Category: News

Scam: Online Posts Promoting Amazon Cryptocurrency

Despite many social media posts online, retail giant Amazon says the claim that it has begun a presale of its own cryptocurrency tokens is fake.

A Facebook post from December 27, 2021 that has since been removed said, “The Amazon Token payment system will facilitate a more accessible, more connected global financial system”. A similar post on Facebook says, “The ‘Amazon Token’ Presale Has Started”, along with a photo of Amazon founder Jeff Bezos linked to the purported “official Amazon Token” site. All these have been proven fake.

Users may see a site that contains genuine-looking Amazon logos and offers free Amazon Prime memberships for purchasers while others clicking on links received a browser warning about a potentially malicious site.

On January 3, 2022, Amazon said that it has no cryptocurrency token and that claims to the contrary are part of a scam. “We take any attempts to misuse our brand seriously. We maintain a site to assist customers in identifying phishing attempts, including fake webpages. Amazon investigates these complaints and uses them to protect customers and hold the bad actors accountable”, a company spokesperson said.

“We have found that these new scams are very effective, yielding over USD $100,000. Over 300 Avast users have been protected from the scam in the past week”, said a December 14, 2021 blog post by Avast, which has noted a proliferation of scams seeking to lure consumers to a so-called Amazon Token.

Avast said the scheme appeared to be an effort to potentially steal personal information for malicious purposes and swindle people out of other cryptocurrencies. “These offers are propagating through malicious advertisements that imitate legitimate news sites and rely on rumors that have been around since July 2021 that Amazon will be offering Tokens for sale”, they said.

According to Avast, the fraudulent posts have appeared in more than a dozen countries and have come amid growing interest in cryptocurrencies such as bitcoin. Amazon has not indicated any participation in a new cryptocurrency, unlike Facebook that has been involved in an effort to launch a global digital coin known as Diem.

In July 2021, in response to a report that it could begin accepting cryptocurrency payments, Amazon indicated it was studying how it might use cryptocurrency but had no specific plans.

Nations Forced To Develop Newer Frameworks For Cybersecurity Due To Pandemic

Legal dignitaries and cyber experts who spoke online at an international conference on Cyberlaw, Cybercrime and Cybersecurity said that after the pandemic triggered a data avalanche on the Internet which dramatically increased vulnerabilities to cyberattacks, nations have been forced to introduce more extensive legal frameworks to ensure data security and privacy for their netizens and cyber sovereignty for themselves.

“It is critical for technology to accurately pinpoint people who contravene with personal data privacy, government security and break the rules of the Internet, the data superhighway. It could be something like a driver’s license as violations are trackable thus easily identifying violators”, said Vint Cerf, Google Chief Internet Evangelist, who is considered one of the ‘fathers of the Internet’.

Globally, some $6 trillion have been lost by nations to cybercrimes in 2020 and more than $8 trillion in losses are estimated in 2021. As per Gartner Research, 63% of the countries all over the world are planning to come up with cyberprivacy-related legislation by 2023 as cybersecurity issues have emerged as a top concern for several governments.

“With cyberlaw is a constantly evolving paradigm, most governments are working on holistic legal methods to safeguard their critical information infrastructure (CIS) and protect rights and digital independence of netizens. New technologies are increasingly putting the focus back on pushing the envelope of cyberlegal jurisprudence globally. So, nations have realized the importance of creating distinctive sub-disciplines of law under the cyberlaw umbrella such as cybersecurity, cybercrime, law for artificial intelligence, blockchain and IoT, among others”, said Pavan Duggal, cyberlaw expert and author of several books on cyber regulations.

At Least $48.9M Earned By Hackers Behind ‘Cuba’ Ransomware, Says FBI

On Friday, the FBI published a warning about a ransomware group Cuba’s attacks that have managed to extort $43.9 million from victims. The hackers have compromised at least 49 entities involved in critical infrastructure sectors, including healthcare, manufacturing, IT, government and finance, says federal investigators.

According to the FBI, the attacks were done through a Windows-based malware program called Hancitor. This program has been around since 2013 and uses phishing emails, Microsoft Exchange vulnerabilities, compromised data and legitimate tools such as PowerShell and PsExec to gain initial access and help spread the Cuba ransomware program across a victim’s network. Aside from downloading malicious programs, spam email campaigns are also one way Hancitor can be delivered to infect a PC. It then proceeds to encrypt files across a computer with the file extension “.cuba.” The ransomware group threatened to dump them over a website on the Dark Web unless ransom is paid thus the victims have to pay up in Bitcoin to decrypt the files. Cuba ransomware actors have received at least $43.9 million out of the $74 million demanded amount.

Some security researchers in Israel suspect that although the ransomware gang uses the name Cuba, they are actually based in Russia, a country that refuses to extradite criminal hackers to the US.

This warning was issued by the FBI as the Biden administration has made it a national security priority to stop ransomware. Victims are urged to report a ransomware attack as soon as possible, otherwise it may be too late for the FBI to respond.

FBI’s email system hacked, sends out fake cybersecurity warnings

The Federal Bureau of Investigation’s email servers were hacked thus sending out thousands of dummy messages. Bleeping Computer reported the fake email states that recipients have become the victims of a sophisticated chain attack. The Spamhaus Project, a nonprofit organization that investigates email spammers was the first to expose these emails.

The hackers managed to send these out to over 100,000 addresses, which were all scraped from the database of American Registry for Internet Numbers. Adding to its legitimate look, hackers used the FBI’s public-facing email system and the headers were authenticated as coming from FBI servers using the Domain Keys Identified Mail process that’s part of the system Gmail uses to stick brand logos on verified corporate emails.

In a press release made by the FBI, they only said that it is an ongoing situation with the impacted hardware already taken offline and that it doesn’t currently have any more information it can divulge.

According to Bleeping Computer, the spam campaign was likely carried out by an individual who goes by the name “Pompompurin” as an attempt to defame Troia. In the past, its the same person that has allegedly tried damaging Troia’s reputation in similar ways. Pompompurin also claims that the hack was meant to highlight the security vulnerabilities within the FBI’s email systems.

The individual said that they exploited a security gap on the FBI’s Law Enforcement Enterprise portal. With a one-time password embedded in the page’s HTML, they managed to sign up for an account. From there, Pompompurin claims they were able to execute a massive spam campaign by manipulating the sender’s address and email body.

With that kind of access, the attack could’ve been much worse than a false alert that put system administrators on high alert. Earlier this month, President Joe Biden mandated a bug fix that calls for civilian federal agencies to patch any known threats. Last May, in the wake of detrimental attacks on the Colonial Pipeline and SolarWinds, Biden signed an executive order that aims to improve the nation’s cyber defenses.

Microsoft To Cut Cybersecurity Workforce Shortage in 2025 By Offering 250,000 Jobs

Microsoft announced on Thursday that it will partner with community colleges in providing a free curriculum across the U.S. and provide free resources in an attempt to help end a shortage in cybersecurity workers. They will also provide training for faculty at 150 community colleges and give scholarships and resources to 25,000 students as part of the effort.

The company aims to help train and hire 250,000 people in the workforce of cybersecurity thus believing it can reduce the country’s workforce shortage by half by 2025.

Microsoft President Brad Smith said in a press conference on Thursday, “We think we can make a meaningful difference in solving half of the cybersecurity jobs shortage. We should be optimistic that in the next 12-24 months we can start to make a real dent.”

The campaign will not only address the shortage but will also play an important role in diversifying the industry. Microsoft found 80% of cybersecurity jobs are held by people who are white and men hold 82.4% of cybersecurity jobs in the US. According to their compiled data, 57% of community college students in the U.S are women and 40% of students identify as African American, Black or Hispanic.

Microsoft said it would spend $20 billion over five years to distribute more up to date security tools and invest $150 million to help government agencies widen training partnerships in cybersecurity and enhance their security systems.

Both the private sector and government officials have pointed to the workforce shortage as a persistent problem as they try to take on potential risks associated with cybercrime.

Top 5 Tips To Help You Combat Cyber-Related Crimes

Though October is Cyber Security Awareness Month, cyber scams are still on the rise. If you’ve noticed that you’ve been getting spam texts or phishy emails—you’re not alone. In fact, an uptick of complaints to FBI’s Internet Crime Complaint Center (IC3) were received. These include significant increase with both business and individual email compromise schemes or simply put, fraud perpetrated through email”, says Matt DeSarno, Special Agent in Charge of the FBI office in Dallas.

With that being said, top cyber security experts share their top 5 tips to help you combat cyber-related crimes.

TIP #1: REGULARLY BACK UP YOUR DATA

Back your files up to the cloud or a server that’s in a different location than where your computer is. Taking your data and just copying it in a different folder on the same computer is not going to work.

TIP #2: ALWAYS MAKE SURE THE SOFTWARE ON YOUR DEVICE IS UP-TO-DATE

Don’t ignore the pop-ups or reminders telling you to update, they’re there for a reason. Most people ignore these notifications and don’t realize that most of them are security updates.

TIP 3: THINK BEFORE YOU CLICK

If you receive emails from people whom you do not personally recognize or if their message somehow makes you suspicious, don’t open them. Right now more than ever, it’s critical to first ponder before you act. Scammers operate based on immediacy and fear, whether in the form of a call, text or email. They want you to respond fast without thinking.

TIP #4: MULTI-FACTOR AUTHENTICATION (MFA) IS ESSENTIAL

When it comes to protecting your accounts, MFA is vital and is not just an option you can forego. More websites are being compromised and being able to prove that you’re you in more ways than one is frankly critical at this point. If you have banks or other financial institutions that don’t offer multifactor authentication, you should bring your business somewhere else safer. 

TIP 5: EDUCATE YOURSELF

Be aware of what kinds of scams are out there. You can gather information from a lot of free online resources. Talk about it with your family and friends, especially grandparents and kids. Though kids are more likely to fall for scams, the elderly have more to lose because of their chance of being scammed for a higher amount. Loneliness is a big factor in being victimized too, as many elders fall into the trap of romance scams.

While these tips may seem basic, we should all take time to step up our game in keeping our information safe from scammers. #BeCyberSmart

October is Cyber Security Awareness Month

Cyber security has always been vital but we need to make a conscious effort of learning how to keep ourselves safe as the fine line between our online and offline lives is indistinguishable. Protecting yourself online — your identity, data, and devices — is critical in today’s world where the internet is prevalent in nearly every aspect of our lives. More and more people rely on the internet for financial services, business and social connection and of course work and daily tasks.

National Cyber Security Awareness Month, now in its eighteenth year, encourages individuals, businesses and institutions to take time to educate themselves about cyber risks and online safety practices. This year’s theme is “Do your Part, Be Cyber Smart”.

Since its inception, Cybersecurity Awareness month has grown exponentially, reaching consumers, small and medium-sized businesses, corporations, educational institutions and others across the U.S. 

This year alone, ransomware attacks involved schools, healthcare organizations, fuel pipelines, food suppliers, and several organizations, often resulting in disruptions that have impacted public health, the supply chain, plus national and economic safety and security.

Some facts and figures of cybersecurity risk:

• 88% of data breaches are caused by human error. (Tessian)

• The average total cost of a data breach in 2020 was $3.86 million and took an average of 280 days to identify and contain. (IBM)

• The use of new breach techniques has boomed as a result of the COVID-19 pandemic, with 35% of breaches having leveraged new techniques in 2020. (Cynet)

Email Asking For Proof Of Vaccination Possibly A Phishing Scam

It seems coronavirus cases because of the new delta variant are not the only ones on the rise, pandemic-related email scams are too.

Researchers at security firm Proofpoint found out that in June, coronavirus related phishing attempts increased 33 percent, compared previously when concerns about the virus temporarily waned. The increase came when Google searches for “delta variant” were peaking. This type of attack will only evolve to reflect new coronavirus concerns.

Phishing is a type of scam where hackers send emails in attempts to trick recipients into clicking a link or attachment. They know that employers or health organizations sending out communication about the coronavirus compels people to click as dictated by their emotion.

In line with this, the tactics have evolved together with the pandemic. When many Americans were out of work, phishing scams focused on unemployment claims as well.

We’re slowly learning to live with ongoing precautions of the pandemic, and the coronavirus, for many, has gone from a novel threat to a banal reality. And by banal, that means employers are asking for negative test results, return-to-work feedback forms and, in some cases, proof of vaccination. That’s certainly fertile ground for phishing and ransomware.

Next time you receive an email with coronavirus updates, or those from fake health organizations asking for proof of vaccination or messages saying you’ve been let go, stop and read closely and check for signs of phishing. Keep an eye out for misspelled Web addresses, grammatical or spelling errors and slightly altered email domains. Also verify requests through a second channel just to be safe. Hackers have poor customer service and won’t go the extra mile in stealing important information. These digital criminals move on to an easier target once there is even the slightest inconvenience.

Spyware ‘Pegasus’ Infects Apple Products Without So Much As A Click

Internet security watchdog group Citizen Lab said last week, an Israeli spyware company named NSO Group developed a tool to break into Apple products with a never-before-seen technique that defeats security systems designed by Apple in recent years.

The spyware, named Pegasus, used a method to inconspicuously infect Apple devices without being detected by the victims. In the past, we could only learn that our devices were infected by spyware only after receiving a suspicious link texted to our phone or email. But NSO’s zero click remote exploit meant victims received no such warning, and the flaw enabled full access to a person’s digital life. It is considered the Holy Grail of surveillance because it allows governments, lawbreakers and mercenaries to invisibly break into someone’s device without tipping the victim off.

The discovery of this infection means that since March, more than 1.65 billion Apple products in use worldwide have been at risk to NSO’s spyware. Apple’s security team had worked around the clock to develop a fix. Ivan Krstić, Apple’s head of security engineering and architecture, commended Citizen Lab for its findings and urged customers to run the latest software updates for the fixes to take effect, by installing iOS 14.8, MacOS 11.6 and WatchOS 7.6.2.

Later this year, plans to introduce new security defenses for Apple’s texting application iMessage in its next iOS 15 software update, are expected.

On the other hand, NSO did not immediately respond to inquiries.

Security Start-ups Find Bonanza as Cyberattacks Surge

As cyberattacks proliferated this year, the most recent ones around the world have taken down operations at medical facilities, grocery chains, and gasoline pipelines plus potentially put some intelligence agencies in compromising situations. But they have been a bonanza for cybersecurity start-ups. These companies that sell security products and services have a bigger market and mission than ever before. So far, breaches have fueled concerns among companies and governments, leading to increased spending on these products. Investors have poured more than $12.2 billion into start-ups that ensure their cloud security, identity verification and privacy protection.

The money is flooding into those that are getting to grips with hackers in new ways. Traditionally, security systems at companies relied on the idea of securing a perimeter such as firewalls to protect access to their corporate network. But a shift to cloud computing over the past several years has rendered the perimeter and dependency on corporate networks obsolete. The pandemic provided momentum when people shifted to remote work, which required securing remote access systems.

Other internet security businesses have also benefited. One in particular that makes sure users are who they say they are when they join a platform, collected $394 million last month.

In conclusion, with security start-ups going public or being acquired for large sums, and cybersecurity threats mounting, the financial gain is likely to continue. When something like this hits the average person’s mind, people realize that this is definitely here to stay.