Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Amazon. Show all posts

Amazon Fined for Twitch Data Breach Impacting Turkish Nationals

 

Türkiye has imposed a $58,000 fine on Amazon for a data breach that occurred on its subsidiary, Twitch, in 2021. The breach exposed sensitive personal information of thousands of Turkish citizens, drawing scrutiny from the country’s Personal Data Protection Board (KVKK). The incident began when an anonymous hacker leaked Twitch’s entire source code, along with personally identifiable information (PII) of users, in a massive 125 GB torrent posted on the 4chan imageboard. The KVKK investigation revealed that 35,274 Turkish nationals were directly affected by the leak. 

As a result, KVKK levied fines totaling 2 million lira, including 1.75 million lira for Amazon’s failure to implement adequate preemptive security measures and 250,000 lira for not reporting the breach in a timely manner. According to the regulatory body, Twitch’s risk and threat assessments were insufficient, leaving users’ data vulnerable to exploitation. The board concluded that the company only addressed the vulnerabilities after the breach had already occurred. Twitch, acquired by Amazon in 2014 for $970 million, attempted to minimize concerns by assuring users that critical login credentials and payment information had not been exposed. The company stated that passwords were securely hashed with bcrypt, a strong encryption method, and claimed that systems storing sensitive financial data were not accessed. 

However, the leaked information still contained sensitive PII, leading to significant privacy concerns, particularly for Turkish users who were impacted. The motivation behind the hack was reportedly ideological rather than financial. According to reports from the time, the hacker expressed dissatisfaction with the Twitch community and aimed to disrupt the platform by leaking the data. The individual claimed their intent was to “foster more disruption and competition in the online video streaming space.” While this rationale highlighted frustrations with Twitch’s dominance in the industry, the data breach had far-reaching consequences, including legal action, reputational damage, and increased regulatory scrutiny. Türkiye’s actions against Amazon and Twitch underline the growing importance of adhering to local data protection laws in an increasingly interconnected world. 

The fines imposed by KVKK serve as a reminder that global corporations must ensure compliance with regional regulations to avoid significant penalties and reputational harm. Türkiye’s regulations align with broader trends, as data privacy and security become critical components of global business practices. This incident also underscores the evolving nature of cybersecurity challenges. Hackers continue to exploit vulnerabilities in popular platforms, putting pressure on companies to proactively identify and address risks before they lead to breaches. As regulatory bodies like KVKK become more assertive in holding companies accountable, the need for robust data protection frameworks has never been more urgent. The Twitch breach also serves as a case study for the importance of transparency and swift response in the aftermath of cyberattacks. 

While Twitch’s reassurances regarding encrypted data helped mitigate some concerns, the lack of prompt reporting to Turkish authorities drew criticism. Companies handling large amounts of user data must prioritize both preventive measures and clear communication strategies to regain user trust after incidents. Looking forward, the Twitch data breach highlights the necessity for all companies—especially those managing sensitive user data—to invest in proactive cybersecurity strategies. As hackers grow increasingly sophisticated, businesses must adopt a forward-thinking approach to safeguard their platforms, comply with local laws, and ensure users’ privacy remains uncompromised.

Amazon and Audible Face Scrutiny Amid Questionable Content Surge

 


The Amazon online book and podcast services, Amazon Music, and Audible have been inundated by bogus listings that attempt to trick customers into clicking on dubious "forex trading" sites, Telegram channels, and suspicious links claiming to offer pirated software for sale. It is becoming increasingly common to abuse Spotify playlists and podcasts to promote pirated software, cheat codes for video games, spam links, and "warez" websites. 

To spam Spotify web player results into search engines such as Google, threat actors can inject targeted keywords and links in the description and title of playlists and podcasts to boost SEO for their dubious online properties. In these listings, there are playlist names, podcast description titles, and bogus "episodes," which encourage listeners to visit external links that link to places that might cause a security breach. 

A significant number of threat actors exploit Google's Looker Studio (formerly Google Data Studio) to boost the search engine ranking of their illicit websites that promote spam, torrents, and pirated content by manipulating search engine rankings. According to BleepingComputer, one of the methods used in the SEO poisoning attack is Google's datastudio.google.com subdomain, which appears to lend credibility to the malicious website. 

Aside from mass email spam campaigns, spammers are also using Audible podcasts as another means to spread the word about their illicit activities. Spam can be sent to any digital platform that is open to the public, and no digital platform is immune to that. In cases such as those involving Spotify or Amazon, there is an interesting aspect that is, one would instinctively assume that the overhead associated with podcasting and digital music distribution would deter spammers, who would otherwise have to turn to low-hanging fruit, like writing spammy posts to social media or uploading videos that have inaccurate descriptions on YouTube. 

The most recent instance of this was a Spotify playlist entitled "Sony Vegas Pro 13 Crack...", which seemed to drive traffic to several "free" software sites listed in the title and description of the playlist. Karol Paciorek, a cybersecurity enthusiast who spotted the playlist, said, "Cybercriminals exploit Spotify for malware distribution because Spotify has become a prominent tool for distributing malware. Why? Because Spotify's tracks and pages are easily indexed by search engines, making it a popular location for creating malicious links.". 

The newest business intelligence tool from Google, Looker Studio (formerly, Google Data Studio) is a web-based tool that allows users to make use of data to create customizable reports and dashboards allowing them to visualize and analyze their data. A Data Studio application can, and has been used in the past, to track and visualize the download counts of open source packages over some time, such as four weeks, for a given period. There are many legitimate business cases for Looker Studio, but like any other web service, it may be misused by malicious actors looking to host questionable content on illegal domains or manipulate search engine results for illicit URLs. 

Recent SEO poisoning campaigns have been seen targeting keywords related to the U.S. midterm election, as well as pushing malicious Zoom, TeamViewer, and Visual Studio installers to targeted sites.  In advance of this article's publication, BleepingComputer has reached out to Google to better understand the strategy Google plans to implement in the future.

Firstory is a new service launched in 2019 that enables podcasters to distribute their shows across the globe, and even connect with audiences, thereby empowering them to enjoy their voice! Firstory is open to publishing podcasts on Spotify, but it acknowledges that spam is an ongoing issue that it is increasingly trying to address, as it focuses on curtailing it as much as possible. 

Spam accounts and misleading content remain persistent challenges for digital platforms, according to Stanley Yu, co-founder of Firstory, in a statement provided to BleepingComputer. Yu emphasized that addressing these issues is an ongoing priority for the company. To tackle the growing threat of unauthorized and spammy content, Firstory has implemented a multifaceted approach. This includes active collaboration with major streaming platforms to detect and remove infringing material swiftly. 

The company has also developed and employed advanced technologies to scan podcast titles and show notes for specific keywords associated with spam, ensuring early identification and mitigation of potential violations. Furthermore, Firstory proactively monitors and blocks suspicious email addresses commonly used by malicious actors to infiltrate and disrupt digital ecosystems. By integrating technology-driven solutions with strategic partnerships, Firstory aims to set a higher standard for content integrity across platforms. 

The company’s commitment reflects a broader industry imperative to protect users and maintain trust in an ever-expanding digital landscape. As digital platforms evolve, sustained vigilance and innovation will be essential to counter emerging threats and foster a safer, more reliable online environment.

Chenlun’s New Phishing Schemes Target Big-Name Brands

 


A new phishing campaign unveiled by researchers from DomainTools is a phishing campaign on the go, deceiving users via fake text messages. The messages masquerade as trusted brands like Amazon to get the targets to give away sensitive data. This operation is put at the hands of the threat actor "Chenlun," who was seen tricking people last year for masquerading as a USPS delivery alert during the holiday season. On 18 October 2024, consumer targeting waves, this wave represents new waves in tactics that target trusting consumers on the most-used brands.

Phishing Attack Evolution: From USPS Notification Scam to Authentication and Authorization Hack

In December 2023, DomainTools reported on the earlier approach that Chenlun used through exploiting USPS alerts to instruct users on how to navigate to fraudulent websites. This scheme, also labelled as "smishing, tricked users into message prompting them to visit virtually identical websites to the one genuine USPS websites. These next sent information that victims did not need to provide. With the current attack, however, Chenlun used the more narrow deception of alerts that there is unauthorised access to his or her online store accounts. This prompted victims into confirmation of their account information with links that led him to a scam website. To this end, it goes without saying that one ought to be careful when opening any link on email or text.


Advanced techniques of hiding and concealing evidence

The strategies that Chenlun uses today are more advanced than that of not being detected. The phishing attack this year is different from the past years because it does not use domain names containing USPS but instead uses a DGA. A DGA automatically generates new, arbitrary domain names, which creates an added difficulty in blocking malicious websites and makes it challenging for the security systems to identify phishing attempts. The constant change in the infrastructure of the domain leaves Chenlun free to continue their attacks without instant interference from cybersecurity defences.


Changed Domain Structures and Aliases

The latest phishing campaign also demonstrates the changed structure of the Chenlun domain. Last year, the fraudsters utilised domains like the official USPS websites. This time around, they change them into simple domains and even switch to other registrars and name servers. Now, they use NameSilo and DNSOwl, for example, and not Alibaba Cloud's DNS service, just like last year. The changing tendency makes phishing attempts less predictable and also complicates the procedure for cybersecurity analysts in relation to the identification and monitoring of suspicious domains.

Moreover, the most recent activity of Chenlun used pseudonyms like "Matt Kikabi" and "Mate Kika". These pseudonyms, which were first identified in the 2023 report, have more than 700 active domains. Reusing these identities, Chenlun has been able to maintain a massive presence online undetected by cybersecurity tools.


Collaboration as a Critical Form of Defense Against Phishing

DomainTools emphasises that effective countermeasures against phishing attacks require the collective efforts of organisations. Recommendations from security experts include active monitoring of registration patterns, sharing threat intelligence, and developing robust strategies that can counter changing phishing techniques.

DomainTools further emphasises that Chenlun's strategy changes reflect the ongoing problem that cybersecurity professionals face. By constantly changing obfuscation techniques, Chenlun underlines the importance of domain-related data in identifying patterns and suspect domains.


Takeaway for Business and Consumers

Continuous activity by Chenlun also points to the fact that vigilance needs to be maintained, given the sophistication in phishing scams. Business entities need to strengthen cybersecurity measures in monitoring domain registrations and promote threat intelligence sharing. Individual consumers need to maintain vigilance by avoiding a response to unsolicited messages or links.

In short, Chenlun's latest phishing campaign calls out for proactive defence. While the attackers continue adapting with a view to remain unseen, the necessity for people to stay updated and network inter-sectorally is the urgent requirement in the world of digitization.


Security Alert for Gmail, Facebook, and Amazon Users

 


The number of hacks that occur on Google, Gmail, and Amazon accounts keeps on rising, causing users to become anxious. By using phishing tactics, hackers are targeting users' passwords for Gmail, Facebook, and Amazon through phishing campaigns that pose significant risks to their personal information. 

A new notice has appeared warning users of Google Mail, Facebook, and Amazon that there has been a new attack on password hacking that puts their personal information at risk because society has gone digital and protecting your credentials is "the name of the game." There is no denying the fact that these platforms are among the most popular in the world, so it is vital to have a good understanding of what threats are coming and what possibilities there are to prevent these threats. 

Overall, cybersecurity experts predict a steady increase for the year, but they also note that the complexity of password hacks for Gmail and Facebook, as well as attempts to access Amazon accounts, has grown dramatically as well. It has been found that the complexity of password hacks for Gmail and Facebook has increased dramatically as a result of increased complexity in the attacks. 

Typically, these hacking attempts benefit from phishing attacks, brute force attacks, and social engineering attacks, all of which are designed to take advantage of overly trustful users or weaknesses within the platforms that make them vulnerable. Several new threat analyses, including those conducted by Kaspersky Labs, reveal that password theft attacks have become increasingly common against Amazon users, Facebook users, and, most of all, Google users. There have been several attacks targeting these platforms, including those aimed at stealing passwords. 

Kaspersky reported an increase of 40% in attempts of hackers to entice users to access malicious sites impersonating these brands in comparison to last year based on a study it conducted. It is no surprise that malicious hackers are seeking credentials for Gmail, Facebook, and Amazon accounts to spread their malicious programming. As a matter of fact, these accounts may be exploited to reach the full heights of cybercrime by committing data theft, malware distribution, and credit card fraud all at the same time. 

A Google account is a skeleton key that can be used to unlock an entire treasure trove of other account credentials, as well as personal information, enabling fraudsters to access a treasure trove of private information. The information contained in a user's Gmail inbox is immeasurable when compared to that contained in their inbox on the web, and the chances are that they will have one given how popular this web-based free email service is with most people these days. As per Kaspersky reports, hackers are mainly targeting Google, Amazon, and Facebook passwords in their effort to steal personal information. 

During the first half of 2024, Kaspersky Security reported a 243% increase in the number of attack attempts, with the company itself preventing approximately 4 million attempts. It is estimated that Facebook users were exposed to 3.7 million phishing attempts during the same period, and Amazon users were exposed to 3 million.  In an interview with Kaspersky Internet Security, Olga Svistunova, who is an expert in data security at the company, warned that a criminal with access to a Gmail account may be able to access "multiple services". 

Thus, it is important to note that not only may business information be leaked as a result, but also the personal information of customers can also be leaked as a result. To target these platforms, hackers are looking for account passwords, as getting access to these platforms allows them to commit fraud, distribute malware, and steal sensitive information. It is proposed that Google accounts are especially valuable since they can be used to hack into other accounts and to collect personal information that can be used in fraud attempts. 

According to researchers at GuidePoint Research and Intelligence Team, Rui Ataide and Hermes Bojaxhi of the GuidePoint Research and Intelligence Team, there is an ongoing phishing campaign targeting more than 130 U.S. organizations, which has been detected as a new and worrying one. There have been so many misuses of the term "highly sophisticated threat actor" in recent years that it almost has lost all meaning, but the tactics and intrusion capabilities that were employed by this as-yet-unnamed attacker have led the GRIT researchers to conclude that this attacker deserves to be called such a label. 

A spear-phishing attack, as with other spear-phishing campaigns, revolves around the targeting of specific employees within an organization rather than attempting to hit every single email account in an organization with a scattergun approach, as is so often the case with so-called spear-phishing campaigns. The attack has also targeted other tech giants, including Microsoft and Apple, as well as numerous smaller companies. Additionally, DHL, Mastercard, Netflix, eBay, and HSBC are also among the companies involved.  

Cloud security provider Netskope, in a recent report, found a 2,000-fold increase in traffic to phishing pages sent through Microsoft Sway, a cloud-based application that provides users with the ability to create visual instructions, newsletters, and presentations through the use of visual illustrations. Hackers are increasingly exploiting a technique known as “quishing,” a form of phishing that utilizes QR codes to deceive users into logging into malicious websites, thereby stealing their passwords. This method is particularly effective as QR codes can bypass email scanners designed to detect text-based threats. 

Additionally, since QR codes are frequently scanned with mobile devices—which often lack the robust security measures found on desktops and laptops—users become more vulnerable to these types of attacks. A new variant of QR code phishing has been recently detailed by J. Stephen Kowski, the Field Chief Technology Officer at SlashNext, in a LinkedIn article. Unlike traditional QR code phishing, which typically involves an image-based QR code redirecting users to a malicious site, this new method leverages Unicode text characters to create QR codes. 

According to Kowski, this approach presents three significant challenges for defenders: it evades image-based analysis, ensures accurate screen rendering, and creates a duality in appearance between the screen rendering and plain text, making detection more difficult. Given these emerging threats, individuals who frequently use platforms such as Google’s Gmail, Facebook, and Amazon, as well as other major online services, should exercise caution to avoid becoming victims of identity theft. The risk of falling prey to password-hacking attempts can be significantly reduced by adhering to best practices in security hygiene across different accounts and maintaining a high level of vigilance. 

In today’s technology-driven world, personal awareness and proactive measures serve as the first line of defence against such cyber threats. Protecting Business Accounts from Phishing Attacks 

1. Recognize Phishing Indicators

- Generic Domain Extensions: Be cautious of emails from generic domains like "@gmail.com" instead of corporate domains, as attackers use these to impersonate businesses.

- Misspelt Domains: Watch for near-identical domains that slightly alter legitimate ones, such as "Faceb0ok.com." These deceptive domains are used to trick users into providing sensitive information. 

- Content Quality: Legitimate communications are typically polished and professional. Spelling errors, poor grammar, and unprofessional formatting are red flags of phishing attempts. 

- Urgency and Fear Tactics: Phishing messages often create a sense of urgency, pressuring recipients to act quickly to avoid negative consequences, such as account suspensions or security breaches. 

- Unusual Requests: Be wary of unexpected requests for money, personal information, or prompts to click links or download attachments. Hackers often impersonate trusted entities to deceive recipients. 

2. Implement Security Software 

- Install robust security tools, including firewalls, spam filters, and antivirus software, to guard against phishing attacks. 

- Utilize web filters to restrict access to malicious websites. - Regularly update software to patch vulnerabilities and protect against new threats. 

3. Use Multi-Factor Authentication (MFA) 

- Enhance account security by implementing MFA, which requires a second verification factor (e.g., a code, fingerprint, or secret question) in addition to a password. 

- MFA significantly reduces the risk of unauthorized access and helps safeguard business credentials. By staying vigilant, maintaining updated security software, and utilizing MFA, businesses can better protect their accounts and sensitive information from phishing attacks.

Bling Libra Shifts Focus to Extortion in Cloud-Based Attacks

 


It was observed during an incident response engagement handled by Unit 42, that the threat actor group Bling Libra (which was responsible for distributing ShinyHunters ransomware) had shifted from extortion to extortion of victims rather than its traditional tactic of selling/publishing stolen data in an attempt to increase their profits. 

During this engagement, it was also demonstrated how the group was able to acquire legitimate credentials, which were accessed from public repositories, to gain initial access to an organization's Amazon Web Services (AWS) environment through its public username and password. The compromised credentials had limited impact due to the limited permissions associated with them, but Bling Libra managed to infiltrate the organization's AWS environment and conduct reconnaissance operations on it during this time. 

The threat actor group used various tools for gaining information and accessing S3 bucket configurations, interacting with S3 objects, as well as deleting files from the service using tools such as the Amazon Simple Storage Service (S3) Browser and WinSCP. As a result of previous jobs with high-profile data breaches, including the Microsoft GitHub and Tokopedia incidents in 2020, Bling Libra has developed a special part of their business model that enables them to monetize stolen data through underground marketplaces. 

There has, however, been a significant change in the methods that Unit 42 implements, which have been reported in a recent report. As of 2024, Bling Libra has revitalized its business model from data theft to extortion, primarily targeting vulnerabilities within cloud-based environments to heighten its revenue. As Unit 42 explained in its latest report, Bling Libra obtained AWS credentials from a sensitive file that was exposed online to perform the latest attack. 

AWS account credentials were obtained from an Identity and Access Management (IAM) user, which would have provided the attackers with access to the victim's account on Amazon Web Services (AWS). While the permissions for accessing Amazon S3 resources were restricted, Bling Libra exploited them to gain a foothold in the cloud environment even though they were limited. Even though Bling Libra uses the same method of accessing victims for the first few minutes, it has instead instigated the double-extortion tactics normally associated with ransomware gangs - they initially steal data from victims and threaten to publish it online if they do not pay the ransom. 

According to the researchers, Bling Libra used credentials from a sensitive file exposed by the attacker on the Internet as a way of stealing the credentials, even though this file contained a variety of credentials. Aside from these exposed AWS access keys, the group also alleged that it "targeted a few other one-time credentials that were exposed by this individual as well as a few other exposed AWS access keys belonging to this individual.". 

Using these credentials, it is possible for the threat actors to gain access to the AWS account where the IAM user resides and to use the AWS API call to interact with the S3 bucket under the context of the AmazonS3FullAccess policy, which allows all permissions to be granted to users. The attackers in this case sat on the network and lurked for about a month before launching an attack that led to the exfiltration of information, its deletion from the environment, and the recovery of an extortion note demanding ransom payment. 

Their ransom note gave them a week to make their payment. It has been reported that Bling Libra also created new S3 buckets in the aftermath of their attack, presumably to mock the organization about the attack, as well. Ticketmaster's attack in June was notable because of how much data Bling Libra was able to obtain during this attack. At the time, the organization claimed that a total of more than half a million records were stolen, some of which contained Personal Identifiable Information (PII) such as names, emails, addresses, and partial credit card information. 

In May, the same group also claimed responsibility for several other attacks on other companies, including Ticketek Entertainment Group (TEG), in Australia, that occurred around the same period as Ticketmaster. Like Ticketmaster, TEG was attacked at the beginning of May. This group has been associated with several significant data breaches that have affected millions of records of data, and the implications have been severe. 

In the final phase of the attack, Bling Libra created new S3 buckets with mocking names to signify their control over the environment, illustrating their ability to manipulate the system. The threat group known as Bling Libra has adopted a new tactic, pivoting to extortion as a primary method for monetizing their cyber breaches. 

Following their recent cloud-based attacks, the group sent out extortion emails demanding payment in exchange for the return of stolen data and the cessation of further malicious activities. This shift in strategy underscores their focus on using extortion as a central means to profit from their operations. A recent report by Unit 42 offers a comprehensive analysis of Bling Libra's operational tools, particularly emphasizing their use of S3 Browser and WinSCP. 

These tools enable the threat actors to interact seamlessly with Amazon Web Services (AWS) environments. The report provides in-depth insights that assist incident responders in distinguishing between legitimate tool usage and activities indicative of a security breach. To counteract such threats, Unit 42 strongly advises organizations to adhere to the principle of least privilege, ensuring that users have only the minimal level of access necessary to perform their functions. 

Additionally, they recommend implementing robust security measures, including the use of AWS IAM Access Analyzer and AWS Service Control Policies. These tools are essential for mitigating the risks associated with similar attacks on cloud infrastructure. As businesses increasingly depend on cloud technologies, maintaining a proactive and vigilant cybersecurity posture is critical. Organizations must be diligent in their efforts to protect their cloud environments from sophisticated threat actors like Bling Libra.

Urgent Email Alert from Amazon UK Customers Must Act Now

 


Amazon has sent an urgent new email to all customers amid a warning that they should remain on alert. According to the message, customers in the UK should beware of phishing emails, texts, or phone calls that claim to be from the company. 

Cybercriminals are targeting the retail giant with its trusted name to prey on unsuspecting customers who give them personal information and money by using the brand's trusted reputation. In many of these scams, there is a false promise that Amazon accounts will be closed or that unauthorized charges have been established against them. According to others, Amazon's use will need to be verified to continue. A user is being advised to be cautious if he or she receives a message such as this one. 

The announcement from Amazon said that users should be on the lookout for Prime membership scams. These are usually emails, phone calls, or texts that users receive from impersonators informing them that their membership has been terminated or that they are charged an unauthorized fee. A spokesperson for Amazon stated: "Scammers might send fake attachments in emails, or cause users to believe they are being charged a costly fee". 

If users are concerned, they should contact the Message Centre on Amazon.co.uk or the Amazon mobile app to verify that the email is genuine from the retailer. Go to the 'Your Account' section in Amazon's account to verify the user's Prime membership status, authorize payments, or make any changes to the user's billing and account information, by logging into the account and going to the section. 

There are several things users can do if they receive a message or phone call that they think is not from Amazon, such as reporting it. To escalate a problem, simply send a message to reportascam.amazon.co.uk. Users should also be extremely careful when they click on links, enter information about themselves or input their credit card information.

Beware: Cybercriminals Exploit Cloud Storage for SMS Phishing Attacks

Beware: Cybercriminals Exploit Cloud Storage for SMS Phishing Attacks

Security researchers discovered several illicit campaigns that use cloud storage systems like Amazon S3, Google Cloud Storage, Backblaze B2, and IBM Cloud Object Storage. Unnamed threat actors are behind these attacks, which try to divert customers to malicious websites to steal their information via SMS messages.

Campaign details

The campaigns involve exploiting cloud storage platforms such as Amazon S3, Google Cloud Storage, Backblaze B2, and IBM Cloud Object Storage. Unnamed threat actors are behind these campaigns. Their primary goal is to redirect users to malicious websites using SMS messages.

Attack objectives

Bypassing Network Firewalls: First, they want to ensure that scam text messages reach mobile handsets without being detected by network firewalls. Second, they attempt to persuade end users that the communications or links they receive are legitimate. 

Building Trust: They aim to convince end users that the messages or links they receive are trustworthy. By using cloud storage systems to host static websites with embedded spam URLs, attackers can make their messages appear authentic while avoiding typical security safeguards.

Cloud storage services enable enterprises to store and manage files and host static websites by storing website components in storage buckets. Cybercriminals have used this capacity to inject spam URLs into static websites hosted on these platforms. 

Technique

They send URLs referring to these cloud storage sites by SMS, which frequently avoids firewall limitations due to the apparent authenticity of well-known cloud domains. Users who click on these links are unknowingly sent to dangerous websites.

Execution

For example, attackers utilized the Google Cloud Storage domain "storage.googleapis.com" to generate URLs that lead to spam sites. The static webpage housed in a Google Cloud bucket uses HTML meta-refresh techniques to route readers to fraud sites right away. This strategy enables fraudsters to lead customers to fraudulent websites that frequently replicate real offerings, such as gift card promotions, to obtain personal and financial information.

Enea has also detected similar approaches with other cloud storage platforms like Amazon Web (AWS) and IBM Cloud, in which URLs in SMS messages redirect to static websites hosting spam.

Defense recommendations

To protect against such risks, Enea advised monitoring traffic activity, checking URLs, and being cautious of unexpected communications including links.

The Rise of Temu: A Game-Changer in Online Shopping

 


It has been reported that this year's Super Bowl was watched by 123 million Americans, setting a record. Aside from the nation's biggest sporting event, the blockbuster halftime performance, several camera cutaways, and several shots of Taylor Swift in the audience, they also got six 30-second advertisements for Temu - a Chinese-owned e-commerce company that is also owned by them. 

Politicians in both the UK and the United States have been criticising the giant for being inherently high risk of products being made using forced labour. In its statement to the press, Temu says that all of its merchants are strictly prohibited from employing forced, penal, or child labour. 

As of 2022, the company, which sells everything from clothes to electronics to furniture, first landed in the United States. The company has since then moved to the UK and other countries across the globe. According to data gathered by analyst SimilarWeb, just under 152 million Americans are using the app every month, which has consistently topped worldwide app download charts. 

Described as "Amazon on steroids," by retail analyst Neil Saunders, the company has gained massive popularity over the past few years, shipping to more than 50 countries in the world, with the tagline "Shop like a billionaire." The average cost of a 30-second Super Bowl commercial is about $7 million (£5.5 million), and Temu had six of them this year at the event. 

As a result of the Super Bowl, it appears that the total number of individual visitors to the platform was nearly a quarter higher than the previous Sunday, with 8.2 million users accessing the website and app on the day of the event. According to Ines Durand, an e-commerce expert at SimilarWeb, the number of visitors to Amazon and eBay dropped by 5% and 2% respectively during the same period. These influencers typically have fewer than 10,000 followers, as per her research. 

A Chinese giant known as PDD Holdings is the owner of Temu, according to Shaun Rein, founder of the China Market Research Group, one of the biggest e-commerce companies in the world. Even though the company has traded places with rival Alibaba for the top spot as the most valuable Chinese company listed on a US stock exchange, its current value is just under $150 billion (£117 billion). 

PDD Holdings has expanded overseas to Temu after having successfully conquered the Chinese consumer market several years ago with its current model. Mr Rein, a Shanghai-based entrepreneur, feels that the firm has become a source of great pride and patriotism for its employees. There is a wide range of products available on Temu's website, app, or app-based platform, from steel-toed trainers to a device that helps elderly and pregnant women put on socks to name a few. 

Mr Rein explains that this is a collection of manufactured products that are almost entirely manufactured in factories in China. Ms Durand believes that while Amazon sells this information to manufacturers at a high price, Temu provides it for free to producers who are looking to test the market with a relatively small number of products. 

According to a US Congress report published in July last year, a third of parcels imported into the US were shipped through the de minimis threshold, which is a shipping loophole known as the de minimis threshold. The United Kingdom and the United States, for instance, have a de minimis threshold in place to allow citizens to import goods without incurring additional fees for imports.

Since Temu's products are shipped directly from the factory floor without any middlemen involved, they become essentially duty-free. According to Mickey Diaz, chief operating officer at global freight company Unique Logistics, more regulation may be on the horizon to close shipping loopholes. According to her, the UK has already begun to take a closer look at Temu, especially regarding the sale of weapons that are normally prohibited from entering the UK, but which were being imported owing to these loopholes, she says.

The e-commerce giant Temu has also been criticized for the supply chains it manages, as both British and US politicians accuse the company of selling products made with forced labour. Alicia Kearns MP, who leads the foreign affairs select committee, announced last year that she wanted stronger laws to protect consumers from unintentionally contributing to the genocide of the Uyghur minority by using the online marketplace. 

The company says it is "strictly prohibited" by its merchants that they are going to use forced work, penal labour, or child labour in their shops. Any person doing business with the company must comply with all regulatory standards and compliance requirements before doing business with it, the company told the BBC.

How a Fake CIA Agent Duped Someone out of $50,000

 



Given a recent incident reported by The Cut, freelance finance writer Charlotte Cowles fell victim to an elaborate scam that highlights the dangers of social engineering. The scam began with a call from a number appearing as "Amazon," leading Cowles to believe she was a victim of identity theft. The caller, posing as a Federal Trade Commission official, connected her with a fake CIA agent named Michael. Over hours on the phone, "Michael" convinced Cowles that she faced serious charges related to the identity theft and persuaded her to withdraw $50,000 in cash. The twist? She was instructed to hand over the money to the CIA, which would inexplicably issue her a check for her own funds.

Despite suspicions during the ordeal, the scammers manipulated Cowles into isolation, urging her not to involve her family or the police, claiming it could jeopardise their safety. This tactic of isolating the victim is a common element in scams, aiming to heighten emotions and push individuals into making decisions they might not otherwise make. The scammers played on Cowles' fears for herself and her family, using personal details like the last four digits of her Social Security number to further erode her judgement.

Experts emphasise that falling victim to professional scammers is not a matter of lacking savvy. Selena Larson, a senior threat intelligence analyst, stresses that fraud perpetrators excel at social engineering and employ tactics like instilling fear, excitement, or urgency to manipulate their targets. To protect against such scams, Larson advises people to be wary of anyone trying to isolate them from friends and family, cautioning against trusting individuals posing as government officials or celebrities. Immediate requests for money and a sense of urgency are red flags that should prompt individuals to break off contact and report the activity.

This cautionary tale serves as a reminder that anyone can be targeted by scams. Larson suggests a vigilant approach, emphasising the importance of staying connected with loved ones and not succumbing to isolation. Additionally, adopting a strategy similar to Cowles' newfound tactic—never answering calls from unknown numbers—can be an effective way to avoid falling prey to scams.

As online threats continue to multiply, it is crucial for individuals to remain informed and alert. The incident also borders on the broader issue of cyber threats, including state-backed hacking efforts, ransomware attacks on hospitals, and the impact of cyberattacks on vulnerable communities. Stay safe and informed as we venture through the complexities of online security.

Corporate Accountability: Tech Titans Address the Menace of Misleading AI in Elections

 


In a report issued on Friday, 20 leading technology companies pledged to take proactive steps to prevent deceptive uses of artificial intelligence from interfering with global elections, including Google, Meta, Microsoft, OpenAI, TikTok, X, Amazon and Adobe. 

According to a press release issued by the 20 companies participating in the event, they are committed to “developing tools to detect and address online distributions of artificial intelligence content that is intended to deceive voters.” 

The companies are also committed to educating voters about the use of artificial intelligence and providing transparency in elections around the world. It was the head of the Munich Security Conference, which announced the accord, that lauded the agreement as a critical step towards improving election integrity, increasing social resilience, and creating trustworthy technology practices that would help advance the advancement of election integrity. 

It is expected that in 2024, over 4 billion people will be eligible to cast ballots in over 40 different countries. A growing number of experts are saying that easy-to-use generative AI tools could potentially be used by bad actors in those campaigns to sway votes and influence those elections. 

From simple text prompts, users can generate images, videos, and audio using tools that use generative artificial intelligence (AI). It can be said that some of these services do not have the necessary security measures in place to prevent users from creating content that suggests politicians or celebrities say things they have never said or do things they have never done. 

In a tech industry "agreement" intended to reduce voter deception regarding candidates, election officials, and the voting process, the technology industry aims at AI-generated images, video, and audio. It is important to note, however, that it does not call for an outright ban on such content in its entirety. 

It should be noted that while the agreement is intended to show unity among platforms with billions of users, it mostly outlines efforts that are already being implemented, such as those designed to identify and label artificial intelligence-generated content already in the pipeline. 

Especially in the upcoming election year, which is going to see millions of people head to the polls in countries all around the world, there is growing concern about how artificial intelligence software could mislead voters and maliciously misrepresent candidates. 

AI appears to have already impersonated President Biden in New Hampshire's January primary attempting to discourage Democrats from voting in the primary as well as purportedly showing a leading candidate claiming to have rigged the election in Slovakia last September by using obvious AI-generated audio. 

The agreement, endorsed by a consortium of 20 corporations, encompasses entities involved in the creation and dissemination of AI-generated content, such as OpenAI, Anthropic, and Adobe, among others. Notably, Eleven Labs, whose voice replication technology is suspected to have been utilized in fabricating the false Biden audio, is among the signatories. 

Social media platforms including Meta, TikTok, and X, formerly known as Twitter, have also joined the accord. Nick Clegg, Meta's President of Global Affairs, emphasized the imperative for collective action within the industry, citing the pervasive threat posed by AI. 

The accord delineates a comprehensive set of principles aimed at combating deceptive election-related content, advocating for transparent disclosure of origins and heightened public awareness. Specifically addressing AI-generated audio, video, and imagery, the accord targets content falsifying the appearance, voice, or conduct of political figures, as well as disseminating misinformation about electoral processes. 

Acknowledged as a pivotal stride in fortifying digital communities against detrimental AI content, the accord underscores a collaborative effort complementing individual corporate initiatives. As per the "Tech Accord to Combat Deceptive Use of AI in 2024 Elections," signatories commit to developing and deploying technologies to mitigate risks associated with deceptive AI election content, including the potential utilization of open-source solutions where applicable.

 Notably, Adobe, Amazon, Arm, Google, IBM, and Microsoft, alongside others, have lent their support to the accord, as confirmed in the latest statement.

European Union to Block Amazon’s Acquisition Over iRobot


Amazon.com Inc. has recently proposed a takeover of the Roomba manufacturers iRobot Corp. This proposal is expected to be blocked by the European Union’s antitrust regulators, as they share their concerns that this will have an adverse impact on other robot vacuum makers. 

At a meeting with European Commission officials on Thursday, the e-commerce behemoth was informed that the transaction would probably be denied, according to sources familiar with the situation. The political leadership of the EU must still formally approve a final decision, which is required by February 14.  Meanwhile, Amazon declined to comment on the issue. 

On Friday, iRobot’s shares, based in Bedford, Massachusetts, fell as much as 31% to $16.30, expanding the deal spread to over $35, the greatest since the merger was disclosed more than a year ago.

Regulators believe that other vacuum manufacturers may find it more difficult to compete as a result of iRobot's partnership with Amazon, particularly if Amazon decides to give Roomba advantages over competitors on its online store.

There will probably be opposition to the deal in the US as well. People with an insight into the situation claim that the Federal Trade Commission has been preparing a lawsuit to try and stop the transaction. According to persons speaking about an ongoing investigation, the three FTC commissioners have yet to vote on a challenge or hold a final meeting with Amazon to discuss the possible case.

The investigation over Amazon’s acquisition of iRobot was initiated in July 2023 by the European Commission (EC), the EU’s competition watchdog. 

The EC has until February 14 to make a decision. The commission's 27 most powerful political members must agree to reject the proposal before the EC can make a final decision. 

While iRobot was all set to expand its business in the market of smart home appliances, it witnessed a 40% dip in its shares a few hours after the first reporting of the EU’s intentions in the Wall Street Journal. 

Given that the company has been struggling with declining revenues, the acquisition by Amazon was initially viewed as a boon.

In regards to the situation, Matt Schruers, president of tech lobbying group Computer and Communications Industry Association comments that "If the objective is to have more competition in the home robotics sector, this makes no sense[…]Blocking this deal may well leave consumers with fewer options, and regulators cannot sweep that fact under the rug."  

Rise of OLVX: A New Haven for Cybercriminals in the Shadows

 


OLVX has emerged as a new cybercrime marketplace, quickly gaining a loyal following of customers seeking through the marketplace tools used to conduct online fraud and cyberattacks on other websites. The launch of the OLVX marketplace follows along with a recent trend in cybercrime marketplaces being increasingly hosted on the clearnet instead of the dark web, which allows for wide distribution of users to access them and for them to be promoted through search engine optimization (SEO). 

Research conducted by Zerofox cybersecurity researchers discovered that there is a new underground market called OLVX (olvx[.]cc) that was advertising a wide variety of hacking tools for illicit purposes and was linked to a large number of hacking tools and websites. 

Researchers at ZeroFox, who detected OLVX at the end of July 2023, have noted a marked increase in activity on the new marketplace in the fall, noticing that both buyers and sellers are increasing their activity on the marketplace. 

There have been several illicit tools and services offered to threat actors by OLVX since its launch on July 1, 2023. As opposed to the other markets that OLVX operates in, it focuses on providing cyber criminals with tools that they can take advantage of during the 2023 holiday peak season in retail. 

ZeroFox found that OLVX marketplace activity spiked significantly in fall 2023 due to more items selling on the marketplace, and buyers rushing to the new store to purchase those items. OLVX is estimated to be the result of leaked OLUX code from 2020/2021, according to an investigation. 

Post-leak stores use improved versions of OLUX code, even though the old OLUX code is outdated. For better accessibility and better web hosting, OLVX hides the contents of its website on Cloudflare. For customer growth, OLVX does not make use of the dark web; instead, it relies on SEO and forums to grow customers.

For customer support, OLVX runs a Telegram channel to provide support. The company's reputation and earnings are boosted by strong relationships with its customers.  Unlike most other markets of this nature, OLVX does not rely on an escrow service to ensure funds are protected.

Instead, it offers a "deposit to direct payment" system which supports Bitcoin, Monero, Ethereum, Litecoin, TRON, Bitcoin Cash, Binance Coin, and Perfect Money as cryptocurrencies. By doing this, users are encouraged to spend more, because funds are always available, so browsing leads to more frequent purchases for the user. 

To maintain privacy and security, customers who are running low on funds are advised to use time-limited anonymous cryptocurrency addresses to "top-off" their accounts, in order to maintain funds. During the holiday season, OLVX and similar marketplaces thrive as cybercriminal hubs, supplying tools for targeting campaigns to cybercriminals during the colder months. 

On the site, OLVX offers hosting via Cloudflare and advertises DDoS protection through Simple Carrier LLC, which is a substandard hosting provider.  Consumers are increasingly putting their security at risk as they shop. 

OLVX is one of the leading tools that criminals use during the holiday season for illicit activities, making this the time of year when criminals run their heists. Due to the unique nature of the platform, an independent verification team can not verify that the above quality and validity claims are accurate, however, users believe that OLVX's rising popularity and established reputation lend credibility to the majority of the claims. 

Interestingly, Zerofox indicates that fraudulent activity on the platform starts to increase as users get closer to the holiday shopping season, which means that buyers should maintain heightened vigilance so as to avoid scams and identify fraud.

The Dark Side of Digital Reading: E-Books as Corporate Surveillance Tools

 


There is an electronic trail behind every single reader when they read a newspaper online, buy an eBook, or watch a video on their computer. For companies and law enforcement agencies alike, this trail is likely to be a lucrative source of new revenue as well as an increasingly important source of surveillance. Americans are reading digital books at a rate of three out of ten. 

In a market where the majority of readers are subject to both Big Publishing's greed and those of Big Tech, it is no surprise that these readers are subject to both the greed of Big Publishing and the priorities of Big Tech when it comes to accessing online textbooks or checking out the latest bestseller from the public library. In 2022, the e-reader market will be held by 72% of Kindles while the rest will be dominated by other manufacturers. 

The truth is that the real product of Big Tech companies like Amazon has nothing to do with books since the real product is their technology. Amazon CEO Jeff Bezos's secret weapon is the data that is collected from his customers. There's no doubt that Amazon's retail empire has been built on a complex network of infrastructures, and questionable working practices, but without an intricate understanding of what millions of people buy and browse every day, Amazon's success would be unimaginable.

Ever since Amazon expanded its business beyond selling books, it became obsessed with the data it was collecting on its users. As the company's chief technology officer told the BBC almost two decades ago, the company tries to gather as much information as possible from its customers so it may provide recommendations based on that information. 

As Amazon has grown, so has its data collection operations. Former Amazon executives told the BBC in 2020 that their company was not only a retailer, but also a data company. Rather than allowing Big Tech to monitor what people read and where they read them, major publishers are allowing Big Tech to monitor what they read. This includes books on sensitive topics, like if someone checks out a book about self-awareness. Worse still, they are snooping on the data that their reading habits reveal. 

They can still spy on people who read digital books over the internet as long as they meet the minimum requirements of federal law. An anti-monopoly coalition submitted a letter to Congress last week calling for a congressional hearing on reader surveillance. This is a deeply intersectional threat, according to a coalition representing civil rights, anti-surveillance, anti-book ban, racial justice, reproductive justice, and anti-monopoly interests. 

There is also a report that Amazon is facing problems with regulators because of its data collection practices. Amazon’s European headquarters are based in Luxembourg, which is where data protection regulators are planning to issue a $425 million GDPR fine due to its use of people’s data, according to the Wall Street Journal on June 10.

However, Amazon officials declined to comment on the possibility of a $425 million fine. It has also been reported that anti-competition regulators will take a look at how the company utilizes data as well. The data that Amazon can collect from devices such as Ring and Alexa is becoming a more and more important backbone of government for Amazon. 

Several Amazon customers have praised Amazon for its ability to safeguard their privacy and fought government demands for the data they hold. A federal grand jury in 2006 subpoenaed the company for the purchase records of 24,000 customers as part of the investigation into tax evasion; a staggeringly broad request in 2010 by the North Carolina Department of Revenue for the records of 50 million customers was a staggering result. 

As a result, Amazon defeated these demands and won both cases, even though the ruling concentrated on the threat to e-commerce rather than the threat to freedom of expression in each case. It is becoming increasingly apparent that there is a problem since there was a catastrophic launch of Google's social networking site Buzz in 2010 which shared users' contacts without their permission. 

The revelation last year that Facebook still tracked users' browsing information even after they logged out is a major indication of the increasing awareness of this problem. The Obama administration announced in February 2012 that it would be pushing for all browsers to implement a "do not track" button as part of the Consumer Privacy Bill of Rights, which will ensure that users' privacy rights are protected. 

Facebook was recently the target of a class-action lawsuit filed in May by plaintiffs alleging that it had collected data from its users on their online activities. A draft communications data bill that was introduced by the government last month has caused alarm in the UK. This bill will allow the home secretary to force a wider range of service providers to store data for up to one year, raising concerns about the bill. 

Although this data can be requested by the police without a warrant for "permitted purposes", including the detection of crime and the protection of the public, the police can obtain it with no warrant.

Diwali Shopper Beware: Cyber Experts Uncover Fake Flipkart, Amazon Sites Exploiting Festive Fervor

 


CloudSEK's threat research team has discovered a rise in malicious activities targeted at festive shoppers during the Diwali celebrations, which is a reminder of how vulnerable shoppers are to malicious activity. Cyber experts have noticed that phishing scams and fraud schemes have increased as a result of the festival season and are targeting consumers with a variety of fraudulent schemes and scams designed to take advantage of the occasion. 

Amidst the festive season of Diwali, there's a dark side lurking about the internet that needs to be addressed. A hacker team at CloudSEK has revealed that the holiday season is leading to the emergence of numerous sneaky online scams. Diwali shoppers are being hit hard by these shady schemes, especially on popular platforms to get the best deals in time for the special day. 

A series of phishing campaigns have been discovered by CloudSEK’s cyber intelligence team which is targeting the recharge and e-commerce industries to disrupt their operation. As a result of these malicious actors, prominent brands' reputations are being tarnished, causing them to cease their operations during the festive season so that they can intensify their activities using tactics such as crypto redirects and betting schemes. 

CloudSEK has recently detected 828 suspicious domains linked to phishing activities, in which the culprits attempt to deceive individuals into divulging their personal information by falsely presenting themselves as an official Facebook page. It has been reported that the head of cloud surveillance platform CloudSEK, Rishika Desai, has shed light on the spike in fake shopping websites during the Diwali celebrations this year. 

There have been reports that these scams have gone beyond mere disruption of online shopping for a customer to full-blown financial fraud that involves hackers posing as customer service representatives and swindling unknowing consumers out of their money. 

In the case of Diwali, when cybercriminals exploit the festive mood, exploiting potential lapses in vigilance among celebrants, early detection of these tactics must be explored to avoid potential repercussions. During the holiday season, many new websites have emerged with the name 'Diwali' in them, pretending to be huge Indian e-commerce sites, posing as big Indian e-commerce players. They even used tricky tricks like typosquatting to make their fake sites appear genuine. 

They changed 'shop.com' into 'shoop. Xyz - the same look, same content, just out to fool you into thinking they had done it. Newly registered Diwali domains closely mimic the brands of leading Indian e-commerce vendors, exploiting the massive demand from e-commerce consumers. 

Phishing campaigns are exploiting this demand. In particular, typosquatting techniques can create a sense of legitimacy in a less technologically advanced audience by giving these domains a sense of legitimacy. There is an interesting aspect to the fraud discovered by CloudSEK that most of these fraudulent websites featured admin panels. 

Upon receiving the report, these pages were promptly removed and reported as brand abuse. However, an error message appeared on the backend of most of these sites. The researchers at CloudSEK, along with many of their colleagues, were able to identify instances of betting redirects, including domains with keywords like 'Diwali' and 'Pooja', hosted by Megalayer in Hong Kong. 

It was discovered that fraudsters exploited the increased internet traffic during to Diwali period to redirect users to various Chinese betting sites. Cybercriminals exploit the increase in internet traffic to build malicious sites that mimic actual gambling sites to target traffic. The redirection of cryptocurrency websites was also found on social media channels, where genuine users were misled into registering with unreliable cryptocurrency websites through the use of cryptocurrency redirects.

It is common for cybercriminals to lure users to questionable crypto platforms by offering them freebies, resulting in potential financial losses. "Hackers often employ cunning tactics such as giving users freebies or bribes to lure them into creating accounts," said Rishika Desai, urging users to exercise caution, stay vigilant, and report any suspicious activity to prevent becoming victims of such frauds. 

As the festive season approaches, users are strongly advised to exercise caution, remain vigilant, and report any suspicious activities to prevent falling victim to these frauds. Once hooked, victims are gradually encouraged to deposit funds, often leading to substantial financial losses." 

There has been an e-commerce website selling jewellery identified as promoting a Trojan application and encouraging customers to download it. The domain name included the word 'Diwali', which leads to the application containing Android Trojan malware. 

Here Are Some Tips to Stay Safe This Diwali


  1. It is recommended not to open emails or messages that seem suspicious. 
  2. Clicking on links or attachments from individuals you do not know is a bad idea. 
  3. When sharing links on social media from sources users are not familiar with, they should proceed with caution. 
  4. Gift cards should be purchased from a reputable source. 
  5. It is also important to be aware of job ads that promise high salaries for minimal work. 

These might be scams and should be avoided. Send a report to the moderator so that the post can be investigated. Several digital tricksters are working in full force during Diwali, so Diwali shoppers are advised to remain vigilant. 

To keep from being victimized by online scams, it is recommended to take a little extra precaution when purchasing gifts online. As part of ensuring that a safe and joyful Diwali celebration takes place for all, it is crucial to report any suspicious activity.

Notorious Global Phishing Platform Neutralized in Cross-Border Operation

 


There were arrests made of two alleged operators of the phishing-as-a-service platform "16shop" by INTERPOL in Indonesia and Japan after the agency carried out a successful investigation into the scheme, which was outsourced. 

A research project that investigated cyber threats in the ten-nation Association of Southeast Asian Nations (ASEAN) bloc revealed on Tuesday that 16shop, which the international police co-operation organization described as a vendor of "phishing kits" sold to cyber criminals, was able to detect its existence as part of the research project investigating cyber threats in the bloc. 

To defraud Internet users with email scams, the PaaS platform in use sells phishing kits to hackers to use to defraud them by sending an email with a pdf or a link that redirects the victim to a website that asks them for various personal information such as their credit card number. After these details have been stolen, they are used to steal money from victims by stealing their personal information. 

Known as phishing, this form of cyberattack is committed by impersonating a legitimate entity through a form of communication such as email, a phone call, or a text message, with the intent of obtaining sensitive information from the victim. Several cyber threats are prevalent around the world, including phishing. Up to 90 per cent of data breaches are thought to be attributable to successful phishing attacks, making it one of the most common ways to acquire credentials and steal data from victims. 

As reported by Interpol, 16shop sells phishing kits to hackers, whose aim is to covertly scam internet users with the help of these kits. In most cases, these scams involve sending emails that contain PDF files or links that redirect users to a website as the result of the sender's mistake. A site like this would then ask its victims for their credit card numbers or other sensitive information, such as Social Security numbers. 

A joint operation against 16Shop was carried out with the assistance of the cyber crime department of the INTERPOL General Secretariat, Indonesian authorities, Japanese authorities, and US authorities. Several private infosec firms participated in the conference, and these included the Japan Cyber Defense Institute, Singapore's Group-IB, Palo Alto Networks' Unit 42, and Trend Micro, as well as Cybertoolbelt, an investigation platform for cybercrime. 

Over 70,000 users in 43 countries have reportedly been compromised as a result of the hacking tools supplied by 16shop. In an interview with The Jakarta Post, brigadier general Adi Vivid Agustiadi Bachtiar, the director of the Indonesian National Police Cybercrime Investigation, stated that anyone can launch phishing attacks by simply clicking on their mouse. 

A cybercrime expert, Bernardo Pillot, said there has been an "unprecedented increase" in the sophistication and number of cyber threats as a result of cybercrime operations at Interpol. Moreover, of late there has been an increase in “customized” attacks as criminals are looking for the highest impact as well as the highest profit from their crimes. 

There is a strong indication that the platform is administrated from a country in Indonesia, according to law enforcement. They seized electronic items, as well as several luxury vehicles, during the arrest of a 21-year-old man. A couple of other platform facilitators were also arrested after the first arrest was made by law enforcement officers. 

A police investigation was launched by the National Police Agency of Japan and the Indonesian National Police shortly after the successful apprehension of the administrator which led to the identification of two facilitators and their arrest by both agencies. 

Group-IB, a Singaporean infosec outfit, had analyzed 16Shop, the e-commerce platform for phishing kits, and the outfit was able to assert that over 150,000 phishing domains had been created as a result of using the outfit's kits. Information security firm Earthlink believes that the kits in question have been traded on the underground cybercriminal market since as far back as November 2017, at prices ranging from $60 up to $150 for each kit. 

According to the group, phishing pages targeting the users of American Express were offered for $60, and fake Amazon pages mocking Amazon were offered for $150, which are both targeted at American Express users, respectively. With the help of the kits, putative victims were able to see content localized to their location based on eight languages. 

It was necessary to have global collaboration since many of the operations of the phishing-as-a-service vendor were hosted on servers owned and run by a US-based company to operate efficiently. To provide Indonesian investigators with the information they needed, the FBI helped to secure it.

Amazon Executive Lacks Data for Return-to-Office Mandate

 

Amazon employees are expressing discontent over the company's recent decision to revoke remote work flexibility, and the situation has been exacerbated by comments made by a senior executive.

During an internal staff meeting, Mike Hopkins, the SVP of Amazon Video and Studios, admitted that there was no data to support the company's mandate for employees to return to the office. This stands in contrast to Amazon's reputation for data-driven decision making, leading to frustration among many workers.

The new mandate, announced in February, requires most employees to work in the office at least three days a week, reversing a previous commitment not to enforce physical office attendance.

Hopkins mentioned reasons for eliminating flexible work options, claiming that CEO Andy Jassy and other executives believe that employees perform better when working together in person. 

He also referred to a leadership principle encouraging employees to "have backbone, and disagree and commit," implying that now is the time to commit rather than disagree.

Despite data suggesting that remote work can increase productivity and employee happiness, Amazon's executives seem unwilling to consider these findings in their decision-making process.

Other companies are also pushing for a return to in-office work in 2023, possibly due to short-term financial considerations or a desire for increased control over employees.

Amazon workers have expressed their concerns through an internal petition, but the company appears determined to stick to its data-less decision, disregarding the disagreement from its employees.

Former Amazon Security Engineer Charged of Defrauding a Crypto Exchange


A prominent cybersecurity pro for Amazon is apparently facing a problem. The U.S. Department of Justice has detained security engineer, Shakeeb Ahmed, with charges of defrauding and money laundering from an unnamed decentralized cryptocurrency exchange, both charged carrying a maximum 20-year-imprisonment.

According to Damian Williams, the U.S. attorney for the Southern District of New York, this was the second case their firm was announcing that is highlighting the case of “fraud in the cryptocurrency and digital asset ecosystem.”

As noted by the DOJ, Ahmed – a former security engineer for an “international technology company” – was able to "fraudulently obtain" from the aforementioned exchange almost $9 million worth of cryptocurrencies. He executed this by creating bogus dates for pricing, in order to produce the fees that he later withdrew for himself.

Williams further added, "We also allege that he then laundered the stolen funds through a series of complex transfers on the blockchain where he swapped cryptocurrencies, hopped across different crypto blockchains, and used overseas crypto exchanges. But none of those actions covered the defendant's tracks or fooled law enforcement, and they certainly didn't stop my Office or our law enforcement partners from following the money."

Ahmed is also charged with allegedly attempting to steal more money from the exchange via "flash loan" attacks, another type of crypto vulnerability

While it was initially imprecise as to what company the accused had worked for, cybersecurity blogger Jackie Singh on Tuesday mentioned that Ahmed was a former Amazon employee. Jackie further mentioned several other online profiles the accused appeared to have links with.

According to a LinkedIn profile that matches Ahmed's job description, he works at Amazon as a "Senior Security Engineer" and has worked there since November 2020. The user's profile continues to claim Amazon as his employer. However, it is still unclear if this profile is in fact representing Ahmed.

Following this, Amazon was contacted to confirm the aforementioned details, to which the company confirmed that he had worked for Amazon. However he is no longer employed with the company, they added. The tech giant said that it could not provide any further information regarding his role in the company.

Moreover, a report by Inner City Press – a New York outlet – confirms that Ahmed appeared at the court following his detainment on Tuesday. The report mentions him wearing flip-flops, shorts, and a T-shirt saying “I code,” to the court hearing. Later, he was released on bond after pleading not guilty and will be permitted to continue living in his Manhattan apartment, according to the site.