Tag Archives: cybercrime

Positive Technologies: darkweb market is packed with offers to purchase access to corporate networks

Positive Technologies experts have analysed illegal marketplaces on the dark web and found a flood of interest in accessing corporate networks. In Q1 2020, the number of postings advertising access to these networks increased by 69 percent compared to the previous quarter. This may pose a significant risk to corporate infrastructure, especially now that many employees are working remotely. “Access for sale” on the darkweb is a generic term, referring to software, exploits, credentials, or anything else that allows illicitly controlling one or more remote computers.

Continue reading Positive Technologies: darkweb market is packed with offers to purchase access to corporate networks

Verizon Data Breach Report: DoS Skyrockets, Espionage Dips

ThreatPost logo

Denial-of-service (DoS) attacks have spiked over the past year, while cyber-espionage campaigns have spiraled downwards. That’s according to Verizon’s 2020 Data Breach Investigations Report (DBIR) released Tuesday, which analyzed 32,002 security incidents and 3,950 data breaches across 16 industry verticals.

Continue reading Verizon Data Breach Report: DoS Skyrockets, Espionage Dips

Dark web scammers exploit Covid-19 fear and doubt

“They’re exploiting the fear, uncertainty and doubt people are experiencing during the pandemic, and using the anxiety and desperation to get people to buy things or click on things they wouldn’t have otherwise,” says Morgan Wright, a former senior adviser to the US Department of State anti-terrorism assistance programme.

Continue reading Dark web scammers exploit Covid-19 fear and doubt

17,000 Coronavirus-Related Domains Registered In First 2 Weeks Of April; 23% Malicious Or Suspicious: Check Point

There have been 68,000 coronavirus-related domains registered since the beginning of the Coronavirus outbreak in January 2020 with an escalation in the number of coronavirus-related domains being registered since mid-February according to Check Point Research. In the past two weeks (since 2 April), there have been almost 17,000 new coronavirus-related domains had been registered (16,989 to be exact) with 2% found to be malicious and another 21% suspicious.

And with the pandemic now reaching almost every corner of the globe, many governments have announced economic stimulus packages, and as Check Point Research note on their recent glob post, “where there’s money, there will also be criminal activity. Hackers and threat actors want to cash in on the rush to get these vital payments and fill their own pockets at the expense of others. To do this, they are evolving the scam and phishing techniques that they have been using successfully since the start of the pandemic in January. Google recently reported that in just one week from 6 to 13 April, it saw more than 18 million daily malware and phishing emails related to Covid-19 scams – and that’s in addition to the 240 million daily spam messages it sees related to coronavirus.”

To take advantage of these stimulus packages, Check Point Research found 4,305 domains relating to new stimulus/relief packages have been registered since January with a total of 2081 new domains registered (38 malicious; 583 suspicious) in March and 473 (18 malicious, 73 suspicious) in the first week of April.

Check Point Research also observed a major increase in the week starting 16 March “during which the American government proposed the stimulus package to taxpayers. The number of new domains registered that week was 3.5 times higher compared to the average of previous weeks.”

“These scam websites use the news of the coronavirus (Covid-19) financial incentives, and fears about Coronavirus to try and trick people into using the websites or clicking on links. Users that visit these malicious domains instead of the official Government websites risk having their personal information stolen and exposed, or payment theft and fraud.”

Check Point Research has also observed a rise in “scam websites that use the news of the coronavirus (Covid-19) financial incentives, and fears about Coronavirus to try and trick people into using the websites or clicking on links. Users that visit these malicious domains instead of the official Government websites risk having their personal information stolen and exposed, or payment theft and fraud.”

For more information, or to see the Check Point Research blog post in full, go to: https://blog.checkpoint.com/2020/04/20/coronavirus-update-as-economic-stimulus-payments-start-to-flow-cyber-attackers-want-to-get-their-share-too/

DK Hostmaster Wins Global Award For Efforts Combating Cybercrime

The Alliance for Safe Online Pharmacies (ASOP Global) presented its annual Internet Pharmacy Safety E-Commerce Leadership Award to .DK Hostmaster, which was announced at ICANN63 Tuesday.

DK Hostmaster, the Danish country code top level domain (ccTLD) manager, won the award based on their commitment to ensuring citizen safety by maintaining transparent WHOIS data, proactively enforcing identity accuracy policies to increase consumer trust and safety online.

DK Hostmaster has increased identity checks for Danish and foreign customers and deleted over 3,000 domain names of suspected fake stores since November 2017. In addition, DK Hostmaster supports an open WHOIS, which is helping to create transparency so it continuously is possible to see who is behind a .dk domain name.

“ASOP Global is pleased to recognise DK Hostmaster for their outstanding efforts to prevent the illegal use of domain names for online drug sales and rapidly responding to any complaints,” said Libby Baney, Principal at Faegre Baker Daniels Consulting and senior advisor to ASOP Global.

ASOP Global is a 501(c)(4) non-profit organisation headquartered in Washington, D.C. with activities in the U.S., Canada, Europe, India, Latin America and Asia. It’s dedicated to protecting consumers around the world, ensuring safe access to medications, and combating illegal online drug sellers.

“DK Hostmaster is honoured to receive this award for our continued efforts to ensure a safe and trustworthy .dk zone through transparency and focus on ensuring the identity of the owners of a .dk domain name” said DK Hostmaster CEO, Jakob Truelsen.

“DK Hostmaster’s policy to keep WHOIS data open and transparent creates a more secure, trustworthy environment in the .dk namespace,” Baney commented. As a member of the Coalition for a Secure and Transparent Internet, ASOP Global further commends DK Hostmaster for their policy on transparent WHOIS and encourages other registries and registrars to follow thier lead.

“Transparency has shown to be an effective tool to prevent abuse. Sunlight has proven to an effective disinfectant” said DK Hostmaster CEO, Jakob Truelsen.

Nominations for ASOP Global’s third Internet Pharmacy E-Commerce Safety Award are now open. Award recipients will be announced during ICANN66 in November 2019 in Montreal, Canada.

EURid and IACC Team Up to Fight Cybercrime in .EU and .ЕЮ

EURid and the International Anti-Counterfeiting Coalition (IACC) have announced plans to work together to fight cybercrime in the .eu and .ею domain name space. The collaboration aims to help clear the registration database from fraudulent domain names and to establish a more secure domain space for Internet users.

The scope of this collaboration is based on the exchange of knowledge and support pertaining to cybercrime, specifically counterfeiting and piracy, in the .eu and .еюdomain name space. It entails engaging in joint efforts, exchanging statistical data and trends pertaining to cybercrime, and committing to cooperate on projects designed to address the issue.

Over the last 3 years, EURid, the .eu and .ею registry, has strengthened its efforts in cleaning up its registration database from fraudulent activity to increase trust and security in the .eu and .ею domain name space, resulting in the suspension of more than 70,000 domain names.

“Overall, cybercrime rates worldwide have been climbing over the past few years. It’s imperative that we continue to monitor and identify abusive registrations and alleged illegal activity happening within the .eu and .еюspace and take action in a timely manner. We increase our efforts in combatting illegal activity online and hopefully influence others to do the same,” said Geo Van Langenhove, EURid’s Legal Manager.

For the IACC, a Washington, DC-based not for profit organisation representing the interests of companies concerned with trademark counterfeiting and the related theft of intellectual property, this MOU marks the first time that the organisation has collaborated with a registry, underscoring its mission to combat online counterfeiting and piracy through strategic partnerships with intermediaries in all industries.

“Online counterfeiting has grown in scale, threatening Internet users’ safety and overall experience on the web. With the IACC’s expertise in anti-counterfeiting and EURid’s oversight of the .eu and .eio domain spaces, this partnership is a positive step toward ridding the Internet of counterfeiters and establishing a trusted online environment for all,” said Bob Barchiesi, IACC President.

The EURid – IACC MOU, solidified Tuesday through the signing of a Memorandum of Understanding at the EUROPOL IP Crime Conference in Budapest, Hungary, this marks an important step in the right direction to combating cybercrime, but the organisations’ efforts won’t stop there. EURid has been actively working with various law enforcement agencies such as the Belgian Federal Ministry of Economy and the Cybersquad team. The IACC continues to establish and promote its world-renowned online anti-counterfeiting programs, which were created in partnership with credit card companies and other major payment providers, as well as online marketplaces. The IACC also works closely with law enforcement agencies and organisations, including EUROPOL, by sharing resources and expertise. In addition to signing an MOU with EUROPOL in 2016, the IACC is also an organising partner to the EUROPOL IP Crime Conference.

DomainTools Find Cybercriminals Using Typos to Spoof Top UK charities

Cybercriminals are using fraudulent domains to lure unsuspecting members of the public towards spoofs of well-known UK charities, for malicious purposes, according to the results of a DomainTools investigation.

Following on from the National Cyber Security Centre’s warning that cybersecurity poses the most serious threat to UK charities, DomainTools selected ten well-known and popular charitable organizations in the UK to analyse, and found that every charity selected was being spoofed online by cybercriminals, who often used typos in order to dupe unsuspecting Internet users. The team analysed domains associated with Cancer Research, The National Trust, NSPCC, Oxfam, The Red Cross, Salvation Army, Wateraid, Save The Children and Unicef. In total, over 170 domains were deemed high-risk for phishing, malware and other forms of cybercrime. Some examples of fraudulent domains with risk scores of 100 – the highest possible score – include:

  • fundraisecancerresearch[.]org
  • nationltrust[.]org
  • nspcv[.]org
  • oxfamsol-mail[.]be
  • redcroas[.]com
  • salvationarmycapitalregion[.]org
  • svaethechildren[.]org
  • sheltern[.]com
  • unicefpro[.]org
  • vistwateraid[.]org.

“It remains incredibly easy for anyone to purchase an available domain,” said Tim Helming, director of product management at DomainTools. “This is part of what helps keep the Internet open and democratic, but it also helps cybercriminals exploit users. In this case the spoofing of charity websites has the added benefit of exploiting people’s wish to donate to these charities, making them a particularly lucrative target.”

Explaining the method by which these websites will be introduced to Internet users, Helming explained “these domains will often be directed towards people via email or SMS phishing campaigns, which hope to encourage users to click on seemingly legitimate looking links such as those included above, which in turn begins another cycle of cybercrime. Phishing can be used by criminals simply to gain credit card or banking information, or as a gateway to install malware on a device or network, which leads to even more serious crimes such as data breaches and or identity fraud.”

DomainTools offers top tips for consumers to avoid falling foul of a spoof website:

  • Watch out for domains that have the pattern com-[text] in them. We’re so accustomed to seeing .com that we can easily overlook the extra text that’s appended to it with a dash.
  • Look for typos on the website, coupon, or link that is directing you – for example, check for extra added letters in the domain, such as Yahooo[.]com.
  • Look out for ‘rn’ disguised as an ‘m’, such as modem.com versus modern.com.
  • Watch all website redirects by hovering over URLs to see where the link will take you.Realise that if something is too good to be true, it likely is.
  • Get into the habit of hovering your mouse over links, and then looking for a pop-up that shows what domain the link points to. Typo domains can often be exposed using this method. Chrome and Firefox both have this feature.

Cybercrime on .CH Websites Declines In 2015, But Increases On Swiss Companies Using Other TLDs

SWITCH logoThe number of incidents of cybercrime on websites using .ch (Switzerland) and .li (Liechtenstein) domains decreased in 2015 while there was an increase in the number of phishing attacks on Swiss companies’ websites with other domain endings, the SWITCH Foundation, which operates the registry for both ccTLDs, announced.

According to the cybercrime report, “SWITCH took action to remove malware from 698 .ch and .li websites in 2015, down from 1,839 in 2014. The situation as regards phishing was more or less stable: 329 .ch and .li websites were affected, compared with 323 in 2014. Meanwhile, there was an increase in the number of phishing attacks on Swiss companies’ websites with other domain endings.”

“Cybercriminals are driven by money. We are quick in identifying domain misuse and acting to stop it, so attacking Swiss websites is becoming less and less worthwhile,” explains SWITCH security expert Serge Droz.

Droz sees new challenges where phishing is concerned.

“Phishing attacks did not focus solely on banks in Switzerland last year, they were primarily targeted at online shops. Our goal for 2016 is to be even more efficient in dealing with phishing. Since we can only have a direct influence on .ch and .li, we are all the more dependent on cooperation with colleagues in Switzerland and abroad when it comes to other domain endings.”

For more on the SWITCH cybercrime report, see:
http://www.switch.ch/news/cybercrime/

Infoblox DNS Threat Index Hits Record High in Second Quarter Due to Surge in Phishing Attacks

Infoblox logo[news release] Infoblox Inc., the network control company, today (27/7) released the second quarter 2015 report for the Infoblox DNS Threat Index, powered by IID, the source for clear cyberthreat intelligence. The index hit a record high of 133—up 58 percent from the second quarter of 2014—due to a surge in phishing attacks.

The Infoblox DNS Threat Index (www.infoblox.com/dns-threat-index), which Infoblox and IID (www.internetidentity.com) are introducing today, is an indicator of malicious activity worldwide exploiting the Domain Name System (DNS).

The single biggest factor driving the second-quarter increase, according to analysis of the data by IID and Infoblox, is the creation of malicious domains for phishing attacks. Phishing, a time-tested weapon of cybercriminals, involves sending emails that point users to fake web sites—mimicking a bank’s home page, for example, or a company’s employee portal—to collect confidential information such as account names and passwords or credit-card numbers.

Another significant contributor to the index’s record high is the growing demand for exploit kits. These packages of malicious software are typically hidden on web sites that appear to be innocuous, but download malware whenever a user visits—even if the user takes no action.

The Infoblox DNS Threat Index, which is the first security report to analyze the creation of malicious domains, has a baseline of 100—the average of quarterly results for the years 2013 and 2014. In the first quarter of 2015, the index stood at 122, and has now jumped an additional 11 points to a record high of 133 in the second quarter.

DNS is the address book of the Internet, translating domain names such as www.google.com into machine-readable Internet Protocol (IP) addresses such as 74.125.20.106. Because DNS is required for almost all Internet connections, cybercriminals are constantly creating new domains to unleash a variety of threats that can leverage DNS, ranging from simple malware to exploit kits, phishing, distributed denial of service (DDoS) attacks, and data exfiltration.

“DNS is critical infrastructure for the Internet that can’t be turned off. Through our analysis, it’s apparent that cybercriminals recognize this and see DNS as a vector for penetrating government, corporate, and personal networks,” said Rod Rasmussen, chief technology officer at IID. “The Infoblox DNS Threat Index, powered by IID, is intended to give insight into the extent to which bad actors are leveraging DNS for illicit activities.”

“DNS sits at the center of the Internet, connecting people, applications, and devices—making DNS a powerful tool for protecting networks as well as penetrating them,” said Craig Sanderson, senior director of security products at Infoblox. “Organizations can enhance their security by acquiring and understanding DNS threat intelligence data, then using that data to block access to malicious domains.”

The full Infoblox DNS Threat Index report for the second quarter of 2015 is available for free, with no registration required, at www.infoblox.com/dns-threat-index.

About Infoblox

Infoblox (NYSE:BLOX) delivers network control solutions, the fundamental technology that connects end users, devices, and networks. These solutions enable more than 8,100 enterprises and service providers to transform, secure, and scale complex networks. Infoblox helps take the burden of complex network control out of human hands, reduce costs, and increase security, accuracy, and uptime. Infoblox (www.infoblox.com) is headquartered in Santa Clara, California, and has operations in over 25 countries.

This Infoblox news release was sourced from:
https://www.infoblox.com/company/news-events/press-releases/2015/infoblox-dns-threat-index-hits-record-high-second-quarter-due-surge-phishing-attacks