Subterms
Image: Shutterstock/stockfour Flagstar Bank has disclosed a security incident that led to the exposure of personal data belonging to up to 1.5 million customers. As reported by Bleeping Computer, the data breach occurred between December 3 and December 4, 2021. The US financial organization is headquartered in Michigan and operates over 150 branches in areas […] More
The US Department of Justice (DoJ) has dismantled the infrastructure of what it described as a Russian botnet consisting of millions of hacked Internet of Things (IoT) devices. According to the DoJ, RSOCKS was operating as a proxy service, but instead of offering customers IP addresses legitimately leased from internet service providers (ISPs), the firm was offering IP addresses that had been assigned to hacked devices. The DoJ said that together with law enforcement partners in Germany, the Netherlands and the UK it has “dismantled” the infrastructure of RSOCKS “which hacked millions of computers and other electronic devices around the world”.The service was available for cybercriminals to use to conceal the source of their activity, which included credential attacks on login web pages. “It is believed that the users of this type of proxy service were conducting large scale attacks against authentication services, also known as credential stuffing, and anonymizing themselves when accessing compromised social media accounts, or sending malicious email, such as phishing messages,” the DOJ said. RSOCKS’s website advertising its services and prices has now been replaced with a message that it has been seized by the FBI, but previously customers could buy access to a pool of RSOCKS proxies from $30 a day for 2,000 proxies to $200 per day for 9,000 proxies, according to the DoJ.Once purchased, the customer could download a list of IP addresses and ports associated with one or more of the botnet’s backend servers. The customer could then route malicious internet traffic through the compromised victim devices to mask the true source of the traffic, the DOJ said.RSOCKS operators allegedly built the proxy service by brute forcing passwords for IoT devices, many of which are put into service with default passwords or are protected by weak passwords. The operators initially targeted IoT devices to build the botnet but later expanded to compromising Android devices and computers. Victims of the botnet included a university, hotel, a television studio, and an electronics manufacturers. Other victims were home businesses and individuals. The DOJ revealed it had dismantled the botnet as it unsealed a search warrant affidavit in the Southern District of California. “This operation disrupted a highly sophisticated Russia-based cybercrime organization that conducted cyber intrusions in the United States and abroad,” said FBI Special Agent in Charge Stacey Moy. “Our fight against cybercriminal platforms is a critical component in ensuring cybersecurity and safety in the United States. The actions we are announcing today are a testament to the FBI’s ongoing commitment to pursuing foreign threat actors in collaboration with our international and private sector partners.”The DoJ in April announced it had disrupted a botnet controlled by the Russian Federation’s Main Intelligence Directorate (GRU) that consisted of thousands of infected WatchGuard and Asus firewall devices. More
Image: Getty Images/iStockphoto A nasty Android banking trojan that is best known for wiping smartphones to cover its tracks has gained several new features to improve its ability at phishing online-banking credentials, intercepting SMS two-factor authentication codes, and more. The BRATA or the ‘Brazilian Remote Access Tool, Android’ has been circulating since at least […] More
Data theft and extortion has become a common – and unfortunately effective – part of ransomware attacks, where in addition to encrypting data and demanding a ransom payment for the decryption key, gangs steal information and threaten to publish it if a payment isn’t received. These so-called double extortion attacks have become an effective tool in […] More
Image: Getty Images/iStockphoto Windows 11 is getting a similar feature to iOS’s App Privacy Report called ‘Privacy Auditing’, which shows a history of each application’s access to sensitive devices like your microphone or information about your location. Under ‘Privacy & security’ within the Windows 11 Settings app, Windows 11 will soon start showing recent activity […] More
Romance scams continue to evolve, not in a small part due to social media and the popularity of online dating. With our lives becoming increasingly busy, not to mention the COVID-19 pandemic and stay-at-home orders, apps dedicated to online romance — or casual dating — have flourished. Tinder, Grindr, Plenty of Fish, Bumble, Match, and Hinge are some of the most popular apps out there, and each can be an avenue for scammers to strike. Romance scams vary, but they all have one of two purposes: stealing your cash or your information. Scams include:Outright requests for money: Scammers might start small and even pay you back to build trust. However, it wouldn’t be long before they would ask for far more — and then vanish. Requests might be made to purchase a flight or travel to see you, pay off customs charges, buy a new laptop or phone to keep communicating with you, pay outstanding medical bills, among other things. Your scammer may also say they are expecting a cash gift or an inheritance, so they ask to ‘borrow’ money for a short while. An emergency or disaster: For some, being a romance scammer is a full-time job, so spending time building trust with multiple victims is simply part of their working day. Suppose enough of an emotional connection is cruelly created, and then they say there is a sudden emergency. There’s been an accident, they are in trouble and their physical safety is threatened, or they are in hospital with looming medical bills. This can create enough of a panic that the victim sends cash without a second thought, as the fraudster has already taken the time to build up trust. Members of the military: The military scam is a popular one. A profile is set up with fake images — often the stolen photos of actual soldiers — and the use military jargon, titles, and known army deployment areas to appear more plausible. They may say they are either just about to ship out or are soon to return and may also try to add some mystery by refusing to give details in the name of confidentiality. A personal example of a military scam:I spoke to someone on Tinder in 2019 who said he was part of the US military. At the time, I’d had my fill of catfish and scammers, so I decided to have some fun and see how long I could drag it out. My romance scammer, set with all-American-boy photos, was apparently based in Afghanistan on deployment but would be “coming home soon” to the UK. After shifting to a secondary, throwaway WhatsApp number, he said he would ask his “commanding officer” for permission to video chat. Playing along with it, I was sent a video of a soldier saying hello. I’d asked him to say my name in it to prove that it was real-time footage. This, of course, didn’t happen. The footage was the type of generic clip you’d find on TikTok, but if you weren’t on the lookout for red flags, it could have been believable and considered genuine. It wasn’t long before he said he was running out of phone credit but he really wanted to keep talking to me. So he asked to “borrow” £20 to top up his phone. How about… no. That wouldn’t have been the end of it. In my opinion, this request was akin to a test payment you’d see when your card details have been stolen on your bank statement — in which criminals make small requests, no more than a few dollars, to see if a bank account is active and has funds. When it comes to romance scams, a small amount can very quickly turn into an avalanche that could financially bury a victim.Military scams have become so common that the US Army itself has provided an online fact sheet on these schemes. “The most common scheme involves criminals, often from other countries — most notably from West African countries — pretending to be US soldiers serving in a combat zone or other overseas location,” the organization says. “These crooks often present documents and other ‘proof’ of their financial need when asking their victims to wire money to them.”Investments: Last year, Interpol warned that fraudsters are encouraging their matches to join them in financial “ventures.”The cybercriminal begins by building trust and offering tips and advice on stocks, shares, and investments. They will then try to lure their victim into signing up for a fake financial product, normally hosted through a malicious investment app or fraudulent website. An incentive is essential to this scam being a success. For example, your new love interest may offer you VIP status and personal instruction in the world of investing.A victim could then submit their payment card details, which can then be stolen and used by the cybercriminals to make fraudulent purchases. Or they could load cash onto a fake platform — only to be locked out of the account. The fraudster blocks them and disappears. “They’re left confused, hurt, and worried that they’ll never see their money again,” Interpol noted. Most of the time, victims won’t.Cryptocurrency: Cryptocurrency-related scams are a new twist on older investment scams. Scam artists take advantage of a general lack of understanding surrounding cryptocurrency to hoodwink their victims. This may include signing them up for fake cryptocurrency trading apps.Sophos researchers published an advisory on CryptoRom in 2021, a cybercriminal ring that targeted Tinder and Bumble users. Victims lost thousands of dollars after falling prey to these romance scams, and fake cryptocurrency trading apps were promoted not only on these dating apps, but also on social media networks and cold-call WhatsApp solicitations. More
When you upgrade to Windows 11 Home edition, the default settings configure your system to “back up your files” to OneDrive. Getty Images Welcome to the latest installment of Ask ZDNet, where we answer the questions that make your IT guy reach for the Tums. In the mailbag this week: After upgrading to Windows 11, a […] More
Credit: Microsoft Microsoft is making generally available today, June 16, another member of its growing family of “Defender” branded products. The newest member, christened “Microsoft Defender for Individuals,” is meant to help secure families of devices, not just Windows PCs. Microsoft has been testing Defender for Individuals for several months under the Microsoft Defender brand. […] More
