September 3, 2014

Phishing and cyber-attacks likely to rise during the World Cup

World-Cup-2014-logo(LiveHacking.Com) – As is often the case with large, well known events, cyber-criminals and spammers will be using the World Cup as a chance to steal more personal information and disrupt services in “cyber protests.”

According to TrendLabs phishing campaigns have intensified and are evening targeting Brazilian nationals in a attempt to steal from them during the fervor of the World Cup. Typical campaigns try to solicit information like credit card numbers or personal identifiable information (including name, date of birth and even national identity numbers), from unsuspecting victims. This data is later sold on the black market.

The example given by TrendLabs was for a $2.2 million lottery. As with legitimate lotteries you need to pay to enter. Since the lottery is a scam the credit details entered are harvested for sale. TrendLabs has  identified more than 80,000 people whose credentials have been stolen. Of those 83% had email address from providers with domain names in the .br top-level domain.

But it isn’t only phishing that will be increasing during the World Cup. According to reports by Reuters, the hacker group Anonymous is preparing cyber-attacks on the corporate sponsors of the World Cup.

“We have already conducted late-night tests to see which of the sites are more vulnerable,” said the hacker who operates under the alias of Che Commodore. “We have a plan of attack.”

The threats by Anonymous and the increased amount of phishing are just another problem for the Brazilian government. The event has been marred by delays in the building of the stadiums and widespread discontent among Brazilians over the excessive cost of hosting the event in a country.

Recently Anonymous attacked the Brazil’s Foreign Ministry computer networks and leaked dozens of confidential emails. In what is a massive security breach, Anonymous posted 333 Foreign Ministry documents including documents about the briefing of talks between Brazilian officials and U.S. Vice President Joe Biden, and a list of sport ministers that plan to attend the World Cup.

The World Cup 2014 kicks off on 12 June with a game between hosts Brazil and Croatia. The event continues until Sunday 13 July when the final will be held in Rio de Janeiro.

Worldwide losses from phishing attacks increases to over US$687 million

(LiveHacking.Com) – RSA has released some new figures about phishing attacks during the first half of 2012 and the news isn’t good. The number of phishing attacks rose again (for the fourth time), this time by 19% compared to the second half of 2011. In real terms this means that the estimated worldwide financial losses from these attacks alone amounted to over US$687 million.

The countries targeted by the attacks has remained unchanged with the top five being the UK, U.S., Canada, Brazil and South Africa. Although Canada occupies a spot in the top three, it has also seen some significant increases with phishing attacks increasing by nearly 400% in the first half of 2012. This is likely due to the economic health of the North American country, to put it simply fraudsters follow the money.

“The interesting part this time was the fact that the industry’s attack duration median (uptime), according to the Anti-Phishing Working Group, went down from 15.3 hours per attack to 11.72 hours per attack, thus somewhat curbing the monetary impact of each attack, even though attack numbers keep climbing,” wrote Limor Kessem. “Had attack medians remained the same, the monetary losses to phishing in 1H2012 would have exceeded US$897 million. Statistically speaking, this saved the world close to an additional 31% in money that could have been lost to phishing attackers.”

Phishing is, of course a crime, and it is perpetrated by fraudsters who can persuade victims to respond to a legitimate-looking email or click on a seemingly safe link. To do that, the attackers create emails to play on human emotions, it is a con. Although phishing is a modern crime for the Internet age, the forces behind it - manipulation, deceit and persuasion – are not.

With Internet users increasingly relying on webmail and social networking sites, successful phishing attacks to obtain access to Facebook or Gmail open the doors to many other avenues. If an email account is hacked by information used during a phishing attack then the attacker can reset passwords for other important accounts (PayPal, Amazon, Apple/iCloud etc). This is what happened to Mat Honan. The hackers managed to breached Mat’s iCloud account and then proceeded to reset all of Mat’s accounts and devices, they even sent remote wipe commands to Mat’s iPhone, iPad and MacBook.

The Internet is a dangerous place says Google

(LiveHacking.Com) – To mark the five-year anniversary of the launch of its Safe Browsing initiative Google has released some interesting facts and figures about the dangers of the Internet, the most shocking being that Google find about 9,500 new malicious websites every day. The Internet is truly a dangerous place.

Of the 9,500 new malicious websites which Goolge detects daily,  some are innocent websites that have been hacked to serve up malware, while the others that are built specially for the purpose of distributing malware. As a result of these daily finds, Google displays over 300,000 download warnings every day via its download protection service that is built-in to Chrome.

Elements of the Safe Browsing service are built into Chrome, Firefox, and Safari and as a result some 600 million users are protected by this service. According to Google, approximately 12-14 million Google Search queries per day result in a web browser showing a warning advising users not to visit a currently compromised site.

Google’s service checks for two types of danger on the Internet – Phishing and Malware. Phishing sites are those who try to trick a user into revealing a username and password for a well-known site like eBay or PayPal. Modern phishing strategies include fast turn-around and the additional use of malware. In this context fast turn-around means sites that come and go very quickly in an attempt to avoid detection. Some phishing webpages (URLs) remain online for less than an hour. Phishing sites can also use the look and feel of popular sites to trick users into installing malware by offering it as browser extension. The number of phishing sites has peaked in 2012 with over 300,000 new phishing sites found per month.

The good news on the malware front is that the number of dangerous sites found due to hacking has dropped to “just” 150,000 per month, down from over 300,000 a month in 2009. However the number of specially created websites, designed just to deliver malware, remains high with about 10,000 site discovered per month. This is slightly down from a high of 12,000 per month at the end of 2010.

How to stop yourself becoming a victim? Don’t ignore browser warnings. Since legitimate sites can be hacked and modified to contain malware, don’t visit a website if a browser warning is shown, no matter how well-known the website is to you.

New Phishing Attack Spread by Twitter Direct Message

(LiveHacking.Com) — A new phishing attack has appeared on the Twitter network using Direct Messages (DM) to deceive people into following a link to a fake Twitter login page.

The messages sent from other Twitter users, lure victims by asking if it is them who is pictured in a photo, video or mentioned in a blog post.

Various versions of the bait messages include:

is this you in the video?
is this you in this picture?
check this out… it’s a funny blog post. you’re mentioned in it.
 

Clicking on the included link takes you to what appears, at first glance, to be the Twitter login page but is in fact hosted on a domain with a similar spelling to Twitter but isn’t associated with Twitter at all.

If you take the bait and enter your username and password on the page you have probably given your login credentials to hackers.

Del Harvey (@delbius) who runs Twitter’s Safety team, says that Twitter is resetting the passwords of users who it believes have been hit by the phishing attack: We’re resetting passwords for affected users; here’s the help page to check out about what you should do. https://support.twitter.com/articles/31796-my-account-has-been-compromised.

Google Removed 11+ Million Websites from Its Search Engine; No More .co.cc

Google has removed more than 11 million .co.cc websites from its search engine index.

Google has modified its malware detection system to identify sub-domain level services which have been used by criminals to register thousands of domains and host malware and fake anti-virus software. As the result of these changes, Google has removed more than 11 million .co.cc websites from it search engine results pages on the basis that most of them are spammy or low-quality.

According to a recent report by Anti-Phishing Working Group, the .cc top-level domain hosted more than 4,900 phishing attacks in the second half of 2010. This number is almost twice the number under any other extensions.

The .co.cc space offered by a Korea company (http://co.cc/) and it is not an official authorized second-level domain like .co.uk. This company as a registry offers single sub-domains for fee, and bulk register with discounted price of $1000 for 15,000 domains. The company claims to have 11,383,736 registered domains and more than 5 millions user accounts.

The .cc is the Internet country code top-level domain (ccTLD) for Cocos (Keeling) Islands, a small Australian territory in the Indian Ocean. The regular .cc websites are unaffected by Google’s changes.

Chinese Hackers Target Government Officials and Activists in Gmail Phishing Scam

Google has uncovered a phishing campaign, originating in Jinan – China, targeting senior U.S. government officials, Chinese political activists, officials in several Asian countries (mainly from South Korea), military personnel and journalists.

It appears that the aim of the campaign was too steal passwords and then change the settings for the automatic forwarding of emails and grant others access to the accounts. With access granted or emails automatically forwarded the perpetrators are able to monitor the accounts, presumably for political gain.

Google has now disrupted the campaign and have notified victims while securing their accounts. In addition, Google has notified the relevant government authorities.

The phishing campaign first came to light when Mila Parkour, a network security specialist, blogged about targeted attacks against personal accounts of military, government employees and their associates. According to her blog “victims get a message from an address of a close associate or a collaborating organization/agency, which is spoofed. The message is crafted to appear like it has an attachment with links like View Download and a name of the supposed attachment. The link leads to a fake Gmail login page for harvesting credentials.”

Hacker Steals Thousands of Email Addresses in Epsilon Breach

Epsilon, the world’s largest permission-based email marketing provider who sends over 40 billion emails annually, has revealed that on March 30th, it detected a breach where email addresses and customer names, for around 50 of Epsilon’s clients, were accessed by a hacker.

Epsilon is assuring its clients (and their customers) that the information that was obtained was limited to email addresses and/or customer names only. However the breach does leave the customers of Epsilon’s clients (which include Best Buy, Capital One, Citi, JPMorgan Chase, US Bank, TiVo and Walgreens) susceptible to scammers and phishing attacks as the hacker will be able to send fake emails to registered users who are already expecting emails from these large retailers or banks.

As a result Epsilon’s clients have started warning their customers to be alert for unusual or suspicious emails. Best Buy sent an email to its customers where is said:

For your security, however, we wanted to call this matter to your attention. We ask that you remain alert to any unusual or suspicious emails. As our experts at Geek Squad would tell you, be very cautious when opening links or attachments from unknown senders.

In keeping with best industry security practices, Best Buy will never ask you to provide or confirm any information, including credit card numbers, unless you are on our secure e-commerce site, www.bestbuy.com. If you receive an email asking for personal information, delete it. It did not come from Best Buy.”

JPMorgan Chase released a statement about the breach: “We are advised by Epsilon that the files that were accessed did not include any customer financial information, but are actively investigating to confirm this. As always, we are advising our customers of everything we know as we know it. Chase will never ask customers for personal information or credentials in an email.”

Update: Marriott International, Inc. has also sent a similar sounding email to its customers – “However, we recommend that you continue to be on the alert for spam emails requesting personal or sensitive information. Please understand and be assured that Marriott does not send emails requesting customers to verify personal information.