Author: Charley Nash

Cybersecurity researchers have uncovered a large network of more than 11,000 domains used to promote numerous fake investment schemes to users in Europe.

The platforms show fabricated evidence of falsified celebrity endorsements and enrichment to create an image of legitimacy and attract a large number of victims.

The operation’s goal was to trick users into an opportunity for high-return investments and to convince victims to deposit a minimum amount of 250 EUR to sign up for the fake services.

Researchers at Group-IB discovered the operation and mapped the massive network of phishing sites, redirections, and content hosts.

Group-IB suggested that more than 5,000 of these identified malicious sites are still active. The countries targeted in this scheme include the UK, Portugal, and Sweden.

Effort is made by the fraudsters to promote the campaigns on various social media platforms, using compromised Facebook and YouTube pages to help the scheme.

Victims that fall for the trick often click on the ads to learn more and are redirected to fake landing pages full of alleged success stories.

The fraudsters then request contact details and reach out to explain the ‘terms and conditions’.

The victim is then convinced to place a deposit. These details are stored and used for future campaigns or resold on the dark web.

Once the money is deposited, the victim then gets access to a fake investment dashboard that allegedly lets them track daily gains, thus prolonging the illusion of legitimacy.

The scam is revealed to the user when they try to withdraw money from the platform.

When an investment platform grabs your attention, you should check that the company you’re dealing with are established brokers.

The post Network of 11,000 Domains Used in Fake Investment Schemes Discovered appeared first on IT Security Guru.

Lawmakers on the Hill revealed last week that a cyber-attack on the US justice system had compromised a public document management system. Jerrold Nadler (D-NY),  chairman of the House Judiciary Committee, revealed the discovery at a hearing on oversight in the Justice Department.

Nadler disclosed that three hostile actors had breached the Public Access to Court Electronic Records and Case Management/Electronic Case File (PACER) system, which provides access to documents across the US court system. Nadler said that the document had suffered a “system security failure.”

First discovered in March, the breach occurred in early 2020. Nadler warned that the breach could affect pending civil and criminal litigation.

In a testimony during the hearing, the assistant attorney general for the DoJ’s national security division, Matthew Olsen, did not say whether any cases had been affected by the hack to date. Olsen noted that the division is “working very closely with the judicial conference and judges around the country to address the issue.”

Congressional lawmakers demanded answers from the Administrative Office of the US Courts (AOUSC). A letter was written by Senator Ron Wyden (D-OR) accusing the judiciary of failing to modernise.

The letter said, “I write to express serious concerns that the federal judiciary has hidden from the American public and many members of Congress the serious national security consequences of the courts’ failure to protect sensitive data to which they have been entrusted.”

The AOUSC has been hinting at a breach since January. In a statement promising extra safeguards to protect sensitive court records, it said that it was working with the Department of Homeland Security on a security audit of PACER after identifying vulnerabilities that might affect sensitive non-public documents.

It said, “an apparent compromise of the confidentiality of the CM/ECF system due to these discovered vulnerabilities currently is under investigation.”

The AOUSC promised that sensitive court documents would now be stored in a “secure stand-alone computer system” and not uploaded to the public document management system.

The post Congress Warns of US Court Records Data Breach appeared first on IT Security Guru.

Reportedly, the Lockbit ransomware gang has claimed the recent attacks on the Italian tax agency and the Canadian town of St Marys.

On Friday, the local administration at St Marys explained in an update that the attack occurred last Wednesday, locking an internal server and encrypting data on it.

The statement read: “Upon learning of the incident, staff took immediate steps to secure any sensitive information, including locking down the town’s IT systems and restricting access to email. The town also notified its legal counsel, the Stratford Police Service and the Canadian Centre for Cyber Security.”

“The town is now working with cyber incident response experts to investigate the source of the incident, restore its back up data and assess the impacts on its information, if any. These experts are also assisting staff as they work to fully unlock and decrypt the town’s systems, a process that could take days.”

Critical local services were apparently unaffected by the incident, but it’s unclear if any personal data was stolen.

This is not the case in Italy though. The Italian attack by affiliates using the Lockbit ransomware reportedly resulted in the theft of 78GB of data.

Hackers targeted Italian revenue agency l’Agenzia delle Entrate, so that data could theoretically contain highly sensitive personal and financial information.

Mike Varley, threat consultant at Adarma, argued that public sector organisations are often picked as targets because hackers believe they’re more likely to pay.

“Organizations seeking to improve their overall ransomware resilience should be proactively asking themselves, ‘where are we most vulnerable to external threats?’ ‘what are we protecting?’ and ‘where are those assets housed?’

“Security teams need to be actively hunting out control gaps and closing them by either tweaking existing controls, through technology acquisition, undertaking additional monitoring or by doing all three.”

The post Lockbit Ransomware Gang Have Claimed Responsibility For Recent Public Attacks appeared first on IT Security Guru.

Uncategorized

The average cost of a data breach globally has reached a new high of $4.35m. This figure has increased by 13% since 2020, according to IBM.

The IBM Cost of a Data Breach Report was compiled from interviews with 550 organisations in 17 countries that were breached between March 2021 and March 2022.

The firm’s report also stated that consumers were suffering disproportionately from these incidents.

The report found that 60% of breached organisations put their prices up following a breach.

The most expensive cause of breach events is phishing. This costs, on average, $4.9m for organisations.

Healthcare remains the sector hit hardest by breach costs – for the 12th year in a row.

There was some insight into zero trust strategies in the report. 80% of organisations in the healthcare sector said that they had no adopted such approaches.

If a ransom is included in the breach, the costs rise significantly, the report found. The average cost of a ransom attack without the ransom payment was $4.5m.

Nearly half (45%) of recorded breaches occurred in the cloud, with those who had not formulated a security strategy or were in the early stages of doing so liable to pay on average $660,000 more than those with a mature cloud security posture.

Breaches seem inevitable though, with 83% of organisations surveyed said that they’d suffered more than one. Luckily, direction and response seems to be getting better.

The post Cost of Data Breach Reaches $4.35m on Average Globally appeared first on IT Security Guru.

Web3 Security firm TRM Labs has said that attacks carried out on NFT projects implemented through their Discord channels have risen significantly. Most of these attacks are, reportedly, associated with a “wider group” of hackers.

In the last two months, over 100 reports of Discord channel hacks have been filed with Chainabuse, a community-led scam reporting platform operated by TRM Labs. Worryingly, in May alone the losses were reported to have been worth more than $22 million.

10 similar attacks were witnessed on 4th June. The report stated that in June there was a hike of 55% in NFT-based attacks compared to May.

TRM Labs stated that the tactics used to scam Discord users in most hacks are similar and utilise “sophisticated social engineering, such as phishing and fraudulent accounts pretending to be an administrator” or exploitation of bot vulnerabilities, followed by tweaking “administrator settings to ban Discord moderators from interfering with the hackers’ operations.”

The report also said: “A review of more than 15 notable Discord compromises targeting NFT servers and analysis of on-chain and off-chain data by TRM investigators suggest that dozens of these recent account compromises are likely related. Some of the linked compromises include well-known NFT Discord project accounts such as BAYC, Bubbleworld, Parallel, Lacoste, Tasties, Anata, and a dozen others.”

Chris Janczewski, head of global investigations at TRM Labs, said: “It isn’t necessarily that Discord in and of itself has a weakness, but it just makes it a very target-rich environment. If you’re looking for people that own NFTs, you go to a place where they’re all hanging out, and you have a point to be able to make [contact] with them.”

 

 

The post NFT Hacking Group Attacks On The Rise, Report Finds appeared first on IT Security Guru.

A teenager who hacked Snapchat accounts and threatened to post nude images of women online to make money has been jailed for two years.
Jasin Bushi, 18, took control of a series of women’s social media accounts, posing as the victim to message their friends. He claimed to be facing eviction and asked to borrow money for rent.
If the money was not paid, Bushi would threaten to post nude images of the victim on the internet.
He was jailed for two years at a sentencing at Wood Green crown court on Monday for a series of hacking incidents and fraud between December 2020 and February 2021.
A string of intimate images of the victims, taken from Snapchat accounts, had been posted online, but the judge accepted that Bushi had not been responsible. One victim found that she had had her photos leaked when told by a work colleague.
The Met Police’s Cyber Crime Unit were called to investigate in May 2021, tracing PayPal accounts set up in fake names which had been used in the blackmail plot. Bushi was identified through mobile numbers used to set up the accounts.

Seven victims, aged between 17 and 35, came forward to aid the investigation.

 Detective Constable Ed Sehmer, the investigating officer, added: “This crime type often goes underreported as victims can often feel shame or embarrassment. There is nothing to feel ashamed about.

Bushi pleaded guilty to unauthorised access to a computer to facilitate the commission of an offence, possession of articles used in fraud, fraud by false representation, and three counts of blackmail.

The post Teenager Jailed for Snapchat Blackmail Cybercrimes appeared first on IT Security Guru.

The UK’s National Crime Agency (NCA) seized millions of pounds worth of cryptocurrency last year as part of its efforts to crack down on serious and organised crime (SOC) and money laundering.

In its annual report, the NCA, the UK agency dedicated to tackling SOC, revealed that during the period April 1st 2021 to March 31st 2022 it confiscated $26.9m (March price) in cryptocurrency assets.

In the financial year before no cryptocurrency was seized at all, indicating the growing importance of digital money to organised crime gangs.

Over the 2021-22 report period, more virtual currency was seized than fiat currency (£26m) or physical assets (£7m). Some of these assets though “may still be liable to be returned.”

Tracking and confiscating the digital proceeds of crime was central to one of the NCA’s core strategic priorities in 2021-22 in an attempt to reduce the harm from economic crime caused to individuals, institutions and the UK economy. Fraud and financial exploitation, cybercrime and money laundering are the largest threats.

Morgan Heavener, a partner at consultancy Accuracy, said “the NCA has been forced to move swiftly to try and stem the use of these cryptocurrencies in financial crimes. The lack of regulatory oversight around cryptocurrencies makes them attractive for criminals seeking to move funds around the world.”

“Financial institutions and professional services firms handling cryptocurrency assets need to ensure they have the most stringent due diligence in place to ensure they do not inadvertently facilitate financial crimes, including money laundering. Failure to do so can lead to punitive fines or even criminal proceedings.”

The post The UK’s National Crime Agency Seized Millions of Pounds Worth of Cryptocurrency Last year appeared first on IT Security Guru.

As reported last week, over 69 million users of the site Neopets, a popular virtual pet website, may have had their data compromised in the first known US mega breach of the year.

The company took to Twitter to confirm the news. Neopets is owned by Viacom.

The Tweet said: “Neopets recently became aware that customer data may have been stolen. We immediately launched an investigation assisted by a leading forensics firm. We are also engaging law enforcement and enhancing the protections for our systems and our user data.

“It appears that email addresses and passwords used to access Neopets accounts may have been affected. We strongly recommend that you change your Neopets password. If you use the same password on other websites, we recommend that you also change those passwords.”

Moderators on the Neopets Discord channel warned that hackers still had access to the systems, so changing passwords would not work to safeguard information.

They said: “We should note that the effectiveness of changing your Neopets password is currently debatable. As long as hackers have live access to the database, they can simply check what your new password is. We cannot therefore strictly advise you on the best course of action given the circumstances.”

They further claimed that more than email addresses and passwords had been taken in the breach.

“A reported 69+ million accounts have been compromised, with the breadth of exposed personal information including passwords, birth dates, genders, names, countries and IP addresses,” they said.

“The leaked information and live database access and full source code are being offered for sale on a third-party website.”

Plenty of commentators have been lining up to add their observations on the attack, but all are just speculation at the moment, as there’s no clear indication of how the threat actor compromised the site.

Comparitech’s head of data research, Rebecca Moody, confirmed that the figures are correct and that this is the first US data breach this year so far with over 10 million users’ data breached.

Moody added, “what’s perhaps more concerning is the potential age range of the users affected with the website being popular among children and teens as well as adults.”

Mike Varley, thread consultant at Adarma, said incident responders at Neopets now have to balance speed with effective remediation.

He argued, “incident responders should be seeking to validate claims from the threat actor that they have ‘live’ access to the database. From there, responders will work backwards to identify both the point of initial access and any persistence mechanisms the actor may have installed.”

“Once identified, a remediation plan can be created that’ll involve multiple actions occurring simultaneously or in rapid succession – designed to remove the adversary from the network, deny their access back into the environment and monitor for any further resurgence in adversary activity.”

The post Neopets Confirm Data Breach appeared first on IT Security Guru.

Uncategorized

China has fined Didi Global, a global mobility technology, around $1.2 billion (8.026 billion yuan) for violating the country’s network security law, personal information protection law, and data security law.

The country’s cybersecurity regulator, the Cyberspace Administration of China (CAC), also fined two Didi executives 1 million yuan each for the infringements.

The ride-hailing service had its app removed from the web by the Chinese authorities last year, prompting an investigation to start.

The CAC explained: “Based on the conclusions of the network security review and the problems and clues found, the State Internet Information Office filed a case and investigated Didi Global Co., Ltd. for suspected illegal acts in accordance with the law. After investigation, Didi Global Co., Ltd.’s violations of the Cybersecurity Law, the Data Security Law and the Personal Information Protection Law are clear, the evidence is conclusive, the circumstances are serious and the nature is heinous.”

The statement did not mention whether the company could restore its app in the apps store in China. The app has around 550 million users across the country, as well as in Latin America, Australia, and other Asian countries.

In a response statement, Didi said that it will “obey” the regulators requirements and accepted the regulator’s decision.

This ruling comes at a time where there is growing privacy and data protection concerns in China. There have been a number of new laws introduced in this area too. In 2021, the Personal Information Protection Law (PIPL) was introduced.

Ilia Kolochenko, founder of ImmuniWeb and member of Europol Data Protection Experts Network, said: “Importantly, the growing number of regulations increasingly impose personal liability upon corporate executives for a failure to implement and supervise an adequate data protection strategy at their company. We shall expect higher fines both for non-compliant companies and their executives, while the latter will not necessarily be covered by corporate insurance due to the novelty of the issue. Ongoing risk and threats assessment, privacy impact audits and implementation of a systemised, risk-based and process-driven data protection strategy is the only way for executives to avoid facing harsh monetary penalties or even a personal bankruptcy.”

The post China Fines Didi Global $1.19billion for Data Security Infringements appeared first on IT Security Guru.

Virtual pet website Neopets has suffered from a data breach leading to the theft of a database and source codes containing the sensitive information of over 69 million members.

The Neopets website allows members to own, raise, and play games with their virtual pets. The popular website recently launched NFTs that will be used as part of an online Metaverse game.

Earlier this week, a hacker using the name ‘TarTarX’ began selling the source code and database for the Neopets.com website for four bitcoins, with an approximate worth of $94,000 in today’s money.

TarTarX told BleepingComputer that they stole the database and approximately 460MB (compressed) of source code for the neopets.com website.

The hacker claims that this database contains the account information of over 69 million members, including email addresses, zip codes, and names, among other data.

The hacker also told BleepingComputer that they did not ransom the data to the owners of Neopets, Jumpstart, but have received interest from potential external buyers.

The authenticity of the database has not been independently verified yet. Pompompurin, the owner of the Breached.co hacking forum, verified the hacker’s claims by registering an account on the website and was then sent their newly created record from the database.

Pompompurin posted on the Breached.co forum: “Vouch, I registered an account on the website and he sent the full entry.”

This shows that TarTarX continued to have access to the site even as the data had begun being sold off.

The Neopets team confirmed on the unofficial Neopets Discord server that they are aware of the security incident and were working on resolving it.

“We should note that the effectiveness of changing your Neopets password is currently debatable as long as hackers have live access to the database, as they can simply check what your new password is.”

“We cannot therefore strictly advise you on the best course of action given the circumstances.”

However, if you use the same Neopets password on other sites, you are advised to change your password on other sites to new ones.

The post Hacker Selling Data of Over 69 Million Neopets Members appeared first on IT Security Guru.