The Christmas holidays are a fragile period in the world of cybersecurity. Many organizations undergo unfortunate cyber incidents during this time, and the simplest way to avoid such instances is to learn from the mistakes of others. Here are the top cybersecurity headlines the world over to help you plan your cyber moves better.
Echelon Infostealer Deployed Through Telegram Channel
Of late, adversaries have widely used Telegram to target cryptocurrency users. The latest instance is the exploitation of the “Smokes Night” Telegram channel to spread the info stealer Echelon among crypto users. The attack scheme mainly targets unsuspecting crypto users who may have joined the discussion channel for crypto information. Cybersecurity experts at SafeGuard first discovered the use of Echelon in Telegram channels in October. However, they reported that this credential stealer is widely used in crypto wallets, file-sharing and messaging platforms like BitcoinCore, Exodus, ByteCoin, AtomicWallet, Monera, Jaxx, Edge, Discord, Outlook, FileZilla, OpenVPN etc.
Researchers have no reason to believe that this malware deployment has anything to do with a coordinated campaign – its purpose seems confined to targeting new and unsuspecting users of the channel. While users have not engaged with the malicious message, there is no way to ascertain that the malware didn’t reach the targeted systems.
Phishing Remains The Most Popular Attack Vector in 2021
Group-IB – the popular cybersecurity vendor recently identified a phishing campaign that has robbed users across 90 countries of millions of dollars. The holiday season is just making it easier for them to use their malicious phishing scams. The adversaries of this global phishing scam impersonated 121 renowned brands and lured customers with fake giveaways and surveys. These surveys obviously led users to phishing pages that collected their personally identifiable information like names, contact numbers, addresses, payment card details etc. Group-IB identified over 60 scam networks, each owning over 70 domain names and using a variety of marketing means like pop-up notifications, emails, SMS etc. More than 10 million people were targeted by this malicious scam, with a majority of victims located in Asia, Africa and Europe.
In addition, a report by PhishLabs suggests that the number of phishing attacks in the first half of 2021 is 22% more than the attacks reported during the same period in 2020. Since people are more aware of cyberattacks these days and take adequate email phishing protection measures, adversaries are exploring new and different ways of reaching their malicious objectives.
Meta Files Federal Lawsuit Against Threat Actors Who Created 39k Phishing Websites
Meta, Facebook’s parent organization, has filed a federal lawsuit against threat actors who created over 39,000 phishing websites impersonating the login pages of Facebook, Instagram, WhatsApp and Messenger. The adversaries targeted unsuspecting users of Meta’s digital properties and asked them to enter their usernames and passwords in the phished login pages. After discovering this scam, Meta seeks a $500,000 compensation from the unnamed threat actor.
The adversaries used a relay service called Ngrok, which redirects internet traffic to the fake websites in a manner that doesn’t reveal the actual location of the fraudulent infrastructure. Meta has noted a drastic rise in such phishing attacks since March 2021 and has worked with the relay service to shut down several phishing websites. This lawsuit comes as yet another cybersecurity move by Meta to uphold the privacy of its users.
Massachusetts Man Pleads Guilty For Stealing & Selling Gig Workers’ Data
A 36-year-old Massachusetts resident named Flavio Candido da Silva pleaded guilty in a Boston federal court for data theft and financial fraud. The accused was found accessing the rideshare and delivery service accounts of unsuspecting individuals and selling their personally identifiable information on the dark web. Flavio is suspected to be a part of a larger cyber threat group of 18 members who deal in stealing and falsifying identity documents of rideshare users and then selling and renting these out to third parties. Currently, Flavio is pleading guilty to one instance of wire fraud and one case of identity theft.
The user information compromised in the process includes the names, driver’s license details, DOBs & social security numbers of rideshare drivers. Flavio looks like a hardworking thief as he used several tactics to evade facial recognition checks in the delivery service provider and rideshare systems. Flavio and the team caused a minor vehicle accident to get information and photographs of the victim or their license. The threat actor also used GPS spoofing technology to give the impression that he was making deliveries. In this entire fraud scheme, Flavio caused victim organizations a loss of over $200,000.
Fortunately, such crimes won’t go unpunished – Flavio and the team may get a sentence of up to 20 years for wire fraud in prison and up to 2 years for identity theft. This is in addition to a fine of $250,000 or more (nearing up to the gain/loss from the attack). Since threat actors like Flavio are all over the internet, gig workers must consider using cybersecurity tools and measures like MFA to ensure their safety.
K-12 School Apps Exposing Student Data, Reports Me2B Alliance
A cybersecurity report by the non-profit Me2B Alliance states that K-12 school apps are operating with several serious email security risks which could share student data with advertising organizations and other third parties. This report is in continuation with another report published by Me2B in May, where it studied 73 apps used in 38 schools. Its findings revealed that 60% of these apps sent student data to third parties, 50% shared data with Google, and 14% sent student data to Facebook.
Using the WebView features, developers can integrate web pages into their apps. While this is a handy feature to include dynamic details like calendars into the app, it also exposes student data. This puts students and their parents at high risk of being targeted by scammers. Several instances of the WebView feature going wrong have been recorded in the past where the attackers used expired URLs to launch BEC attacks, phishing and other advertising campaigns. Therefore, schools must remember to renew their domains and remove the expired ones from time to time.