A new survey from Arkose Labs revealed that the highest cyberattack rate was reported in the first quarter of 2020. The report suggested that 26.5% of all transactions during this period were fraud and abuse attempts, which is a 20% increase over the previous quarter. The survey “The Arkose Labs Q2 2020 Fraud and Abuse Report” also revealed that the U.S. has emerged as the top originator of cyberattacks, with attack levels increasing 20% since the previous quarter. It also found a significant increase in attacks originating from other well-established markets like the U.K., Germany, and Canada.
The cybersecurity of many businesses worldwide has been in question since the beginning of the COVID-19 pandemic, as threat actors have used it to leverage various malicious attacks. However, the concerns seem to have elevated, as national and international bodies like the World Health Organization (WHO), Gates Foundation, National Institute of Health (NIH), among others, now face the wrath. Nearly 25,000 of their employees’ email addresses and passwords have been leaked and posted on the underground forums.
The data leak was first noticed by the SITE Intelligence Group, which monitors and analyzes the dark web for cybersecurity threats from online extremists and terrorist groups. The report from SITE stated that NIH was the worst affected with 9,938 leaked email addresses and passwords, followed by the Centers for Disease Control and Prevention at 6,857. Similarly, the World Bank had 5,120, and WHO had 2,732 employee email credentials being leaked. SITE also found that the data dump carries email addresses and passwords of a virology center in Wuhan, which has been at the center of many conspiracy theories related to the ongoing pandemic. Robert Potter, an independent Australian cybersecurity expert, the authenticity of the leaked data in a tweet, as he could verify some of the email addresses and passwords of WHO employees. However, he mentioned a possibility that this data could be from an earlier attack as health care organizations tend to take cybersecurity lightly at times. According to the Official Cybercrime Report published by Cybersecurity Ventures, the global pandemic of COVID-19 will continue to have a massive impact on cyberspace. The damages caused by cybercrimes are poised to double amid the Coronavirus outbreak. Cybercrimes will cost the world $6 trillion annually by 2021, up from $3 trillion in 2015.
Researchers from security firm Kaspersky have revealed a dangerous malware campaign called PhantomLance which has been apparently lurking in Google’s official Play Store marketplace. Dozens of malicious apps infected with the malware are being distributed via the Play Store and alternate app stores such as APKpure and APKCombo, often targeting users to spy on their habits and steal data. Kaspersky says that this malware campaign has been live for over 4 years, and is likely the work of the OceanLotus advanced persistent threat (APT) group, thought to be based out of Vietnam. The malware mainly targets users in Vietnam, Bangladesh, Indonesia, and India to collect information such as location data, call logs and contacts, and can even monitor SMS activity, and read the phone’s OS version, model and list of installed applications. While it has not been seen in the US or Europe, it could easily appear on the shores of either.
This campaign was discovered after Kaspersky came across a Dr Web report from 2019 concerning a Play Store app that came with a backdoor allowing a Trojan to install malware and exfiltrate data from the device. The Russian security firm found traits of malware in multiple applications distributed via the Play Store. These apps are said to come with a high level of encryption and were more complex than most other malware used by cyber thugs to steal personal and financial data. “PhantomLance has been going on for over five years and the threat actors managed to bypass the app stores’ filters several times, using advanced techniques to achieve their goals,” said Kaspersky researcher Alexey Firsh.
According to the report, the “the threat actor was able to download and execute various malicious payloads, and thus adapt the payload that would be suitable to the specific device environment, such as the Android version and installed apps.”
“This way, the actor was able to avoid overloading the application with unnecessary features and at the same time gather the desired information.” It further adds. The hackers would first upload a clean copy of an application on the Play Store and other app repositories. Once the application was approved, the follow-up versions contained malicious payloads or requisite codes to install apps in the background on the compromised device.
At a time when remote work is becoming universal and the strain on Security Operations, especially in healthcare and critical industries, has never been higher, ransomware actors are unrelenting, continuing their normal operations. Multiple ransomware groups that have been accumulating access and maintaining persistence on target networks for several months activated dozens of ransomware deployments in the first two weeks of April 2020. So far the attacks have affected aid organizations, medical billing companies, manufacturing, transport, government institutions, and educational software providers, showing that these ransomware groups give little regard to the critical services they impact, global crisis notwithstanding. These attacks, however, are not limited to critical services, so organizations should be vigilant for signs of compromise.
approximately 165,000 were ransomware related
The ransomware deployments in this two-week period appear to cause a slight uptick in the volume of ransomware attacks. However, Microsoft security intelligence as well as forensic data from relevant incident response engagements by Microsoft Detection and Response Team (DART) showed that many of the compromises that enabled these attacks occurred earlier. Using an attack pattern typical of human-operated ransomware campaigns, attackers have compromised target networks for several months beginning earlier this year and have been waiting to monetize their attacks by deploying ransomware when they would see the most financial gain. Many of these attacks started with the exploitation of vulnerable internet-facing network devices; others used brute force to compromise RDP servers. The attacks delivered a wide range of payloads, but they all used the same techniques observed in human-operated ransomware campaigns: credential theft and lateral movement, culminating in the deployment of a ransomware payload of the attacker’s choice..
On April 20, 2020, more than 267 million Facebook profiles were found listed for sale on the Dark Web — for only $600. Reports link these profiles back to the Facebook data leak discovered in December 2019, and possibly others. Researchers are still uncertain how this data was first exposed but have noted that 16.8 million of the Facebook profiles now include more data than was disclosed originally, including account holder’s email address, birth date, and gender. These expanded profiles may be a result of multiple breaches and leaks of Facebook data being cobbled together to round out Facebook user information, adding more value for cyberthieves selling it on the Dark Web, and increasing account holders’ risk of identity theft.
The type of data included in Facebook’s recent leaks — email, phone number, birth date, and account login information — is commonly used for credential stuffing and phishing attacks once discovered by fraudsters or purchased on the Dark Web. It is essential to safeguard your information by updating your passwords, making sure you do not use the same password on multiple accounts, and turn on two-factor authentication to further protect yourself from account takeover attacks. Armed with your email and phone number, scammers can easily craft spear phishing or SMS attacks to steal more personal information or inject malware into your device.
On Wednesday, the video conferencing service Zoom announced a number of small but needed security improvements. As Zoom usage has increased during the pandemic, so has scrutiny of the service’s security and privacy offerings. This week’s announcement of incremental improvements is part of a 90-day plan the company announced to overhaul its practices. One change is that Zoom will now offer AES 256 encryption on all meetings, meaning data will be encrypted with a 256-bit key. Zoom previously used AES 128, a reasonable option, but a controversial one in Zoom’s case, because the company claimed in documentation and marketing materials that it used AES 256 all along.
SaferNet is the perfect solution to the cybersecurity issues that individuals, families, and businesses face today. It not only connects every device using a secure, 24/7 always on, military grade VPN, but it also stops outside cyberthreats, malware and viruses as well. On SaferNet, all users are fully protected anywhere in the world, all the time, on any cellular or Wi-Fi network. In addition to SaferNet’s VPN and cyber protection, it also offers a range of employee or parental/family controls including internet filtering, monitoring, scheduling, and blocking access to websites or even entire website categories. Typically, a business or family would need 3 separate services for a VPN, Malware Protection, and Internet Controls; SaferNet offers all 3 features in one service. SaferNet truly is an endpoint security presence that can be implemented in minutes around the world, on phones, laptops, tablets, and computers at an economical price point that caters to all size of businesses and families. SaferNet guarantees a smooth setup and installation process that takes only minutes, and an easily accessible control hub for you to monitor all your employee’s or family members devices; including activity, time spent online, and threats blocked.