Tag Archives: cybercrime

DomainTools Find Cybercriminals Using Typos to Spoof Top UK charities

Cybercriminals are using fraudulent domains to lure unsuspecting members of the public towards spoofs of well-known UK charities, for malicious purposes, according to the results of a DomainTools investigation.

Following on from the National Cyber Security Centre’s warning that cybersecurity poses the most serious threat to UK charities, DomainTools selected ten well-known and popular charitable organizations in the UK to analyse, and found that every charity selected was being spoofed online by cybercriminals, who often used typos in order to dupe unsuspecting Internet users. The team analysed domains associated with Cancer Research, The National Trust, NSPCC, Oxfam, The Red Cross, Salvation Army, Wateraid, Save The Children and Unicef. In total, over 170 domains were deemed high-risk for phishing, malware and other forms of cybercrime. Some examples of fraudulent domains with risk scores of 100 – the highest possible score – include:

  • fundraisecancerresearch[.]org
  • nationltrust[.]org
  • nspcv[.]org
  • oxfamsol-mail[.]be
  • redcroas[.]com
  • salvationarmycapitalregion[.]org
  • svaethechildren[.]org
  • sheltern[.]com
  • unicefpro[.]org
  • vistwateraid[.]org.

“It remains incredibly easy for anyone to purchase an available domain,” said Tim Helming, director of product management at DomainTools. “This is part of what helps keep the Internet open and democratic, but it also helps cybercriminals exploit users. In this case the spoofing of charity websites has the added benefit of exploiting people’s wish to donate to these charities, making them a particularly lucrative target.”

Explaining the method by which these websites will be introduced to Internet users, Helming explained “these domains will often be directed towards people via email or SMS phishing campaigns, which hope to encourage users to click on seemingly legitimate looking links such as those included above, which in turn begins another cycle of cybercrime. Phishing can be used by criminals simply to gain credit card or banking information, or as a gateway to install malware on a device or network, which leads to even more serious crimes such as data breaches and or identity fraud.”

DomainTools offers top tips for consumers to avoid falling foul of a spoof website:

  • Watch out for domains that have the pattern com-[text] in them. We’re so accustomed to seeing .com that we can easily overlook the extra text that’s appended to it with a dash.
  • Look for typos on the website, coupon, or link that is directing you – for example, check for extra added letters in the domain, such as Yahooo[.]com.
  • Look out for ‘rn’ disguised as an ‘m’, such as modem.com versus modern.com.
  • Watch all website redirects by hovering over URLs to see where the link will take you.Realise that if something is too good to be true, it likely is.
  • Get into the habit of hovering your mouse over links, and then looking for a pop-up that shows what domain the link points to. Typo domains can often be exposed using this method. Chrome and Firefox both have this feature.

Cybercrime on .CH Websites Declines In 2015, But Increases On Swiss Companies Using Other TLDs

SWITCH logoThe number of incidents of cybercrime on websites using .ch (Switzerland) and .li (Liechtenstein) domains decreased in 2015 while there was an increase in the number of phishing attacks on Swiss companies’ websites with other domain endings, the SWITCH Foundation, which operates the registry for both ccTLDs, announced.

According to the cybercrime report, “SWITCH took action to remove malware from 698 .ch and .li websites in 2015, down from 1,839 in 2014. The situation as regards phishing was more or less stable: 329 .ch and .li websites were affected, compared with 323 in 2014. Meanwhile, there was an increase in the number of phishing attacks on Swiss companies’ websites with other domain endings.”

“Cybercriminals are driven by money. We are quick in identifying domain misuse and acting to stop it, so attacking Swiss websites is becoming less and less worthwhile,” explains SWITCH security expert Serge Droz.

Droz sees new challenges where phishing is concerned.

“Phishing attacks did not focus solely on banks in Switzerland last year, they were primarily targeted at online shops. Our goal for 2016 is to be even more efficient in dealing with phishing. Since we can only have a direct influence on .ch and .li, we are all the more dependent on cooperation with colleagues in Switzerland and abroad when it comes to other domain endings.”

For more on the SWITCH cybercrime report, see:
http://www.switch.ch/news/cybercrime/

Infoblox DNS Threat Index Hits Record High in Second Quarter Due to Surge in Phishing Attacks

Infoblox logo[news release] Infoblox Inc., the network control company, today (27/7) released the second quarter 2015 report for the Infoblox DNS Threat Index, powered by IID, the source for clear cyberthreat intelligence. The index hit a record high of 133—up 58 percent from the second quarter of 2014—due to a surge in phishing attacks.

The Infoblox DNS Threat Index (www.infoblox.com/dns-threat-index), which Infoblox and IID (www.internetidentity.com) are introducing today, is an indicator of malicious activity worldwide exploiting the Domain Name System (DNS).

The single biggest factor driving the second-quarter increase, according to analysis of the data by IID and Infoblox, is the creation of malicious domains for phishing attacks. Phishing, a time-tested weapon of cybercriminals, involves sending emails that point users to fake web sites—mimicking a bank’s home page, for example, or a company’s employee portal—to collect confidential information such as account names and passwords or credit-card numbers.

Another significant contributor to the index’s record high is the growing demand for exploit kits. These packages of malicious software are typically hidden on web sites that appear to be innocuous, but download malware whenever a user visits—even if the user takes no action.

The Infoblox DNS Threat Index, which is the first security report to analyze the creation of malicious domains, has a baseline of 100—the average of quarterly results for the years 2013 and 2014. In the first quarter of 2015, the index stood at 122, and has now jumped an additional 11 points to a record high of 133 in the second quarter.

DNS is the address book of the Internet, translating domain names such as www.google.com into machine-readable Internet Protocol (IP) addresses such as 74.125.20.106. Because DNS is required for almost all Internet connections, cybercriminals are constantly creating new domains to unleash a variety of threats that can leverage DNS, ranging from simple malware to exploit kits, phishing, distributed denial of service (DDoS) attacks, and data exfiltration.

“DNS is critical infrastructure for the Internet that can’t be turned off. Through our analysis, it’s apparent that cybercriminals recognize this and see DNS as a vector for penetrating government, corporate, and personal networks,” said Rod Rasmussen, chief technology officer at IID. “The Infoblox DNS Threat Index, powered by IID, is intended to give insight into the extent to which bad actors are leveraging DNS for illicit activities.”

“DNS sits at the center of the Internet, connecting people, applications, and devices—making DNS a powerful tool for protecting networks as well as penetrating them,” said Craig Sanderson, senior director of security products at Infoblox. “Organizations can enhance their security by acquiring and understanding DNS threat intelligence data, then using that data to block access to malicious domains.”

The full Infoblox DNS Threat Index report for the second quarter of 2015 is available for free, with no registration required, at www.infoblox.com/dns-threat-index.

About Infoblox

Infoblox (NYSE:BLOX) delivers network control solutions, the fundamental technology that connects end users, devices, and networks. These solutions enable more than 8,100 enterprises and service providers to transform, secure, and scale complex networks. Infoblox helps take the burden of complex network control out of human hands, reduce costs, and increase security, accuracy, and uptime. Infoblox (www.infoblox.com) is headquartered in Santa Clara, California, and has operations in over 25 countries.

This Infoblox news release was sourced from:
https://www.infoblox.com/company/news-events/press-releases/2015/infoblox-dns-threat-index-hits-record-high-second-quarter-due-surge-phishing-attacks

SWITCH Launches Website Aiming To Improve Security On The Internet

SWITCH logoSWITCH has created a website with a focus on prevention to help safeguard domains in Switzerland. Under the title Safer Internet, SWITCH informs domain name holders about the dangers lurking on the Internet and explains how they can protect their website against attacks. SWITCH is tasked by the Federal Office of Communications (OFCOM) with registering domain names ending in .ch and also works to ensure a secure and stable Internet in Switzerland.

[news release] Dangers lurking on the Internet include drive-by attacks and phishing. Many domain name holders are unaware of the threats posed by cybercriminals or how to prevent them. One of the SWITCH foundation’s main goals is to make the Internet safe in Switzerland. With this in mind, it has created the new website www.switch.ch/saferinternet. SWITCH security expert Michael Hausding explains: “Safer Internet is an information platform aimed at everyone who has a .ch website. It offers tips on preventing domain name misuse and information on risks relating to online content.” Available in English, German, French and Italian, the Safer Internet website is intended for a broad audience.

Preventing drive-by and phishing attacks

Most damage to .ch websites is caused by drive-by infections and phishing. In a drive-by attack, users visiting a website infect their computers with malware placed on the site by hackers. Phishing, meanwhile, is an attempt to gain access to Internet users’ personal information using fake websites, e-mails or instant messages. These types of attacks cause a huge amount of damage online. SWITCH’s new website tells domain name holders how they can protect their websites against cybercriminals. Under the heading ‘Make your website safer’, SWITCH offers advice on how to prevent such attacks. Safer Internet also includes details of the risks these attacks bring with them and why more and more websites are being targeted.

About Safer Internet

Safer Internet is a website containing information about how to prevent the misuse of domain names. It explains some common security issues and offers advice on dealing with them. If you have any questions about website security, please feel free to contact SWITCH.

This SWITCH news release was sourced from:
www.switch.ch/news/safer-internet2015/

APWG Cybercrime Fighters, University Researchers and ICANN Unite to Set Global Cybercrime Fighting Agenda

APWG logo[news release] The Anti-Phishing Working Group’s Fall conference week in Puerto Rico this October will unite industrial and police cybercrime investigators, university researchers and security experts with ICANN in an unprecedented alignment of global thought-leaders and cybercrime responders.

“We witness in this fall’s conference an even deeper coordination of cybercrime investigators and managers, infrastructure management authorities, pioneering researchers from industry, academia and government, all finding common purpose in bringing cybercrime under control as a predictable, and manageable, threat.”

APWG Secretary General Peter Cassidy said, “We witness in this fall’s conference an even deeper coordination of cybercrime investigators and managers, infrastructure management authorities, pioneering researchers from industry, academia and government, all finding common purpose in bringing cybercrime under control as a predictable, and manageable, threat.”

The conference week programming will include the APWG’s own Members Meeting on Oct. 22 covering trends in cybercrime and remedial approaches for countering them; the eCrime Researchers Summit (eCRS) on Oct 23 and 24 to present the latest in university and industry-based research in cybercrime forensics and containment; and participants in ICANN’s DNS Security, Stability and Resiliency Symposium on October 25 will consider DNS abuse and other operational matters.

“Domain Name System Security is an important component in the ecrime toolkit,” said Dave Piscitello, Senior Security Technologist at ICANN. “eCrime 2012 offers a unique opportunity to bring security, law enforcement, and DNS operations communities together to consider how to improve detection of and mitigate DNS abuse.”

Presentations for the General Members Meeting and eCrime Researchers Summit will come from APWG members, experts from industry, government, law enforcement and academic and industrial research centers. eCRS presenters come largely from academic institutions, thought the review panel is a mix of cybercrime experts from industry, academia and the NGO sector. eCRS covers technology, forensic approaches as well as behavioural and sociological aspects in its research purview.

The working agenda for the four full days of conference week programming is here: apwg.org/events/2012_ecrime.html#agenda

The APWG IEEE eCrime Fighter Scholarship Program will help subsidize the travel of researchers whose papers have been accepted by the eCRS review committee. The top three scoring papers will be awarded cash prizes of $1500, $1000 and $500 respectively. Full paper and Research-in-Progress submissions are due August 10, 2012 and notifications will be announced on September 3. The eCRS CFP can be found here: www.ecrimeresearch.org/2012/cfp.html

About the APWG

The APWG, founded in 2003 as the Anti-Phishing Working Group, is the global industry, law enforcement, and government coalition focused on unifying the global response to electronic crime. Membership is open to qualified financial institutions, online retailers, ISPs and Telcos, the law enforcement community, solutions providers, multi-lateral treaty organizations, research centers, trade associations and government agencies. There are more than 2,000 companies, government agencies and NGOs participating in the APWG worldwide. The APWG’s www.apwg.org and education.apwg.org websites offer the public, industry and government agencies practical information about phishing and electronically mediated fraud as well as pointers to pragmatic technical solutions that provide immediate protection. The APWG is co-founder and co-manager of the Stop. Think. Connect. Messaging Convention, the global online safety public awareness collaborative www.stopthinkconnect.organd founder/curator of the eCrime Researchers Summit, the world’s only peer-reviewed conference dedicated exclusively to electronic crime studies www.ecrimeresearch.org.

Among APWG’s corporate sponsors are as follows: Afilias Ltd., AhnLab, AT&T, Avast!, AVG Technologies, BBN Technologies, Barracuda Networks, BillMeLater, Bkav, Booz Allen Hamilton, Blue Coat, BrandMail, BrandProtect, Bsecure Technologies, Check Point Software Technologies, Comcast, CSIRTBANELCO, Cyber Defender, Cyveillance, Domain Tools, Easy Solutions, eBay/PayPal, eCert, EC Cert, ESET, EST Soft, Facebook, Fortinet, FraudWatch International, F-Secure, GlobalSign, GoDaddy, Google, GroupIB, Hauri, Hitachi Systems, Ltd., Huawei Symantec, ICANN, Iconix, IID, IronPort, ING Bank, Intuit, IT Matrix, Kindsight, LaCaixa, Lenos Software, MailShell, MarkMonitor, M86Security, McAfee, Melbourne IT, MessageLevel, Microsoft, MicroWorld, Mirapoint, MyPW, nProtect Online Security, Netcraft, Network Solutions, NeuStar, Nominet, Nominum, Public Interest Registry, Panda Software, Phishlabs, Phishme.com, Phorm, Planty.net, Prevx, Proofpoint, QinetiQ, Return Path, RSA Security, RuleSpace, SAIC (From Science to Solutions), SalesForce, SecureBrain, S21sec, SIDN, SoftForum, SoftLayer, SoftSecurity, SOPHOS, SunTrust, SurfControl, Symantec, Tagged, TDS Telecom, Telefonica, TransCreditBank, Trend Micro, Vasco, VeriSign, Websense Inc., Wombat Security Technologies, Yahoo!, zvelo and ZYNGA.

INTERPOL Wants to Join GAC And Cooperate With ICANN

ICANN logoFollowing a visit to INTERPOL’s General Secretariat headquarters by some of ICANN’s bosses, INTERPOL has expressed a desire for closer collaboration with ICANN and to be an observer on their Governmental Advisory Committee.

During the visit, ICANN President and CEO Rod Beckstrom and INTERPOL Secretary General Ronald K. Noble discussed closer collaboration on internet security was discussed with cyber-security, financial and high tech crime being top of the agenda as well as governance and enhancing common means for preventing and addressing internet crime.

Cybersecurity is an issue of growing importance with everything from the domain name system to vital infrastructure such as energy supplies threatened from cybercrime.

In the US, the White House has developed a cybersecurity guidelines with the goal of protecting much of the nation’s infrastructure.

Attending with Beckstrom was ICANN’s Vice President and Chief Security Officer, Jeff Moss, Vice President of Government Affairs Jamie Hedlund, and Alice Jansen of their Organisational Reviews unit.

“We seek the active engagement of law enforcement in our multi-stakeholder community where all parties are welcome. We recognise Interpol as an important international leader in this field,” said Mr. Beckstrom. “We are very pleased by its expression of interest in joining the ICANN Governmental Advisory Committee as an observer.”

With ICANN the global coordinator of domain names and Internet protocol addresses, and INTERPOL the world’s largest international police organisation, Secretary General Noble said: “Both organisations are international, both are politically neutral, and both are focused on the good of the world. Both also care about improving the security of the Internet for the future.”

“The Internet has no borders, and neither do the criminals who exploit it. As the Internet’s role in society continues to increase in scope and importance, it is vital for INTERPOL to help create bridges between the international law enforcement community it represents and ICANN in order to advance Internet security practices for the benefit to all,” added Secretary General Noble.

As part of efforts to enhance their cooperation, both organisations agreed during the visit that an INTERPOL delegation would attend ICANN’s international conference in Singapore next month, 20-24 June, when INTERPOL’s membership of the ICANN’s GAC as an international observer will be explored.

European Union Gets Serious on Cybercrime Including Right to Revoke Domain Names

The Council of the European Union has proposed the establishment of a European centre be established to combat cybercrime that would include the right to revoke domain names and IP addresses, according to a statement from a Council meeting on April 26.The Action Plan says it “considers that is of a paramount importance to propose actions which would specify how the main points of the concerted strategy to combat cybercrime should be implemented, both in the short and medium term.”The meeting statement proposed the European Commission draw up a feasibility study on the possibility of creating a centre that would deal with cybercrime including crime related to the invasion of privacy, financial cybercrime, unauthorized access for the purpose of sabotage, crime against intellectual property, attacks on networks and against information systems, on-line fraud, child pornography and spam, and trafficking in illicit substances.The meeting statement noted as one of those medium term actions “to adopt a common approach in the fight against cybercrime internationally, particularly in relation to the revocation of Domain Names and IP addresses. The Commission, in cooperation with the Member States and Europol, is invited to facilitate this objective.”Among short term plans the meeting statement noted it has to find out more about the perpetrators of cybercrime and their modus operandi, to share knowledge within the EU to better understand the problem.Among the medium term plans were to ratify the Council of Europe Cybercrime Convention, consider raising the standards of specialization of the police, judges, prosecutors and forensic staff to an appropriate level to carry out cybercrime investigations, to encourage information sharing among member states and to adopt a common approach in the fight against cybercrime internationally.The Council statement from the meeting is available from:
www.consilium.europa.eu/uedocs/cms_data/docs/pressdata/en/jha/114028.pdf