Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyberfraud. Show all posts
Treasury Department
CISA & FBI CybeCrime Cyber Attacks Cyberfraud Cyberhackers Cybersecurity Hackers Treasury Department

Emerging Allegations of Chinese Espionage Targeting US Treasury

 


An alleged hacker named Yin Kecheng and a cybersecurity company called Sichuan Juxinhe Network Technology Co were sanctioned on Friday by the US Treasury Department for involvement in a string of hacks against American telecom companies.

Kecheng is a Shanghai-based cybercriminal with an affiliation with the PRC Ministry of State Security who has been associated with the recent breach of the Department of Treasury's network. An organization called Sichuan Juxinhe, a cybersecurity company based in Sichuan, was directly involved with Salt Typhoon's cyber-attacks. 

PRC-linked Salt Typhoon cyber-espionage activities have resulted in numerous compromises of US telecommunications and internet service provider companies as part of a broad cyber espionage campaign, that has been carried out for several years. As a result of these intrusions, which are known as the Salt Typhoon, a massive number of American call logs have been exposed to Chinese spies, raising alarms in the US intelligence community. 

As far as some lawmakers are concerned, there have been instances where hackers have intercepted conversations with prominent politicians and government officials in the United States. Some lawmakers have described them as the worst hack on a telecom company in American history.

An agency within the U.S. Treasury Department (OFAC) has imposed sanctions on a Chinese cybersecurity firm and a Shanghai-based cyber actor in the wake of the recent compromise of a federal agency that appears to be connected to an organized criminal group known as Salt Typhoon. After the attack, it was revealed that the attackers had targeted the Office of Foreign Assets Control (OFAC) in addition to the Treasury Secretary's Office. 

According to a Washington Post report that cited unidentified US officials, China has been targeting the tools that the US uses to achieve its national security objectives, such as economic sanctions against adversaries, to do so. The Cybersecurity and Infrastructure Security Agency (CISA) has recently issued an update that supports the notion that the attack directly targeted the US's structure that controls foreign economic affairs, supported by an update provided by CISA this week that further supports this theory. 

It has been reported that malicious cyber actors linked to the People's Republic of China (PRC) continue to target U.S. government systems, including the recent cyberattacks on Treasury's information technology (IT) systems, as well as sensitive US critical infrastructure," according to the Treasury. Also, Salt Typhoon, a group that is believed to be linked to the People's Republic of China, has recently allegedly breached nine major telecommunications firms in a huge attack on US critical infrastructure, according to reports. 

As a result of this, Verizon, AT&T, and Lumen Technologies were among the many victims, where threat actors had lurked in their networks for months. The Treasury's announcement is just one in a series of similar actions against Chinese threat actors. The company Integrity Technology Group, based in Beijing, was sanctioned on January 3 for its involvement in a Chinese state hacking group known as Flax Typhoon, which allegedly participated in the hacking. 

It has been reported that in December, another Chinese hacking contractor, Sichuan Silence Information Technology, was subjected to U.S. sanctions after being blacklisted along with an arrest warrant against a Chinese national who is accused of developing a zero-day exploit for Sophos firewalls while employed at Sichuan Silence. 

Aside from the designations, there have been several other steps taken by the Treasury to combat malicious cyber activity originating from Chinese hackers. The agency has previously sanctioned Integrity Technology Group (Flax Typhoon), Sichuan Silence Information Technology Company (Pacific Rim), and Wuhan Xiaoruizhi Science and Technology Company (APT31). A new executive order signed by the Biden administration on Thursday would allow Treasury to extend its authority to sanction anyone complicit in hacking crimes under the extortion laws, indicating the administration's intention to prosecute them more aggressively going forward. 

Treasury is empowered to sanction anyone who, directly or indirectly, enabled hacking, as well as anyone who knowingly uses hacked data for financial gain, under the executive order of January 15, 2011. The director of CISA, in a blog post dated January 15, 2009, wrote that Beijing’s cyber program is very sophisticated and well-resourced, which poses a threat to the critical infrastructure in the United States. 

As Easterly pointed out, the administration has managed to eradicate some Chinese intrusions, however, there is a need for further strengthening cyber security and vigilance across the public and private sectors to reduce threats from these groups. CISA has in response, she said, developed three "lines of effort" aimed at addressing persistent threats and reducing the risk to American citizens. The first step is to exterminate Chinese cyber actors from the victims' networks. There is also the possibility of collaborating on cyber defence with key industry partners in the fields of information technology, communication, and cybersecurity. 

As a final step, cybersecurity services such as CyberSentry, a threat detection capability managed by CISA, can be utilized to reduce the risk of Chinesecybercriminalss posing a threat. In addition to attack surface management, CISA also provides a form of cyber defence that involves identifying and mitigating the technology defects that allow cyber threats to gain an edge, and 7,000 critical service organizations have already used CISA's services. 

Easterly noted that the CISA service was already offered to more than 7,000 organizations that rely on critical services. The attackers are reported to have broken into no less than 400 computers owned by the Treasury, as reported in a recent Bloomberg report and stolen more than 3,500 files. These include documents such as policies and travels, organizational charts, sanctions, and foreign investment materials as well as 'Law Enforcement Sensitive' materials. Additionally, they were able to gain access unauthorized to the computers of Secretary Janet Yellen, Deputy Secretary Adewale Adeyemo, and Acting Under Secretary Bradley T Smith, as well as materials relating to investigations conducted by the Committee on Foreign Investment in the United States. 

Silk Typhoon has been linked to a cluster of Chinese espionage actors known for using Ivanti zero-day vulnerabilities extensively, which has been tracked by Google's Mandiant under the moniker UNC5221 by Mandiant, which is an espionage network owned by Mandiant. Throughout the last year, there have been an increased number of court actions, which led to the arrest of hacking suspect Yin Kecheng in Shanghai and the imposing of sanctions against Sichuan Juxinhe Network Technology Co., LTD, as well as their ability to conduct business in the United States. 

In the first instance, the Treasury Department sanctioned a Beijing-based cybersecurity company that is suspected of being involved in multiple cyberattacks targeting vital infrastructures in the United States earlier this month. U.S. accusations of hacking have been repeatedly denied by the Chinese government, including last month's dispute about the Treasury Department hacking allegations. 

The sanctions announced on Friday do not provide any new details regarding the scope of the hack into the Treasury Department, which the agency said was discovered on December 8. Thus, a third-party software provider, BeyondTrust, has pointed out that hackers were stealing a key that was used by the vendor to secure a cloud-based service that provides remote technical support to workers. This key facilitated the hackers in overriding the security measures of the service and gaining remote access to several employee workstations as a result.
Read more »
TRAI
Airtel Cyber Attacks CyberCrime Cyberfraud Cyberhackers Cyberspam CyberThreat DoT Malicious calls SMS Telecom TRAI

India Launches New Initiatives to Combat Spam and Cyber Fraud

 


There is a renewed effort underway in the fight against spam and unsolicited commercial communication as the Department of Telecom (DoT), the telecom regulator Trai, and private telecommunication companies are launching new programs to combat cyber fraud and phishing attacks that are on the rise. 

Several regulatory agencies have been working hard to crack down on spammers and block the numbers of individuals who are engaging in fraudulent activities as detected by Trai and the DoT. It has been reported that the Trai and DoT have been targeting spammers and blocking numbers that seem suspicious. 

Additionally, they have met with representatives from telecom companies to establish new rules regarding vigilance and curbing unwanted activities to control them more effectively. The company has developed an AI-driven tool that helps identify spam and sends an alert to customers if it detects it. A blockchain-based spam control system has been rolled out by Vodafone Idea as part of its SMS spam control program. 

As part of Bharti Airtel's campaign to handle the issue of spam for customers, the company launched India's first network-based, AI-powered spam detection solution on Wednesday. It has been a long time since they met with top representatives from telecom companies and asked them to be vigilant against these criminal activities as well as stipulating new rules to counter them in the future. 

A report issued by the Telecom Regulatory Authority of India and the Department of Telecommunications has indicated that over a crore fraudulent mobile connections have been disconnected, as well as 2.27 lakh handsets that are subject to financial fraud and cybercrime. According to Trai, mobile operators have been encouraged to disconnect telecom resources that are used for bulk spam calls and they have stated that such entities could be blacklisted for up to two years if they are not disconnected. 

Furthermore, telecom companies will be required to check all SMS transmissions containing non-whitelisted URLs, to reduce the misuse of SMS headers and templates and, as a result, ensuring that standard SMS protocols are followed. Trai has mandated as of November 1, all telecommunications operators shall ensure the traceability of messages from the point of origin to the point of destination. 

 According to Airtel CEO Gopal Vittal, spam has become a menace for its customers. It is believed that the entire industry needs to work together to resolve this problem comprehensively... (and) to shield our customers from the continuous onslaught of intrusive and unwanted communications. The Vodafone Idea announced that it will launch soon a URL whitelisting platform, stating, "Vi is participating actively on the topic along with the TRAI, COAI, and other relevant groups.". 

Airtel's data scientists are using a proprietary algorithm to identify and classify calls and SMSs as 'suspected SPAM' through the AI-powered solution developed in-house by Airtel's data scientists. A network powered by artificial intelligence analyzes, in real-time, several parameters including the usage patterns of the caller or sender, the frequency of calls and SMS, and the duration of the calls, among other factors. 

As a result of comparing the information you provide with this information with known spam patterns, the system can flag suspicious calls and SMSs. Further, Airtel has developed a system that notifies customers when malicious links are sent via SMS. To achieve this, Airtel has built a centralized database of blacklisted URLs, and every SMS is scanned in real-time by an AI algorithm to alert users in order not to click on those links accidentally.
Read more »
RBI
Cyber Attacks Cyber Heist CyberCrime Cyberfraud Cybersecurity Cyberthreats Fradulent Transactions Indusland Bank RBI

Cyber Heist: Rs 40 Crore Taken from IndusInd Bank

 


According to Maharashtra Cyber, which reported the recovery of 31.89 crores out of 40 crores allegedly fraudulently transferred from IndusInd Bank to 20 different mule accounts on Friday, the agency said. As a result of the fraud, more than $4.2 million were stolen from ATMs around the country, while police are still looking for the remaining $2.87 million. 

It has been reported that IndusInd Bank in Mumbai has reported a loss of Rs 40 crore as a result of an unauthorized transaction which took place on their network. Maharashtra Cyber Police, responsible for detecting and responding to cyber frauds in the state, has managed to recoup Rs 32 crore as a major achievement in one of the state's largest cases of cyber fraud. According to the bank's Hyderabad branch manager, he is being held responsible for making unauthorized transactions on behalf of the bank. 

By improving the reporting process through the National Cybercrime Reporting Portal (NCCRP), the Maharashtra Cyber Police were able to take swift action on the report of the cybercrime within a short period. With such a prompt response, the authorities were able to track down and freeze the fraudulent accounts in a short period. In addition to the fraudulent transactions, the Hyderabad branch manager also made two significant transfers of Rs 15 crore and Rs 25 crore with no authorization from the Mumbai head office on whether these transfers should be carried out. 

A total of nearly 20 accounts were involved in the disbursement of the funds. Even though the Hyderabad police department registered the FIR, it was Mumbai that originally made the complaint. The team’s efforts and process continued, resulting in blocking a total of ₹32.89 crore till July 25 in 11 bank accounts in India. The fraud managed to withdraw ₹4.24 crore from different ATMs of the bank, said Shintre. Efforts are still on to recover the remaining money,” he added. 

The amount was transferred to different banks from the Hyderabad branch, so an FIR has been registered there, and the Hyderabad police are investigating the case. After the Maharashtra Cyber Police team got wind of the complaint on July 19, one of its officers explained that the team immediately started pursuing the matter. In coordination with all finance intermediaries responsible for the processing of the money, they were able to place a hold on approximately Rs 31 crore by 6 PM on the same day. 

IndusInd Bank's Bandra Kurla Complex branch, which is located at the Bandra Kurla Complex (BKC), was alerted to the fraud through their helpline number after informing the cyber police about the fraudulent transactions. It was only after the cyber police took action that they were able to freeze the accounts worth 312.890 crores, which were held in various banks. According to the report, the team noticed on July 19 that there has been significant fraud involving transactions amounting to approximately $40 crore that have been reported. 

Following the realisation of the urgency of the situation, a team was immediately formed, and the following morning a follow-up process was initiated and immediate coordination was initiated with the appropriate financial intermediaries involved in the transactions. This resulted in an approximate saving of approximately 31 crores by 6 pm that day," said Shintre. A total of 31.89 crores of currency worth 32.89 crores were blocked from 11 bank accounts in India as a result of the team's work and process up until July 25. 

Shintre informed the press that the fraudster was able to withdraw a total of Rs.4.24 crore from ATMs across the bank. The team is constantly working on recovering the remaining money to get it back," he stated. It is believed that the money from the Hyderabad branch was transferred to different banks, which is why an FIR was filed there, and the Hyderabad police are presently investigating the situation. 

In the past three and a half years, Maharashtra Cyber has received 281,019 reports of cyber fraud, resulting in a staggering loss of approximately ₹3,325 crore to complainants across the state. During this period, efforts by the Cyber Police have successfully blocked and safeguarded around ₹358.77 crore in transactions through banking channels. 

The scale of the issue is reflected in the daily volume of calls received by Maharashtra Cyber's helpline number, 1930, which averages between 4,000 and 5,000 calls. To manage this influx, the organization operates 20 functional lines manned by a dedicated workforce of over 110 individuals working round-the-clock. A specialized team of 10 personnel focuses exclusively on follow-up procedures, liaising directly with banks and law enforcement agencies to expedite the resolution of complaints. 

Additionally, Maharashtra Cyber has implemented dedicated Artificial Intelligence (AI) units across various branches. These units facilitate data analysis, pattern recognition, digital forensics, and behavioural analysis, significantly aiding investigators in their efforts. From 2021 to July 26, 2024, the helpline recorded a total of 281,019 complaints, resulting in the recovery of ₹3,324.90 crore from fraudulent transactions, with an additional ₹358.77 crore placed on hold. This underscores the effectiveness and commitment of Maharashtra Cyber in addressing and mitigating cybercrime incidents. Ongoing investigations are aimed at ensuring compliance with RBI regulations and enhancing internal banking checks to prevent future occurrences.
Read more »
Telecommunication
Cyberattacks CyberCrime Cyberfraud Cybersecurity CyberThreat Technology Telecommunication

Government Shuts Down Two Telemarketing Giants for 5.5 Million Fraudulent Calls

 


Several telemarketing entities, notably V-Con Intelligent Security and OneXtel Media, have been suspended by the Department of Telecommunications (DoT) for disseminating malicious messages through their services. According to a report by the Economic Times (ET), these two telemarketers alone were responsible for sending a record 55.5 million spam messages since January of this year. 

In light of the escalating incidence of SMS fraud within the country, the DoT has taken decisive action to suspend these two telemarketing companies, aiming to mitigate the risks associated with such scams. The DoT's directive, issued on July 15, identified V-Con Intelligent Security and OneXtel Media as platforms for sending customers malicious and phishing SMSes. Reports submitted to the Sanchar Saathi portal, particularly from the 'Chakshu' facility listed under the 'Services' section, highlighted these malicious activities. 

Comprehensive analysis of information provided by citizens enabled the DoT to make significant discoveries and undertake specific interventions. In its efforts to combat the proliferation of malicious SMS activities, the DoT has issued orders for the suspension and blacklisting of 131 Principal Entities (PEs), as well as approximately 5,000 SMS templates and 700 SMS headers linked to these activities. Despite these measures, new headers emerge, allowing fraudulent SMSes to be sent to citizens and raising ongoing concerns. 

Investigations have revealed that Onextel Media Pvt Ltd and V-Con Intelligent Security Pvt Ltd were responsible for a substantial portion of these malicious SMSes, accounting for 5.55 crore out of the 5.66 crore reported incidents. The DoT directive also mandates telecom companies to file police complaints against these telemarketers for circumventing the Distributed Ledger Technology (DLT) platform and distributing phishing messages.

The DLT platform is utilized to authenticate registered telemarketers and their messaging components, preventing unregistered entities from sending promotional messages. The DoT's actions were prompted by numerous complaints from telecom users regarding malicious SMSes. In response, the DoT employed facial recognition technology to block 6.76 lakh SIM cards and 10,296 mobile phones in Gujarat that were linked to cybercrime activities. 

Further investigations revealed financial connections between the identified companies and various organized transnational crimes, including fraudulent stock investments, prompting the Gujarat Police to launch inquiries. Despite the collaborative efforts involving telecom companies and regulatory bodies such as the Telecom Regulatory Authority of India (TRAI), the Reserve Bank of India (RBI), the Securities and Exchange Board of India (SEBI), and the Insurance Regulatory and Development Authority of India (IRDAI), significant challenges persist in curtailing spam and scam activities. The continuous evolution of spamming techniques poses a formidable challenge, necessitating ongoing adaptation and enhancement of countermeasures to effectively mitigate such threats.
Read more »
Police
Cyber Security Cyberfraud Financial Exploit Fraud Calls Police

New Online Scam: Fraudsters Pose as Police Officers to Extort Money



Cyber fraudsters have developed a new method to deceive unsuspecting individuals by posing as police officers and claiming that a relative has been arrested in a narcotics case. They demand a bribe to drop the charges, preying on the victims' fear and urgency to help their loved ones.

This tactic is a variation of the well-known courier scam, where fraudsters call individuals, claiming that a package in their name containing narcotics was intercepted by customs officials. They then demand money to resolve the issue. The new approach involves impersonating police officers and alleging that a family member has been detained for drug-related offences.

Recent Incidents Highlight the Threat

Several cases of this scam have been reported recently. On Wednesday, the North Division Cyber Crime Police registered a case against an unidentified person who, posing as a Delhi police officer, extorted ₹7,000 from a private firm employee named Srinivas Nageshwara Rao. The fraudster claimed Rao’s daughter was arrested for drug consumption and was being taken to Delhi. The scammer promised to drop the charges if Rao paid ₹15,000. Rao transferred ₹7,000 online but later grew suspicious and confirmed with his daughter that she was safe at college.

Another victim, an 18-year-old student, was swindled out of ₹65,000. The fraudster, posing as a police officer, told her that her father had been arrested for drug peddling and demanded money to release him and drop the charges. The student transferred the money but later realised she had been scammed.

In a similar case, a software engineer from Kasavanahalli, Utkarsh Srivatsastav, reported to the Bellandur police that he was cheated out of ₹40,000. The scammer, pretending to be a police officer, claimed that Srivatsastav's son was involved in illegal activities and would be arrested unless a bribe was paid. Srivatsastav transferred the money online before discovering the fraud.

Police Action and Legal Measures

Based on these complaints, the police have charged the fraudsters under Section 66C (identity theft) of the IT Act, 2000, and are conducting further investigations. Authorities are urging the public to be vigilant and sceptical of unsolicited calls demanding money, especially those involving legal or police matters.

Protecting Yourself from Scams

To avoid falling victim to such scams, individuals should:

1. Verify the identity of the caller by contacting the relevant authorities directly.

2. Never transfer money based on a phone call alone.

3. Report suspicious calls to the police immediately.

By staying informed and cautious, the public can protect themselves from these deceptive tactics and help authorities catch the perpetrators.


Read more »
USSD
Call Forward criminals Cyber Security Cyberattacks CyberCrime Cyberfraud CyberThreat Mobile USSD

USSD Call Forwarding Deactivation: India's Move to Safeguard Against Cyber Fraud

 


The Department of Telecommunications (DoT) has recently taken a step to tackle the surge in online fraud cases across the country. To counter various incidents of fraud resulting from illegal call forwarding, the authorities have required all telecom operators in the country to allow their USSD-based call forwarding services to be deactivated from April 15, 2024.  

In other words, USSD (Unstructured Supplementary Service Data) is a technology that makes it possible for mobile users to gain access to a wide variety of services provided by phone networks by dialling shortcodes such as *401#. Criminals impersonate customer support to trick users into dialing this code followed by their number and into being tricked by them. 

As a result, the fraudster will usually be able to receive all phone calls and forward them to him. The USSD (Unstructured Supplementary Service Data) is commonly used by users to check balances, block numbers, and other information with the option of dialling simple codes. As a result, such social engineering attacks are vulnerable to this particular system by the DoT. 

Several services can assist users with this, including call forwarding, as well as phone number rerouting. In addition to checking mobile phone balances and IMEI numbers, the service is also commonly used to check the health of mobile phones. An order has been issued as a result of an ongoing investigation into frauds involving mobile phones and online crimes that have been committed. 

In making this decision, they do so in response to a rising number of concerns about fraud, and misuse, as well as the increasing number of online scams occurring in the wake of the call forwarding feature. Once users suspend the service for their number, users will need to reactivate any call forwarding that has been set up on it. If they already have it enabled, they will have to reactivate it. 

There have been rumours, however, that users may have to use alternative methods of activating call forwarding, which has yet to be specified, to perform this functionality. The traditional ways for users to manage the forwarding of their calls will now need to be replaced by alternative ways for providers to do so. The suspension of USSD-based call forwarding services comes amid concerns about the susceptibility of such services to fraudulent activities within the telecommunications sector. 

While the request does not imply a permanent removal of the service, there are speculations that it may be reintroduced in the future with enhanced security measures to prevent misuse and fraud. Telecommunications fraud often involves cybercriminals exploiting vulnerabilities within call forwarding systems to unlawfully access sensitive information. 

One prevalent tactic utilized by fraudsters involves persuading unsuspecting users to enable call forwarding to alternative phone numbers via USSD commands. Once activated, these diverted calls serve as a conduit for intercepting confidential data, such as one-time passwords (OTPs), intended for authentication purposes. 

The USSD service, accessed by inputting specific codes on mobile keypads, offers various functionalities including prepaid balance checks and IMEI retrieval. Among these functions is the activation of unconditional call forwarding, a feature now under scrutiny due to reported instances of misuse. 

The DoT's directive to deactivate USSD-based call forwarding represents a proactive measure aimed at disrupting fraudulent schemes. By eliminating this option, telecom operators can thwart fraudsters from exploiting the feature for illicit activities. This action not only protects mobile phone users but also bolsters the integrity of the telecommunications infrastructure.

In summary, the mandated suspension of USSD-based call forwarding services marks a significant stride in combating fraudulent practices in the telecommunications realm. By depriving fraudsters of a crucial tool, the DoT's initiative contributes to the advancement of cybersecurity and fosters a safer digital landscape for both consumers and businesses.
Read more »
Money Scam
Cyber Crime Cyber Extortion Cyberfraud Digital Arrest Money Scam

Digital Arrest Scam: Woman Doctor Duped for 40 Lakhs, Loses Her Entire Savings

Digital Arrest Scam

In today’s digital world, our lives are interconnected through the internet. From shopping on the web and managing finances to connecting with our loved ones, everything is done online these days. 

But the comfort also comes with some risks. 

Professor scammed with Rs 40 Lakhs 

In a recent online scam, a government medical university professor fell victim to a “digital arrest” scam and was tricked into paying a heavy amount of Rs 40 lakhs. The scam technique is called “digital arrest” where a scammer fools the victim under the disguise of law enforcement agencies. 

“An arrest warrant has been issued in your name. All your financial accounts will be frozen and they will be investigated. Till then you are put under ‘digital arrest’. After that they called me on Skype and showed me many documents which included my phone number, Aadhaar number, and which also included my arrest warrant,” she said.

The Attack: What happened?

On March 11, the professor received a call purportedly from Maharashtra. The caller alleged that a phone number issued under her ID in July 2023 was involved in illegal activities, including text message scams, phishing, and money laundering.

The call was then transferred to another individual claiming to be from the Maharashtra police headquarters. This person accused her of opening a fraudulent account in Canara Bank, Mumbai, leading to money laundering activities. The caller even spoke about an arrest warrant issued in her name.

The scammer threatened her, stating that all her financial cards, PAN, and Aadhaar had been blocked. They claimed she was under ‘digital arrest’.

To add to her distress, the scammers showed her documents via Skype, including her phone number, Aadhaar number, and the alleged arrest warrant.

The professor was coerced into transferring a staggering amount of Rs 31.31 lakh on March 11, followed by Rs 9 lakh from another account the next day.

The scammers instructed her to maintain constant communication, provide personal information, and refrain from contacting anyone else, citing national security concerns and the purported involvement of police and bank officials in the scam.

Realizing she had fallen victim to cyber fraud, she promptly reported the incident to the cybercrime police station and filed a formal complaint.

Impact of the attack

According to police, “A staggering amount of Rs 31.31 lakh was transferred by her on March 11, followed by Rs 9 lakh from another account the next day.” 

The stolen money was the professor’s entire savings, which she had kept for her kids’ studies and her future.

Triveni Singh, a former SP in the Cyber Cell and a cyber expert said that no reputable agency will request a Skype chat for reasons of investigation or arrest. There's nothing like a 'digital arrest'.


Read more »
threats
Cyberattacks Cyberfraud Darkweb Data Breach data security Deception Exploitation Fabrication Leaks Misinformation Ransomware threats

Decoding Cybercriminals' Motives for Crafting Fake Data Leaks

 

Companies worldwide are facing an increasingly daunting challenge posed by data leaks, particularly due to the rise in ransomware and sophisticated cyberattacks. This predicament is further complicated by the emergence of fabricated data leaks. Instead of genuine breaches, threat actors are now resorting to creating fake leaks, aiming to exploit the situation.

The consequences of such falsified leaks are extensive, potentially tarnishing the reputation of the affected organizations. Even if the leaked data is eventually proven false, the initial spread of misinformation can lead to negative publicity.

The complexity of fake leaks warrants a closer examination, shedding light on how businesses can effectively tackle associated risks.

What Drives Cybercriminals to Fabricate Data Leaks?

Certain cybercriminal groups, like LockBit, Conti, Cl0p, and others, have gained significant attention, akin to celebrities or social media influencers. These groups operate on platforms like the Dark Web and other shadowy websites, and some even have their own presence on the X platform (formerly Twitter). Here, malicious actors publish details about victimized companies, attempting to extort ransom and setting deadlines for sensitive data release. This may include private business communications, corporate account login credentials, employee and client information. Moreover, cybercriminals may offer this data for sale, enticing other threat actors interested in using it for subsequent attacks.

Lesser-known cybercriminals also seek the spotlight, driving them to create fake leaks. These fabricated leaks generate hype, inducing a concerned reaction from targeted businesses, and also serve as a means to deceive fellow cybercriminals on the black market. Novice criminals are especially vulnerable to falling for this ploy.

Manipulating Databases for Deception: The Anatomy of Fake Leaks

Fake data leaks often materialize as parsed databases, involving the extraction of information from open sources without sensitive data. This process, known as internet parsing or web scraping, entails pulling text, images, links, and other data from websites. Threat actors employ parsing to gather data for malicious intent, including the creation of fake leaks.

In 2021, a prominent business networking platform encountered a similar case. Alleged user data was offered for sale on the Dark Web, but subsequent investigations revealed it was an aggregation of publicly accessible user profiles and website data, rather than a data breach. This incident garnered media attention and interest within the Dark Web community.

When offers arise on the Dark Web, claiming to provide leaked databases from popular social networks like LinkedIn, Facebook, or X, they are likely to be fake leaks containing information already publicly available. These databases may circulate for extended periods, occasionally sparking new publications and causing alarm among targeted firms.

According to Kaspersky Digital Footprint Intelligence, the Dark Web saw an average of 17 monthly posts about social media leaks from 2019 to mid-2021. However, this figure surged to an average of 65 monthly posts after a significant case in the summer of 2021. Many of these posts, as per their findings, may be reposts of the same database.

Old leaks, even genuine ones, can serve as the foundation for fake leaks. Presenting outdated data leaks as new creates the illusion of widespread cybercriminal access to sensitive information and ongoing cyberattacks. This strategy helps cybercriminals establish credibility among potential buyers and other actors within underground markets.

Similar instances occur frequently within the shadowy community, where old or unverified leaks resurface. Data that's several years old is repeatedly uploaded onto Dark Web forums, sometimes offered for free or a fee, masquerading as new leaks. This not only poses reputation risks but also compromises customer security.

Mitigating Fake Leaks: Business Guidelines

Faced with a fake leak, panic is a common response due to the ensuing public attention. Swift identification and response are paramount. Initial steps should include refraining from engaging with attackers and conducting a thorough investigation into the reported leak. Verification of the source, cross-referencing with internal data, and assessing information credibility are essential. Collecting evidence to confirm the attack and compromise is crucial.

For large businesses, including fake leaks, data breaches are a matter of "when," not "if." Transparency and preparation are key in addressing such substantial challenges. Developing a communication plan beforehand for interactions with clients, journalists, and government agencies is beneficial. 

Additionally, constant monitoring of the Dark Web enables detection of new posts about both fake and real leaks, as well as spikes in malicious activity. Due to the automation required for Dark Web monitoring and the potential lack of internal resources, external experts often manage this task.

Furthermore, comprehensive incident response plans, complete with designated teams, communication channels, and protocols, facilitate swift action if such cases arise.

In an era where data leaks continuously threaten businesses, proactive and swift measures are vital. By promptly identifying and addressing these incidents, conducting meticulous investigations, collaborating with cybersecurity experts, and working with law enforcement, companies can minimize risks, safeguard their reputation, and uphold customer trust.
Read more »
Subscribe to: Posts (Atom)