Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Illicit Activity. Show all posts

UK Scammer Made Millions by Breaching Into Execs’ Office365 Inboxes

 

A man has been charged by federal authorities for allegedly engaging in a "hack-to-trade" scam that allowed him to profit millions of dollars by breaching the Office365 accounts of executives at publicly traded firms and accessing their quarterly financial reports ahead of time. 

Robert B. Westbrook, a citizen of the United Kingdom, is accused of making approximately $3.75 million in 2019 and 2020 from stock trades that profited from the illegally obtained information, according to the lawsuit filed by the US Attorney's office for the district of New Jersey. 

Prosecutors claimed that after gaining access to it, he made stock trades. He was able to take action and profit from the information before the wider public did thanks to the prior notice. The US Securities and Exchange Commission filed a separate civil claim against Westbrook, seeking an order to pay civil fines and refund all illicit gains. 

“The SEC is engaged in ongoing efforts to protect markets and investors from the consequences of cyber fraud,” Jorge G. Tenreiro, acting chief of the SEC’s Crypto Assets and Cyber Unit, noted in a statement. “As this case demonstrates, even though Westbrook took multiple steps to conceal his identity—including using anonymous email accounts, VPN services, and utilizing bitcoin—the Commission’s advanced data analytics, crypto asset tracing, and technology can uncover fraud even in cases involving sophisticated international hacking.” 

According to a federal indictment issued in the US District Court for the District of New Jersey, Westbrook hacked the email accounts of executives from five publicly traded US firms. He carried out the intrusions by misusing Microsoft's password reset feature for Office365 accounts. Westbrook allegedly went on to establish forwarding rules in certain cases, that led all incoming emails to be automatically forwarded to an email address under his control. 

Once an individual secures unauthorized access to an email account, it’s possible to hide the breach by disabling or deleting password reset alerts and burying password reset rules deep inside account settings. 

Prosecutors charged Westbrook with one count each of securities and wire fraud, as well as five counts of computer fraud. The securities fraud count has a maximum punishment of up to 20 years in prison and $5 million in fines. 

The maximum penalty for wire fraud is up to 20 years in jail and a fine of either $250,000 or double the gain or loss from the offence, whichever is greater. Each computer fraud count is punishable by up to five years in prison and a maximum penalty of $250,000 or twice the offense's gain or loss, whichever is greater.

Combatting Counterfeit Drugs Online: BrandShield's Success in Dismantling Illicit Websites

 

In the rapidly evolving landscape of online pharmaceuticals, the proliferation of counterfeit drugs poses a significant threat to consumer safety. Cybersecurity firm BrandShield has emerged as a stalwart defender in this battle, successfully dismantling over 250 websites selling counterfeit weight-loss and diabetes medications. Led by CEO Yoav Keren, BrandShield's efforts represent a concerted endeavor to combat the scourge of counterfeit pharmaceuticals and protect consumers from the dangers of fraudulent medications. 

The counterfeit drugs targeted by BrandShield predominantly belong to the GLP-1 class, including popular medications like Novo Nordisk's Ozempic and Wegovy, as well as Eli Lilly's Mounjaro and Zepbound. Originally developed to manage type 2 diabetes, these medications have garnered attention for their additional benefits in weight loss, with patients experiencing significant reductions in body weight. Unfortunately, the efficacy and popularity of these drugs have also made them lucrative targets for counterfeiters seeking to exploit the growing demand. 

According to Reuters, the majority of the illicit websites shut down by BrandShield were purveyors of counterfeit GLP-1 drugs, indicating the scale of the problem. Alarmingly, studies suggest that an estimated 95% of all online pharmacies operate unlawfully, highlighting the pervasive nature of the issue. 

Moreover, reported cases of harm linked to fake GLP-1 drugs have emerged in at least nine countries, underscoring the urgent need for action. BrandShield's recent crackdown on counterfeit drug websites represents a significant victory in the ongoing battle against online pharmaceutical fraud. The company's efforts have resulted in the closure of 90% of the identified pharmacy websites selling counterfeit GLP-1 medications. This operation accounts for just over 15% of the total counterfeit drug websites reported by BrandShield last year, emphasizing the scale of the challenge. 

Collaborating closely with the Pharmaceutical Security Institute (PSI), BrandShield employs rigorous evidence collection and intelligence gathering to identify and target illicit websites. By providing actionable intelligence to service providers hosting these websites, BrandShield facilitates their removal from the internet, effectively disrupting the operations of counterfeiters. Furthermore, the company coordinates with law enforcement agencies to investigate and prosecute criminal networks involved in the production and distribution of counterfeit drugs. 

In addition to targeting counterfeit drug websites, BrandShield's efforts extend to social media platforms, where it has removed nearly 4,000 fake drug listings. Notably, a significant portion of these listings—almost 60%—was found on Facebook, highlighting the need for vigilance across all online platforms. BrandShield's global reach ensures that illegal drug listings are eradicated from marketplaces in countries around the world, including India, Indonesia, China, and Brazil. 

Contrary to concerns raised earlier, the EMA found no evidence linking these medications to an increased risk of suicidal thoughts or self-injury. This reaffirmation of safety aligns with previous findings by the US Food and Drug Administration (FDA), providing reassurance to patients and healthcare providers alike. 

Overall, BrandShield's relentless efforts to combat counterfeit drugs online serve as a beacon of hope in the fight against pharmaceutical fraud. By dismantling illicit websites, removing fake drug listings, and collaborating with industry partners and law enforcement agencies, BrandShield is making significant strides towards safeguarding consumers and upholding the integrity of the pharmaceutical industry.

Unveiling Storm-1152: A Top Creator of Fake Microsoft Accounts

 

The Digital Crimes Unit of Microsoft disrupted a major supplier of cybercrime-as-a-service (CaaS) last week, dubbed Storm-1152. The attackers had registered over 750 million fake Microsoft accounts, which they planned to sell online to other cybercriminals, making millions of dollars in the process.

"Storm-1152 runs illicit websites and social media pages, selling fraudulent Microsoft accounts and tools to bypass identity verification software across well-known technology platforms," Amy Hogan-Burney, general manager for Microsoft's DCU, stated . "These services reduce the time and effort needed for criminals to conduct a host of criminal and abusive behaviors online.” 

Cybercriminals can employ fraudulent accounts linked to fictitious profiles as a virtually anonymous starting point for automated illegal operations including ransomware, phishing, spamming, and other fraud and abuse. Furthermore, Storm-1152 is the industry leader in the development of fictitious accounts, offering account services to numerous prominent cyber threat actors. 

Microsoft lists Scattered Spider (also known as Octo Tempest) as one of these cybercriminals. They are the ones responsible for the ransomware attacks on Caesars Entertainment and the MGM Grand this fall). 

Additionally, Hogan-Burney reported that the DCU had located the group's primary ringleaders, Tai Van Nguyen, Linh Van Nguyễn (also known as Nguyễn Van Linh), and Duong Dinh Tu, all of whom were stationed in Vietnam.

"Our findings show these individuals operated and wrote the code for the illicit websites, published detailed step-by-step instructions on how to use their products via video tutorials, and provided chat services to assist those using their fraudulent services," Burney noted. 

Sophisticated crimeware-as-a-service ring 

Storm-1152's ability to circumvent security measures such as CAPTCHAs and construct millions of Microsoft accounts linked to nonexistent people highlights the group's expertise, according to researchers.

The racket was likely carried out by "leveraging automation, scripts, DevOps practices, and AI to bypass security measures like CAPTCHAs." The CaaS phenomenon is a "complex facet of the cybercrime ecosystem... making advanced cybercrime tools accessible to a wider spectrum of malicious actors," stated Craig Jones, vice president of security operations at Ontinue. 

According to Critical Start's Callie Guenther, senior manager of cyber threat research, "the use of automatic CAPTCHA-solving services indicates a fairly high level of sophistication, allowing the group to bypass one of the primary defences against automated account creation.”

Platforms can take a number of precautions to prevent unwittingly aiding cybercrime, the researchers noted. One such safeguard is the implementation of sophisticated detection algorithms that can recognise and flag suspicious conduct at scale, ideally with the help of AI. 

Furthermore, putting robust multifactor authentication (MFA) in place for the creation of accounts—especially those with elevated privileges—can greatly lower the success rate of creating fake accounts. However, Ontinue's Jones emphasises that more work needs to be done on a number of fronts.

New Study Reveals Airbnb as a Haven for Cybercrime

 

Cybercriminals have been increasingly using the Airbnb network for illicit activities. A new research by cybersecurity experts at SlashNext uncovered the methods employed by these malicious actors to hack user accounts and benefit from stolen data. 

Due to its global ubiquity and reputation to offer travellers with affordable lodging, Airbnb—a household name in the travel industry—has become a prime target. SlashNext clarified, however, that because of this accessibility, cybercriminals have been able to take advantage of the system and exploit it for their own purposes.

Stealers are at the heart of these cyber-attacks, infiltrating devices and accumulating sensitive information such as login credentials. This stolen data is subsequently sent to the attackers, allowing them to gain unauthorised access to user accounts. The research sheds light on the numerous access points employed by cybercriminals, ranging from software flaws to social engineering techniques.

The study also uncovered an underground marketplace where cybercriminals buy and sell bulk access to hacked devices (also known as bots, installs, or infections). This enables thieves to rapidly deploy malicious software on a large scale, broadening the scope of their attacks.

Session cookies play a crucial role among the strategies used by cybercriminals to obtain unauthorised access to user accounts. These tiny files, which frequently provide momentary website access, record browsing habits and user preferences. 

Cybercriminals acquire stolen Airbnb account cookies from darknet marketplaces, enabling them to get access without having to use legitimate usernames and passwords. Even though they are brief in length, attackers quickly take advantage of these stolen access opportunities. 

The investigation also shows how the stolen data was sold. Online forums and digital marketplaces are used by cybercriminals to sell stolen cookies and compromised account information to interested parties. Each compromised Airbnb account apparently has had its value reduced to as little as one dollar due to the scope of the account theft. 

This research emphasises how crucial it is to comprehend the constantly evolving tactics used by cybercriminals as well as the weaknesses they prey upon. It serves as a reminder that even well-known services like Airbnb might include unreported dangers, mandating more user knowledge and proactive security measures.

Twitter Becomes the Epicentre of FTM Fraud

 

Online settings, such as Twitter, are becoming increasingly perilous, rife with fraudulent schemes aimed at naïve victims. Social media giant has recently been the epicentre of deception, with fraudsters deploying innovative ways to abuse its massive user base.

One such worrisome tendency is the widespread use of a scam involving the illicit distribution of Fantom (FTM) tokens, a situation that casts a sharp light on the rising issue of illegal activities inside the cryptocurrency arena. 

Modus operandi

Following a devastating hack of Multichain, a decentralised banking protocol, cybercriminals recently switched their attention to the Fantom network. These perpetrators created a deceptive story that gathered traction on Twitter by taking advantage of the confusion that resulted. 

They made false claims that the Fantom Foundation, a nonprofit organisation responsible for managing the Fantom network, was issuing FTM tokens to all users in reaction to the Multichain attack. This deceptive post was then rapidly circulated, its promise of free tokens luring a sizable number of Twitter users. 

A phishing link that was included in the tweet and was meant to trick recipients into thinking it was coming from the Fantom Foundation added credibility to the scam. This manipulative method, intended to take advantage of the reliability linked to well-known companies, is a typical tactic in the cybercriminal playbook. 

The chaotic events started on July 6 when anomalous behaviour on the Multichain platform was discovered. In response, Multichain shut down all activities and started an inquiry into the mysterious disappearance of assets valued at over $125 million. 

The Fantom bridge, which lost an estimated $122 million in multiple cryptocurrencies, including Wrapped Bitcoin (WBTC), USD Coin, Tether, and a number of altcoins, was the main victim of this crime. 

The initial response from Multichain was to warn users to stop using the protocol and to withdraw any contract approvals related to their platform. It was advised to take this cautious approach up till a more comprehensive picture of the circumstances was achieved. 

Worrying trend 

This exploit is part of an alarming pattern in the bitcoin business where Twitter is being utilised as a haven for scams, and it is not a unique event. 

During the Multichain hack saga, prominent industry figure Changpeng "CZ" Zhao, CEO of Binance, entered the battle and assured his Twitter followers that the Binance platform had not been impacted and that all money was safe.

But in a world full of lies, not all voices of comfort can be relied upon. The Fantom scam serves as yet another sombre reminder of the necessity for caution when interacting with the cryptocurrency market online, especially on public social media sites like Twitter. 

It's imperative to exercise caution when clicking on unknown links and offers that seem unreal. As we move forward, cybersecurity is not just about protection but also about judgement and attentiveness, realising that not everything on Twitter is digital gold.