Category: Security

Social media feels like the natural evolution of technology, like something that would have happened no matter what. But there’s a difference between what we would want and what we actually have. It’s too late now to re-model social media, so we have to learn to live with what we have and make better choices from here on out. That’s why the Social Media Day we celebrate on June 30 is a reason to be thankful and wary at the same time.

Today’s social media landscape has its own ecosystem, different from the rest of the internet, with its own rules and users divided by age and interests. Each platform is designed with a niche in mind that seems to coincide with the offerings of the rest but with variations setting them apart. In short, there’s something for everybody, which is why social media is both fascinating and dangerous at the same time.

It would be nice if social media would gather only the good things, but human society is a mix of everything. Like on the rest of the internet, people from all walks of life have access to social media, and, while most use those platforms as intended, others find ways to pervert their original functions to fulfill more malignant goals. 

The Social Media we should have had

Surprisingly, the arrival of social media was foretold in science-fiction novels long before we had the internet. Writers would envision people coming together, talking about current affairs, debating the days’ social issues, talking politics, and influencing each other with poignant and clever remarks.

The online landscape had the potential to elevate the human condition, and some writers believed that’s what would happen. Now, social media has undoubtedly changed the human condition, but no one can say that it was for the better.

Social media should be filled with meaningful ideas, exciting stories and uplifting adventures, all sprinkled with funny images of cats and dogs doing ridiculous things. But we all know there’s a big difference between what we ought to have had and what we actually have.

The Social Media we truly have

While social media has the good things we just mentioned, it’s also filled with the bad stuff in equal measure. It’s also home to hateful people and dangerous criminals. It serves as the perfect medium for malicious campaigns directed by attackers who want to steal what people seem to value the least, their private data.

Private information has to be one of the most undervalued commodities of today’s digital world. People gather so much essential data and metadata about themselves that it becomes difficult to tell what is important and what’s worthless. And the worst part about this is that, sometimes, the data that seems worthless is actually of great value to attackers.

Social media platforms have become so ingrained in our internet life that social media is the internet for many people. Facebook, Instagram, Snapchat, TikTok, YouTube, Tumblr, Twitter, Reddit, and the other platforms all fill various niches, and they all have something in common. They create real-world value with the data they collect and the outlet they offer.

The truth is that these platforms are also great mediums for attackers, who mainly look to steal the data that no one is actually worried about. People post their real-time locations online, answer quizzes that reveal answers to security questions they used for various online services, and keep filling in details in phishing schemes. And that’s not even counting all the malware and offensive content waiting in the shadows.

Our Digital Identity Protection tool allows you to check for data breaches and adjust all of your accounts in minutes if needed. You can also check for social media impersonators and learn more about your digital presence for a more privacy-focused decision.

The Social Media we could have

Yes, social media is filled to the brim with wonderful content and malicious intent. But the negative doesn’t have to outweigh the positive. With the suitable precautions and the proper security solution, the time we spend on social media platforms can lean toward the experience we ought to have and not what we currently have.

We might not have the social media that the science fiction writers promised us, but we can get a little closer by being mindful of what we share online and with whom. Knowing the value of what we post online takes us halfway to more security. An informed user is a powerful user, and the rest of the way is covered by security solutions such as Bitdefender Total Security. You can always check out the 90-day trial that provides complete protection, even when surfing online or looking at funny images of cats and dogs.

This week, Bitdefender researchers spotted a phishing trifecta targeting hundreds of British citizens with fraudulent emails impersonating Her Majesty’s Revenue and Customs (HMRC), blockchain.com and TV licensing. These separate phishing campaigns appear to be the work of a single group, with most of the fake emails sent from the same IP address in Nuremberg, Germany.

Claim your income tax return here

The first wave of phishing emails impersonating Her Majesty’s Revenue and Customs dropped June 22, landing in Inboxes across the UK and Ireland.

In the sample below, fraudsters try to persuade the recipient to claim his tax return of over £3,700 by offering a 24-hour window in which he needs to sign up to a government website.

Users who naively access and provide their data risk account hijacking, financial loss and identity theft.

Bitcoin payment received

The second runner-up of this phishing trio targets cryptocurrency aficionados who have set up an account on blockchain.com, a well-known cryptocurrency blockchain explorer and crypto wallet service. The cyber-crooks use subject lines such as “Bitcoin Payment Received” to lure targets.

In the sample below, one lucky user received a bitcoin transaction valued at over $55,000. Recipients are urged to access a link and log in into their accounts to view additional details of the transaction. Unfortunately, by doing so, the user hands their credentials to the cyber crooks, who can then drain their account.

Something’s gone wrong with your TV licensing payment

Third runner-up in this fraudulent scheme is a phishing campaign masquerading as a payment notification from www.tvlicensing.co.uk.

The message announces to recipients that their latest TV license payment could not be debited from their account. If users do not sign into their online account and pay using a debit or credit card, they risk losing their license. Additionally, their information will be transferred to a debt collection agency. “To change your payment method, have a look at all your options,” the message reads. “So, all you need to do is make sure there’s enough money in your account.

Or , if you prefer to pay the missed amount now, you can sign in online and pay using your debit or credit card. While you’re signed in, please make sure we have your correct bank details.”

Cybercriminals are clearly interested in all kind of user’ data, from account credentials, credit card numbers and assortment of personally identifiable information that can be used to fuel fraud and other identity-theft related crimes.

To protect your personal and financial data, always check the sender’s email address and hover on any embedded links to check the name of the website you’re supposed to access or login into.

Remember, some cybercriminals are not English proficient, so ma sure you read the emails carefully and look for any spelling and grammatical mistakes.

As a rule of thumb, always be suspicious of unsolicited email correspondence, and never provide sensitive or banking information to anyone.

Note: This article is based on technical information provided courtesy of Bitdefender Antispam Lab

The Western District of Washington has sentenced a Ukrainian man to seven years in prison for his role in a hacking gang that are estimated to have caused more than one billion dollars worth of damage.

33-year-old Andrii Kolpakov worked for the FIN7 gang (also sometimes known as Carbanak, Navigator Group, or Anunak) which made its fortune targeting retailers, restaurants, and gambling firms in more than 40 countries around the world, stealing tens of millions of payment card details at thousands of business locations. High profile targets of the FIN7 group included the likes of Lord & Taylor, Chipotle Mexican Grill, and Saks Fifth Avenue.

In a typical attack, boobytrapped emails would be sent to targeted companies posing as legitimate communications through cunning use of social engineering. If the recipient opened the included attachment, their computer would be infected by a version of the Carbanak malware.

In some cases telephone calls from the attackers would accompany the sending of the emails, in an attempt to make the emails appear less suspicious.

Kolpakov’s job within the FIN7 group was to manage and co-ordinate other hackers, tasked with breaking into the computer systems of targeted companies. Internally within the gang, Kolpakov was described as a “pen tester.”

Unusually, FIN7 presented itself as a company called Combi Security, which claimed to offer penetration testing services for businesses. In truth, however, the firm had no legitimate customers.

It remains unclear if all of the hackers employed by FIN7/Combi Security and managed by Kolpakov realised that they were in fact breaking the law.

What is clear, however, is that Kolpakov and other members of the FIN7 gang continued their attacks on US businesses even after they became aware that others in the hacking group had been arrested.

After being apprehended himself by Spanish police in 2018, and eventually extradited to the United States, Kolpakov admitted acted working for FIN7 as both a manager and recruiter, hiring and supervising hackers who breached the defences of corporations and stole data.

Kolpakov has also been ordered by the court to pay restitution in the amount of $2.5 million dollars.

Earlier this year, another member of FIN7 was sentenced to 10 years in jail for his involvement in the cybercrime gang’s activities.

As of last night, hundreds of scam emails purporting to come from Mackenzie Scott, the ex-wife of Amazon founder Jeff Bezos, are flooding inboxes of users in the US, according to Bitdefender Antispam Lab researchers.

The scam campaign, originating from Ukraine, may seem a futile attempt to dupe recipients at first. However, considering the media hype around the billionaire’s $8 billion in charity, some users might fall into the trap.

The scammers don’t use malicious attachments or links to steal recipients’ information, making the email appear harmless. They solely rely on the recipients’ gullibility and curiosity. It doesn’t matter if users are unaware of the most recent donations, totaling $2.7 billion. A basic internet query will confirm that Ms. Scott, one of the world’s richest women, has pledged to redistribute most of her wealth to charities and organizations.

“Hello, i’m Mackenzie Scott Ex-wife of Amazon founder and CEO, i’m donating $ 4 billion to charities, individuals, colleges across the Globe from Scott’s foundation, to provide immediate support to people suffering economically from COVID-19 pandemic,” the email reads.

“And you’re one of the lucky winners, i have a donation grant worth $ 100,800,000.00 Dollars for you, you can contact me for more information if you’re interested.”

Once again, fraudsters exploit the pandemic-induced economic downturn that has affected millions of individuals and businesses worldwide. However, this time, there are no lottery winnings or Nigerian princes to aid in your financial recovery, and the stars have not aligned in your favor.

Users who receive this email or similar ones should immediately delete it. Don’t engage in additional correspondence.

Usually, the scammers will ask you for personally identifiable information, including credit card or bank account numbers, for you to receive the alleged transfer of funds. The fraudsters may even send malicious links or ask you to download attachments that may infect your device with malware, further compromising your data.

Too-good-to-be-true offers such as this one are always a scam. Trust your instinct, and always question “charitable” acts that are so conveniently directed to you.

Note: This article is based on technical information provided courtesy of Bitdefender Antispam Lab

The ongoing vaccination campaigns and easing of travel restrictions have encouraged millions of people to prepare for a relaxing vacation after months of lockdown and social distancing.

Don’t cut your vacation short by neglecting to secure your devices and personal data, and save yourself the headache of losing access to your accounts or finances.

Before departure

If your travel plans and itinerary have already been set, dedicate time to prepare the devices you’ve decided to take with you on holiday.

• Update passwords for all online accounts to protect against any potential credential stuffing attacks. Choose unique and robust passwords, and enable multi-factor (MFA) or two-factor authentication (2FA) where available
• Enable passcodes and PINs on all of your mobile devices to safeguard your data in case the device is left unattended or lost
• Install pending security updates on your smartphone, tablet or laptop
• Install a local security solution with anti-malware protection to protect against malicious attacks while surfing the web on holiday
• Back-up data in case of theft or device compromise
• Install a VPN on all of your devices to ensure your data is safe if you connect to a public Wi-Fi, make online purchases or access your bank account
• Disable automatic Bluetooth connectivity on your device to prevent strangers from connecting to your device in public

While at your destination

• Avoid connecting to free public Wi-Fis in restaurants, airports, cafes or hotels. If you do, chose password-protected networks and use a VPN to prevent eavesdropping on online activity
• Resist the urge to post on social media platforms about your activity and location. You prevent anyone from breaking into your home or using the information to scam your friends and family
• Leave smart devices such as external hard drives, laptops and USBs in a safe at your hotel to avoid data loss and device compromise while exploring the surroundings
• Check your accounts for suspicious activity

Bitdefender Total Security is compatible with Windows, Mac, Android and iOS devices. It offers complete real-time data protection alongside web-filtering technologies to ensure you don’t land on suspicious or malicious websites while browsing. The dedicated browser and VPN will protect your online presence, providing safe online banking and shopping by encrypting traffic on your smart devices.

Adding our Digital Identity Protection tool allows you to check for data breaches and adjust all of your accounts in minutes if needed. You can also check for social media impersonators and learn more about your digital presence for more privacy-focused decisions – only e-mail address and phone number required.

A bizarre bug has been discovered in iOS that can cause an iPhone to crash when it attempts to join a Wi-Fi network with a particular name.

What’s the offending name? Well, I don’t want to put it in the text of this article in case some readers are curious enough to try it out for themselves.

So, here it is as an image:

Security researcher Carl Schou stumbled across the problem, and tweeted a vido of his iPhone getting in a mighty muddle when trying to connect to a Wi-Fi hotspot with that name.

“Neither rebooting nor changing SSID fixes it,” reported Schou in a tweet.

In all likelihood this is a simple goof caused by the way in which the iOS code is parsing the Wi-Fi hotspot’s name, causing a crash. But sometimes silly errors like this can turn into nasty attacks that can be exploited by malicious hackers – so we should always treat bugs like this with the respect they deserve, and fix them at the earliest opportunity.

I wouldn’t be at all surprised if there is a a minor software update released by Apple for iPhones and iPads in the coming days which fixes the problem, but in the meantime here is a way that you can fix afflicted iPhones today:

• Open the Settings app
• Choose General > Reset
• Select Reset Network Settings, and then – when promoted – confirm that you do wish to reset your network settings.

According to a report by Catalin Cimpanu at The Record, authorities in South Korea have filed charges against employees at a computer repair store.

What are the nine charged employees of the unnamed company based in Seoul alleged to have done? Created and installed ransomware onto the computers of their customers, netting more than 360 million won (approximately US $320,000.)

The report says that South Korean police claim the extortion scam began last year, after companies contacted the repair firm hoping to receive assistance in dealing with ransomware infections that had encrypted their systems.

The repair firm reportedly initially assisted victims, helping them negotiate and pay ransoms to retrieve data garbled by the attacks. However, according to The Record, “in at least 17 incidents, the employees modified ransom notes to inflate the original ransom demands in order to obtain larger funds from the victimized companies.”

In some cases the ransoms are said to have been increased ten-fold, allowing corrupt technicians to make large profits when victims agreed that a ransom demand should be paid.

That would be bad enough, but it is further claimed that technicians at the repair store installed a remote access backdoor on customers’ computers they helped recover from attacks, and would use it to launch their own ransomware attacks.

Ultimately, according to reports, the rogue staff would plant ransomware onto the computers of any customers – even those who didn’t bring their computers in due to a ransomware problem.

If there’s one thing that I thought ransomware gangs had learnt in recent years it was not to target organisations on your doorstep.

Just look at the amount of ransomware believed to originate from certain parts of Eastern Europe, but which notably goes out of its way to avoid infecting computers if it detects a Cyrillic keyboard is being used.

The theory goes that law enforcement agencies in Russia might be turning a blind eye to ransomware gangs based in the country, just so long as they don’t cause problems for companies close to home.

For instance, according to an analyis by security experts at Cybereason, the DarkSide ransomware deliberately strives to avoid infecting computers it identifies as being based in the following countries:

• Armenia
• Azerbaijan
• Belarus
• Georgia
• Kazakhstan
• Kyrgyzstan
• Moldova
• Romania
• Russia
• Syria
• Tajikstan
• Tatarstan
• Turkmenistan
• Ukraine
• Uzbekistan

If South Korean police really have successfully identified members of an active ransomware gang, it sounds like the suspects may have made the elementary mistake of targeting companies far too close to home.

In the past we’ve described how stores offering repair services have tricked customers into believing their PCs are infected with malware. It’s something else to take a PC to a repair shop for fixing, only to find that you’re dealing with a potentially bigger criminal than the ones who have caused your computer to seize up in the first place.

A recent phishing campaign targeting Windows machines is attempting to infect users with one of the most recent versions of the Agent Tesla remote access Trojan (RAT).

The malicious campaign, spotted by the Bitdefender Antispam Lab, tries to deliver the malicious payload under the guise of a COVID-19 vaccination schedule that comes as an attachment. 

Most of the attacks seem to have originated from IP addresses in Vietnam. Although telemetry shows a global dispersion of the malspam campaign, 50% of the malicious emails were directed to South Korea.

The messages are designed to look like a business email asking the recipients to go over some technical issues presented in the attachment and register for the vaccine.

 “Attached herewith is the revised circular,” the malicious email reads. “There are some technical issues in the registration link provided in the circular yesterday. Kindly refer to the attached link. For those who had successful register earlier, kindly ignore this email.”

Active for over seven years, Agent Tesla has been used frequently in phishing campaigns seeking to steal user credentials, passwords and sensitive information.

The updated password-stealing capabilities and security-dodging techniques paired with the malware distribution-as-a-service business model have proven highly profitable.

Agent Tesla’s popularity surged during the second half of 2020, with more than 46% of all global Agent Tesla reports occurring in Q4.

The malicious attachment (AC 2021 09 V1.doc) is in fact a RTF document exploiting a known Microsoft Office vulnerability. Once accessed, the document downloads Agent Tesla malware.

After the malware has collected all the information from the victim’s system, it exfiltrates the credentials and other sensitive data via the SMTP protocol (email) back to an email account registered in advance by the attackers.

According to a joint CISA and FBI advisory, CVE-2017-11882 was among the most exploited software vulnerabilities between 2016 and 2019. So it seems that bad actors are still hunting for outdated and unpatched software that can easily be compromised.

Indicators of compromise

MD5	Name
5e7a8b39eff3dfe0374c975fe75a5304dc64b85da4788153796a9bb1f6d44c3c	Trojan.GenericKD.46463520
675e2470a3c7fe645fe445c95ae152a2dd2d2ccedb366e3cc1e070bb31c59ec4	Trojan.GenericKD.46464231

Bitdefender detects the AC 2021 09 V1.doc as Trojan.GenericKD.46463520, while Agent Tesla malware is detected as Trojan.GenericKD.46464231.

To avoid device and data compromise, always verify the validity of messages before accessing any attachments, patch any used software and install a security solution on your device. With Bitdefender Total Security, you get the best anti-malware protection against e-threats across all major operating systems. The real-time protection feature included in our security software offers continuous protection against all e-threats, including viruses, worms, Trojans, ransomware, zero-day exploits, rootkits and spyware to keep you and your data safe.

Note: This article is based on technical information provided courtesy of Bitdefender Labs

Stop Cyberbullying Day has been promoting good digital citizenship practices for more than a decade to make the digital world a better and more welcoming place for everyone.

This year, we’re reminded of the challenges and risks children and teens face when using digital technologies. Stuck at home during the pandemic, kids have turned to social media, gaming platforms, and instant messaging apps where safe digital encounters are not a given.

According to The Cybersmile Foundation, 60% of internet users have been exposed to bullying, abuse or some form of harassment online.

“Stop Cyberbullying Day is a reminder that although the Internet is one of the most powerful and effective tools on earth for making the world a better place – unfortunately, it also highlights the reality that there are still lives being destroyed on a daily basis when this power is abused or used for the wrong reasons,” said Iain Alexander, Head of Engagement at The Cybersmile Foundation.

Cyberbullying can take place over a cell phone, computer or tablet — devices found in most any home. It involves sending, posting or sharing damaging or false information about individuals online, including personal and private information that may cause negative long-term psychological effects for victims.

While cyberbullying may take place on any digital platform, social media platforms such as Facebook, Instagram, Snapchat and TikTok are prone to negative behavior and mean comments due to the visibility of messages and posts to others outside a trusted circle of friends and family.

Online harassment and bullying can also extend via text messaging and online chat rooms, email and gaming communities, allowing for persistent and continuous embarrassment for victims.

Parents and caretakers may not always be aware that cyberbullying is taking place, as victims may feel ashamed and unwilling to communicate with others. However, unlike face-to-face bullying, cyberbullying leaves a trace on the Internet, so it can be easier for parents and victims to gather evidence and put a stop to the harassment.

The Bitdefender Parental Control feature enables parents to check if their children engage in conversations with unknown individuals and monitor access to damaging websites.

Based on a child’s age, the Parental Advisor will automatically choose the best privacy features that can be fine-tuned for the parent’s and child’s needs by managing screen time and blocking incoming calls that have no Caller ID, among others.

In December last year, we reported how the email and mailing addresses of some 270,000 Ledger customers had been published on a hacking forum following a data breach.

At the time we warned users of the hardware cryptocurrency wallet to watch out for phishing scams that might attempt to steal users’ credentials.

What we hadn’t predicted was that cybercriminals would use a rather more elaborate way to steal users’ credentials.

As Bleeping Computer reports, some Ledger customers have received fake replacement Ledger devices via the post, alongside a letter that claims it is a replacement hardware wallet that should be used in the wake of the earlier data breach.

In a Reddit post, a Ledger customer shares photographs of the package he received as well as the contents of the letter which purports to come from Ledger’s CEO:

Dear Ledger client, As you know, Ledger was targeted by a cyberattack that led to a data breach in July 2020. We were informed about the dump of the content of a Ledger customer database on Raidforum. We believe this to be the contents of our e-commerce database from June 2020. At the time of the incident, in July, we engaged an external security organisation to conduct a forensic review of the logs available. This review of the logs enabled us to confirm that approximately 1 million email addresses had been stolen as well as 9,532 more detailed personal information (name, surname, phone number and customer wallet information) that we were able to specifically identify. For this reason for security purposes, we have sent you a new device you must switch to a new device to stay safe. There is a manual inside your new box you can read that to learn how to set up your new device. For this reason, we have changed our device structure. We now guarantee that this kinda breach will never happen again. We deeply apologize for the inconvenience caused to you due to our faulty security systems. Note: This new device doesn’t work for new setups. You need to follow 6 step installation guide which is inside your box. Once you successfully installed you can start to use your new device.

Accompanying the letter was a shrinkwrapped Ledger box, containing a modified device.

Of course, it’s easy to take the packaging for a Ledger Nano X, replace its contents with a fake hardware wallet, and then shrinkwrap it again.

Ledger has confirmed that the device purporting to be a Ledger Nano X inside the box is fake: “A flash drive implant has been connected to the printed circuit board. It contains a file with a fake Ledger Live app. There are enclosed instructions in the Nano box which ask the user to connect the device to their computer, open a drive and run the fake Ledger Live app. To initialize the device, the user is asked to enter his 24 words in the fake Ledger Live app. This is a scam. A Ledger Nano is not a USB device. It does not contain any application to download and install on your computer. The only way to download the Ledger Live app is by using the official download page. Plus, Ledger and Ledger Live will never ask you to share your 24-word recovery phrase.”

In short, if you make the mistake of plugging the device into your computer and running the program contained on the device, you are putting the security of your PC in peril and might be one step away from handing over the keys to any cryptocurrency you might have stashed away.

As attempts to break into cryptocurrency wallets go, it’s certainly more of a parlarver than the typical phishing attack or optimistic malware-laced email, and must take much more time for the attacker. But then, if you’re vying to break into somebody else’s cryptocurrency fortune that may well be time you believe well spent.

The best advice for owners of hardware wallets would seem to be to remain suspicious of all communications related to their devices – whether they be via email, phone, or parcel.