Month: March 2021

The US Department of Justice (DoJ) has charged nearly 500 individuals for allegedly participating in coronavirus-related scams and fraudulent activities.

As of March 26, 474 individuals have been publicly charged with COVID-19 fraud schemes focused on siphoning over $569 million from government financial relief projects, including the Paycheck Protection Program (PPP), Economic Injury Disaster Loan (EIDL) program and Unemployment Insurance (UI) programs.

According to a press release, the DoJ has indicted 120 individuals with PPP fraud. The defendants include business owners accused of inflating payroll expenses to secure large loans and members of organized crime rings who allegedly submitted exact copies of loan applications and documents under different company names.

A Texas-resident was charged with illegally obtaining over $17 million in PPP loans in one particular case. He allegedly used the proceeds to acquire real estate, luxury goods and vehicles.

Fraudsters also targeted the EIDL program, designed to provide loans to small businesses, agricultural and non-profit entities. The scammers successfully applied for SMB loans and diverted the funds for illegal purposes using shell or non-existent companies.

“The department has responded, primarily through the efforts of the U.S. Attorney’s Office for the District of Colorado and their partners at the U.S. Secret Service, acting swiftly to seize loan proceeds from fraudulent applications, with $580 million seized to date and seizures ongoing,” the DoJ said.

In response to increased Unemployment Insurance fraud, the department created a multi-agency task force that charged over 140 alleged criminals ranging from international organized crime groups to domestic wrongdoers, including identity thieves.

While the pandemic brought financial hardship across the world, many threat actors have learned to adapt and seek new profitable opportunities. In the past year, consumers have been tricked into purchasing fake COVID-19 treatments, protective gear and vaccines.

“The department has prosecuted or secured civil injunctions against dozens of defendants who sold products — including industrial bleach, ozone gas, vitamin supplements, and colloidal silver ointments — using false or unapproved claims about the products’ abilities to prevent or treat COVID-19 infections,” the report said.

“The department has also worked to shutter hundreds of fraudulent websites that were facilitating consumer scams, and it has taken scores of actions to disrupt financial networks supporting such scams,” it added.

The Department’s Criminal Division Acting Assistant Attorney General sent out a public warning directed to any pandemic opportunists scamming citizens: “To anyone thinking of using the global pandemic as an opportunity to scam and steal from hardworking Americans, my advice is simple – don’t,” he said. “No matter where you are or who you are, we will find you and prosecute you to the fullest extent of the law.”

Instagram is a big part of the lives of many people, who use it daily to interact with friends and family. The popularity of the social media platform has also ensnared many businesses and individuals who find success in parading out various products, outfits and locations.

With over 1 billion active users every month, Instagram is brimming with fraudsters and cybercriminals who prey on naive internet users through various scams.

Here are some of the most common hustles you can find on Instagram:

Phishing attacks

Major social media platforms such as Instagram often attract cyberthieves looking to take over accounts and steal your personal information. They can contact potential victims via email or even direct messages on the platform to trick them into providing login credentials on fake login pages.

By accessing fake links, you not only hand over your login credentials (often reused on other online platforms) but also risk infecting your device with malicious software that encrypts data or steals your financial data.

Fake Giveaways

It is very common among Instagram influencers to hold sponsored giveaways, where they provide a lucky winner with high-end products, but scammers have also tapped in on the practice.

Fraudsters often impersonate influencers or businesses, informing recipients that they have won a prize. The scammer will often ask winners to pay a bogus shipping fee or provide personal information.

Phony brands and knock-offs

It’s common knowledge that the internet is swarming with fake products, ranging from luxury apparel and fashion accessories to smart new tech and gadgets.

Brand impersonators often buy likes and followers to create a seemingly legitimate page and bait Instagrammers with exclusive or limited-time deals for high-end merchandise. Unfortunately, victims end up spending big bucks on illegal and counterfeit goods.

Romance scams

What are the chances of meeting your love interest on Instagram? Honestly, not good.

Some scammers may take time to reveal their true intent. In this particular case, the fraudster will go to great lengths and invest time to trick their targets. He will enter a fake online relationship with you and strive to earn your trust. You might even give him sensitive information about you. When the time is just right, he will exploit the relationship, asking for goods and money transfers to pay for travel expenses to come visit you. As long as the victim pays up, the perp will play nice. If you become suspicious or insist on a face-to-face meeting, the scammers might start bullying you or threaten to expose your secrets. In the end, you’re left with a broken heart and a hole in your bank account.

Good practices

Whether you’re Instafamous or not, scammers will go to great lengths to dupe you into purchasing fake goods, endorsing bogus products or providing your information. Here’s what you can do to stay safe on Instagram:

• Don’t overshare when posting your photos and videos
• Use a unique and complex password to log in into your account and enable two-factor authentication
• Be wary of individuals who contact you via direct message, and do not click on links they send you
• Stick to the too-good-too-be-true rule. If something seems far-fetched, it probably is.
• Set your account to private. If you use Instagram to keep in touch with friends and family, there’s no need to leave your account visible to everyone. A private account means that only your followers get to see the photos and videos you post.
• Regularly review your list of Instagram followers. By doing so, you can remove any unwanted or unfamiliar people who are following you
• Install a security solution with anti-phishing and anti-fraud protection to block suspicious websites and warn you about any fraud attempts

Even the most vigilant and cyber-savvy individual can get duped sometimes. Ever wondered if someone is impersonating you online and what pieces of your digital identity are exposed? Check now with Bitdefender’s Digital Identity Protection tool.

The severity of a data breach typically jumps in the short term and decreases as time progresses. But, according to a survey by International Information System Security Certification Consortium, or (ISC)², the 2020 SolarWinds incident bucked that trend in the eyes of cybersecurity professionals.

Four months in, the infosec community is more concerned than ever about the infamous supply chain attack that resulted in the breach of more than 18,000 (confirmed) organizations. The reason? More details keep bubbling up as forensic investigations continue.

In a survey of 303 cybersecurity professionals fielded from February 10-28, 2021, 86% of respondents said they would have rated the breach ‘very’ or ‘extremely’ severe when they first learned about it, the (ISC)² reports.

However, a month and a half after the incident was reported, the number of respondents who indicated the breach was “severe” increased from 51% to 55%. On a scale from 1 to 5, the perception of the severity of the breach also increased over time, from an average of 4.34 initially up to 4.37.

“This perception of increasing severity is atypical of most breaches,” according to the consortium. “Headlines tend to fuel speculation in the immediate aftermath of a public disclosure, which is then tempered by remediation of the threat. In other words, severity spikes in the short term and decreases as more information becomes available.”

The incident has prompted reviews of security tools and protocols by many cybersecurity teams, (ISC)² analysts learned during the survey period. Decision makers reportedly stepped up activities such as forensic analyses, re-architecting of systems, and making sure all patches are up to date, in the wake of the incident.

Many fielded questions from their executive teams about their own security protocols, prompting time-consuming due diligence and reporting activities. And some had a lot of explaining to do, despite not being impacted by the breach, because they used a SolarWinds product.

“As a SolarWinds MSP customer, I have had to do a lot of explaining to our customers about what was involved in the breach and why we are continuing to use a SolarWinds product,” one respondent said.

Last but not least, the (ISC)² report includes a list of popular recommendations from those surveyed, including:

• Improve third-party governance and due diligence practices
• Improve controls to perform extra due diligence on any third-party software (say through automated software analysis)
• Watch outbound traffic and know what it should be
• Isolate systems with broad access to other systems
• Harden systems and conduct thorough research before deploying a solution
• Segment networks
• Employ a multi-faceted approach, incorporating humans and technology
• Improve IOC detection mechanisms
• Disallow internet access to systems that do not require it

As one respondent put it, “The principles are known: least privilege, cyber hygiene on credentials and software development best practices. This attack is a call for action to implement (these controls) at all levels.”

• Australia’s Channel 9 network disrupted by cybercriminals
• Staff told to work from home as station attempts to recover from attack

Live broadcasts from Australia’s Channel 9 TV network were disrupted this weekend following what is believed to have been a cyber attack.

As Channel Nine’s “Weekend Today” programme was scheduled to go live on air, the show’s presenters were forced to turn to Twitter to explain their absence.

Pre-recorded programmes were played on the channel as the “technical issues” were investigated by the station’s IT team.

Channel 9 executives later confirmed to The Age that the network had suffered a cyber attack, and that staff had been ordered to work from home indefinitely while attempts were made to restore systems back to normal operation.

There has been speculation that the attack may have been state-sponsored, with some commentators noting that Channel 9 has been working on an investigation into ties between Russian President Valdimir Putin and poison-based assassinations, or that newspapers under the Nine Entertainment’s umbrella have been critical of China.

Meanwhile, the Australian Parliament in Canberra was said to also be investigating a potential cyber attack against government-issued smartphones and tablets on Sunday evening.

Whether the near-simultaneous attacks against the TV station and parliamentary services are coincidence or not is currently unclear.

One thing that is unquestionable is that cyber attacks against TV stations are not a new phenomenon.

Back in August 2005, for instance, the CNN newsroom was hit by the Zotob worm, with the station reporting the incident live on air.

Ten years later, TV5Monde in France was taken off air after pro-ISIS hackers attacked its systems.

Of course, malware attacks have evolved somewhat since then – and it’s now much more common to see security breaches which involve hackers encrypting the data of its victims, and exfiltrating sensitive data, before attempting to extort a ransom payment.

As yet Channel 9 hasn’t made clear the nature of the attack, and whether it too is just the latest in the long line of ransomware victims or if its assailants had a different motive.

As individuals become more digitally active than ever due to lockdown restrictions, the probability of data loss has increased.

March 31 is World Backup Day, the day every netizen is reminded of the importance of backing up data.

Why should you consider backing up data?

The main purpose of a backup is to help you quickly recover files in case of device compromise, data loss or theft.

From household accidents, device theft, hard-drive crashes or malicious attacks, losing precious files, videos or work documents is just a matter of time. Although numerous scenarios can lead to data loss, the chances of device malfunctions and data-encrypting malware infections have increased exponentially since the shift to remote work.

Malicious actors are out to steal or hold user data for ransom. Even if you’re among the more cyber-savvy internet users, it’s still worth taking the time to ensure data safety.

Whether it’s your family’s digital videos and photos, school papers or work projects, you can’t replace them if they get stolen or lost. Moreover, losing sensitive business data and contracts could incur legal issues and damage your company’s reputation. Making regular backups of your data can spare you from severe consequences.

Easy ways to back up your data

Creating a backup of your data takes time and effort. But don’t worry, you’ll get the hang of it. You can start by plugging in an external hard drive or a USB flash drive into your computer. While this may be a portable and straightforward solution, external hard drives and USBs can easily break down, get lost or stolen. For a sound system, consider using a cloud backup service. Cloud storage providers may vary by upload speed, storage capacity and additional features, so do your research.

“I solemnly swear to backup my important documents and precious memories on March 31st.”

Take the World Backup Day Pledge today, and spread the word to your friends and family about the importance of regularly backing up data.

While you’re busy deciding on the best backup method, add a security solution to protect precious data from malicious attacks and cyberthieves.

More than a month after shutting down operations, Ziggy ransomware administrators have announced they will refund their victims.

The news follows the threat actor’s earlier statement that it will publish all decryption keys in early February.

“Hi. I am the Ziggy ransomware administrator. We decided to publish all decryption keys. We are very sad about what we did. As soon as possible, all the keys will be published in this channel,” he said in a brief post on Telegram.

On March 19, the Ziggy ransomware operators also said that they wish to return the victims’ payments. After a week of silence, the admin emerged with a new message board disclosing that victims will be refunded in about two weeks after contacting the group via email:

“If you are infected with Ziggy ransomware and you payed money, We are ready to give back your money. Send you payment receipt and your computer unique ID to email,” he said. “We will transfer money to your Bitcoin wallet address. We will give back your money until 2 weeks later.”

Despite the recent gesture of goodwill, the Ziggy operators will retain a pretty penny. A couple of days before announcing their refund program, Bitcoin cryptocurrency hit an all-time high of over $50,000.

It is unclear if the ransomware gang acted out of guilt or fear of becoming the next target of law enforcement agencies – or both. However, the Ziggy ransomware gang were likely more concerned about the recent law enforcement operations against Emotet and Netwalker ransomware gangs. They’re not alone. Fonix operators also laid down their cyber weapons and released a master decryption key to allow victims to recover their data for free in late January.

Have you ever wondered why your email address and other information appeared in a data breach impacting a platform you never signed up for? You probably don’t recall creating an account on the Verifications.io platform or River City Media. That’s because you didn’t.

It’s time you find out everything about your invisible connection to email verifiers

Email verifiers are online services that allow marketers and salespeople to verify that the email address you used to create an account, sign up for a newsletter or make an order on their website is real and valid. Email verifiers work silently in the background checking you to avoid future deliverability issues.

These companies use various tools in their validation process including IP address validation and verification of key demographics which also provides insights into your personal information which ends up in a database.

That’s why email-validation services are an attractive target for cybercriminals looking for a fresh batch of email addresses for their next wave of social engineering attacks.

In recent years, billions of user records have been exposed online due to unsecure databases belonging to email validation companies, including the infamous Verifications.io and River City Media data breaches.

Who is Verifications.io, and what information was exposed in the data breach?

The company provides email validation services for marketing companies worldwide. In short, Verifications.io and similar companies are used to maximize marketing campaign potentials by verifying potential consumer email lists for invalid or undeliverable email addresses.

In February 2019, cybersecurity researchers stumbled upon an unsecured public-facing database that exposed over 800 million email addresses and associated personally identifiable information (PII), including names, gender, dates of birth, phone numbers, IP addresses, job titles and employers. The leaked data contained no highly sensitive information such as passwords, credit card numbers or Social Security numbers.

Who is River City Media, and what information was exposed in the breach?

River City Media (RCM) is a US-based email marketing company that made headlines in March 2017 after exposing 1.4 billion individual records online due to an improperly configured backup.  According to researchers, the exposed data includes email addresses and, in some cases, names, IP addresses, zip codes and home addresses.

Once again, no account login credentials or financial information was exposed. Even so, the database was left unprotected for at least three months before the company took it offline. If cybercriminals had stumbled upon it, they could have used the information in targeted phishing attacks to gather additional information from victims.

What should victims do?

Even if there was no indication that the databases were accessed or exploited by malicious actors, users should prepare for similar data breaches. Usually, when login credentials are exposed or compromised, victims are required to immediately change passwords and set up additional security features on their accounts. However, in this case, individuals should adopt preventive measures:

• Use a VPN to encrypt your internet connection and mask your actual IP address
• Don’t share your phone number when setting up a new account unless it is mandatory or required for two-factor authentication
• Consider setting up multiple email addresses for various online activities. Besides your professional email, it might be a good idea to create a separate email for your online shopping and personal correspondence or social media account
• Never use your date of birth or street address number as PINs or passwords for online accounts

Was your personal data exposed in a data breach? Find out now with Bitdefender’s Digital Identity Protection tool.

Fact: In November 2020, a database containing over 200 million usernames and passwords was leaked in the infamous Cit0day breach. According to researchers, the leak included both new and previously breached login credentials from over 23,600 websites.

Was your data exposed in the Cit0day breach? Find out now.

What is Cit0day, anyways? I don’t recall creating an account.

The now-defunct Cit0day.in was a data breach index website that collected previously hacked databases and advertised them in the cybercriminal community and on underground forums.

By purchasing a daily or monthly subscription, threat actors could access and filter data (names, email addresses, usernames and clear-text passwords) to prepare their next attacks or take over user accounts.

Exposure and aftermath

The Cit0day data breach index platform’s entire contents were available as a free download for just a couple of hours, enough time for researchers and cybercriminals alike to access and copy the information.

Like most data breach dumps, the information in the Cit0day breach was random and indistinctly formatted, making it hard to pinpoint the origin of the leak. Much of the info also appeared to be stolen from unknown websites with few users. While some of the information included just hashed passwords, the ones in clear text represent a significant security risk for users.

Even if your login credentials were found in a data dump posted years ago, you’ve probably reused the same email address and password combination on various other websites and platforms.

On top of account takeover attacks, victims may expect to see an increase in spam and phishing emails set out to steal sensitive data through fraudulent links or malicious attachments. 

Similar data dumps and collections of data breaches will undoubtedly pop up in the near future. To protect your accounts and data, make sure never to recycle passwords or use email and password combinations previously leaked online.

Find out more about what cybercriminals may know about you and how to prevent further data exposure with Bitdefender’s Digital Identity Protection tool.

Security researchers have discovered a new campaign distributing malware named Purple Fox. Although it has been around for a few years, the operators now use new infection vectors and they’ve enhanced the malware to ensure persistence and hide it from security solutions.

Purple Fox initially targeted Windows machines and the old Internet Explorer. The new campaign, researchers have found, uses malware and tries to infect Windows machines through brute force via SMB.

“May of 2020 brought a significant amount of malicious activity and the number of infections that we have observed has risen by roughly 600% and amounted to a total of 90,000 attacks,” say the researchers from Guardicore Labs.

“While it appears that the functionality of Purple Fox hasn’t changed much post exploitation, its spreading and distribution methods – and its worm-like behavior – are much different than described in a previously published article,” they explained.

This means the distribution of malware is not centralized. Instead, the threat actors use already-exploited servers to deliver it. The initial analysis appears to show that almost 2,000 unpatched and old servers running IIS version 7.5 and Microsoft FTP are responsible for the attack.

The attackers have at least two infection vectors in their arsenal. They either send the initial payload in phishing schemes or infect Windows computers directly if they have exposed services and weak credentials.

One way the malware tries to stay hidden once it gains a foothold on a machine is to load the rootkit it comes with, which surprisingly is based on an open-source version named ‘Hidden.’ The malware reboots the system to ensure persistence, then starts to probe the network for machines with the 445 port open, looking for exposed SMB systems.

Security researchers also published a list of indicators of compromise.

Advances in technology have dramatically influenced our online experiences throughout the digital age. In a couple of clicks, we connect with others, shop and bank. Few would disagree that the benefits outweigh the disadvantages.

Maintaining privacy online is far from easy. We live in a data-centric society where user information is a profitable commodity, collected by any means possible.

Who is tracking you online? Everyone.

Online tracking takes place whenever you visit a website, press the “like” button, send an email, shop online or use your favorite app. Our browsing history, habits and likes are meticulously recorded, stored and repackaged by companies who provide insights into user preferences. Each individual has their own “profile” that helps marketing companies target them with tailored ads and content.

It’s not just the big tech giants who gather user data. Online tracking starts whenever you connect to the internet, and your ISP is one of the first entities to collect web traffic once engaged in various activities. In many cases, internet service providers (ISPs) sell collected user data to marketers, who use it to target individuals with advertisements.

Private or incognito browsing protects your online privacy. Myth or reality?

As you may already know, many browsers offer private or incognito browsing modes. Private browsing does not ensure complete anonymity when surfing the web. It may be a handy tool to use when checking your email from a public computer or hiding your browsing history from others who use the same device, but it’s no bulletproof solution for remaining private online. Incognito browsing does not prevent your ISP from tracking you and it doesn’t thwart the data collection process when you visit different webpages.

Although your browser may not store cookies, search history or downloads while private browsing is on, particular cookies used during the session may still communicate details about browsing patterns to third parties.

This data may include your IP address, information about the device you are using, browser configuration, and settings that make up a unique pattern that can identify a particular device. The process, known as device fingerprinting, analyzes hardware and software configurations to create a unique ID to identify individual devices when browsing incognito.

The pros and cons of online tracking have left room for debate among the digital community. On one hand, it provides a dynamic and efficient online experience for each individual based on their interests. On the other, security and privacy concerns must be taken into consideration. Many apps, websites and social media platforms are not fully transparent about data collection, and mishandled user records may end up in the wrong hands.

Protecting online privacy is a tedious undertaking. Start by checking if your personal information has been stolen or made public on the internet with Bitdefender’s Digital Identity Protection tool.