Month: March 2021

The UK’s National Fraud & Cyber Crime Reporting Center (Action Fraud) is warning citizens about a National Insurance scam targeting their personally identifiable information (PII).

The public alert cautions potential victims to be wary of unsolicited phone calls notifying them that their “National Insurance number has been compromised.”

The law enforcement agency was put on guard after receiving tens of thousands of phone calls from victims.

How the scam works

According to Action Fraud, victims receive an automated phone call mentioning that their National Insurance number has been exposed. They are advised to “press 1 on their handset to be connected to the caller.” Once connected, the scammer urges them to provide personal details to receive a new number.

“It’s important to remember if you’re contacted out the blue by someone asking for your personal or financial details, this could be a scam,” Pauline Smith, Head of Action Fraud, explained.

“Even confirming personal details, such as your email address, date of birth, or mother’s maiden name, can be used by criminals to commit fraud. If you have any doubts about what is being asked of you, hang up the phone. No legitimate organization will rush or pressure you.”

How to protect your personal information

When hunting for fresh batches of PII, scammers know no boundaries. They may use phone calls, emails or text messages to spread panic and rush you into providing sensitive information before any implications ever cross your mind.

Although you might not ignore every phone call from an unknown caller, you can take a moment and analyze the situation.

Ask yourself why you are receiving this call or message, and immediately hang up or ignore a request in which you are intimidated or pressured into handing over sensitive info.

If you suspect you’ve fallen a victim to any such scams, don’t panic. Call your credit card company and healthcare provider to make them aware of any compromise and report the scammer to local police.

Fraud losses climbed to $56 billion in 2020 and identity fraud scams accounted for a staggering $43 billion of that cost, according to a new report.

The reduction in transaction activity in 2020, combined with financial institutions’ more robust antifraud measures, made it harder for criminals to succeed in their ‘traditional’ fraud activities, according to Javelin Strategy & Research, which provides insights for financial institutions, government, payments companies, merchants, fintechs and technology providers.

Criminals instead opted to interact directly with their fraud victims via identity fraud scams, seeing that direct interaction yields better chances of success.

Like many other research papers during the pandemic, Javelin’s report finds that COVID has had a dramatic impact on consumer financial behavior, prompting them to increase their usage of streaming services, digital commerce and payments. People also used email and text messaging, for both work and personal life, more than ever. This shift expanded the attack surface for novel fraud scams.

Cyber crooks also pounced on new vulnerabilities presented by the explosion in remote loan originations and closings, the research found.

As consumers relied increasingly on digital payment products during 2020, identity fraud scams kept pace with this shift in behavior, the report reveals. And losses related to digital wallets and peer-to-peer (P2P) accounts was particularly notable in the case of economic stimulus payment fraud, unemployment benefits fraud, and identity fraud scams.

“The culture of fraud is clearly shifting. The pandemic has created so many more points of vulnerability for families and businesses,” said Paige Schaffer, CEO of Global Identity & Cyber Protection at Generali Global Assistance. “Whether it’s payment products meant to enhance convenience, remote operations, additional logins or even simply more time online, there is more opportunity now than ever for compromise.”

There is also some good news to be had. Fingerprint scanning and facial recognition are growing in popularity with consumers. Javelin Strategy & Research says growing acceptance of digital payment channels presents an opportunity to increase consumer awareness of stronger forms of authentication. The researchers believe safe digital transactions will form the foundation of a productive and secure remote financial ecosystem as consumers become increasingly savvy online.

You can check if your personal info has been stolen or made public on the internet with Bitdefender’s Digital Identity Protection tool.

• Clop ransomware gang exploited Accellion flaws to steal data
• Customers angry that their details were breached, even after closing their accounts long ago.

Things don’t get much worse than having to admit to your employees that a gang of cybercriminals have broken into your infrastructure, stolen the private details (social security numbers, names and home addresses) of your staff, and are demanding that your company pays a ransom before further sensitive data is leaked.

Well, actually they do.

Because what if two weeks later the hacked bank (did I mention it was in the top 75 list of largest banks in the United States?) reveals that the cybercriminals have also managed to exfiltrate sensitive data related to your multiple customers?

As Vice reports, the attack by the Clop ransomware gang against the Flagstar Bank, headquartered in Michigan, became public knowledge earlier this month, after the bank published a statement on its website explaining that it was one of many corporations impacted by a breach related to using Accellion’s ageing FTA file-sharing appliance.

Flagstar Bank’s public acknowledgment of the breach may have spurred the hackers to up the ante, posting details on their website and contacting journalists in an attempt to apply pressure on their victim to pay up.

The names of 18 Flagstar Bank employees were made available on the website, alongside their alleged social security numbers, home addresses, and other personal private information.

However, things became even more serious when it became apparent that the hackers were contacting the bank’s customers, informing them of the breach.

This appears to have spurred Flagstar Bank into contacting affected customers to admit that their Social Security Numbers, home addresses, full names, phone numbers, and home addresses had also fallen into the hands of cybercriminals.

Affected members of the public were understandably less than happy.

As some affected individuals pointed out, they were not even current customers of the bank.

One woman told Vice that her personal information had been leaked even though she had closed her account more than a decade ago.

The Clop ransomware gang has been exploiting vulnerabilities in the Accellion FTA platform to steal hosted files from a wide array of organisations in recent months – with corporate victims including oil giant Shell, Qualys, NSW Transport Agency, aerospace firms, law firms, and advertising agencies.

Earlier this month, Accellion published a third-party security assessment of its FTA platform, detailing the zero-day vulnerabilities that had been found (and since patched), and describing the attacks as “[demonstrating] a high level of sophistication and deep familiarity with the inner workings of the Accellion FTA software, likely obtained through extensive reverse engineering of the software.”

In the case of Flagstar Bank, it is offering impacted individuals two-years worth of free credit monitoring and identity protection services, and warning customers to be wary of communications which may be sent to them by the criminals.

Of course, signing up with an identity protection service does mean sharing personal information with yet another online service – something you might feel shy about doing in the immediate aftermath of a data breach like this.

Affected bank customers might also be wise to keep a close eye on their account statements for suspicious activity.

Digital payments and use of internet banking have risen considerably since the pandemic, as consumers shopped online even more due to restrictions and lockdowns.

While the perks of paying online from smart devices seem to greatly outweigh the disadvantages, the accelerated shift towards a more digital world has inadvertently opened up new attack surfaces and risks for consumers.

It’s no longer a matter of “if,” but of “when,” you’ll become the next target. Choosing a security solution with multiple security layers protects you from new and existing threats, guarding your personally identifiable information and financial data from cyber thieves.

Protecting you from online fraud and identity theft

Privacy and security during an online transaction are not a given. Threat actors constantly adapt to changes, targeting shoppers with schemes that seek to steal the PIN codes and login credentials of users’ financial accounts.

Bitdefender Safepay ensures that all of your online transactions and shopping sprees remain private and secure. Our protected browser is tailored with one thing in mind – security. It creates a sealed environment that blocks access to your desktop and even prevents unauthorized parties from taking snapshots of your screen. It packs a virtual keyboard that inhibits malicious actors from intercepting or reading keystrokes from your regular keyboard, and allows users to automatically connect to Bitdefender VPN when you connect new or unsecure Wi-Fi networks.

The dedicated browser is triggered automatically when Bitdefender detects that you start navigating on banking or e-commerce websites. For user privacy and safety, it keeps all browsing data, such as profile, cookies and storage, in a protected location.

Keeping financial and login credentials safe

For an even more secure browsing experience, we integrated Bitdefender Wallet into our browser, a Password Manager feature that helps you keep track of your login credentials. You can experience a hassle-free browsing session, storing sensitive information such as credit card details and passwords in an encrypted and secure storage space.

The feature is fully compatible with browser extensions for Firefox, Internet Explorer and Chrome, allowing users to auto-fill credentials into login pages to save time.

All of these benefits and more are available in our ultimate security solution for Windows operating systems.

Despite newly created opportunities for fraudsters to rip-off unsuspecting citizens during the ongoing pandemic, tech support scams inflicted nearly $150 million in reported losses in 2020.

According to the 2020 Internet Crime Report, the FBI’s Internet Crime Center received 15,421 fraudulent tech support complaints from victims in 60 countries – a 171% increase from 2019.

“Criminals may pose as support or service representatives offering to resolve such issues as a compromised email or bank account, a virus on a computer, or a software license renewal,” the bureau explained. “Recent complaints involve criminals posing as customer support for financial institutions, utility companies, or virtual currency exchanges.”

These scammers use various tactics to trick people. They may call, use pop-up warnings, or set up fake websites and ads, hoping that you’ll give them a call or enter a phony chatroom. 

No matter what tech support services they pitch you, their main goal is to steal your money. While individuals in any age category may fall for these scams, 66 percent of victims are over 60 years of age, the report shows.

How to spot and defend against technical support scams

Scammers may contact potential victims via phone calls, emails and instant messages on social media platforms. Here’s what you need to do if you or a family member are contacted by individuals claiming to be tech support agents: 

• If you receive an unsolicited call from tech support providers offering assistance for your computer or software, hang up immediately
• Never give remote access to your device to individuals who call you and claim that your computer is infected with malware
• Don’t click on pop-up virus alerts that appear in your window, and never call the numbers advertised
• Don’t provide financial or personally identifiable information, and never access links that ask you to enter your credit card number to pay for the “support” agent’s assistance
• Install a security solution on your device that offers real-time protection and web-filtering to make sure you don’t land on fraudulent webpages
• Research the company before paying for any services
• If you suspect you’ve fallen victim to a tech support scam, contact your local authorities and credit card company immediately

Security researchers have identified a new Microsoft 365 spoofing campaign that targets specific people in companies, trying to compromise peoples’ accounts such as C-suite executives and other essential positions from the retail, insurance and financial services industries.

Sweeping spoofingcampaigns are an almost everyday occurrence, as companies have to deal with this threat constantly. But there’s a subgroup of this threat that’s better well-aimed and thought out to have maximum impact by targeting executives in companies, giving attacks increase leverage and access.

The new Microsoft Office 365 credential harvesting campaign targeted various C-suite executives and other decision-makers in companies, but with a twist. Criminals looked for people just settling in and hit them during the transition period, relying on the target’s limited knowledge in a new company.

“A large majority of the phishing attacks stopped by Area 1 Security were headed to financial controllers and treasurers at various international companies,” said the researchers. “By targeting the financial departments of these companies, the attackers could potentially gain access to sensitive data of third parties through invoices and billing, commonly referred to as a BEC (Business Email Compromise) attack.”

“This enables the attackers to send forged invoices from legitimate email addresses to suppliers, resulting in payments being made to attacker-owned accounts,” they explained.

The campaign itself used many techniques, depending on the stage or the target, including the deployment of advanced phishing kits, domains that looked very much like the real ones, and much more.

The phishing emails contained various mixed messages such as purported security updates, documents that “need” reviewing, updated policies, and so on.

Security researchers published a complete list of indicators of compromise that should allow companies to stop these attempts before they even reach recipients.

The hacker who claimed responsibility for breaching the live video streams of 150,000 CCTV cameras at police departments, hospitals, and well-known businesses has been charged by the US Department of Justice with hacking more than 100 companies.

Swiss hacker Tillie Kottmann made headlines earlier this month when news broke that cloud-based surveillance startup Verkada had suffered a security breach, with video footage from the likes of Tesla and Cloudflare leaked, alongside feeds from police stations and jails.

21-year-old Kottmann claimed that the hack was possible because Verkada left an internal development system accessible via the public internet, through which it was possible to obtain login credentials for an account that had admin rights on the company’s network.

Kottmann knew that the incident was being taken seriously by the authorities last Friday, when their apartment in Lucerne, Switzerland, was raided by investigators.

However, the indictment by the US Department of Justice actually accuses Kottmann (who also goes by the online handles “deletescape” and “tillie crimew”) of involvement in the theft and publication of sensitive data from more than 100 other organisations.

The US authorities allege that Kottmann and co-conspirators used a variety of techniques to access the source code repositories used by software developers at private companies and public sector organisations, stealing hard-coded admin passwords, access keys, and other method to gain unauthorised network access.

Once inside a targeted organisation, the Department of Justice claims that Kottmann would steal further information – which was then published online on a website called git.rip.

To ensure maximum embarrassment for affected organisations, and to boost Kottmann’s reputation, it is claimed that Kottmann “actively communicated with journalists and over social media about computer intrusions and data theft.”

In the past Kottmann has claimed responsibility for leaking data from Nissan North America, Mercedes-Benz, Nintendo, Microsoft, Adobe, and Intel, amongst others. The Git.rip website was seized by the US authorities the day after Kottmann’s apartment was raided.

“A cybercriminal could be anywhere in the world. Thanks to our foreign partnerships, international borders won’t provide a haven for their illegal activities,” said Donald Voiret, FBI Special Agent in Charge, Seattle. “This indictment demonstrates the FBI’s commitment to working with our partners around the globe to disrupt and dismantle criminal enterprises that target Americans and their businesses.”

If Kottmann is extradited and found guilty in a US court of charges related to computer fraud and wire fraud, they could face up to 20 years in prison.

The FBI’s Internet Crime Complaint Center (IC3) is out with its annual Internet Crime Report, revealing that Business Email Compromise (BEC) remains a lucrative affair for cyber crooks – 62 times more lucrative than ransomware.

According to the report, in 2020 the IC3 received 19,369 business email compromise (BEC) / email account compromise (EAC) complaints “with adjusted losses of over $1.8 billion.”

“BEC/EAC is a sophisticated scam targeting both businesses and individuals performing transfers of funds,” the bureau’s cyber squad explains. “The scam is frequently carried out when a subject compromises legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.”

On the ransomware front, the IC3 received 2,474 complaints with adjusted losses of over $29.1 million in 2020.

The BEC figure makes losses from ransomware sound like peanuts in comparison. In fact, BEC today is 62 times more damaging than ransomware. That’s no small feat, considering that ransomware itself stands out as a highly profitable business in the bigger cyber-threat landscape.

Losses registered in 2020 totaled $4.2 billion, according to the IC3. That includes losses from tech support scams ($146 million), confidence fraud/romance ($600 million), identity theft ($219 million), corporate data breaches ($128 million), lottery/inheritance scams ($61 million), and many others.

Download the IC3’s 2020 Internet Crime Report to scroll through more chilling cybercrime numbers and charts, including victims by age group, the top 20 international victim countries, the top 10 US states by number of victims and victim loss, as well as a compelling list of crime types analyzed.

The share button is not as innocent as it seems. You might be animated by the best intentions when you click it and we don’t want to ruin it for you. On the contrary, we want to add one more: sharing is caring for your data, too.

Fact: A data haul of more than 40 million records belonging to ShareThis users was put up for sale on a dark web marketplace in February 2019.

The 2.7 GB of leaked data included unique email addresses, names, usernames, hashed passwords, and additional profile information such as gender, birth date and addresses. Although there were no signs of financial compromise of users, ShareThis did deactivate accounts and prompt customers to change associated passwords so that malicious actors couldn’t access user accounts.

Was your data exposed in the ShareThis breach? Find out now.

Behind the scenes of the “share” industry

Behind every “share” button there is a company (Share This is one of them) that offers this easy-to-use website-integrated tool to publishers so that they can promote content across channels.

When you share a post or an article, the tracking technologies (including cookies) they use help them create a comprehensive view of your interests, likes and dislikes. These companies enrich the ads and tracking ecosystem by creating user profiles to increase customer engagement and target personalized advertisements.

On top of the customizable social sharing tools, ShareThis collects data about how internet users interact with websites, ads and various content – this happens without the user ever creating an account on their platform. Web pages viewed, country of residence, IP addresses, device IDs, time spent on a webpage and information about the user’s browser are just some of the data points collected and analyzed.

What can you do? Read the Privacy Policy, check if you were exposed.

It’s hard to keep track of how your data is gathered or shared with third parties. Taking time to read the privacy policy of websites and platforms you engage with can help paint a clearer picture.

The good news is that no contact data, such as names, addresses, phone numbers, or financial information, is collected on a regular internet user. Also, according to the privacy policy, email addresses of internet users who chose to share content via email are not collected. The platform, though, may obtain hashed email addresses from partners and advertisers – read more here.

However, like any online service providers, once you subscribe or create an account, you willing to provide particular data that make up your profile. Any content publisher or blogger, who creates an account on the website, will need to provide a valid email address and password or choose an alternative login method, which may create additional ripples in the data-gathering process.

The value of user information in data marketplaces is invaluable. As you may know, particular datasets can be easily linked to individuals in real life. While this data may simply enable better ad targeting, you can never know where or how your information is used.

Becoming a privacy-conscious internet user takes time and commitment. As a first step, you can check if and what personally identifiable information has been compromised in a data breach with Bitdefender’s Digital Identity Protection tool.

The Cybersecurity & Infrastructure Security Agency (CISA) and the FBI have released a Joint Cybersecurity Advisory on TrickBot warning that a sophisticated group of cyber actors are sending phishing emails claiming to contain proof of traffic violations to lure victims into downloading the insidious malware.

TrickBot is a modular, multi-stage Trojan that packs a full array of tools to wage cyber-attacks. The malware is notorious among cybercriminals because, apart from its primary purpose of collecting sensitive data and harvesting credentials from victims, it packs features designed to move laterally across compromised networks and infect other machines. This ability makes TrickBot highly resilient to cleanups, letting ransomware operators establish persistence on the targeted infrastructure and deliver payloads on high-value targets.

TrickBot’s operations were partially disrupted in the second half of 2020, but the two agencies have spotted renewed efforts from “sophisticated” threat actors leveraging the malware.

CISA and the FBI say they’ve observed “continued targeting through spearphishing campaigns using TrickBot malware in North America,” noting that a “sophisticated” group of hackers is luring victims with a traffic infringement phishing scheme to download the Trojan.

“CISA and FBI are aware of recent attacks that use phishing emails, claiming to contain proof of a traffic violation, to steal sensitive information. The phishing emails contain links that redirect to a website hosted on a compromised server that prompts the victim to click on photo proof of their traffic violation. In clicking the photo, the victim unknowingly downloads a malicious JavaScript file that, when opened, automatically communicates with the malicious actor’s command and control (C2) server to download TrickBot to the victim’s system.”

Attackers typically use TrickBot to drop other malware, such as Ryuk and Conti ransomware, or serve as an Emotet downloader.

Alert (AA21-076A) offers granular technical details about the use of enterprise techniques to establish initial access, gain persistence, escalate privileges, evade defenses, call back to the command & control center and exfiltrate data.

MITRE ATT&CK Techniques are also described, alongside a list of snort signatures for use in detecting network activity associated with TrickBot attacks.

To secure against TrickBot, CISA and FBI recommend implementing the mitigation measures described in the advisory, which include blocking suspicious IP addresses, using antivirus software, and providing social engineering and phishing training to employees.