Viry a Červi

Researchers transmit data covertly by altering screen brightness

Sophos Naked Security - 7 Únor, 2020 - 13:02
Researchers have retrieved data from a disconnected computer by altering its LCD's pixel density just enough for a camera to pick it up.

Facebook, Google, YouTube order Clearview to stop scraping faceprints

Sophos Naked Security - 7 Únor, 2020 - 12:30
It's my First Amendment right to scrape publicly available face images, its CEO says. Besides, we're just doing what Google Search does.

Wacom driver caught monitoring third-party software use

Sophos Naked Security - 7 Únor, 2020 - 12:22
Graphics tablet company Wacom can collect data unconnected to its products, such as which applications users open on their computers.

Cybercrooks busted for multimillion-dollar identity fraud

Sophos Naked Security - 7 Únor, 2020 - 12:21
Organizations were attacked for employees' data, including names, addresses and birthdates used to set up hundreds of bank accounts.

Magecart Gang Attacks Olympic Ticket Reseller and Survival Food Sites

VirusList.com - 7 Únor, 2020 - 12:00
A recent slew of skimming attacks have been linked back to Magecart Group 12.
Kategorie: Viry a Červi

Happy New Fear! Gift-wrapped spam and phishing

Kaspersky Securelist - 7 Únor, 2020 - 11:01

Pre-holiday spam Easy money

In the run-up to Christmas and New Year, scam е-mails mentioning easy pickings, lottery winnings, and other cash surprises are especially popular. All the more so given how simple it is to adapt existing schemes simply by mentioning the holiday in the subject line.

For example, one scam е-mail with the subject line “Xsmas gift” or “Xmas offer” talks about a “special donation” and provides a contact е-mail address for more information. Recipients who respond are lured into parting with a sum of money through social engineering.

Scammers offering “Xmas gifts” are very persistent

Another Christmas-related scheme aims to steal cryptocurrency. Scammers offer the chance to earn some bitcoins before the holiday period using “secret” software that can be downloaded via a link:

After downloading and running the program (the malware Hoax.Win32.Agent.gen.), the user is prompted to enter their cryptowallet credentials and wait until the request is executed.

Next, the user is informed that the cryptocurrency will be credited to their account immediately after they pay a transfer fee. The result is predictable — the user earns no bitcoins, and the “fee” goes to the scammers.

Extortion

Standard extortion schemes are also adapted for the festive period. For instance, the authors of this е-mail threaten to spoil the victim’s Christmas by smearing them as a pedophile. To prevent this, the recipient needs to transfer the equivalent of $5,000 in bitcoin to the extorters:

Malicious mailings and the corporate sector

Corporate е-mail addresses are also on the cybercriminal radar. To extract confidential information from recipients, or install malware, scammers mask malicious е-mails as business correspondence. In the pre-holiday period, when sales are on the rise, retail finds itself in a special risk zone. E-mails with malicious attachments (DOC or XLS) are sent under the guise of messages related to orders for goods.

For example, hidden in the attachment to this е-mail is Trojan-Downloader.MSOffice.SLoad.sb, which in turn downloads other malware to the victim’s computer:

Malicious attachments can also be disguised as invoices and payment notices. The archive attached to this е-mail actually contains the Trojan-PSW.MSIL.Agensla.hdt stealer, which harvests logins and passwords, and then sends them to the cybercriminals:

 

Statistics

The share of spam as a percentage of world email traffic gradually increased throughout the entire Q4 2019 and in December amounted to 57.26%. Thus it almost reached the maximum value for the second half of the year — 57.78% (which we recorded in August).

!function(e,i,n,s){var t="InfogramEmbeds",d=e.getElementsByTagName("script")[0];if(window[t]&&window[t].initialized)window[t].process&&window[t].process();else if(!e.getElementById(n)){var o=e.createElement("script");o.async=1,o.id=n,o.src="https://e.infogram.com/js/dist/embed-loader-min.js",d.parentNode.insertBefore(o,d)}}(document,0,"infogram-async");

The share of spam in global email traffic, Q3 and Q4 2019 (download)

A similar picture was observed in Russia. However, in the fall the growth was less pronounced:
From September to November the amount of spam traffic grew by a total of 0.86 percentage points (compared to a growth rate of 1.14 percentage points for the entire world) to reach 51.15% of total email volume. However, during the last month of the year, the share of spam jumped dramatically by 3.36 p.p. (compared to only 1.44% for the entire world) and exceeded even the summer indicators (54.51% in December as opposed to 53.5 % in July and 53.76% in August). Most likely, such a sharp rise can be attributed to the traditional uptick in holiday season activity by spammers.

!function(e,i,n,s){var t="InfogramEmbeds",d=e.getElementsByTagName("script")[0];if(window[t]&&window[t].initialized)window[t].process&&window[t].process();else if(!e.getElementById(n)){var o=e.createElement("script");o.async=1,o.id=n,o.src="https://e.infogram.com/js/dist/embed-loader-min.js",d.parentNode.insertBefore(o,d)}}(document,0,"infogram-async");

The share of spam in Russian email traffic, Q3 and Q4 2019 (download)

In the Asia-Pacific region as a whole, we also observed an increase in the amount of spam in email traffic from September (50.19%) to December (52.62%). As you can see from the diagram, the increase is quite gradual. At the same time, the volume of junk messages reached a peak in January, when their share made 55.48%. This is most likely due to the lunar new year, which is celebrated in most of the countries of the region and which this year fell on January 25.

!function(e,i,n,s){var t="InfogramEmbeds",d=e.getElementsByTagName("script")[0];if(window[t]&&window[t].initialized)window[t].process&&window[t].process();else if(!e.getElementById(n)){var o=e.createElement("script");o.async=1,o.id=n,o.src="https://e.infogram.com/js/dist/embed-loader-min.js",d.parentNode.insertBefore(o,d)}}(document,0,"infogram-async");

The share of spam in email traffic in the Asia-Pacific Region, July 2019 – January 2020 (download)

Christmas/New Year phishing Fake websites

Phishers lured users onto fake pages with the promise of favorable T&Cs, discounts, gifts. For example, they tried to gain access to Amazon Prime accounts by offering Christmas promotions supposedly on behalf of the service; to take part, users were asked to enter their account credentials.

Besides fake versions of real websites, non-existent stores popped up online offering huge discounts. Their catalogs typically contain a very limited range of premium-class products, and the websites themselves look more like landing pages. A characteristic attribute of such sites is a countdown timer showing how much time is left before the “promotion” ends.

In addition to expensive goods, scammers offer libido-boosting drugs — also at great discounts. The product range in such “medical stores” is not very wide:

The information about the domain shows that it was registered recently, which is another indicator of fakeness.

 

Nor did scammers overlook gamers. For instance, we discovered phishing pages mimicking the Warface multiplayer website. In honor of New Year, one of the fakes promised gamers 30-days’ free use of some powerful weapons, while another presented a golden rifle for joining Santa’s helpers. To receive either “prize,” players had to enter their username and password on a fake login page, thereby giving the scammers access to their account. Accounts with a high in-game rank and unique, paid-for weapons can fetch a good price.

Cash gifts

Fake websites promising easy money were also given a festive makeover: they offered New Year payouts to the poor, sponsorship gifts, giveaways, etc. As usual in such cases, visitors are invited to complete a simple task, for example, take a survey and enter some personal data. After a five-digit sum seemingly ready for transfer is displayed on screen, the victim is asked to pay a service fee — which, of course, goes straight to the scammers.

To add credibility and urgency, the attackers place eye-catching information to nudge the victim into acting: notifications about the limited nature of the offer, number of visitors who are currently filling in the form, or a “bonuses” countdown:

Crypto fans did not escape phishers’ attention either. It was shortly before Christmas that we came across a scheme offering a festive giveaway of bitcoins and ether supposedly from the Binance crypto exchange. Naturally, to receive a “gift” it was necessary to confirm participation by transferring 5 BTC or 50 ETH to the “organizers.”

To promote the “event,” the scammers posted an article about it on the Medium platform with dozens of enthusiastic comments from “winning” users.

Statistics

In Q4 2019, the share of attacks that sought to steal financial data and accounts at online banks and stores out of the total number of phishing attacks amounted to 52.61%. This exceeds both the indicator for the previous quarter (43.19%) and the indicator for the whole year (51.4%). We observed a similar situation in 2018 and 2017, with the only difference being that the jump was more noticeable last year — from 44.67% on average for the entire year and 34.67% in Q3 to 51.18% in Q4.

!function(e,i,n,s){var t="InfogramEmbeds",d=e.getElementsByTagName("script")[0];if(window[t]&&window[t].initialized)window[t].process&&window[t].process();else if(!e.getElementById(n)){var o=e.createElement("script");o.async=1,o.id=n,o.src="https://e.infogram.com/js/dist/embed-loader-min.js",d.parentNode.insertBefore(o,d)}}(document,0,"infogram-async");

The share of phishing attacks on online stores and financial services during Q3 and Q4 of 2017, 2018, and 2019 (download)

It is curious that by the end of 2019, fraudsters had partially lost interest in electronic payment services. For the first time in three years, in Q4 the share of phishing attacks on such resources decreased by 1.21 percentage points compared to the previous reporting period and amounted to 14%.

!function(e,i,n,s){var t="InfogramEmbeds",d=e.getElementsByTagName("script")[0];if(window[t]&&window[t].initialized)window[t].process&&window[t].process();else if(!e.getElementById(n)){var o=e.createElement("script");o.async=1,o.id=n,o.src="https://e.infogram.com/js/dist/embed-loader-min.js",d.parentNode.insertBefore(o,d)}}(document,0,"infogram-async");

The share of phishing attacks on online stores and financial services during Q3 and Q4 of 2017, 2018, and 2019 (download)

At the same time, the popularity of non-financial categories of websites also fell, and in the ranking of the most popular attack targets for the last quarter, payment services rose from fourth to third place, displacing social networks and blogs, which were attacked only in 5.89% of cases. The leading targets by number of phishing attacks in Q4 were bank resources (29.73%), ahead of global Internet portals (22.81%), which had led the ranking during the previous quarter (23.81%).

!function(e,i,n,s){var t="InfogramEmbeds",d=e.getElementsByTagName("script")[0];if(window[t]&&window[t].initialized)window[t].process&&window[t].process();else if(!e.getElementById(n)){var o=e.createElement("script");o.async=1,o.id=n,o.src="https://e.infogram.com/js/dist/embed-loader-min.js",d.parentNode.insertBefore(o,d)}}(document,0,"infogram-async");

The distribution of organizations whose users were attacked by phishers by category during Q4 2019 (download)

We analyzed the number of attacks on major commercial platforms during the period of November 11 to December 31. The number of attacks during this period jumped as expected shortly before Black Friday, which occurred on November 29, and remained at a high level until the Christmas and New Year holidays. In particular, the number of phishing schemes that were perpetrated under the Ebay brand since mid-November has remained at 1% (of the total number of attacks that used the brand for the specified period), and as of November 27, this figure was 3.15%, and as of December 2, it grew by almost one-and-a-half percentage points to 4.63%.

!function(e,i,n,s){var t="InfogramEmbeds",d=e.getElementsByTagName("script")[0];if(window[t]&&window[t].initialized)window[t].process&&window[t].process();else if(!e.getElementById(n)){var o=e.createElement("script");o.async=1,o.id=n,o.src="https://e.infogram.com/js/dist/embed-loader-min.js",d.parentNode.insertBefore(o,d)}}(document,0,"infogram-async");

The distribution of phishing attacks using the Ebay brand by day, November 11, 2019 — December 31, 2019 (download)

We observed a similar situation with phishing attacks that utilized the Alibaba brand:
The peak of activity occurred on November 27 and lasted until December 4. In both cases there was a short break in fraudulent activity in the middle of December: On December 15 it fell practically to zero, but it again began to rise with the approach of Christmas and New Year.

!function(e,i,n,s){var t="InfogramEmbeds",d=e.getElementsByTagName("script")[0];if(window[t]&&window[t].initialized)window[t].process&&window[t].process();else if(!e.getElementById(n)){var o=e.createElement("script");o.async=1,o.id=n,o.src="https://e.infogram.com/js/dist/embed-loader-min.js",d.parentNode.insertBefore(o,d)}}(document,0,"infogram-async");

The distribution of phishing attacks using the Alibaba brand by day, November 11, 2019 — December 31, 2019 (download)

Tips and recommendations

So as not to fall for scams and tricks, it is important to take easy money offers with a massive pinch of festive salt.

If you are a consumer:

  • Remember that the only free cheese is in a mousetrap. If you are suddenly offered a reward for taking part in a survey, or a huge discount on luxury goods, be very wary.
  • Do not follow links in е-mails or messages in social networks if you have even the slightest doubt.
  • Be very careful when making purchases on unfamiliar websites. If an online store has few products, it might not be real. If the URL of a well-known website seems strange, that too is cause for concern.
  • Do not install software from unknown sources advertised in е-mails.
  • Use a reliable security solution.

If you are a company employee:

  • Read incoming е-mails from strangers with a critical eye. To spot malicious content in business correspondence, we recommend that you first check the sender address and autosignature. If they do not match, it should raise a red flag. It is also worth comparing the information in the е-mail with that on the website of the company in whose name the message was sent — the contact details might be completely different.

Android owners – you'll want to get these latest security patches, especially for this nasty Bluetooth hijack flaw

The Register - Anti-Virus - 7 Únor, 2020 - 07:04
'Pwned with a broadcast' bug among 25 to be patched by Google

Google has posted the February security updates for Android, including for a potentially serious remote code execution flaw in Bluetooth.…

Kategorie: Viry a Červi

Good: IT admins scrambled to patch 80 per cent of public-facing Citrix boxes to close nightmare hijack hole

The Register - Anti-Virus - 6 Únor, 2020 - 22:42
Bad: The other 20 per cent are still wide open. Also bad: Some of those patched machines may have been hacked

Roughly a fifth of the public-facing Citrix devices vulnerable to the CVE-2019-19781 remote-hijacking flaw, aka Shitrix, remain unpatched and open to remote attack.…

Kategorie: Viry a Červi

Metamorfo Returns with Keylogger Trick to Target Financial Firms

VirusList.com - 6 Únor, 2020 - 19:16
The malware uses a tactic to force victims to retype passwords into their systems - which it tracks via a keylogger.
Kategorie: Viry a Červi

U.S. Finance Sector Hit with Targeted Backdoor Campaign

VirusList.com - 6 Únor, 2020 - 18:54
The powerful Minebridge backdoor gives cyberattackers full run of a victim's machine.
Kategorie: Viry a Červi

Update now – WhatsApp flaw gave attackers access to local files

Sophos Naked Security - 6 Únor, 2020 - 16:39
The flaw affecting WhatsApp's desktop client when it's paired with the iPhone app allowed attackers access to local file systems.

Why we encourage newcomers and seasoned presenters alike to submit a paper for VB2020

Virus Bulletin News - 6 Únor, 2020 - 15:51
With the call for papers for VB2020 currently open, we explain why, whether you've never presented before or you're a conference circuit veteran, if you have some interesting research to share with the community we want to hear from you!

Read more
Kategorie: Viry a Červi

The RSAC 2020 Trend Report

VirusList.com - 6 Únor, 2020 - 15:00
What’s trending in cybersecurity? This year’s session submissions tell us.
Kategorie: Viry a Červi

Twitter bans deepfakes, but only those ‘likely to cause harm’

Sophos Naked Security - 6 Únor, 2020 - 14:52
Twitter isn't interested in how the “synthetic or manipulated” media is created, but if it has the potential to cause harm it'll be removed.

Researchers reckon 500k PCs infested with malware after dodgy downloads install even more nasties from Bitbucket

The Register - Anti-Virus - 6 Únor, 2020 - 14:45
That 'free' Adobe or Microsoft software isn't all it's cracked up to be, eh?

We don't know who needs to hear this, but don't download cracked commercial software. Researchers claim more than 500,000 PCs have been left wriggling with malware after a cracked app went on to retrieve further nasties from Bitbucket repos.…

Kategorie: Viry a Červi

Google’s Chrome 80 clamps down on cookies and notification spam

Sophos Naked Security - 6 Únor, 2020 - 13:14
Version 80 of the Chrome browser is out with some new features designed to save your security and your sanity.

Charming Kitten Uses Fake Interview Requests to Target Public Figures

VirusList.com - 6 Únor, 2020 - 13:09
APT group poses as a former Wall Street Journal journalist to launch phishing campaigns and steal victim email account details.
Kategorie: Viry a Červi

Dropbox Passes $1M Milestone for Bug-Bounty Payouts

VirusList.com - 6 Únor, 2020 - 13:00
The file-sharing service also disclosed details of past notable bugs for the first time.
Kategorie: Viry a Červi

Android pulls 24 ‘dangerous’ malware-filled apps from Play Store

Sophos Naked Security - 6 Únor, 2020 - 12:35
The malware-infected apps used to harvest data and sign users up to premium services have been downloaded more than 382 million times.
Syndikovat obsah