Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Phishing Mails. Show all posts

Royal Mail's £1bn Losses: Strikes, Cyber Attack, and Online Shopping Crash

The Royal Mail, the UK's national postal service, has reported losses surpassing £1 billion as a combination of factors, including strikes, a cyber attack, and a decrease in online shopping, has taken a toll on its post and parcels business. These significant losses have raised concerns about the future of the company and its ability to navigate the challenges it faces.

One of the key contributors to the Royal Mail's losses is the series of strikes that occurred throughout the year. The strikes disrupted operations, leading to delays in deliveries and increased costs for the company. The impact of the strikes was compounded by the ongoing decline in traditional mail volumes as more people turn to digital communication methods.

Furthermore, the Royal Mail was also targeted by a cyber attack, which further disrupted its services and operations. The attack affected various systems and required significant resources to mitigate the damage and restore normalcy. Such incidents not only incur immediate costs but also undermine customer trust and confidence in the company's ability to protect their sensitive information.

Another factor contributing to the losses is the decline in online shopping, particularly during the pandemic. With lockdowns and restrictions easing, people have been able to return to physical retail stores, leading to a decrease in online orders. This shift in consumer behavior has impacted Royal Mail's parcel business, which heavily relies on the growth of e-commerce.

To address these challenges and turn the tide, the Royal Mail will need to focus on several key areas. Firstly, the company should strive to improve its relationship with its employees and work towards resolving any ongoing disputes. By fostering a harmonious working environment, the Royal Mail can minimize disruptions caused by strikes and ensure the smooth functioning of its operations.

Secondly, it is crucial for the Royal Mail to enhance its cybersecurity measures and invest in robust systems to protect against future cyber attacks. Strengthening the company's digital defenses will not only safeguard customer data but also bolster its reputation as a reliable and secure postal service provider.

Lastly, the Royal Mail must adapt to changing consumer behaviors and capitalize on emerging opportunities in the e-commerce market. This could involve diversifying its services, expanding its international reach, and investing in innovative technologies that streamline operations and enhance the customer experience.




Are Chatbots Making it Difficult to Trace Phishing Emails?


Chatbots are curbing a crucial line of defense against bogus phishing emails by rectifying grammatical and spelling errors, a key attribute to trace fraudulent mails, according to experts. 

The warning comes as international advisory published from the law enforcement agency Europol concerning the potential criminal use of ChatGPT and other "large language models." 

How Does Chatbot Aid Phishing Campaign? 

Phishing campaigns are frequently used as bait by cybercriminals to lure victims into clicking links that download malicious software or provide sensitive information like passwords or pin numbers. 

According to the Office for National Statistics, half of all adults in England and Wales reported receiving a phishing email last year, making phishing emails one of the most frequent kinds of cyber threat. 

However, artificial intelligence (AI) chatbots can now rectify the flaws that trip spam filters or alert human readers, addressing a basic flaw with some phishing attempts—poor spelling and grammar. 

According to Corey Thomas, chief executive of the US cybersecurity firm Rapid7 “Every hacker can now use AI that deals with all misspellings and poor grammar[…]The idea that you can rely on looking for bad grammar or spelling in order to spot a phishing attack is no longer the case. We used to say that you could identify phishing attacks because the emails look a certain way. That no longer works.” 

As per the data, ChatGPT, the market leader that rose to fame after its launch last year, is being used for cybercrime, with the development of "large language models" (LLM) finding one of its first significant commercial applications in creating malicious communications. 

Phishing emails are increasingly being produced by bots, according to data from cybersecurity specialists at the UK company Darktrace. This allows crooks to send longer messages that are less likely to be detected by spam filters and to get beyond the bad English used in human-written emails. 

Since the huge prevalence of ChatGPT last year the overall volume of malicious email scams that attempt to trick users into clicking a link has decreased, being replaced by emails that are more linguistically complicated. According to Max Heinemeyer, the company's chief product officer, this indicates that a sizable proportion of threat actors who create phishing and other harmful emails have developed the ability to create longer, more complicated prose—likely using an LLM like ChatGPT or something similar. 

In Europol’s advisory report in a study on the usage of AI chatbots, the firm mentioned similar potential issues, such as fraud and social engineering, disinformation, and cybercrime. According to the report, the systems are helpful for guiding potential offenders through the processes needed to hurt others. Since the model can be used to deliver detailed instructions by posing pertinent questions, it is much simpler for criminals to comprehend and ultimately commit different forms of crime. 

In a report published this month, the US-Israeli cybersecurity company Check Point claimed to have created a convincing-looking phishing email using the most recent version of ChatGPT. By instructing the chatbot that it wanted a sample phishing email for a program on staff awareness, it got beyond the chatbot's safety procedures. 

With the last week's launch of its Bard product in the US and the UK, Google has also entered the chatbot race. Bard cooperated gladly, if without much finesse when the Guardian asked him to write an email that would convince someone to click on a suspicious-looking link: "I am writing to you today to give a link to an article that I think you will find interesting." 

Additionally, Google highlighted its “prohibited use” policy for AI, according to which users are not allowed to use its AI models to create content for the purpose of “deceptive or fraudulent activities, scams, phishing, or malware”. 

In regards to the issue, OpenAI, the company behind ChatGPT mentioned its terms of use, which says users “may not use the services in a way that infringes, misappropriates or violates any person’s rights”.  

Here's all you Need to Know About Snake Keylogger


In this age of ever-evolving technological developments, crime pertaining to the same is also emerging at a higher scale. One of the most talked about and harsh cybercrimes are data breaches. 

In today’s world, a cybercriminal is capable of stealing data and money with the help of a number of malwares, including keyloggers. 

Snake Keylogger is a well-known example of this kind of malware. However, where did Snake Keylogger originate from, how did it operate, and how could you get rid of it? Here is all you need to know about Snake Keylogger. 

What Is Snake Keylogger? 

In order to get an idea of Snake Keylogger, let us first understand what keyloggers are in general. 

Keylogger is the kind of malicious program used in logging keystrokes. If your device is infected, the keylogger will record anything you input on the keyboard, including passwords, text messages, payment information, and just about anything else. Essentially, Snake Keylogger is a modular malware program, created by using the .NET developer platform. 

With this logging, the malicious operator is able to acquire access over controlling the program, it may as well be able to see what a user is typing into his or her device and even take screenshots, giving them an opportunity to steal a great heap of data.  

Discovered in November 2020, it has a history of stealing credentials, clipboard data, and other types of information. Snake Keylogger, a dangerous product that may be purchased on malicious markets like hacking forums, poses a threat to both individuals and companies.

How Does Snake Keylogger Operate? 

Snake Keylogger usually spreads through phishing campaigns, targeting victims with malicious mail. However, it can also be transmitted via spear phishing, where specific victims are targeted for specific goals. When a Snake Keylogger is sent to a potential victim, it is enclosed in an attachment. 

Once received, the user is asked to open a DOCX file. This file may contain a macro (a computer virus), that permits the launch of Snake Keylogger. In case the recipient possesses a version of Microsoft Office with security vulnerabilities, the malware tends to exploit them and infect the device. The same could be intended for PDF readers. 

The malware holds the capability of gaining access to recorded data and transferring the same to the attacker, who can exploit it further. The data can either be exploited directly (by hacking bank accounts with stolen credentials) or sell the information to other threat actors in illicit marketplaces, on the dark web. 

One of the other reasons why Snake Keyloggers possess threats is their ability to evade antivirus protection, which usually stands as the first line of defense for most devices. In many cases, devices only possess antivirus as their source of protection, thus if Snake Keylogger succeeds in evading the software with no other protection in place, the targeted device could easily and quickly be infected and exploited. 

How to Protect Yourself from Snake Keylogger? 

To avoid Snake Keylogger, one can opt for a number of measures: 

  • The first is by installing antivirus software on their devices. While Snake Keylogger can sometimes avoid detection by antivirus software, it is crucial to have a reliable and efficient antivirus provider installed on your devices in order to identify keyloggers and other types of malware. 
  • Additionally, one must always exercise caution when opening any email attachments, particularly those from unknown or dubious senders. The distribution of malware via attachments is fairly prevalent, and Snake Keylogger is only one of many examples. Consider passing an email attachment via an attachment scanner to identify any potential risks if you ever receive one from a sender you do not fully trust. 
  • To avoid fraudulent emails, one should make sure to enable their email provider’s spam filter. This way, the suspicious emails will be sent to a separate folder, rather than the main inbox. 
  • Moreover, one must ensure to frequently update their operating systems as well as the installed apps. Since Snake Keylogger infects devices by exploiting software flaws, frequent updates will iron out these flaws, meaning cybercriminals can no longer be able to abuse the software.  

Phishing Emails Deliver Scary Zombie-themed MirCop Ransomware

 

A new phishing campaign that poses as supply lists attacks users with the MirCop ransomware, which encrypts a target PC in less than fifteen minutes. 

The perpetrators start the attack by sending an unsolicited email to the victim, claiming to be following up on a previous order arrangement. The email body includes a hyperlink to a Google Drive URL that, when clicked, downloads an MHT file (webpage archive) to the victim's device. 

The use of Google Drive lends credibility to the email and is in accordance with standard business procedures. Simple but crucial choices like this can determine whether the victim clicks the URL or sends the email to the spam folder for threat actors. When people open the file, all they see is a fuzzy image of what appears to be a supplier list, stamped and signed for added legitimacy. 

When the MHT file is opened, it will download a RAR archive from “hXXps://a[.]pomf[.]cat/gectpe.rar” containing a.NET malware downloader. The EXE file in the RAR archive uses VBS scripts to drop and run the MirCop payload on the affected machine. 

The ransomware starts capturing screenshots right away, locks files, changes the background to a terrifying zombie-themed graphic, and instructs victims on what to do next. The entire procedure, according to Cofense, takes less than 15 minutes from the time the victim opens the phishing email. 

Following that, the user is only able to use certain web browsers to contact the actors and arrange for the ransom payment. The actors have no interest in infiltrating the victim's computer discreetly or staying there for long to conduct cyber espionage or acquire files for extortion. On the contrary, the attack happens swiftly, and the source of the problem is noticeable to the victim instantly. 

About the ransomware

MicroCop is an outdated ransomware strain that is used to send its victims ridiculous ransom demands. That was until Michael Gillespie broke the encryption and released a free decryptor. 

As per BleepingComputer, it was not able to verify whether that old decryptor still works with the payloads delivered in the most recent campaign, but it's possible that it can still unlock the files.

According to Cofense, the identical variant has been circulating since June of this year, indicating that MicroCop is still active and that people should be wary when dealing with unwanted emails.

Europol Captured 'Target' 12 Suspects in Ransomware Cases

 

Europol announced this week that it has caught twelve suspects in various criminal groups who were causing havoc throughout the world by conducting ransomware assaults on key infrastructure, following a two-year investigation. 

According to Europol, the individuals are suspected of carrying out assaults on almost 1,800 people in 71 countries. The organisation is notorious for attacking huge corporations and is suspected of being behind an attack on Norsk Hydro, a worldwide aluminium producer located in Norway, in 2019, which prompted the company to halt operations across two continents. Europol seized more than $52,000 in cash and five luxury vehicles from the accused. 

The agency is presently conducting a forensic examination of the group's electronic devices in order to secure evidence and uncover fresh investigation leads. Europol and Eurojust, the European Union's body for criminal justice cooperation, organised the international sting, which comprised officials from eight different nations, including the United States and the United Kingdom. It happened on October 26 in Ukraine and Switzerland, as per Europol. It is unclear if the individuals have been arrested or charged, with Europol just stating that they were "targeted." 

The agency stated. “Most of these suspects are considered high-value targets because they are being investigated in multiple high-profile cases in different jurisdictions.” 

Each of the cybercriminals played a unique function inside the criminal organisations. Some were responsible for breaking into the victims' IT networks, which they accomplished through a variety of methods such as brute force attacks, SQL injections, stolen passwords, and phishing emails with harmful attachments. 

Following that, they would use malware such as Trickbot and other tools to remain undetected and obtain more access, according to Europol. 

“The criminals would then lay undetected in the compromised systems, sometimes for months, probing for more weaknesses in the IT networks before moving on to monetising the infection by deploying ransomware. The effects of the ransomware attacks were devastating as the criminals had had the time to explore the IT networks undetected.” 

The attackers encrypted the victims' files before sending a ransom letter demanding bitcoin payment in return for the decryption keys. If the ransom was paid, it was reported that certain suspects were in charge of laundering the money through mixing services and cashing out. 

Europol did not elaborate on the identities of the victims or why they may have been targeted. Back in the United Kingdom, ransomware attacks have been on the rise, with cybercriminals targeting big IT businesses and destroying infrastructure.

A Hacker Collective Based in Pakistan, Being Backed by China to Gather Intelligence Against India

 

In a rather coordinated attempt in order to steal strategic data and critical infrastructure by sending phishing mails a campaign was launched by a Pakistan-backed hacker, Transparent Tribe. 

The campaign, dubbed as 'Operation Sidecopy' utilizes a remote access malware that can heighten its privilege in undermined systems, and thus, easily steal data by infiltrating a computer. 

Cyber Security researchers at Seqrite, the cyber security solutions arm of Quick Heal, believe that the main tools utilized in Operation Sidecopy shows the association of Transparent Tribe which Seqrite believes is being backed by China to accumulate insight against India. 

One of the main characteristics that Seqrite believes can be associated with Pakistan's Transparent Tribe is the remote server facilitating that the 'collective uses'. 

As per researchers Kalpesh Mantri, Pawan Chaudhari and Goutam Tripathy at Seqrite, Operation Sidecopy utilizes Contabo GmbH to 'host' the remote server through which the malware is instructed and information inflow is controlled, which Transparent Tribe is accounted for to have done already.

Himanshu Dubey, director of Quick Heal Security Labs, affirmed that alongside the Operation Sidecopy cyber attacks are highly targeted towards India in nature and have been continuously observed since 2019.

'Till now, this attack has been only seen targeting India.The Tactics, Techniques and Procedures (TTPs), as well as Decoy documents that we analysed, were crafted specifically in Indian context,” he says. 

Clarifying the Pakistan and China connection in the series of cyber attacks taken note of, Quick Heal's Dubey says, “We have considered several factors such as infrastructure used for command servers, registered domain naming patterns and recently created domains, command and control server names are similar to the names used by APT36 in past, and APT36’s history of attacks targeting Indian defence organisations.Also, one domain that hosted HTML stager applications is registered to a user in Rawalpindi, Pakistan.” 

 Dubey avows that the entirety of Seqrite's discoveries under Operation Sidecopy have been shared with the authorities of the Indian government in order to assist them with taking proper digital protection steps and forestall loss of important data.

Microsoft Office 365 users will now be able to view their quarantined phishing messages

 

Microsoft Office 365 will now let users view their phishing messages that are automatically screened by Exchange Online Protection (EOP) filter. 



Through this new venture, users will now be able to reclaim that had been unwittingly marked as spam or phishing by EOP. (EOP- a cloud-based filtering service that scans messages and restricts malicious emails like spams, phishing emails, malware attachments from reaching to the end-user) 

"We understand that managing false positives is important to ensuring an email is delivered appropriately, and in the past, end-users weren't granted access to the quarantine to view messages," Microsoft debriefs on the new feature.

However, the new feature will be available as "read-only" access but the user can request a particular message to be dropped in the inbox that might have been accidentally quarantined. This new Office 365 ATP Request Release feature will be available to all users with the Advanced Threat Protection plan this month. 

Office also released a similar feature not too long ago - Application Guard which opens all files from unsafe locations in a secluded sandbox. This isolated sandbox doesn't allow malicious files to corrupt the device and software by not letting the file download any data, file, or extension from the attacker's server. 

Upcoming ATP security features and tools- 

Office 365 is alluding to enhance their security in the third quarter of the year with various new security features in the charts- 

  •  Improving Office 365 ATP Threat Explorer 
To elevate it's distinguishing ability to sort between malicious, spam, or phishing emails.

  •  Disable default email forwarding to external recipients
In order to prevent data theft and "automated malicious content blocking" to all users despite their custom settings.

  •  More transparency through email pathways-
Office ATP users would get more information on the route incoming emails take through Office's EOP (Exchange Online Protection) filtering system and they would know more about the "effectiveness of any security configuration changes" according to bleepingcomputer.com.

  •  New Configuration Analyzer 
This new feature is suspected to release in Q3 and would make it easier to compare your security policies settings efficacy to Office's recommended settings.