Category Archives: PHISHING SCAMS

How Mr.Google has kept 85K of their employees from getting phished since 2017

Physical security keys in place of passwords have proven effective for Google and other large sites.

Google has successfully kept more than 85,000 employees from getting phished on their work-related accounts since way back to 2017. According to reporting from KrebsOnSecurity, physical security keys are to thank for these successes.

Security keys are physical USB-based devices that can be used as an alternative to the standard two-factor authentication (2FA) process.

SEE: Information security policy (Tech Pro Research)

A 2FA process is meant to ensure that if a thief steals a user’s password, they aren’t able to access the user’s account because they don’t have an additional factor (e.g., the user’s mobile device) needed to complete the login process.

The security key process proves more secure. According to the report, security keys function on a multi-factor authentication known as Universal 2nd Factor (U2F). The key allows the user to log in by inserting the USB device and pushing a button on the device, which means that without the physical key, a malicious actor cannot successfully log in as the employee. This doesn’t mean that Google employees haven’t possibly clicked on a malicious link in an email, for example, but that the phishing attempt didn’t successfully exfiltrate any company data.

In addition to Google, many other high-profile sites including Facebook, GitHub, and Dropbox are supporting similar U2F processes, according to the report. U2F is currently supported by Google Chrome, Mozilla Firefox, and Opera. However, the report noted that U2F is not enabled by default in Firefox.

SEE: Phishing attacks: A guide for IT pros (free PDF) (TechRepublic)

Software giants Microsoft and Apple have yet to roll out support for U2F browsers, but Microsoft said its upcoming Edge browser will support U2F later this year, according to the KrebsOnSecurity report. Apple hasn’t announced any plans yet on whether or not its standard Safari browser will support U2F.

Until a U2F system is commonplace and supported by all sites, users can protect themselves from phishing attacks by following these 10 tips from TechRepublic’s Brien Posey.

The big takeaways for tech leaders:

  • Google successfully protected its 85,000 employees from getting phished on their work accounts by utilizing physical security keys as part of a 2FA strategy.
  • U2F processes could become commonplace within the next few years as large companies are beginning to adopt the security measure that U2F processes offer.

www.scamsfakes.com

Henry Sapiecha

Hackers steal around $400M from Cryptocurrency System ICOs

ICOs are risky, possibly quite lucrative, and also a top target for threat actors looking to cash in.

Anti piracy button onĀ  keyboard.

Cyberattackers have managed to line their pockets with almost $400 million in cryptocurrency by targeting ICOs, a new report states.

According to a new research report (.PDF) by Ernst & Young, over 10 percent of all funds changing hands during these events have been lost or stolen.

This equates to roughly $400 million in cryptocurrency from $3.7 billion in funding between 2015 and 2017.

Initial Coin Offerings (ICOs), or token sale events, have garnered the interest of investors in recent years. The events are an opportunity to fund cryptocurrency or Blockchain-related projects and companies and can prove lucrative in the long term

ICOs have been popular enough to outstrip venture capital investments in Blockchain projects in recent years, despite the potential risks.

These events may be of interest to investors, but they are also a red flag for threat actors looking to cash in fraudulently.

Ethereum marketplace Enigma was gearing up for its ICO when a phishing campaign scammed $500,000 out of investors, while ICOs launched by CoinDash, Veritaserum, and EtherParty were all compromised by attackers a year ago.

These are only the most high-profile names to be targeted through ICOs, however, as the report found a total of 372 ICOs have been attacked in the last two years.

Hackers have been able to steal an average of $1.5 million per month through ICOs, and the report suggests that attackers “are attracted by the rush, absence of a centralized authority, blockchain transaction irreversibility and information chaos” of such events.

“Project founders focus on attracting investors and security is often not prioritized,” the report says. “Hackers successfully take advantage — the more hyped and large-scale the ICO, the more attractive it is for attacks.”

The most common attacks are the substitution of wallet addresses at the time of the event — as we saw with CoinDash — the unauthorized access of private keys and the theft of funds from both wallets and exchanges.

The most common attack vector is phishing, then also by Distributed Denial-of-Service (DDoS) attacks, direct website compromise, employee attacks, and exchange hacking.

Calls have been made for more regulation and tighter security surrounding ICOs, with regulators worldwide now thrashing out methods to legislate these events and protect investor funds.

“As ICOs continue to gain popularity and leading players emerge globally, there is a risk of having the market swamped with quantity over quality of investments,” said Paul Brody, EY Global Innovation Blockchain Leader. “These high-risk investments and the complexity of ICOs need to be managed to ensure their credibility as a means of raising capital for companies, entrepreneurs and investors alike.”

Read also: Venezuela asks other countries to adopt oil-backed cryptocurrency

On Monday, US Securities and Exchange Commission (SEC) regulator Jay Clayton warned businesses not to jump on the Blockchain bandwagon or offer ICOs without the expertise and regulatory support & backing.

The US agency has added ICOs and companies which have changed their name to something Blockchain or cryptocurrency-related without cause to their watch lists in the face of market disruption and surge share pricing due to the trend.

www.scamsfakes.com

ooo

Henry Sapiecha

Middle Eastern hackers employ this phishing technique to infect political targets with Trojan malware

‘Moonlight’ group is likely to be involved in cyber espionage, warns Vectra Networks.

White full moon atmosphere with star at dark night sky background

White full moon atmosphere with star at dark night sky background

The hacking group has been dubbed Moonlight due to references in code

A hacking group is conducting cyber espionage against targets in the Middle East by duping politicians, activists and staff at NGOs into clicking links to authentic-looking but fake versions of high-profile websites in the region, and then infecting them with malware.

The operation — dubbed ‘Moonlight’ by cyber security researchers, after the name the attackers chose for one of their command-and-control domains — has generated over two hundred samples of malware over the past two years and targets individuals via their private email accounts instead of their corporate ones, to increase the chances of a successful attack.

The attacks, which are themed around Middle Eastern political issues such as the war in Syria or the conflict in Palestine, have been unearthed by cybersecurity researchers at Vectra Networks, who say the tools and targets are reminiscent of the Gaza Hacker Team, a group of hacktivists said to be aligned with Hamas, the Palestinian militant Islamic group. The attacks are purely centered on Middle Eastern targets, with the text crafted in Arabic.

Moonlight typically delivers an obfuscated version of the widely available H-Worm, a malicious Visual Basic Script-based remote access Trojan. It isn’t sophisticated, but the effort the attackers put into their phishing attacks means that it’s effective.

“They put effort into lovingly crafting the emails, the websites, the documents they’ve created, putting a fair amount of effort and energy into it. But beyond that the underlying tech is off the shelf,” says Oliver Tavakoli, CTO at Vectra Networks, emphasizing how the attackers don’t need sophisticated hacking skills.

“It teaches you about the low degree of skill required to actually pull something like this off,” he adds.

As with other phishing schemes, those behind Moonlight are attempting to entice their target to click on malicious documents, which claim to contain information about issues and events in the Middle East, such as Hamas, Gaza, Syria, Egypt and other topics relevant to audiences in the Arab world.

moonlight-decoy-people-trafficing image www.intelagencies.com

A decoy report on people trafficking.

Image: Vectra Networks

The lure is deployed as an EXE file, but rather than doing nothing but install malware when clicked on, Moonlight presents the victim with a relevant decoy, therefore avoiding suspicion that the document may be malicious.

Another method the attackers use to deploy malware is via malicious links that lead to fake but convincing versions of authentic Middle Eastern media organizations’ websites. Typically deploying the link via a shortened URL, the user is invited to click through to a news article based on current events in the Middle East. While it looks like the real deal, users will find themselves infected with malware.

The end result in each of these two attacks is that the victim — of which there have been hundreds — becomes infected with a Trojan that’s most likely used to conduct espionage. But rather than infecting corporate environments, it’s the personal email addresses and therefore home networks of victims which have been targeted, because they represent more vulnerable targets — and that’s reflected in unsophisticated nature of the malware itself.

“The obscuring that they did wasn’t of network communications, but of the actual exploit and malware they delivered. That leads me to believe that it’s not really targeted at employees of companies, but more at end users — politicians using their private emails or private machines, activists in the Middle East and NGOs,” says Tavakoli.

While the endgame of Moonlight and who is ultimately pulling the strings remains unknown, the group behind it is still active and still targeting individuals interested in political issues in the Middle East.

While those outside the Middle East aren’t likely to be targeted by Moonlight, it serves as a reminder that a well-crafted phishing attack can be almost indistinguishable from a real email. Nonetheless, there are still ways that targeted users and organizations can fight back.

www.scamsfakes.com

Russian_Girl_1_728_90

Henry Sapiecha