Recent years have witnessed a significant upsurge in the rate of cybercrimes. Not only has the frequency of attacks increased, but even the methods used for launching cyberattacks have also been evolving to include the most sophisticated and unique forms of phishing that phishing prevention almost becomes an unattainable goal for many. However, the least that can be done by us as spectators or apprehensive users of the internet is to stay updated about all the happenings in the cyber world so that we can at least have an inkling of the kind of things to expect while we are online. Here is the list of all the major events related to cybercrime throughout the past week to help you keep abreast of all changes.
Cash App Vulnerable To Cyber Attacks
Cash App is a payment service provider who often rewards customers with free coupons or prizes. It is facilitated on social media platforms such as Twitter or Instagram, under hashtags similar to #CashAppFriday and #SuperCashAppFriday. But in the most recent form of cyberattack, the hackers have constructed a scheme of impersonating this entire process utilizing similar hashtags and screenshots or pages supporting their claim.
The attackers are luring customers with fake giveaway campaigns. They first ask the customers to send a small amount of money to process the ‘gift amount’, which is at times even ten times higher than the amount demanded. They even accept prepaid or gift cards as the initial payment. To further increase their credibility, they post images of ‘successful transactions’ of customers who have won rewards using their pseudo Cash App. To evade anti-phishing tools further, the attackers encourage customers to sign up for services with a provided referral code, luring them with the greed of money offers in exchange.
Their approach is somewhat different when it comes to YouTube. When it comes to Cash App scams on YouTube, these scammers use YouTube to promote ‘money generators’ or ‘cash app hacks’ instead of running fake Cash App campaigns.
Small Businesses Suffer Due To Data Breach
When a data breach hits big companies like Equifax, Facebook, and Target, they sure incur some significant losses and have a disruption in the functioning, but they are soon able to outgrow that stage of helplessness. But it takes a lot more time, effort and energy for a small business to revive from such an attack. More often than not, such an attack makes these small firms go out of business or go bankrupt, compelling them to force shut their enterprises.
In a recent research report released by the National Cyber Security Alliance, it was found that 10 percent of the small businesses taking the survey went out of business, 25 percent filed for bankruptcy, while 37 percent experienced a financial loss after a data breach. Firms are always under the impression that they are the next victim of the cybercriminals.
The report also revealed that over 46% of the businesses were confident that they had the required phishing protection services in place. 58% of the companies already have a plan of action in place, and another 36% claim to be equipped even to work manually if an attack brings down all their systems.
New Malware ‘Raccoon Stealer’ Gaining Popularity
Yet another invention from the adversaries’ end is the newest form of malware called “Raccoon Stealer”, which is designed to be an information-stealing malware. The malware has been under the researchers’ vigilance since April this year, and they found that despite being relatively new, the malware has managed to hit thousands of devices.
Raccoon Stealer is true to its name and steals credit card details, cryptocurrency wallets, mail clients, and browser-related data with the speed of a raccoon and is currently one of the most widespread malware in the dark world. It is speculated that Raccoon Stealer has Russian roots because it was first promoted in Russian-speaking forums. It sells as malware-as-a-service (MaaS) and includes many English-speaking forums.
The malware evades phishing protection through its systematic ease of stealing information and then deleting all evidence. The malware reaches a system via exploit kits, bundled malware, or phishing and then collects sensitive data from the infected system. This data is stored in the “temp” folder and might probably be used for blackmail or financial gain later. The data is then packed as a ZIP file and sent to the command-and-control server. With that done, the malware wipes its binary from the machine using the delete command, thus eliminating all chances of being discovered.
Data Breach At SC Hospital System
Prisma Health Midlands, which was previously under Palmetto Health in the Midlands and Greenville Health System in the Upstate, recently underwent a data breach that compromised the personal details of about 19000 patients and 3000 volunteers. Among the particulars compromised were the full name, address, birthday, and additional health information of patients. In some cases, the details also included a patient’s Social Security Number. The breach took place because the hackers could get through via an employee’s login credentials. However, no medical records could be accessed by the attackers because the employee’s login access was limited.
The anti-phishing protection measures adapted by Prisma include conducting an extensive investigation and blocking suspicious or unusual access to the Palmetto Health website. They have also changed the employees’ passwords. The Hospital has been very honest about the breach and is trying to inform all affected patients via email. It has also asked patients to remain vigilant and report any unusual activity that they notice in their accounts. Further, they have offered free credit monitoring, and identity theft insurance to all those people whose social security numbers were compromised in the breach.
Spear Phishing Attack Hits Ocala City
The Ocala City lost $500,000 to attackers in a spear-phishing attack where the adversaries impersonated a construction contractor working with the city and sent an email with a payment invoice. However, the twist in the story is that the email was from a fake address that had an extra letter in it, which wasn’t there in the email address of the actual construction worker, but the invoice was a genuine one. How the adversaries got hold of the real invoice is a mystery unsolved as yet, but it was enough to make the Ocala employee fall in the trap.
The Ocala city immediately sent the due amount of $640,000 to the fraudulent bank account. However, upon discovering the attack, the city reported the issue to law enforcement agencies at once. Luckily for them, $110,000 was still in the attacker’s account, which was seized. The city lost approximately $500,000 to this phishing attack.
The Ocala city affirmed that the losses have been limited to finances and that no customer data or system information was compromised. The city has initiated spear-phishing attack prevention measures to minimize the probability of such attacks happening in the future. They also plan to have an internal investigation to develop a dealing mechanism for phishing attacks.
Facebook Accuses NSO Group Of Attacking Whatsapp
Facebook files a legation petition against the NSO Group – an Israeli cybersecurity company accusing it of hacking the Whatsapp accounts of users earlier this year. Facebook says that the NSO group used its flagship software, “Pegasus”, to spread malware to 1,400 mobile phones with the objective of cornering journalists, diplomats, human rights activists, senior government officials, and other parties. The NSO Group couldn’t hack Whatsapp, now owned by Facebook, but they did manage to infect the devices of customers as per the claims of Facebook. The NSO group can now access the Whatsapp messages once they are decrypted on the receiver’s device.
Facebook also mentions another company and alleges it of being involved with the NSO. It names Q Cyber as the second defendant in the case. Facebook says that NSO used Pegasus not just to get into Whatsapp but also other messaging platforms like Apple’s iMessage, Microsoft’s Skype, Telegram, WeChat, and Facebook Messenger.
The anti-phishing solutions adopted by WhatsApp in this regard include informing all the 1,400 users about the suspected intrusion. It feels that the mobile phone is meant to facilitate more comfortable lives for everyone, but the moment these phones are attacked, they only bring a person’s doom.
Ransomware Attack Hits Las Cruces Public Schools
In yet another attack on a school district, the Las Cruces Public Schools became a victim, which compelled the authorities to bring down the computer system of the entire area for stopping the malware from spreading. All sorts of communication via email and other computer-based medium have been temporarily stopped between schools. Although attempts continue from the district to restore all services, yet the communication disruption is indefinite. They have now taken to phones and handheld radio stations to communicate between schools in the district. However, the schools have not let this attack disrupt classes and have tried to maintain normalcy. It is unlikely that any staff or student data was compromised in the attack.
In attempts to ensure protection against phishing, the New Mexico State University has instructed its staff to refrain from opening any emails that come from Las Cruces Public Schools (LCPS) as they fear that some malware may be sent to them from the compromised email address of the schools. Furthermore, Direct Network Access to LCPS and incoming traffic has been blocked temporarily.
It is speculated that this rampant rise in the number of attacks on school districts is because the attackers are aware that public sector organizations are usually not very prepared for attacks like this as they need to provide public services.
Curry PC World’s eBay Account Compromised By Attackers
Hundreds of thousands of pounds were lost by over 600 customers of Curry PC World in a recent cyber attack where the attackers hijacked the retailer’s eBay account. The hackers successfully change the payment details on a number of eBay listings, including for the iPhone 11, which made it possible for them to steal money from the unthinking customers who pay for goods using their PayPal accounts.
However, three companies – Currys PC World, eBay, and PayPal have assured all customers that their money would be refunded. While eBay claims that the issue has been resolved now and that customers can continue shopping without any apprehensions, PayPal strives to reverse any affected transactions. PayPal instructs its customers to raise an ‘item not received’ case via their PayPal account in case their money is not refunded in due course of time.
The attackers used an email address that was identical to that of Currys PC World to access their eBay account. They then replaced the real email on listings with a fake one, and all those customers who made purchases during that period fell into the trap and ended up sending their money to the account of the attackers.
Some phishing prevention tips have been extended by cybersecurity expert Graham Cluley considering the vulnerable position of customers in the online market today. He says that this was a scam that exploited the close similarity between two different characters or letters and is known as a homograph attack. He advises people to enable two-factor authentication for their accounts and also to have a password manager, which protects passwords from phishing attacks.
Cyberattack On Home Retailer Bed Bath & Beyond
The home retailer company Bed Bath & Beyond recently announced that it had been a victim of a cyber attack where attackers illegally procured their email and password information. It might have been a severe attack, but not many people were affected by the breach. No card details of customers were stolen or customer accounts compromised in the breach, and hence, it had been kept concealed.
However, as an anti-phishing protection measure, the company has hired a leading security forensics firm and also has executed remedial measures. The company has cyber incident insurance, which shall make up for the financial losses incurred by the company in the breach.
Card Details Of Indians Put Up In The Dark Market
Payment card details of as many as 1.3 million users have been put up for sale on the largest carding shop available online – Joker’s Stash. Almost the entire stock of card details uploaded belongs to Indians. Researchers at Group-IB first discovered this document with the card details. They further added that the card details were being sold online for prices as high as $100 for every card. It is speculated that the adversaries accessed the card details through skimming devices that are installed either on ATMs or PoS systems.
The card details belong not to one bank alone and have the details of users from a variety of Indian banks. This rules out the possibility of a breach at the ATM system of one particular bank. Group-IB’s Threat Intelligence team is currently analyzing the breach to ensure protection from phishing in the future. They have scrutinized over 550,000 card dumps from the database so far and found that over 98% of the cards belong to Indian banks, and about 1% to Colombian banks. Out of the 550,000 cards that they could check, over 18% of cards belong to a single Indian bank.