining access to an account on the Public Services Portal and, of course, trying to monetize this access," said Vladimir Ulyanov, head of the Zecurion analytical center.

According to the expert, it is possible to increase the level of protection by enabling two-factor authentication of logging into the personal account, as well as setting your own complex password. However, it will not help to be completely safe from fraudsters.

Anatoly Lebedev, Deputy Head of the Department of Information Security at Bauman Moscow State Technical University, also warned about the high risk of fraudulent actions with loans and microloans, which were taken through a profile on the Public Services Portal. Mr. Lebedev also noted that online services today, although convenient, are not safe.

Dmitry Morozov, Development Director of 3DiVi Inc, said that he was not aware of the facts of hacking profiles on the Public Services Portal, but allowed such a possibility. He hopes that biometrics, such as FaceID or retinal scans, can improve account security.

Messages about the hacking of personal accounts in public services began to appear on social networks in July. Users reported that the criminals changed the phone number linked to Public Services Portal, e-mail and sent applications for loans and microloans on behalf of the user.

Earlier E Hacking News reported that details of passport, social security number and employment data of 2.24 million Russian citizens from the Public Services Portal were publicly available. The error occurred due to the illiteracy of developers and inaccuracies in the legislation.

The administration of RSNet (Russian State Network) recommended not to open letters from unknown senders, not to click on links from emails of legitimate users of the RSNet, including from the administration of the RSNet, and also not to open attachment files contained in such emails.

According to Andrey Kovtun, the head of the mail threat protection group at Kaspersky Lab, scammers set up phishing mailings allegedly from a domain gov.ru. He explained that the attackers use a fake sender's address webmaster@gov.ru.

"Such attacks are usually more complicated than mass attacks, even the real names and phone numbers of employees of the organization can be used," added the expert.

In turn, Alexey Drozd, the head of the information security department of SearchInform, warned against using links from emails even from legitimate users because of the possibility of hacking their accounts.

The expert also noted that recently, scammers sent phishing emails allegedly from the tax authorities.

"People trust domains that look like government domains. In addition, if any letter comes from a government agency, we consider it important," he added.

Earlier, the Ministry of Internal Affairs of Russia reported on the arrest of a group that published ads for the sale of real estate and premium cars and stole money from the accounts of Russians. The attackers asked potential buyers to confirm their solvency by transferring a certain amount to friends or relatives through certain payment systems, and then to provide the potential seller with a receipt for a financial transaction.

Thus, the attackers found out the personal data of the recipients of the transfers and made fake passports in their names, with which they visited credit and financial organizations and withdrew money from the accounts of citizens.

Group-IB, an international company specializing in preventing cyberattacks and investigating high-tech crimes, revealed a distributed network of 134 fraudulent sites imitating the World Health Organization (WHO). The attackers promised users a reward for taking a fake Health Awareness Day survey.

"However, instead of the promised €200, users were redirected to dating sites, paid subscriptions or fraudulent resources," the report said.

It is noted that in early April, the UN International Computing Center (UNICC) alerted Group-IB about a fake website using the WHO brand.

"After answering simple questions, the user was offered to share the link to the survey with his friends and colleagues in his WhatsApp contact base. Group-IB researchers found that when a victim clicked the "Share" button and unknowingly involved their friends in the scam, instead of the promised reward they were redirected to third-party scams offering to participate in another raffle, install a browser extension or sign up for paid services. In the worst case users could end up on a malicious or phishing site," explains the company.

During the investigation, the Group-IB Digital Risk Protection team uncovered a complex distributed fraud infrastructure that included a network of 134 virtually identical linked domains that hosted World Health Day-themed pages. Group-IB blocked all fraudulent domains within 48 hours of detection, after which the fraudsters completely stopped using the WHO brand on their network.

Further investigation revealed that all of these domains identified and blocked by Group-IB were part of a larger network controlled by a group of scammers codenamed DarkPath Scammers. Fake resources created under the WHO were linked to at least 500 other fraud and phishing resources mimicking more than 50 international brands from the food, sports gear, e-commerce, software, energy and auto industries.

Kaspersky Lab, which specializes in developing systems to protect against cyber threats, reported a fraudulent mailing on behalf of The Federal Service for Supervision of Communications, Information Technology and Mass Media (Roskomnadzor), which has become widespread in Russia

In April, Kaspersky Lab uncovered a series of cyber attacks on system administrators of sites in Russia. By April 23, the company detected about 4 thousand emails containing fraudulent messages sent to more than 2 thousand e-mail addresses. The mailing peaked on April 16-17, but the messages are still coming in.

The purpose of the cyber attack is to infect web resources managed by sysadmins and gain access to the site management. If successful, hackers will be able to create pages, post any information and download files.

Under the guise of a regulatory authority, intruders are sending fraudulent notifications about the need to confirm the fact of domain name management.

The letter contains instructions according to which it is necessary to create a file with specified content in the root directory of the site. In reality, the sysadmin runs a Trojan program with his own hands to remotely control the victim's computer.

"To confirm that you have the actual ability to manage the domain name, create a file (with the .php extension) in the root directory of the site", says the text of the fraud letter.

"In order not to give the recipient time to suspect something wrong, he was required to execute the instruction in a short time - within three days", said Alexander Liskin, head of Kaspersky Lab's antivirus research laboratory.

"Site administrators are often subjected to attacks, for example, hackers extorted money from them by sending fake notifications about the approaching deadline for completing the site lease. But this time the goal of the attack is to gain access to site management. Attackers are doing everything to convince recipients that the letter is authentic: the sender is listed as a regulatory agency and an appropriate emblem is added to enhance the effect", said Liskin.

The expert recommended remaining vigilant when receiving messages from unknown senders in emails and messengers and to double-check the information supposedly from official bodies. It is still unknown who was behind the attack, the company's specialists are investigating the cyberattack.

 The owners of the Telegram channels noted that scammers under the guise of advertising offers send malicious files.

" In particular, they can be represented by advertising managers of the GeekBrains educational platform", Nikita Mogutin, the co-founder of the Telegram channel Baza (more than 310,000 subscribers), wrote on Facebook. Owner of the Telegram channel Madonna (more than 9500 subscribers) Madonna Moore said that five scammers write to her a day. She also published the text of correspondence with a person who introduced himself as a representative of GeekBrains. 

GeekBrains has received many complaints about fraud on behalf of the company and has already sent out warnings to agencies and bloggers, said Elena Toropina, head of the company's marketing department. In her opinion, the attack on the channels is connected with the growth of the online education industry, which spends a lot of money on advertising.

Kaspersky Lab reported that the attachments sent by the attackers contain a Trojan virus. 

"If the victim runs the file, a program will be installed on the computer that will steal the accounts stored on it and provide fraudsters with hidden remote control of the Telegram channel", told Yaroslav Kargalev, deputy head of the Group-IB incident response center. According to him, scammers can also change the phone number in the channel's account to get full control over it.

Most often, channel theft is needed to publish links to malicious resources in the Telegram channel or to get a ransom, said Sergey Trukhachev, head of the special services unit of Infosecurity a Softline Company.

"The increase in the activity of scammers may be associated with the influx of new users to Telegram", noted Kargalev.

Telegram downloads have increased dramatically as WhatsApp has added a clause to its rules that allows users to share their personal data with Facebook. Moreover, the growing popularity of Telegram is due to the fact that supporters of Donald Trump, who was blocked in many social networks, have "flowed" there.

Telegram founder Pavel Durov called the sharp increase in the number of new users "the largest digital migration" in human history. In the first week of January, Telegram's monthly audience overcame the mark of 500 million active users.

Earlier, E Hacking News reported that Pavel Durov advised users to remove WhatsApp from smartphones. He called the WhatsApp application unsafe.

The Russian-language Darknet site sells a program that allows you to distribute spam messages bypassing traffic and email protection tools. The program uses a function in the IMAP protocol

A new tool for spammers is actively being sold on the Darknet, which allows you to bypass the standard protection of e-mail accounts. By exploiting a feature in the Internet Message Access Protocol (IMAP), attackers upload the messages they need directly into the mailboxes of victims.

To trigger the attack, it is necessary that the attackers already have access to the victim's account. The Email Appender malware has been actively promoted on Russian-language hacker forums since the fall of 2020.

The author offers to use the program through a subscription — $50 for one day, $300 for a week or $1000 per month. This is very expensive, but judging by the latest campaigns, the demand for this service is very high.

Experts of the information security company Vade Security indicate that companies in Italy, France, Denmark and the United States have already been subjected to full-scale attacks by spammers using Email Appender. One of the affected organizations claims that it received 300 thousand spam messages in one day and was forced to spend very substantial resources to disable compromised accounts or change usernames and passwords.

Databases of usernames and passwords to mail are actively sold out on hacker forums. According to Gemini Advisory, an attacker can upload such a database to Email Appender, after which the program will try to connect to accounts that match pairs of usernames and passwords via IMAP. Next, it remains to use the IMAP function, which allows hackers to upload ready-made mail messages to the mailbox.

"There are a number of ways to block such spam campaigns, but the main one is to regularly change passwords and not use the same combination (or similar to it) more than once," said Alexey Vodiasov, technical Director of the company SEC Consult Services.

In addition, according to Vodiasov, two-factor authorization is effective, so that even a compromised account cannot be connected without attracting the attention of its rightful owner.

The expert added that it is also possible to enable notifications of cases of logging into an account from unusual IP addresses. Mail systems are quite capable of doing this.

In autumn, experts recorded mass registration of domain names with the names of well-known brands in the .RU zone

Specialists at Infosecurity, a Softline company, recorded mass domain registration in Runet with the name of well-known brands and the ending –off, which can be used for sales.

As an example, the company cited the domain names familiya-off.ru, detskiy-mir-off.ru, tele2-off.ru, rosneft-off.ru and citilink-off.ru. According to the head of the Infosecurity special server Sergey Trukhachev, on October 20, the Ethic threat detection service detected the registration of 192 such domains. All of them are registered through the same Russian structure with servers at ISPIRIA Networks Ltd, located in Belize (Central America). As Trukhachev noted, the company is often used for hosting malicious sites.

At the end of September, the appearance of hundreds of similar domains in Runet was noticed by SearchInform. According to Alexey Drodd, head of the company's information security department, it’s about very diverse brands (furniture companies, clothing stores, jewelry stores, mobile retail).

According to Kirill Kirillov, co-founder of BrandMonitor, domains with the names of major brands are registered every day, and the earnings of scammers depend on the method of monetization. For example, according to Kirillov, counterfeit dealers can earn 3-10 million rubles ($39,000 - $117,000) annually.

Such a site can be blocked in a day if it is obvious that it is phishing or distributes malicious software. There are also cases when it is technically impossible to block access to a resource: if their servers are located in a country where hosting providers do not block sites (for example, in Belize).

The companies surveyed said they monitor domain registrations with similar names and fight them when signs of fraud appear.

A malicious program that steals passwords was sent out in mid-September by scammers in letters claiming to be from the rector of Moscow State University. The recipients were financial, industrial, and government organizations in Russia.

The mailing, as noted in the company Group-IB, was held in the period from 9 to 16 September.

"In the letter, the attackers, on behalf of rector Viktor Sadovnichy, ask recipients to read the attached document “ A description of the budget for 2020” and promptly send their commercial offer,” reported the company's press service.

The texts of the letters are illiterate and contain stylistic errors. In addition, the order of words and sentences indicates that fraudsters use an automatic translation program. The authors of the letter were too lazy to change or check all the links in the template before sending them out. Probably, similar attacks have already been carried out on behalf of other universities, most likely foreign ones.

The addresses of Moscow State University were indicated as the sender in the letters. In fact, the correspondence was sent from the hacked mail server of the Hotel Alfonso V in the Portuguese city of Aveiro. The hotel has already been notified of the break-in.

All the scammers’ emails contained an archive called "Request for a commercial offer" with an executable .exe file inside. After it was launched, a malicious program was installed on the user's device that could steal usernames and passwords.

"In the future, hackers can use them to gain access to email accounts or crypto wallets, for financial fraud, espionage, or sell stolen data on hacker forums,” said Group — IB.

According to Vasily Kuzmin, Deputy head of the information technology department of Moscow State University, neither the rector nor the University administration ever send letters with such content.

Experts of the company Group-IB, specializing in the prevention of cyberattacks, together with the Federal Tax Service (FTS), identified the activity of fraudsters in the Network. Criminals send emails to legal entities and state institutions allegedly on behalf of the tax authorities.

All emails of attackers looked the same. They said that the recipient must appear at the Federal Tax Service to "give evidence about the flow of funds”. Before visiting the institution, the recipient of the letter was required to fill out a special form, which was attached in the letter as an archive with a password. The password was also attached in the email. This scheme allowed bypassing antivirus protection. When the archive was opened, a program for remote access to it was installed on the user's computer.

"The Federal Tax Service of Russia does not send letters to taxpayers about the existence of debt and offers to pay the debt online,” reported the press service of the FTS.

The mailing started at the end of July and continues to this day. Emails are sent to employees of oil and mining companies, airports, Telecom operators, and other organizations.

Experts are discussing the possibility of introducing a new article "Tax fraud” into the criminal code of the Russian Federation.

Moreover, according to Igor Bederov, General Director of the Internet Search company, in total, there are more than 1 million fake websites in Russia, up to 1 million messages are sent per day. He added that the share of phishing messages today can be up to 10% of the total volume of e-mail messages.

It is difficult to calculate the total amount of damage to organizations caused by phishing attacks, but one such successful attack can cost an average of 2,000 to 50,000 rubles ($27-680).

Earlier, E Hacking News reported that Kaspersky Lab experts described a discovered method of corporate phishing. Phishing attacks claiming to be from HR steals bank employees credentials.