Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: cybercrime/malcode – Page 156

The Most Common Types of Cyber Crime

Deleting another spam email in our inbox is becoming an everyday habit. Some may have even had their accounts hacked after clicking a misleading link or had their identities stolen. These are some common cybercrimes and as our reliance on the internet grows, our interactions with cybercrimes becomes more frequent.

According to a recent FBI report on internet crime, 241342 Americans fell victim to phishing, vishing (via call) and smishing (via text) attacks last year, making it the most common type of cybercrime.

This chart shows the most common types of internet crimes in the U.S. in 2020.

Martin Rees and Frederick Lamb on humanity’s fate

Rees explained how his astronomy background meshes with his concern for humanity’s fate:

People often ask does being an astronomer have any effect on one’s attitude toward these things. I think it does in a way, because it makes us aware of the long-range future. We’re aware that it’s taken about 4 billion years for life to evolve from simple beginnings to our biosphere of which we are a part, but we also know that the sun is less than halfway through its life and the universe may go on forever. So we are not the culmination of evolution. Post-humans are going to have far longer to evolve. We can’t conceive what they’d be like, but if life is a rarity in the universe, then, of course, the stakes are very high if we snuff things out this century.

Bottom line: From nuclear weapons to biowarfare to cyberattacks, humanity has much to overcome. Martin Rees and Frederick Lamb discuss the obstacles we face as we look forward to humanity’s future on Earth.

Prometei Botnet Exploiting Unpatched Microsoft Exchange Servers

Attackers are exploiting the ProxyLogon Microsoft Exchange Server flaws to co-opt vulnerable machines to a cryptocurrency botnet named Prometei, according to new research.

“Prometei exploits the recently disclosed Microsoft Exchange vulnerabilities associated with the HAFNIUM attacks to penetrate the network for malware deployment, credential harvesting and more,” Boston-based cybersecurity firm Cybereason said in an analysis summarizing its findings.

First documented by Cisco Talos in July 2020, Prometei is a multi-modular botnet, with the actor behind the operation employing a wide range of specially-crafted tools and known exploits such as EternalBlue and BlueKeep to harvest credentials, laterally propagate across the network and “increase the amount of systems participating in its Monero-mining pool.”

Phishing message sent from Twitter? The platform confirms massive error

An unprecedented event occurred a few hours ago when, by mistake, thousands of users received an email from Twitter requesting users to confirm their accounts, giving the impression of being a massive phishing attack. This incident, which began around 10:00 PM on Thursday, impacted individual and business accounts alike.

The subject line of these messages only mentioned the phrase “Confirm your Twitter account”, and included a button to complete the action. While these messages seemed legitimate, the cybersecurity community soon began to question their provenance and intentions, as this clearly seemed like a simple but effective phishing attack.

During the minutes following the sending of this message, users began posting their doubts on Twitter and other social media platforms.

Hackers use email phishing campaign to deploy multiple variants of Trojans

A new phishing campaign targets specific targets by trying to distribute various remote access Trojan (RAT) variants. According to Cisco Talos Intelligence researchers, this hacking campaign was identified as “Fajan” and could be being operated from an Arabic-speaking country.

Experts believe this campaign would have started in early March, starting with a commitment to “low-profile” targets to determine whether malware samples were properly distributed or some debugging process was needed.

Attacks begin in the form of emails specifically addressed to Bloomberg Industry Group customers. This company adds news content on platforms for various industries, such as law, taxes and accounting, and government, and sells them to its various customers.

Giant Android botnet compromise thousands of Internet TV users

Human Security cybersecurity specialists reveal the finding of a massive botnet made up of compromised Android devices. This malicious operation, identified as Pareto, would aim to conduct advertising fraud related to payment connected television (CTV) services and would so far be made up of about one million infected devices.

As you will recall, the term botnet refers to a network of computer systems committed to a specific malware variant, executed autonomously and automatically and under remote control by attack operators.

Experts say hackers have used dozens of mobile apps to mimic the image of over 6000 CTV apps, equivalent to around 650 million ad requests per day. This botnet was first identified in 2020 and since then companies such as Google and Roku have tried to mitigate their progress, although operators have managed to grow inordinately.

More than 1 million admin credentials to access Windows RDP servers for sale on dark web hacking forum

A recent security report mentions that a dark web leak containing access keys has been published to more than 1.3 million Windows Remote Desktop servers. This is a clear indication of the scope of cybercrime and could even be binding on other incidents of which cybersecurity community knows little.

It’s not all bad news, as network administrators will also benefit from a new service launched by advanced cybersecurity firm Advanced Intel called RDPwned that allows you to verify whether an organization’s RDP credentials have been sold on the hacking black market.

As users may remember, Remote Desktop Protocol (RDP) is a Microsoft remote access solution that allows users to remotely access applications and the desktop of a Windows device. Due to their frequent use in corporate networks, malicious hackers develop an important market around the theft and sale of stolen access credentials to multiple public and private organizations.