What looks like a legitimate app secretly works as a botnet; what seems like a harmless email from a service provider may be a phishing scam. Nothing on the internet is safe anymore – cybersecurity issues are a severe threat for individuals and organizations alike, which makes it essential to stay abreast of the latest cyber news to keep your information assets secure from falling into the hands of cyber adversaries.
Beware Of Malicious Video Streaming App Mobdro
An android app called Mobdro works as a platform to broadcast pirated videos (sporting events) on the surface but secretly sells users’ personal information and traps user devices into proxies and DDoS botnets. The Spanish police have recently seized this malicious app’s servers with over 100 million downloads; its operators have been arrested as well.
Investigations on the app’s suspicious activities began in 2018 when the Spanish Football League, the English Premier League, and other associations had reported the app. It wasn’t until last month that the investigations yielded any result. Consequently, there were four arrests, twenty blocked servers and web domains, frozen bank accounts, and two server shutdowns. It becomes imperative to take ransomware protection seriously because selling user information is a lucrative business – Mobdro operators made over €5 million via these seized documents. Revenue came from showing ads, selling users’ data, and using the devices as proxy bots in DDoS attacks.
However, this revelation doesn’t surprise experts because they knew its malicious code and activities as malware. The app isn’t circulated through Google Play Store, which again points at its gory nature.
Simultaneous DNS Hijack At Cream Finance And Pancakeswap Cryptocurrency Services
The cryptocurrency portals’ visitors portals, the Cream Finance and PancakeSwap, are getting redirected to a fraudulent website homepage where adversaries try to collect their private keys and seed phrases. Both outlets have notified visitors of this DNS hijacking attack through Twitter posts. It is suspected that the same attacker is behind both attacks since their DNS records were changed simultaneously.
The private keys and seed phrases let the attackers into the users’ cryptocurrency wallets and steal their funds. It is advised for Cream Finance and PancakeSwap customers to use email security as a service and refrain from visiting the infected websites, at least until the two portals notify about resumed services on Twitter. In yet another revelation, it was found that both the cryptocurrency portals used the web hosting company GoDaddy to manage their DNS records. This narrows down the attack vector to two possibilities – either the adversaries compromised the individual web hosting accounts of Cream Finance and PancakeSwap, or a GoDaddy employee account was compromised (since such attacks have been frequent in the past).
Income Tax E-Filing Web Page Linked Scam Targets Indians
US and France-based hackers are impersonating the Indian income tax e-filing web page to target the ICICI, SBI, Axis Bank, HDFC, and PNB. The circulated messages prompt users to apply to receive their income tax refund. However, the attached link leads them to a fake webpage looking precisely like the original income tax e-filing web page.
The third-party cloud hosting providers associated with the IP addresses use HTTP instead of the secure HTTPS protocol. Further, it asks users to download an application (Certificate.apk) that doesn’t come from Play Store and instructs users to give administrator rights and other permissions. The information compromised inside the fake income tax e-filing website includes users’ name, address, Aadhar number, PAN, DOB, contact number, email, gender, account number, IFSC, card details (including pin), etc. With these many details exposed, financial losses are destined. The scam also asks for users’ online banking credentials, which seals the deal for them. Users are advised to use email protection and pay heed to cybersecurity guidelines.
The Risk Of Using Outdated Android Versions For Work
A recent Lookout report states that only 0.08% of the Android devices used by US government employees run on the latest version. Almost a quarter of government employees run on Android 8 (the 2017 version), which has at least 636 known vulnerabilities. Naturally, this exposes them to app threats, phishing scams, and other device and network threats. With the pandemic on, the risks from such attacks increased further as more and more people began working from home and on their mobiles.
The report revealed that iOS users are comparatively less prone to attacks because of the increased adoption of the latest updates. Federally managed devices (2.66%) generally show a low vulnerability to attacks than unmanaged devices (16.62%). The same is valid for local or state-managed devices (6.18%) and unmanaged devices (11.02%). The study also revealed that vulnerability to attacks was more for BYOD (Bring Your Own Devices) employees even if the number of unmanaged devices was less.
Workers are advised to update their mobile systems regularly and get patches as soon as they are released. The organizations must have an approved device list for BYOD devices to enhance the implementation of cybersecurity tools. Further, they must train employees to identify phishing attacks adequately!
Mindmaster Behind The 2020 Twitter Attack Gets Sentenced
The US Department of Justice has finally sentenced the juvenile cybercriminal who took Twitter by storm in July last year with the hack of several verified Twitter accounts, including that of Elon Musk, Bill Gates, and former President Obama. Eighteen-year-old Graham Clark will have three years of probation after serving time in a juvenile facility.
The Florida Department of Law Enforcement (FDLE) found him guilty of using several social engineering and hacking tactics to access the Twitter employee and user accounts and post the bitcoin scam, which raised funds over $117,000 from ordinary citizens. The judgment serves as a lesson for cybercriminals to take cybersecurity seriously or be ready to face the consequences.
Chinese Hacker Group APT31 Responsible For Attack On Finnish Parliament
The Finnish Parliament’s principal attack that took place last year has been linked back to the Chinese state hacker group APT31 (Zirconium or Judgment Panda). The attack had compromised some parliament email accounts (belonging to MPs).
Investigations by the Parliament’s security team, the Finnish National Bureau of Investigation (NBI), the Security Police, and the Central Criminal Police traced the attack as an APT31 operation. The hacker group has been involved in similar espionage and cybersecurity incidents in the past. The authorities have withheld further information on the incident until the completion of investigations.