The cyber domain is continuously targeted by threat actors, making it a vulnerable space. However, relying on the right cybersecurity tools ensures better protection. Here are the top cyber scams from this week that will surely help plan your risk management strategies more efficiently
Cyber Attackers Eye Dating App Users During Lockdown
The use of dating apps had increased significantly in 2020, owing to the world-wide lockdown. But romantic partners weren’t the only ones benefiting from this virtual world of relationships. Scammers used these dating platforms to dupe users for financial or other purposes. An FTC report states that there has been a 50% rise of romance scams in 2020 compared to 2019, causing economic losses exceeding $304 million.
In a typical attack, the scammers pretend to be a real person with a seemingly genuine profile picture, have long conversations with the victim, and request money from them for a so-called emergency. In some cases, the adversaries also use the victims as money mules to conduct illegal transactions through their accounts. They do this by sending unsusceptible links to the victims, which deal with stolen unemployment funds.
The FBI has issued an alert asking people to stay cautious of such scammers on online dating forums. Dating app users must take cybersecurity measures and always conduct a reverse image check of the person they’re interacting with for added security.
Italian Watchdog Fines Facebook For A Second Time
An Italian watchdog has fined Facebook for security noncompliance from 2018. The watchdog had discovered improper management of user data because of Facebook’s foul commercial practices. The social media giant was asked to inform users of its data collection policy back in November 2018. Facebook was fined $5.5 million for this cybersecurity violation and asked to post an amended statement on each Italian user’s Facebook page.
The watchdog discovered now that the company had never published the amended statement on its Italian homepage, on the app, and the personal page of each Italian user (as asked); nor did they stop collecting data from users in that offensive manner. This triggered the regulator to fine Facebook $8.5 million, almost three years after the first incident. Now that’s a cue for all companies to adhere to cybersecurity guidelines!
Dutch Police On The Hunt For Cyberattackers
The Dutch police set a fine example of robust cybersecurity vigilance by posting a friendly message on Raid and XSS – two of the most popular hacking forums telling attackers that their criminal pursuits in the Netherlands won’t be successful. The message also contained the YouTube video link to a video towards the end of which the Dutch police said that they shall wait for a mistake from adversaries’ end.
This move by the Dutch police comes after Operation Ladybird – a collective movement of world law enforcement agencies to bring down Emotet. The Dutch police are known for their aggressively active role in the eradication of cybercrimes. They have brought down several botnets, arrested two web hosting providers, punished DDoS-for-hire services users, phishers and malware operators, and shut down the encrypted chat support for cybercriminals – Ennetcom. With a warning message from such efficient police forces, the cyber adversaries are likely to get intimidated by the Dutch ransomware protection strategies!
Barcode Scanner App Becomes Malware
Popular QR code scanner app with over 10 million installs – Barcode Scanner recently had a change of owners, and guess what it led to? The third-party buyer who bought the app from Lavabird Ltd. converted the app into malware which crowded users’ devices with unwanted adverts.
Cybersecurity firm Malwarebytes discovered that the app became a nuisance for users overnight following an update. The malware presented itself before the deal between Lavabird, and the buyer was officially recorded. That makes Lavabird the guilty owner of a malicious app, though they claim that the third-party buyer triggered the incident.
Lavabird blames the buyer for meddling with the app’s private key before the purchase was completed. Thus, the updated app made Lavabird responsible for a security violation it wasn’t involved in. This attack is of a new kind in the cybersecurity realm and has taught Lavabird a lesson for life. They advise users to delete the app along with using cybersecurity tools for protection.
Beware Of Discord Fraud
The pandemic compelled people to switch to online modes of communication, which increased the use of chatting platforms like Discord. The adversaries used this shift to their benefit and used Discord to host malicious payloads. The cyber attackers extensively use Discord as a CDN to host payloads like XMRig miner, Epsilon ransomware, Discord token grabbers, and Redline stealer. They cunningly renamed malicious files as gaming or pirated software and used game-related icons to increase their scams’ credibility.
Last month, cybersecurity researchers discovered three malicious software packages called sonatype, an0n-chat-lib, and discord-fix on the npm open-source repository. They stole tokens and other details from Discord users while allowing the adversaries to hack the server. These threat actors also target Discord servers in cryptocurrency scams. With such severe cyber risks attached, it’s advised to use Discord with extreme caution. Users must adopt email security and other security measures for protection.
Cyberwar In Myanmar
A hacking group by the name of Myanmar Hackers has hacked into the military-run government websites in Myanmar. These include the Military’s propaganda page, including the Central Bank, Myanmar, Food and Drug Administration, MRTV, the state-run broadcaster, and the Port Authority.
This attack supports a people’s rally from the previous day where people protested against the overthrow of the Aung San Suu Kyi’s civilian government by the Military. The hacker group even announced the same on their Facebook page. They say that the hack symbolizes a mass protest of people before government websites. Matt Warren, a cybersecurity expert from the RMIT University (Australia), says that the adversaries are into DoS attacks and defacing, raising awareness.
Meanwhile, the authorities have shut down the internet in Myanmar for the fourth night in a row. Cyberattacks are being used for all sorts of purposes, we usually hear of attacks for financial gains and data theft, but now they are even used for international warfare!