Tag: Cyber Crime

Save the Children Foundation duped by hackers into paying out $1 million

Save the Children Foundation has revealed that the charity was targeted by fraudsters last year, leading to the loss of $1 million. The US arm of the non-profit said that con artists managed to compromise an employee’s email account in order to masquerade as the staff member in question.

Once access was gained to the account, the hackers behind the scam created a number of false invoices and related documents which described a need to purchase solar panels for health centers located in Pakistan. The Connecticut-based charity organization fell for the ruse, conducted in May 2017, and approved the transfer of close to $1 million.

Read more about how Save the Children Foundation was scammed on ZDNet.

Will sophisticated attacks dominate in 2019?

Trend Micro released its 2019 predictions report, warning that attackers will increase the effectiveness of proven attack methods by adding more sophisticated elements to take advantage of the changing technology landscape.

As we head into 2019, organizations must understand the security implications of greater cloud adoption, converging IT and OT, and increasing remote working,” said Greg Young, vice president of cybersecurity for Trend Micro. “Cybercriminals will continue to follow a winning formula – exploiting existing flaws, social engineering and stolen credentials – to drive profits.”

Read more about the predictions in the report on Help Net Security.

Over 40,000 credentials for government portals found online

A Russian cyber-security firm says it discovered login credentials for more than 40,000 accounts on government portals in more than 30 countries. The data includes usernames and cleartext passwords, and the company believes they might be up for sale on underground hacker forums.

Alexandr Kalinin, head of Group-IB’s Computer Emergency Response Team (CERT-GIB), says these account details have been collected over time by cyber-criminals with the help of off-the-shelve malware strains such as the Pony and AZORult infostealers, but also the Qbot (Qakbot) multi-purpose trojan.

Read more about the discovered government login credentials on ZDNet.

Cobalt Bank Robbers Use New ThreadKit Malicious Doc Builder

The Cobalt hacking group specialized in breaching the networks financial institutions and banks is now using a new variant of the ThreadKit exploit builder kit for Microsoft Office documents.

Observed in a campaign on October 30, the new tactics show an evolution of the ThreadKit macro delivery tool. The final payload downloaded this way is the CobInt, a signature malware for the Cobalt group. The exploit building framework was first noticed in October 2017, although it had been used in campaigns as early as June that year leveraging CVE-2017-0199 that had exploit code publicly available.

Read more about the new Cobalt hacking campaign on BleepingComputer.

Volkswagen Giveaway Scam Peddles Ad Networks

A fake Volkswagen campaign is making its way across social media platforms, luring in victims with promises of a free Volkswagen car giveaway – but instead redirecting them to third-party ad servers.

Victims are first sent messages via WhatsApp or Facebook, purporting to be from Volkswagen and claiming it will give away up 20 free cars until the end of the year, researchers with Sucuri said. Targets of the scam are instructed to participate in the contest by clicking a link embedded in the message. However, the link attached to the messages sent via social media does not appear to collect personal information – but instead tries to re-direct victims to various advertising networks.

Read more about the Volkswagen scam campaign on Threatpost.

Hackers ramp up attacks on mining rigs before Ethereum price crashes into the gutter

Hackers have set off in motion a massive campaign that scans for Internet-exposed Ethereum wallets and mining equipment. The mass-scan campaign has been raging for at least a week, since December 3.

Attackers are scanning for devices with port 8545 exposed online. This is the standard port for the JSON-RPC interface of many Ethereum wallets and mining equipment. This interface is a programmatic API that locally-installed apps and services can query for mining and funds-related information. In theory, this programmatic interface should be only exposed locally, but some wallet apps and mining equipment enable it on all interfaces.

Read more about the massive Ethereum hacking campaign on ZDNet.

Cybercrime and malware, 2019 predictions

It has now become a tradition among cyber-security firms to issue a series of predictions for the upcoming year. While some companies have their malware analysts or their CEOs put out small lists of predictions, others go completely overboard with podcasts and 100-page reports that are just a few pages short of a full book.

ZDNet’s Zero Day security blog has taken a look over most of these reports, has even reached out to some selected researchers, and has compiled a list of predictions most likely to happen next year.

Read the full “meta-list” of cybercrime predictions on ZDNet.

Sextortion Emails now Leading to Ransomware and Info-Stealing Trojans

Sextortion email scams have been a very successful way of generating money for criminals. A sextortion scam is when you receive an email that states someone hacked your computer and has been creating videos of you while you are using adult web sites. The emails then tell you to send them bitcoins or they will share the videos they made with all of your contacts.

A new campaign has been spotted by researchers at ProofPoint that instead of containing a bitcoin address to send a blackmail payment to, they prompt you to download a video they made of you doing certain “activities”. The downloaded zip file, though, contains a executable that will install malware onto the computer.

Read more about this new sextortion scam on BleepingComputer.

OpSec mistake brings down network of Dark Web money counterfeiter

European law enforcement agencies scored a big win this week against criminals active on the Dark Web. In a press release, Europol revealed that police in 13 countries conducted 300 house searchers and arrested 235 suspects who bought counterfeit euro banknotes from a Dark Web marketplace.

All arrests are related to a successful case handled by the Austrian Federal Criminal Police Office in June in 2018 when they tracked down and arrested the owner of a Dark Web portal selling counterfeit money.

Read more about the massive Europol operation on ZDNet.

Gift Card-Themed BEC Holiday Scams Spike

With cyber threats rampant between Black Friday and Christmas, security experts are warning of a wave of business-style email scams hitting inboxes designed to appeal to holiday shoppers.

Attacks involve scam messages purporting to be gift card deals or links to corporate donations. According to researchers at Proofpoint, the style, technique and nature of the email scams follow a pattern of what are known as business email compromise (BEC) scams. Instead of tricking targets with fake invoices, holiday-themed BEC emails entice victims to click on malware laced gift-card offers or to donate to a fake charitable cause along with other corporate coworkers.

Read more about the new holiday-themed BEC scams on ThreatPost.