The world of cybersecurity has been ripe with newer claims and counterclaims. From the past week, the fight against phishing remains relentless. However, being ahead in the race remains the priority of every Information Security specialist. Let’s look at some of the headlines that gave us a glimpse into the mayhem called cybersecurity.
Leaking Of Businessman’s Emails Leads To A Lawsuit Against Indian Hackers
Farhad Azima, an Iranian-American businessman, has levied accusations against a couple of Indian companies to steal his email credentials and publish it on the internet.
The two companies that have been accused of doing so are CyberRoot Risk Advisory, an Indian Security company, and BellTrox Infotech Services, a New Delhi based IT Services Company. These companies were working on behalf of an American company named Vital Management Services.
The individual was a victim of an active phishing operation, which later came to light through anti-phishing protection operations.
Seven Mobile Browsers Report Vulnerability That Enables Adversaries To Spoof Their Address Bar
For those unfamiliar with the term, an address bar spoofing is a shortcoming on the part of the web browser, allowing a malicious website to convert its original URL and display a fake one, mimicking a real website.
The browsers found to be vulnerable to such cybersecurity threats are:
- UC Browser
- Opera Mini
- Opera Touch
- Yandex Browser
- Bolt Browser
- RITS Browser
Such online cybersecurity threats occur for two reasons:
- The browser may have been outdated, and no new updates installed.
- The ability of the phishing agent to attract users into using the fake site.
The easiest way to counter such phishing attacks is to update their browsers regularly. Also, migrating to a browser that does not show such vulnerabilities is deemed a pertinent move too.
The UK Accuses Russia Of Preparing For Cyberattacks During The Tokyo Olympics
The Government of the United Kingdom has accused the Russian Federation of preparing for cyberattacks during the upcoming Tokyo Olympics. In a press note, it was mentioned that the areas of concern were the Games’ organizers, the services that dealt with logistics, and the Games’ sponsors.
The UK National Cyber Security Centre said that the Russian Federation had conducted Reconnaissance operations with the idea of sabotaging the Games. Such actions were deemed to be reckless and flouted all legal mandates.
Such an attack was reminiscent of the attack that occurred against the 2018 Winter Olympics organizers, held at Pyeongchang, South Korea.
It has been further stated that this attack during the Winter Olympics was in response to the banning of Russian athletes by the International Olympic Committee to participate under the Russian flag because of the doping issue.
Cyber Security experts are concerned about the increased sophistication of the phishing attacks and forecast that such incidents will increase in the future if adequate cyber-security countermeasures are not initiated at the earliest.
Affiliate Network Suffers Outage Due To Severe Cyberattack
Commission Kings suffered a severe outage due to a cyberattack. The event started on Friday, October 16th, and has been ongoing ever since.
Users who are registered to the company have complained that all brands have been temporarily removed. Maintenance work has been furiously going on to restore the website to its original glory.
If someone is visiting BetOnline, then a message is flashed stating the current situation and the activity being undertaken to restore the website to its previous state.
However, an official statement from BetOnline has asked its users not to worry about their wagers since they were still valid.
These cyber-attacks have increasingly become a reality for all major online betting companies, and anti-phishing measures are gradually being put in place to counter any future incidents.
Emotet Trojan, The New Lure For Windows Users
The operators of Emotet, the banking Trojan, keep coming up with new tricks now and then. Emotet is responsible for some of the recent malicious payloads, and Windows users are being warned to be aware of them.
The Trojan lures Windows users by enticing them with false updates. This is a classic example of phishing where the Trojan operators send harmless-looking emails stating Window updates. On clicking the link, the Trojan infects the said system.
These spams used spoofed identities with the impersonation of business partners. It was an easy bet since most users fell for it. This phenomenon has been observed all over the world.
Taking over business conversations and inserting malicious documents is also another method that is being used by Emotet.
It has been further found that a banking Trojan called Emotet was delivering a Trickbot. This Trojan can then be used by the operator for all malicious purposes, as and when required.
Online Extortion On The Rise: DDos The New Weapon Of Choice
Ransom negotiation is no more limited to the real world. The virtual world is replete with such instances too. Recent incidents shed light on the increasing use of DDoS as a blackmail tool to negotiate for money with potential victims.
A recent case involving a foreign exchange firm came to light. Travelex was asked to pay 20BTC in lieu of sparing them from DDoS attacks. They had also threatened to increase the ransom by 10 BTC each passing day if their demands were not met.
The attackers did launch volumetric attacks on the company’s subdomains. A DNS amplification attack was also launched to cause further damage. Travelex did not pay the ransom.
COVID 19: Opportunity For Fraudsters To Bell A Tragedy
The FBI has warned that online fraudsters will be approaching users to ask for donations using websites that would look like genuine charity sites. These phishing attempts are aimed at taking advantage of the pandemic and the shaky sentiments of people.
These scams can appear through social media or emails, and all it takes is one click and get sucked into the quagmire of a cyber nightmare.
With an increasing number of people relying on the internet to remain connected as well as remain employed, it is easier for fraudsters to look out and trap their targets.
Lethargic Systems During Work From Home: Haven For Phishing Attacks
Protection from phishing attacks in the form of regular browser updates, being aware of spam emails, and not letting malicious emails flood your emails were some of the generic methods used to phish users.
However, with the pandemic, the thought of countering phishing and its evil intentions has receded to the background. A study has shown that remote working has led to an increase in phishing since workers were more focused on completing their tasks and remain employed rather than look for cyber vulnerabilities.