The cyber arena is an integral part of the life of millennials because of which nothing ever seems to take place offline. However, anti-phishing protection becomes necessary when we deal with new websites, new people, and new technological advancements every day as the times are difficult, and cybersecurity is at stake with the existence of countless malicious actors. There are innumerable instances of cyber-attacks being launched by the attackers, which have made individuals, companies, and governments suffer financially, socially, politically, and emotionally. Here is an account of the most recent cybercrimes to help you better analyze the dark reality of the digital world.

 

Massive Increase In The Spread Of Shade Ransomware

Recently, multiple groups of researchers have pointed out the sudden and drastic rise in the spread of Shade ransomware with 1100 instances of phishing emails being recorded in June 2019 and the figures rising to over 6000 in the next quarter. The targets predominantly target Mexico and Russia; however, potential victims were from the UK and Germany.

The ransomware is continuously being updated by its developers, and now it can encrypt not only files but also mine cryptocurrencies and amplify traffic to generate revenue in particular websites. The Shade ransomware is the most widely circulated malware over email phishing attacks. Selling by the name Troldesh, the ransomware uses constantly changing Tor command-and-control (C2) servers, which make it untraceable and unblockable.

Researchers further noted that Shade ransomware is the primary malware used to attack computers in H1 2019. Troldesh comes with unique readme#.txt files that leave the ransom message on the infected system. The ransomware has been quite popular and very successful in tricking people by dint of its ability to evade phishing email prevention methods.

 

Attackers Impersonate Retail Websites

The newest and widely used means of conning people employed by the attackers include creating fake domains that largely resemble the websites of retailers. These fraudulent domains use valid TLS certificates to enhance their credibility and are targeting 20 retailers from the U.S., U.K., Germany, France, and Australia. This method comes as a great invention to fool online shoppers into giving away their bank credentials and thereby stealing their money and personal details.

It is interesting to note that the attackers have already registered over 100,000 fake domains so far, and a particular US retailer has more than 49,500 look-alike domains created by the attackers that target its many customers.

A majority of fake domains use free certificates from Let’s Encrypt.

What Can Be Done?

To prevent phishing attacks, the retailers must look for such fake domains and help the whistleblowers in blacklisting these malicious websites. They must also incorporate Certificate Authority Authorization (CAA) to the DNS records of their domains and subdomains as a security measure. As for the customers, they are to properly check the authenticity of a website before entering their personal details.

 

Expect Phishing Emails Ahead Of Black Friday

As Black Friday (29 November) approaches, researchers ask customers to be on the lookout for fraudulent emails that might appear to be from the retailer but are actually attempts at cyber attacks. An email with an offer that seems too good to be real must be re-verified to check whether or not it’s genuine. Research has shown that a scary majority of 85% of the European retailers have not incorporated anti-phishing solutions to safeguard themselves and their customers from cyber-attacks.

Black Friday is the time when many shoppers scavenge for the best possible deals available online. This means that it is also the time when retailers send out emails to their customers citing their best deals. It is this opportunity that attackers seize. Retailers are supposed to incorporate strict domain-based message authentication, but 60% of the retailers in the UK do not have any such email phishing protection. This makes them all the more prone to attacks and shows the attackers an easy way to steal the identity details of persons and businesses.

As per a study, the retailers in Germany, Sweden, and the Netherlands are most vulnerable to email frauds, and although the UK based retailers aren’t the prime target of attackers, 60% of them still remain vulnerable to phishing and other email frauds.

What Can Be Done?

  •   Strong passwords should be used by customers to keep themselves safe.
  •   They must also ensure that they do not use the same password for more than one account.
  •   Furthermore, avoiding the use of open-access Wi-Fi is advisable as it enables the attackers to intercept the data transferred over such an open network.
  •   Customers must adequately analyze whether a website begins with “https” or “http” as unencrypted transfer protocols like “http” are unsafe to make online purchases.
  •   Also, users must watch out for fraudulent websites that look exactly like genuine ones. These can usually be demarcated via minute grammatical errors or typos that often go unnoticed.
  •   Lastly, one must be extremely cautious and not click impulsively on any link that’s attached with an email with questionable origin or nature.

 

Data Breach From PACS Servers

Picture Archiving and Communication Systems (PACS) are used by hospitals and healthcare organizations to preserve medical images for future references. However, these PACS are often unprotected, and a consequence of this was a recent leak of over 1.19 billion confidential medical images from nations like the United States, India, South Africa, Brazil, and Ecuador who are known to use PACS. Leaky PACS servers were used by these nations, who collectively account for 75% of the total images exposed.

Over 786 million of the publicly exposed images are found to be from the United States, 121 million images from India, 38.2 million from South Africa, 42.3 million from Brazil, and 13 million from Ecuador.

Why Did The Breach Happen?

The pictures of patients are out there on the web available to the access of almost anyone. The primary reason behind this leak is the poor implementation of anti-phishing measures. The healthcare providers in the affected nations failed to follow the HIPAA rules because of which 6.6% of their consumers underwent such serious medical identity theft. The healthcare providers must have a list of public-facing IP addresses of their organizations and maintain them regularly to check for threats. The physicians, too, must take some security measures such as encrypting data and adhering to data privacy rules before storing patients’ data.

 

Decryption Tool Unveils Jigsaw Malware

In the latest technological invention, tech security company Emsisoft came up with a free decryption tool for Jigsaw ransomware. The Jigsaw ransomware functions by borrowing themes from horror movies and thereby inducing fear in the minds of victims to pay the ransom. This Emsisoft tool can unlock 85 variants of the Jigsaw malware presently and shall be updated from time to time to unlock its new variants as and when they emerge.

How Does The Malware Work?

The ransomware Jigsaw has been pestering people to pay up ransom since 2016 and has been causing quite some chaos through its vicious policy of encrypting and deleting files when the due date for paying the ransom has passed. The malware keeps deleting files by the hour, and at the end of 72 hours, all files get deleted. It re-launches itself if a user happens to reboot his system. Depending on its variant, the ransom demanded may range from $20 to $2,000.

However, Emsisoft’s innovation is a benchmark in phishing protection and shall hopefully prove to be the answer to the malicious actions of Jigsaw.

 

anti-phishing

 

Major Ransomware Attack Hits French Hospital

In what seems like the most severe ransomware attack in Europe after the 2017 WannaCry attack that hit the U.K. National Health Service (NHS) hospitals, Rouen University Hospital-Charles Nicolle in the north of France was hit by a ransomware attack. The attack affected all 5 sites covered by the hospital complex. It is a reasonably large hospital with 10,000 staff members and 2,500 beds, and to stop the attack from inflicting further damage, the hospital had to bring down its IT systems.

However, by the afternoon of 18th November, the hospital could restore over a quarter of its affected applications. With the assistance of the French National Agency for Information Systems Security, the hospital is expected to be able to restore all its systems within a week.

Although it is not yet known who the attackers are, no ransom has been demanded so far. But as per rumours, 1,500 Euros (approx. $1,660) have been demanded to unlock each of the 6,000 infected computers. Not many concrete details have presented themselves, but what we can say for sure is that the attack hasn’t led to the loss of any patient data.

 

New Android App Enables Viewing Private IG Accounts

An android app called “Ghosty” comes with a ghost-like feature of going right through someone’s privacy. The app allows a user to spy on private Instagram accounts – the feature that is disabled by Instagram itself. Facebook had spotted this faulty app and brought it to Google’s notice, who was quick in removing the app from the Google Play Store. However, chances are, the app still persists in its malicious intents.

Facebook had warned Ghosty to send a cease and desist letter, which proved to be momentarily effective as the application was soon removed.

What Does The App Do?

The developers of Ghosty exploited the trust placed on them by people. The app functioned in a chain-like process wherein users needed to provide access to their profiles and also invite other people to do the same. Now, when a person with access to a private profile joined the network, everyone else on the network also got the same access. The app also charged a subscription fee from its users.

Instagram said that it takes necessary measures to prevent phishing attacks, but it’s still a mystery to them as to how Ghosty could evade its privacy filters. A Facebook spokesperson notified that work is in progress to ensure protection against phishing and to take action against the developers of Ghosty.

 

Mozilla Triples Payouts For Bug Finders

In perhaps an attempt to match up the rest when it comes to rewarding researchers who find glitches in their servers, Mozilla has announced that it will expand its bug bounty program to cover a range of new sites and services and also triple its maximum payout. This comes as a step to celebrate fifteen years of its existence. This means that a person who manages to find a legitimate fault in the code execution bug in Firefox, its payment subscription service, VPN, localization, code management tools, speech recognition, etc. stands a chance of winning $15,000.

However, Mozilla’s rewards are still incomparable to its contemporaries. For instance, Intel, offers $500 – $100,000 (based on the severity); Microsoft offers $15,000 – $300,000; Dropbox offers up to $33,000; Twitter offers up at $20,000; Google offers at least $150,000 to anyone who can crack its ChromeOS in guest mode. Huawei announced that it will pay $220,000 to anyone who points out a critical vulnerability in any of its Android devices (Mate, P, Nova, Y9, and Honor) and up to $110,000 for a high-severity spot. But the greatest of them all is the amount offered by Apple. Apple pays $1,000,000 to anyone who can hack an iPhone without anyone clicking or tapping something. These prove to be a nice means of encouraging all those who religiously work towards ensuring protection against the perpetrators.

With that being said, Mozilla’s decision to triple its payout in spite of being a nonprofit symbolizes that it’s profitable for a company to follow the ongoing trend and engage in such bug hunting. It also hints at Mozilla’s attempts at trying to get more users onto its services.

 

24-Year Sentence Doesn’t Hinder Malicious Works Of Nigerian Hacker

Arrested and given a 24-year sentence for being the mastermind behind an intricate web of internet fraud schemes traversing two continents, Nigerian internet fraudster Hope Olusegun Aroke is once again in the limelight. Only this time, he has executed a mega scam from one of the most secure prisons (the Kirikiri Maximum Security Prison) worth at least $1m (£773,000).

Nigeria’s Economic and Financial Crimes Commission (EFCC) is brainstorming on how could Aroke possibly continue working from inside the Lagos prison. Apparently, Aroke was illegally allowed to use the internet and his phone. He was also frequently admitted at the Nigeria Police Hospital in Lagos for an “undisclosed ailment”. In addition to this, he was able to leave the facility to stay in hotels, meet his family, and attend social functions.

Further research revealed that he had two bank accounts under the fake name of Akinwunmi Sorinmade and had purchased a luxury car and homes while he was still at the prison. He also had access to his wife’s bank account token while he was in prison and used it to transfer funds. The Nigerian Correctional Service (who manages the Kirikiri Maximum Security Prison) has kept mum about these revelations.

The war against phishing attack prevention fails when government-employed officials lose their integrity at the offering of some amount of money. It is suspected that the reason why Aroke managed to work in the dark world despite being imprisoned is that he received the cooperation of certain corrupt prison officials.

 

Cyborg Being Propagated Under The Cover Of Windows Update

Cyber attackers are now spreading the ransomware ‘Cyborg’ via phishing emails claiming to be notifications of Windows Update. They are sending people emails that seemingly contain a “Critical Windows Update” but are indirectly installing Cyborg ransomware in the computers of the victims. The attachment in the email contains an executable file which is disguised as a “.jpg” file and leads to the ransomware and also its builder. This can then be sued to create variants of the ransomware.

Unlike other phishing campaigns and emails, the cyborg email didn’t contain a long body message. It instead had a one-liner and to-the-point subject stating, “Install Latest Microsoft Windows Update now! Critical Microsoft Windows Update.” The worst part about this ransomware is that it can be created and spread by anyone with access to the builder. Furthermore, it can be spammed and attached in multiple ways to evade phishing email prevention gateways.