Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Email Fraud. Show all posts

North Korean Hackers Infiltrate Russian Missile Engineering Firm

 


A sanctioned Russian missile engineering business was successfully penetrated by North Korean hackers, it has been revealed in an astonishing development, prompting worries about the possible repercussions of this security breach. The event shows how North Korea's cyberwarfare capabilities are becoming more sophisticated and how willing it is to target prominent defense organizations outside of its borders.

The compromised business, a significant actor in the Russian defense sector, is focused on the creation of cutting-edge missile technologies. The intrusion, which was initially revealed by cybersecurity company SentinelOne, has alarmed the international security community and shed light on the changing landscape of cyber threats and geopolitical conflicts.

Researchers in cybersecurity have reported that the North Korean hacker squad thought to be responsible for the intrusion is renowned for its skill and ties to the Pyongyang regime. The gang uses a combination of spear-phishing emails and carefully designed malware to infect its targets. Once within the organization's network, the hackers were able to obtain confidential technical information and research about missile systems without authorization.

Concerns over possible cooperation between North Korean hackers and state-approved organizations have been raised in the wake of the incident. According to experts, the stolen missile technology may end up in North Korea's own military research and development efforts or possibly be sold to nations with hostile intents. The North Korean regime may be able to advance its missile capabilities with the help of the stolen data, seriously endangering regional stability.

"The breach of a sanctioned Russian missile engineering company by North Korean hackers underscores the serious nature of cyber threats in today's interconnected world. It serves as a wake-up call for governments and organizations to bolster their cybersecurity measures," warns cybersecurity analyst Jane Thompson.

The compromised Russian company has not disclosed the full extent of the breach, raising concerns about the potential scope of the stolen data. As investigations are ongoing, cybersecurity teams are working tirelessly to assess the damage, contain the breach, and strengthen the company's cyber defenses.

This incident emphasizes the essential necessity for governments and commercial businesses to work together on upgrading their cybersecurity strategy. It is crucial that nations give priority to the security of vital defense infrastructure and sensitive technical developments as cyber threats continue to grow in complexity and scope.

How Scammers Trap Businesses

 

With significant ramifications for South African businesses that have vulnerabilities in their payment systems, the growth in financial and accounting hacking through phishing and Business Email Compromise (BEC) has made headlines. 

However, strong financial controls combined with strong server, IT, and email monitoring processes aren't enough if staff aren't savvy to the psychological tricks scammers use to manipulate people, making them more susceptible to tricker and deception,says Ryan Mer, CEO at eftsure Africa, a Know Your Payee™ (KYP) platform provider. 

The idea that only gullible people are victims of payment fraud and cybercrime is hazardous because it breeds complacency among highly educated people who hold senior positions in organisations. Criminals that engage in paying are frequently highly talented, well-equipped, and knowledgeable enough about their field to pass for professionals, Mer added. 

Manipulating credibility and trust

In order to obtain information or persuade targets to act, con artists rely on human instincts to be kind, avoid conflict, and find quick and efficient solutions to problems. An attempt to gain the trust of a potential victim by posing as a well-known or reliable individual is a common modus operandi. Examples include a worker getting a letter from the finance director of a company telling them to make a quick payment to a vendor or an HR manager getting a nice email from a worker asking that their bank information be altered for payroll purposes.

According to Mer, “an employee’s desire to perform their duties swiftly and competently, especially for a trusted figure of authority, is manipulated by criminals who rely on an instruction being actioned without question for a scam to be successful. In such instances, only an automated system for detecting red flags in outbound payments can offer the level of protection organisations really need to counter human error.” 

Making use of urgency 

Despite scammers' increasing creativity, a tried-and-true strategy that hackers frequently use is making their victims feel as though something is urgent. According to Mer, phishing emails and business email compromise scams are made to increase the likelihood that employees will report a potential concern by coaxing them into doing so. Scammers entice victims into taking rapid action before they have time to stop and consider the actions they are taking. Establishing procedures that force employees to take their time and carefully review all actions involving payments is essential. 

Before granting an urgent request, one should exercise caution and carefully verify any abrupt changes in a customer's or supplier's business operations, such as the addition of a new point of contact or a change to their email address or banking information. Scammers frequently rely on the herd effect, in which individuals in organisations behave as their peers do. 

There is a chance that if one member of a team cooperates with a con artist, it could lead to similar deception of other team members. There is a chance that if one member of a team cooperates with a con artist, it could lead to similar deception of other team members. Even the most attentive teams can fall victim to sophisticated phishing and BEC scams, thus having sound business procedures and knowledgeable employees only goes so far in defending a company. 

Future threats

It is a moving target since cybercrime is always changing. South Africa ranked third globally in terms of the number of cybercrime victims, according to Interpol's most recent African Cyberthreat Assessment Report, which was published in 2021. The report estimated that the country's annual cost from cybercrime is an astounding R2.2 billion. For South African businesses, it is essential to maintain knowledge of the most recent scams and the methods used to carry them out. Moreover, independent third-party verification systems like eftsure can provide a much-needed additional layer of protection by automating payment checking and supplier verification, saving time on manual operations, and minimising human mistake.

Emails are Vulnerable to Cyber Threat

Small businesses and organizations of various sizes worldwide rushed to upload patches and assess what had been compromised. Hacks expose the vulnerability of the 32 million small businesses, which are largely unable to afford to work with cybersecurity firms and also who primarily rely on built-in security measures of software and hardware providers.

As per Iram, a former Israeli intelligence officer, large tech firms can improve their systems prior to being released in order to block hackers before they impact small and medium-sized firms. He adds that cybercrime reduced each time major software companies modified default settings or other general updates with cybersecurity in mind.

According to market research company Gartner, Microsoft has more than 86% of the enterprise e - mails processing market whereas Google has just under 13%.

Challenges with email 

The notion that several components of today's technological stack were created before cybercriminals became a concern is the root of many of its problems. Big firms that predominate the industry typically have still not added security as a default feature to basic software, leaving it to the cybersecurity market to do so. This has led to explosive growth in a new category of companies.

Microsoft Defender for Office 365 finds and stops thousands of user compromise actions each month in addition to nearly 40 million emails with Business Email Compromise, or BEC, and 100 million emails with harmful credential phishing links.

Some cybersecurity enterprises with a focus on the small business sector have launched in the last three to five years, such as Huntress and SolCyber. Even the slightest flaws in one organization, in a highly networked society, can spread to another. An NPR investigation into the significant Microsoft Exchange data breach came to the conclusion that Chinese hackers were targeting American businesses in an effort to collect consumer data on Americans for an unidentified reason.

The American government has so far adopted a conservative stance; a representative for the U.S. Cybersecurity Infrastructure Agency claimed that the agency does not regulate software for small businesses.


 Find Out if Your Email Address Is Being Sold on the Dark Web


Almost everybody uses email. You have probably had a data breach if your private information, like your email address, is discovered on the dark web. There are numerous methods to sell and use your personal information.  

The portion of the Internet that is hidden and inaccessible with a standard web browser is known as the dark web.  The dark web's material is encrypted and needs special permission to access. The most popular method for accessing the black web is Tor, a program that masks IP addresses and locations. Additionally, hackers can easily purchase and sell identity-related information on the dark web, including credit card data, Social Security numbers, medical records, passports, etc. 

How to search for your email on the dark web

1. Launch a computer scan

Unusual or suspicious activity is a certain indication that your email account has been hijacked. Monitoring your laptop for viruses. For instance, it is very likely that your account has been hijacked if you find that your recovery email address or phone number has changed. 

2. Search Have I Been PWned?

You can utilize the website Have I Been Pwned to determine whether your data has been exposed as a result of a breach. The free tool gathers data while searching the internet for database dumps.

3. Employ a password manager

The entire objective of password managers is to assist users with all aspects of password management. A built-in password generator is typically included with password managers, allowing you to create complicated, secure passwords right away. 

4. Make use of two-factor authentication

A hacker will have a much harder time gaining access thanks to the additional layer of security provided by two-factor authentication. 

You must confirm the login attempt after providing your normal information. Usually, to do this, you will get a text message with a random number that you must enter in order to access your account. By doing this, even someone who knows your email and password cannot access your accounts.  

In some circumstances, opening a new email account could be the best and safest choice. From social media to banking, disconnect all of the accounts from the compromised address and link them to a new one.  

Users ought to use more than one email account to achieve optimal security. Decentralizing your online presence and protecting your devices from cyber risks can be accomplished in large part by setting up distinct accounts for work, banking services, social networking, and newsletter subscriptions. Users must ensure they are aware of cybersecurity fundamentals because maintaining online safety takes more than just securing their email account.

Suspected Phishing Email Fraudster Arrested in Nigeria

 

A Nigerian man has been arrested by Interpol and African cops on suspicion of running a multi-continent cybercrime network that specialised in sending phishing emails to businesses. His alleged operation was behind so-called business email compromise (BEC), a combination of fraud and social engineering in which employees at targeted firms are duped into doing things like wiring money to scammers or sending sensitive information abroad. 

This is done by impersonating executives or suppliers and sending messages with instructions on where to deliver payments or data, often by getting into an employee's work email account. The 37-year-arrest old's is part of a year-long counter-BEC operation code-named Operation Delilah, which began with intelligence from cybersecurity firms Group-IB and Palo Alto Networks Unit 42, and Trend Micro. 

According to the groups involved, Op Delilah, which began in May 2021, is another success story from Interpol's Cyber Fusion Center, a public-private partnership between law enforcement and industry experts based in Singapore. The arrest, however, comes after the FBI issued a strong warning about BEC earlier this month, claiming that it is still the most costly threat to businesses throughout the world. Between June 2016 and December 2022, email scams cost businesses and people at least $43.3 billion. 

The FBI stated that BEC continues to develop and change, targeting small local companies to larger enterprises, and personal transactions, adding that it monitored a 65 per cent increase in identified global exposed losses, with victims in 177 countries, between July 2019 and December 2021. When law enforcement attempted to catch the suspected fraudster in this case, he fled Nigeria in 2021. He attempted to return to Nigeria in March 2022 but was recognised and detained as a result of the intelligence-gathering relationship. The intelligence was passed on to Nigerian police by Interpol's African Joint Operation against Cybercrime (AFJOC), which was assisted by law enforcement from Australia, Canada, and the United States. Nigerian cops eventually apprehended the man at Lagos' Murtala Mohammed International Airport. Delilah is the third in a series of law-enforcement actions that have resulted in the identification and arrest of suspected gang members. 

"The arrest of this alleged prominent cybercriminal in Nigeria is testament to the perseverance of our international coalition of law enforcement and Interpol's private sector partners in combating cybercrime," Garba Baba Umar, assistant inspector general of the Nigeria Police Force, said in a statement this week. 

The security companies involved in the operation closely monitored the alleged Nigerian BEC crew under the name SilverTerrier, or TMT, and Delilah is the third in a series of law-enforcement actions that have resulted in the identification and arrest of these suspected gang members. Delilah was preceded by the Interpol-led Falcon I and Falcon II operations, which took place in 2020 and 2021 and resulted in the arrest of 14 members of the criminal gang. 

The earlier operations, as well as the most recent one, were assisted by Unit 42 and Group-IB, among other security analysts. TMT has been tracked by Group-IB since 2019. We're warned that by 2020, the criminals would have infiltrated more than 500,000 businesses in 150 nations. One of the defendants seized in Nigeria during Falcon II had more than 50,000 possible victim domain credentials on his laptop, according to Interpol. 

Meanwhile, Unit 42 researchers allege that the 37-year-old Nigerian detained as part of Delilah has been a criminal since 2015. 

The security analysts at Palo Alto Networks wrote in a blog, "We have identified over 240 domains that were registered using this actor's aliases. Of that number, over 50 were used to provide command and control for malware. Most notably, this actor falsely provided a street address in New York city associated with a major financial institution when registering his malicious domains." 

They discovered that he has a stated affinity for ISRStealer, Pony, and LokiBot malware. He also prefers enormous gold, blingy jewellery, according to a social media snapshot of the alleged perp on the Unit 42 blog. According to the security researchers, the suspect is well-connected with other BEC criminals and also appears to share social media contacts with a trio detained in 2021 as part of Falcon II.

Microsoft Accounts Attacked by Russian-Themed Credential Theft

 

The Ukrainian conflict is being capitalized by malicious emails notifying Microsoft users of "unusual sign-in activity" from Russia. While there are valid concerns that the Russian-Ukrainian conflict would launch a global cyber warfare conflagration, small-time cybercriminals are stepping up their efforts amid the crisis. 

According to Malwarebytes, which discovered a slew of spam emails referencing Russian hacking activities. Phishing emails to Microsoft users have begun to circulate, warning of Moscow-led account hacking and attempting to steal credentials and other personal information. The messages' subject line reads, "Microsoft account unusual sign-in activity." The text in the body is as follows:  

“Unusual sign-in activity
We detected something unusual about a recent sign-in to the Microsoft account
Sign-in details
Country/region: Russia/Moscow
IP address:
Date: Sat, 26 Feb 2022 02:31:23 +0100
Platform: Kali Linux
Browser: Firefox
A user from Russia/Moscow just logged into your account from a new device, If this wasn’t you, please report the user. If this was you, we’ll trust similar activity in the future.
Report the user
Thanks,
The Microsoft account team”

According to Malwarebytes' Tuesday research, the emails then include a button to "report the user" as well as an unsubscribe option. When you click the button, a new message is created with the short subject line "Report the user." Microsoft account protection is referenced in the recipient's email address. Using email to answer could expose users to a variety of threats. 

The researchers explained, “People sending a reply will almost certainly receive a request for login details, and possibly payment information, most likely via a bogus phishing page. It’s also entirely possible the scammers will keep everything exclusively to communication via email. Either way, people are at risk of losing control of their accounts to the phishers. The best thing to do is not reply, and delete the email.” 

As usual, the spam contains red flags in the form of grammatical problems, such as misspellings like "acount." To put it another way, it's not a highly sophisticated attempt, but it's clever. Climbing curiosity (or terror) is a catnip for social engineers, as it is with any significant world event. 

“Given current world events, seeing ‘unusual sign-in activity from Russia’ is going to make most people do a double, and it’s perfect spam bait material for that very reason. [The emails] (deliberately or not) could get people thinking about the current international crisis. Being on your guard will pay dividends over the coming days and weeks, as more of the below is sure to follow,” stated researchers. 

The email is targeted just at Microsoft account holders, but the good news is that Outlook is sending it directly to spam.. However, the firm pointed out that, “depending on personal circumstance and/or what’s happening in the world at any given moment, one person’s ‘big deal’ is another one’s ‘oh no, my stuff.’ That’s all it may take for some folks to lose their login, and this mail is perhaps more salient than most for the time being.”