Tag Archive for: Cybercriminals

North Korean Army of Cybercriminals Props Up Kim’s Nuclear Program and Economy

/in


Kim Jong Un marked a decade as supreme leader of North Korea in December. Whether he can hold on to power for another 10 years may depend on state hackers, whose cybercrimes finance his nuclear arms program and prop up the economy.

According to the U.S. Cybersecurity & Infrastructure Security Agency, North Korea’s state-backed “malicious cyberactivities” target banks around the world, steal defense secrets, extort money through ransomware, hijack digitally mined currency, and launder ill-gotten gains through cryptocurrency exchanges. Kim’s regime has already taken in as much as $2.3 billion through cybercrimes and is geared to rake in even more, U.S. and United Nations investigators have said.

The cybercrimes have provided a lifeline for the struggling North Korean economy, which has been hobbled by sanctions. Kim has shown little interest in returning to negotiations that could lead to a lifting of sanctions if North Korea winds down its nuclear arms program.

North Korea real GDP under Kim Jong Un

Annual change

Data: Bank of Korea

Money from cybercrimes represents about 8% of North Korea’s estimated economy in 2020, which is smaller than when Kim took power, according to the Bank of Korea in Seoul. (The bank for years has provided the best available accounting on the economic activity of the secretive state.) Kim’s decision to shut borders because of Covid-19 suspended the little legal trade North Korea had and helped send the economy into its biggest contraction in more than two decades.

Kim’s regime has two means of evading global sanctions, which were imposed to punish it for nuclear and ballistic missile tests. One is the ship-to-ship transfer of commodities such as coal: A North Korean vessel will shift its cargo to another vessel, or the other way around, and both vessels typically try to cloak their identity.

The other is the cyberarmy. Its documented cybercrimes include…

Source…

The Log4J Software Flaw Is ‘Christmas Come Early’ for Cybercriminals

/in


Researchers have just identified a security flaw in a software program called Log4J, widely used by a host of private, commercial and government entities to record details ranging from usernames and passwords to credit card transactions. Since the glitch was found last weekend, the cybersecurity community has been scrambling to protect applications, services, infrastructure and even Internet of Things devices from criminals—who are already taking advantage of the vulnerability.

“For cybercriminals this is Christmas come early, because the sky’s the limit,” says Theresa Payton, a former White House chief information officer and the CEO of Fortalice Solutions, a cybersecurity consulting company. “They’re really only limited by their imagination, their technical know-how and their own ability to exploit this flaw.” Payton spoke with Scientific American about what Log4J does, how criminals can use its newly discovered weakness, and what it will take to repair the problem.

[An edited transcript of the interview follows.]

What is Log4J, and how is it used?

In both technology and cybersecurity teams, everybody needs really good logs. You need logging for audit trails, in the event of a ransomware event, to do forensics, sometimes for regulatory considerations. And so [Log4J] is a Java feature and function where you log things. You could log the fact that somebody used this particular type of credit card, you could log the fact that somebody just logged in today, any number of different types of events could be captured.

But Log4J has a major security flaw.

This type of vulnerability means somebody can inject instructions into the logs and make the logs do anything they want them to do. Researchers discovered this vulnerability—and I always say thank goodness for the researchers—in early December. Basically, it allows an attacker to have unauthenticated remote code access to the servers. So they can send instructions, they can execute things, and potentially do it completely undetected. There’s already been examples of where attackers have leveraged the Log4J vulnerability. They’ve installed cryptocurrency mining malware on unknowing machines. If we recall the…

Source…

Protect yourself from cybercriminals these holidays

/in


Shopping online is becoming more and more popular due to its convenience. What better way to shop for those last minute Christmas gifts this year than to shop online in the comfort of your own home?

While it may be convenient, it’s important to keep in mind things aren’t always as they seem.

Dangers are always lurking when using the internet and you should exercise precautions to identify possible scammers attempting to rip you off.

Always be aware of fake sellers. Check logos, business names, URL addresses and contact details against the company’s website.  If the details don’t match up, have different sizing or colours, steer clear!

Other warning signs include: if the product is advertised at a much lower price than found elsewhere, unusual methods of payment and limited contact and delivery details and store policies.

Where possible, type the web address into your browser instead of clinking on a link that has been sent to you.

Identity theft and fraud is deceptive and unethical behaviour. It’s most commonly involves the misuse of personal information located on the internet.

Shopping online with a credit card can leave your bank details vulnerable by being:

  • Intercepted as it passes through various computer links
  • Sent in un-encrypted emails
  • Stored on insecure computers

Use well regarded financial services such as Paypal to ensure that financial information is secure when shopping online

When shopping online, be sure to use reputable sites, offering secure payment methods. Make sure that payment details are encrypted – look for the prefix “https” and a padlock symbol in the URL.

Never send your bank or credit card details via email and avoid using non-secure payment methods such as bank deposits, money transfers, preloaded gift cards or electronic currencies (like Bitcoin). It’s rare to recover money sent this way.

If using a secure payment service such as Paypal, select the ‘payment for goods/service’ option.  If a seller instructs you to make the payment via a ‘friends and family’ option, this voids buyer protections and should act as a red flag.

Computer Security:

  • Check that you are always using a secure browser.
  • Install and update virus…

Source…

How cybercriminals adjusted their scams for Black Friday 2021

/in


black_friday

Black Friday is approaching, and cybercriminals are honing their malware droppers, phishing lures, and fake sites while shoppers prepare to open their wallets.

As researchers at Kaspersky point out, scammers are already targeting people with fake tickets for the FIFA World Cup 2022.

The security firm shared a detailed report highlighting the most common threats expected to surface during this year’s Black Friday, as well as the Christmas shopping season.

Phishing for data and e-payment accounts

Kaspersky’s products alone detected over 40 million phishing attacks from January to October 2021, with Amazon, eBay, Alibaba, and Mercado Libre being the most popular lures.

As such, if you receive emails concerning promotions and discounts on large e-commerce platforms, you should treat them with extra caution.

In terms of trends, phishing actors doubled their effort to steal account credentials for e-payment systems (also known as online payment systems), with October 2021 seeing a rise of 208% compared to the month before.

While banking credentials are still targeted, phishing actors tend to favor e-payment systems more now, as those have risen in popularity by 40% during the last two years.

Phishing types in 2021
Phishing targets in 2021
Source: Kaspersky

Banking trojans fading

Kaspersky has found that cybercriminals used 11 distinct malware families against shoppers in 2021, with more than half of them being variants of Zeus banking trojan.

The list of other popular strains used in 2021 malware attacks also includes Qbot (deployed in 13.9% of the total number of incidents), Anubis (13.4%), Trickbot (11.6%), and Neurevt (4.8%).

An interesting trend emerging from Kaspersky’s stats is the number of infections, which has dropped from 20 million in the past two years to just 10 million this year.

This decline is in line with the shift of the threat actors’ attention to electronic payments. Most of these trojan families have a narrow targeting scope limited to specific financial institutes or platforms, so they require more effort to target a larger array of potential victims.

Malware deployed now is more specialized for e-commerce platforms, looking to steal e-shop account credentials, bank card…

Source…