Tag Archives: cybercrime

Spot the scam, stop the scammers by Vint Cerf

According to the Federal Trade Commission (FTC), people reported $1.9 billion lost to scams in 2019. Every minute, more than $3,600 disappeared from wallets and bank accounts in response to made-up stories of urgently overdue tax payments, bogus contest winnings, or a smooth-talking online suitor who suddenly needs some gift cards. A high-pressure phone call or exciting message can overcome many people’s judgment, especially if they are caught at a vulnerable moment.

Continue reading Spot the scam, stop the scammers by Vint Cerf

Trend Micro Research Finds Trust Lacking Within the Cybercriminal Underground

Trend Micro Incorporated, a global leader in cybersecurity solutions, today released new data on cybercriminal operations and patterns for buying and selling goods and services in the underground. Trust has eroded among criminal interactions, causing a switch to e-commerce platforms and communication using Discord, which both increase user anonymization.

Continue reading Trend Micro Research Finds Trust Lacking Within the Cybercriminal Underground

Positive Technologies: darkweb market is packed with offers to purchase access to corporate networks

Positive Technologies experts have analysed illegal marketplaces on the dark web and found a flood of interest in accessing corporate networks. In Q1 2020, the number of postings advertising access to these networks increased by 69 percent compared to the previous quarter. This may pose a significant risk to corporate infrastructure, especially now that many employees are working remotely. “Access for sale” on the darkweb is a generic term, referring to software, exploits, credentials, or anything else that allows illicitly controlling one or more remote computers.

Continue reading Positive Technologies: darkweb market is packed with offers to purchase access to corporate networks

Verizon Data Breach Report: DoS Skyrockets, Espionage Dips

ThreatPost logo

Denial-of-service (DoS) attacks have spiked over the past year, while cyber-espionage campaigns have spiraled downwards. That’s according to Verizon’s 2020 Data Breach Investigations Report (DBIR) released Tuesday, which analyzed 32,002 security incidents and 3,950 data breaches across 16 industry verticals.

Continue reading Verizon Data Breach Report: DoS Skyrockets, Espionage Dips

Dark web scammers exploit Covid-19 fear and doubt

“They’re exploiting the fear, uncertainty and doubt people are experiencing during the pandemic, and using the anxiety and desperation to get people to buy things or click on things they wouldn’t have otherwise,” says Morgan Wright, a former senior adviser to the US Department of State anti-terrorism assistance programme.

Continue reading Dark web scammers exploit Covid-19 fear and doubt

17,000 Coronavirus-Related Domains Registered In First 2 Weeks Of April; 23% Malicious Or Suspicious: Check Point

There have been 68,000 coronavirus-related domains registered since the beginning of the Coronavirus outbreak in January 2020 with an escalation in the number of coronavirus-related domains being registered since mid-February according to Check Point Research. In the past two weeks (since 2 April), there have been almost 17,000 new coronavirus-related domains had been registered (16,989 to be exact) with 2% found to be malicious and another 21% suspicious.

And with the pandemic now reaching almost every corner of the globe, many governments have announced economic stimulus packages, and as Check Point Research note on their recent glob post, “where there’s money, there will also be criminal activity. Hackers and threat actors want to cash in on the rush to get these vital payments and fill their own pockets at the expense of others. To do this, they are evolving the scam and phishing techniques that they have been using successfully since the start of the pandemic in January. Google recently reported that in just one week from 6 to 13 April, it saw more than 18 million daily malware and phishing emails related to Covid-19 scams – and that’s in addition to the 240 million daily spam messages it sees related to coronavirus.”

To take advantage of these stimulus packages, Check Point Research found 4,305 domains relating to new stimulus/relief packages have been registered since January with a total of 2081 new domains registered (38 malicious; 583 suspicious) in March and 473 (18 malicious, 73 suspicious) in the first week of April.

Check Point Research also observed a major increase in the week starting 16 March “during which the American government proposed the stimulus package to taxpayers. The number of new domains registered that week was 3.5 times higher compared to the average of previous weeks.”

“These scam websites use the news of the coronavirus (Covid-19) financial incentives, and fears about Coronavirus to try and trick people into using the websites or clicking on links. Users that visit these malicious domains instead of the official Government websites risk having their personal information stolen and exposed, or payment theft and fraud.”

Check Point Research has also observed a rise in “scam websites that use the news of the coronavirus (Covid-19) financial incentives, and fears about Coronavirus to try and trick people into using the websites or clicking on links. Users that visit these malicious domains instead of the official Government websites risk having their personal information stolen and exposed, or payment theft and fraud.”

For more information, or to see the Check Point Research blog post in full, go to: https://blog.checkpoint.com/2020/04/20/coronavirus-update-as-economic-stimulus-payments-start-to-flow-cyber-attackers-want-to-get-their-share-too/

DK Hostmaster Wins Global Award For Efforts Combating Cybercrime

The Alliance for Safe Online Pharmacies (ASOP Global) presented its annual Internet Pharmacy Safety E-Commerce Leadership Award to .DK Hostmaster, which was announced at ICANN63 Tuesday.

DK Hostmaster, the Danish country code top level domain (ccTLD) manager, won the award based on their commitment to ensuring citizen safety by maintaining transparent WHOIS data, proactively enforcing identity accuracy policies to increase consumer trust and safety online.

DK Hostmaster has increased identity checks for Danish and foreign customers and deleted over 3,000 domain names of suspected fake stores since November 2017. In addition, DK Hostmaster supports an open WHOIS, which is helping to create transparency so it continuously is possible to see who is behind a .dk domain name.

“ASOP Global is pleased to recognise DK Hostmaster for their outstanding efforts to prevent the illegal use of domain names for online drug sales and rapidly responding to any complaints,” said Libby Baney, Principal at Faegre Baker Daniels Consulting and senior advisor to ASOP Global.

ASOP Global is a 501(c)(4) non-profit organisation headquartered in Washington, D.C. with activities in the U.S., Canada, Europe, India, Latin America and Asia. It’s dedicated to protecting consumers around the world, ensuring safe access to medications, and combating illegal online drug sellers.

“DK Hostmaster is honoured to receive this award for our continued efforts to ensure a safe and trustworthy .dk zone through transparency and focus on ensuring the identity of the owners of a .dk domain name” said DK Hostmaster CEO, Jakob Truelsen.

“DK Hostmaster’s policy to keep WHOIS data open and transparent creates a more secure, trustworthy environment in the .dk namespace,” Baney commented. As a member of the Coalition for a Secure and Transparent Internet, ASOP Global further commends DK Hostmaster for their policy on transparent WHOIS and encourages other registries and registrars to follow thier lead.

“Transparency has shown to be an effective tool to prevent abuse. Sunlight has proven to an effective disinfectant” said DK Hostmaster CEO, Jakob Truelsen.

Nominations for ASOP Global’s third Internet Pharmacy E-Commerce Safety Award are now open. Award recipients will be announced during ICANN66 in November 2019 in Montreal, Canada.

EURid and IACC Team Up to Fight Cybercrime in .EU and .ЕЮ

EURid and the International Anti-Counterfeiting Coalition (IACC) have announced plans to work together to fight cybercrime in the .eu and .ею domain name space. The collaboration aims to help clear the registration database from fraudulent domain names and to establish a more secure domain space for Internet users.

The scope of this collaboration is based on the exchange of knowledge and support pertaining to cybercrime, specifically counterfeiting and piracy, in the .eu and .еюdomain name space. It entails engaging in joint efforts, exchanging statistical data and trends pertaining to cybercrime, and committing to cooperate on projects designed to address the issue.

Over the last 3 years, EURid, the .eu and .ею registry, has strengthened its efforts in cleaning up its registration database from fraudulent activity to increase trust and security in the .eu and .ею domain name space, resulting in the suspension of more than 70,000 domain names.

“Overall, cybercrime rates worldwide have been climbing over the past few years. It’s imperative that we continue to monitor and identify abusive registrations and alleged illegal activity happening within the .eu and .еюspace and take action in a timely manner. We increase our efforts in combatting illegal activity online and hopefully influence others to do the same,” said Geo Van Langenhove, EURid’s Legal Manager.

For the IACC, a Washington, DC-based not for profit organisation representing the interests of companies concerned with trademark counterfeiting and the related theft of intellectual property, this MOU marks the first time that the organisation has collaborated with a registry, underscoring its mission to combat online counterfeiting and piracy through strategic partnerships with intermediaries in all industries.

“Online counterfeiting has grown in scale, threatening Internet users’ safety and overall experience on the web. With the IACC’s expertise in anti-counterfeiting and EURid’s oversight of the .eu and .eio domain spaces, this partnership is a positive step toward ridding the Internet of counterfeiters and establishing a trusted online environment for all,” said Bob Barchiesi, IACC President.

The EURid – IACC MOU, solidified Tuesday through the signing of a Memorandum of Understanding at the EUROPOL IP Crime Conference in Budapest, Hungary, this marks an important step in the right direction to combating cybercrime, but the organisations’ efforts won’t stop there. EURid has been actively working with various law enforcement agencies such as the Belgian Federal Ministry of Economy and the Cybersquad team. The IACC continues to establish and promote its world-renowned online anti-counterfeiting programs, which were created in partnership with credit card companies and other major payment providers, as well as online marketplaces. The IACC also works closely with law enforcement agencies and organisations, including EUROPOL, by sharing resources and expertise. In addition to signing an MOU with EUROPOL in 2016, the IACC is also an organising partner to the EUROPOL IP Crime Conference.

DomainTools Find Cybercriminals Using Typos to Spoof Top UK charities

Cybercriminals are using fraudulent domains to lure unsuspecting members of the public towards spoofs of well-known UK charities, for malicious purposes, according to the results of a DomainTools investigation.

Following on from the National Cyber Security Centre’s warning that cybersecurity poses the most serious threat to UK charities, DomainTools selected ten well-known and popular charitable organizations in the UK to analyse, and found that every charity selected was being spoofed online by cybercriminals, who often used typos in order to dupe unsuspecting Internet users. The team analysed domains associated with Cancer Research, The National Trust, NSPCC, Oxfam, The Red Cross, Salvation Army, Wateraid, Save The Children and Unicef. In total, over 170 domains were deemed high-risk for phishing, malware and other forms of cybercrime. Some examples of fraudulent domains with risk scores of 100 – the highest possible score – include:

  • fundraisecancerresearch[.]org
  • nationltrust[.]org
  • nspcv[.]org
  • oxfamsol-mail[.]be
  • redcroas[.]com
  • salvationarmycapitalregion[.]org
  • svaethechildren[.]org
  • sheltern[.]com
  • unicefpro[.]org
  • vistwateraid[.]org.

“It remains incredibly easy for anyone to purchase an available domain,” said Tim Helming, director of product management at DomainTools. “This is part of what helps keep the Internet open and democratic, but it also helps cybercriminals exploit users. In this case the spoofing of charity websites has the added benefit of exploiting people’s wish to donate to these charities, making them a particularly lucrative target.”

Explaining the method by which these websites will be introduced to Internet users, Helming explained “these domains will often be directed towards people via email or SMS phishing campaigns, which hope to encourage users to click on seemingly legitimate looking links such as those included above, which in turn begins another cycle of cybercrime. Phishing can be used by criminals simply to gain credit card or banking information, or as a gateway to install malware on a device or network, which leads to even more serious crimes such as data breaches and or identity fraud.”

DomainTools offers top tips for consumers to avoid falling foul of a spoof website:

  • Watch out for domains that have the pattern com-[text] in them. We’re so accustomed to seeing .com that we can easily overlook the extra text that’s appended to it with a dash.
  • Look for typos on the website, coupon, or link that is directing you – for example, check for extra added letters in the domain, such as Yahooo[.]com.
  • Look out for ‘rn’ disguised as an ‘m’, such as modem.com versus modern.com.
  • Watch all website redirects by hovering over URLs to see where the link will take you.Realise that if something is too good to be true, it likely is.
  • Get into the habit of hovering your mouse over links, and then looking for a pop-up that shows what domain the link points to. Typo domains can often be exposed using this method. Chrome and Firefox both have this feature.