Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

Obávaný trojský kůň Emotet opět na scéně

Novinky.cz - bezpečnost - 22 Listopad, 2021 - 15:31
Na konci ledna se tým bezpečnostních expertů z několika různých států – v přední řadě s FBI a Europolem – pochlubil, že rozbil síť zotročených počítačů (tzv. botnet), jejímž prostřednictvím hackeři šířili trojského koně Emotet. Nyní se ale tento nezvaný návštěvník začal opět šířit internetem, jak varovali experti z kyberbezpečnostní společnosti Check Point.
Kategorie: Hacking & Security

New Golang-based Linux Malware Targeting eCommerce Websites

The Hacker News - 22 Listopad, 2021 - 13:10
Weaknesses in e-commerce portals are being exploited to deploy a Linux backdoor as well as a credit card skimmer that's capable of stealing payment information from compromised websites. "The attacker started with automated e-commerce attack probes, testing for dozens of weaknesses in common online store platforms," researchers from Sansec Threat Research said in an analysis. "After a day and a
Kategorie: Hacking & Security

Lead Microsoft Engineer Kevin Sheldrake Brings Sysmon to Linux>

LinuxSecurity.com - 22 Listopad, 2021 - 13:00
Thanks to Kevin Sheldrake, co-author of Sysmon for Linux from Microsoft for working with us on this article.Seven years after Microsoft Sysinternals released Sysmon '' a system monitoring tool for Windows that reports key system activity via the event log '' we were very proud to release the Linux version of the same tool at the Sysinternals @25 celebration event . (You can still catch up on the talks by clicking on the event link .)
Kategorie: Hacking & Security

Alma and Rocky Linux release 8.5 builds, Rocky catches up with secure boot>

LinuxSecurity.com - 22 Listopad, 2021 - 13:00
CentOS 8.5 is available - but with only 6 weeks before end of life. Luckily, AlmaLinux and Rocky Linux, both of which provide community builds of Red Hat Enterprise Linux (RHEL), have released builds matching RHEL 8.5, with Rocky's work catching up with Alma by being signed for secure boot.
Kategorie: Hacking & Security

Facebook Postpones Plans for E2E Encryption in Messenger, Instagram Until 2023

The Hacker News - 22 Listopad, 2021 - 12:32
Meta, the parent company of Facebook, Instagram, and WhatsApp, disclosed that it doesn't intend to roll out default end-to-end encryption (E2EE) across all its messaging services until 2023, pushing its original plans by at least a year. "We're taking our time to get this right and we don't plan to finish the global rollout of end-to-end encryption by default across all our messaging services
Kategorie: Hacking & Security

Black Friday 2021: How to Have a Scam-Free Shopping Day

Kaspersky Securelist - 22 Listopad, 2021 - 11:00

Fact 1: cybercriminals love to exploit big holidays for personal gain. Case in point: we’re already seeing scams targeting World Cup fans more than a year out from the event. Fact 2: the retail sector, particularly e-commerce, has always been popular with cybercriminals. In Q3 2021, online stores were in second place by share of recorded phishing attacks (20.63%). Taken together, both facts mean that Black Friday is a big day not only for shoppers, but for cybercriminals too.

It is important to be aware of the potential threats out there while shopping online. That’s why we constantly monitor the landscape of shopping-related threats and release a report tracking the latest criminal activity targeting online shoppers. Here’s what we found this year.

Methodology

In this research, we analyzed various types of threats: financial malware associated with major online shopping platforms as well as phishing pages and fake websites mimicking the world’s biggest retail platforms.

The data came from Kaspersky Security Network (KSN), a system for processing anonymized cyberthreat-related data shared voluntarily by Kaspersky users. We analyzed the detections related to various online shopping platforms between January and September 2021; and the period from January to October 2021 for financial phishing.

Furthermore, we analyzed financial malware associated with major e-commerce platforms detected during the period from January 2020 to November 2021.

In this report, we analyze data related to the world’s five most visited retail platforms: Walmart, eBay, Amazon, Alibaba and Mercado Libre.

Key findings:

  • During the first 10 months of 2021, Kaspersky products detected 40 584 415 phishing attacks targeting e-commerce and e-shopping platforms, as well as banking institutions.
  • The total number of financial phishing attempts targeting e-payment systems more than doubled from September 2021 (627,560) to October 2021 (1,935,905), showing a 208% increase.
  • Amazon was consistently the most popular lure used by cybercriminals to launch phishing attacks. The second most popular was, for most of 2021, eBay, followed by Alibaba and Mercado Libre.
  • The number of financial malware infection attempts dropped by half from 20.5 million in 2020 to 10 million in 2021.
  • In 2021, 11 malware families were actively targeting online shoppers. More than 50% of malicious activity this year belongs to Zbot.
  • From January 2020 through October 2021, the most targeted e-commerce platforms were in e-shopping (eBay, Alibaba, etc.) and entertainment (eg. streaming services, online games) with 30.61% of attacks.
Phishing Threats by the Numbers

Our researchers also took a closer look at financial phishing, which is typically separated into three categories. The first is phishing mimicking e-shops, such as analyzed retail platforms or any online stores; the second type involves banking phishing (i.e. fake banking websites) and the third involves pages mimicking well-known e-payment systems, such as PayPal, Visa, MasterCard and American Express.

Number of financial phishing attempts for banking, e-payment and e-shopping platforms in 2021 (download)

Overall, for the first 10 months of 2021, Kaspersky products detected 40 584 415 attacks targeting e-commerce and e-shopping platforms, as well as banking institutions.

2020 was the year everything went online, meaning in-person shopping wasn’t an option. In 2021, the world economy began to open back up and stores quickly rebounded. For example, during the first 10 months of 2021, in-person visits to offline stores, restaurants and entertainment locations increased by 44% in the U.S. This aligns with the fact that, in 2021, Kaspersky researchers didn’t observe the typical seasonal trends of a summer decline in online shopping-related phishing and an autumn rise. Instead, the number of financial phishing attempts continued to decline. Of course, in many cases, lockdowns didn’t end until the spring and summer months, which could suggest that people were eager to get back to shopping in-person.

However, there is one notable exception. In 2021, the total number of financial phishing attempts targeting e-payment systems more than doubled from September (627,560) to October (1,935,905) — a 208% increase. Right now, e-payment is experiencing tremendous growth with an expected global valuation of 6.6 trillion dollars in 2021; this represents a 40% increase in just two years. Not surprising, then, that scammers would attempt to profit from this trend, especially as people prepare for holiday shopping.

What platforms are most popular as phishing bait when it comes to online shopping? To find out, our researchers examined the total number of phishing attacks using Amazon, Alibaba, eBay, Walmart or Mercado Libre as a lure for the first nine months of 2021.

Number of phishing attempts using shopping platforms as a lure in 2021 (download)

Amazon was consistently the most popular lure, with phishing attempts using its name peaking in January at 289,828. January is typically a very popular shopping month as the sales period starts in many countries and people spend the money they received over the holidays. The second most popular lure was, for most of 2021, eBay, followed by Alibaba and Mercado Libre. For both Mercado Libre and eBay, the greatest number of phishing attempts using these platforms as a lure was recorded in January as well. However, there was also an overall seasonal trend observed: the total number of phishing attacks exploiting the names of these five platforms were on the decline in the summer but began an upward trend in the fall as the shopping season began to kick into high gear. In fact, the number of attempts to lure users with the name Alibaba nearly doubled from August to September — from 24,051 to 45,496.

Phishing for data

Phishing is one of the oldest tricks in the book, precisely because it’s easy and often successful — particularly when users are in a rush to benefit from a deal that sounds too good to be true. As the fall shopping season approaches, as well as Black Friday, cybercriminals have been looking to fake websites to phish for users’ credentials — from Alibaba to Amazon. The good news is they’ve been using well-known schemes, meaning users can stay safe if they’re aware of the most frequently used tricks.

One of the most common scams is to create a fake website offering great deals for popular shopping portals. Kaspersky researchers uncovered such phishing pages for Walmart, eBay, Amazon, Alibaba and Mercado Libre in various languages. In the example below, the user can supposedly earn a special prize for completing a four-question survey. In fact, users end up giving away their personal data for free. That’s because these surveys often have a long registration form that requires users to fill in their identifying information and, sometimes, bank card details. They’re often asked to then send the link to several friends — so that the scammers can reach more potential victims.

Phishing scam urging users to fill out a quick survey for a fake promotion

Other times, scammers create fake login pages. If users attempt to sign into their account, the scammers gain their login information, giving access not only to the victims’ accounts, but to all financial information stored there. These pages might look almost identical to the real platforms’ login pages, with only the misspelled URL giving away the fake.

eBay phishing page in German

Scammers don’t just focus on shopping platforms — they also target potential customers of popular offline stores, faking their online shopping pages.

The example above shows a phishing page for the popular jeweler Pandora that appears to offer great deals on popular items. Users are offered to buy jewelry at a cheaper price — needless to say, they never receive the order or get a cheap fake pair of earrings.

There is a variety of ways users can encounter these phishing pages. One of the most common is through phishing e-mails.

The example above shows an e-mail sent to a user warning that their account has been locked after a third party tried to access it. The sender gives the user only 24 hours to follow the link in the email and verify their information, or the account will be permanently locked. Of course, if the user clicks on the link, they would most likely be directed to a phishing page that would ask for identifying information and/or a malicious page that downloads malware. E-mails like this often feed on emotions — either scaring users (such as in the example above) or promising them an amazing deal that ends soon.

There also has been a rise in the number of spam letters detected by Kaspersky products. An active spread of spam emails with 221 745 emails containing the words ‘Black Friday’ was spotted during the month amid the sales season, from October 27 to November 19.

Banking Trojans and e-commerce platforms

Cybercriminals do not limit their malicious activity to spreading shopping-related phishing scams. Banking Trojans are traditional tools for stealing access credentials to online banking or payment system accounts. Some banking Trojan families have evolved and developed their functionality, launching new variants and extending their range. Today, most of them are able to perform transactions, download other malware and more. And some of them target not only people using online banking, but online customers of certain stores.

After two years of rather stable indicators in the number of attacks in 2019 and 2020, we observe a rapid decrease in 2021. In fact, the number of Banking Trojan infection attempts dropped by half from 20.5 million in 2020 to 10 million in 2021.

Overall number of attacks by banking Trojans, 2019-2021 (download)

In 2021, we found 11 families of financial malware targeting not only online banking users, but also online store users worldwide. More than 50% of malicious activity this year belongs to the Zbot family, which aims to steal users’ credentials for online stores and retail platforms. The other Top 5 most active financial malware families are: Qbot (13.9%), Anubis (13.4%), Trickbot (11.6%) and Neurevt (4.8%).

As mentioned above, the five banking Trojan families we focus on target e-commerce brands so as to track down users’ credentials, namely, login details, passwords, bank card numbers or phone numbers.

Once the victim opens one of the targeted e-commerce websites, the Trojan activates its form-grabbing functionality and saves all the data the user inputs on the website. On an e-commerce website, this often includes login banking details, card number, expiration date and CVV.

From January 2020 through October 2021, the most targeted e-commerce platforms were in e-shopping (eBay, Alibaba, etc.) and entertainment (e.g. streaming services, online games) with 30.61% of attacks. We can assume that fraudsters exploited the increased demand for in-home entertainment and shopping for their own malicious purposes.

The second most targeted category is telecom with 20.4% of targeted platforms.

Proportion of e-commerce categories targeted by malware, January 2020 through November 2021 (download)

Those five banking Trojan families did not target a particular region. Instead, they distributed their malicious activity all over the globe, mostly targeting victims in Russia, China, Italy and Brazil.

Geography of countries and territories affected by banking Trojans, Jan 2021 – Oct 2021 (download)

Conclusion

Most shoppers love great deals — and so, too, do cybercriminals. That’s not going to change, which means scammers will continue trying to profit off online shoppers. And they’ll continue trying to exploit popular shopping periods. Fortunately, over the past year, scammers have stuck to traditional tools and scams — from phishing pages offering big savings and rewards to tried-and-tested banking Trojans. This means users know what to be on the lookout for. However, as new e-commerce platforms arise, which most likely will become popular and easy targets, it’s important to stay vigilant.

To enjoy the best Black Friday has to offer this year, be sure to follow a few safety recommendations.

  • Use a reliable security solution, such as Kaspersky Security Cloud, that identifies malicious attachments and blocks phishing sites — on both your computer and mobile device.
  • Do not open attachments or click on links in emails from banks, e-payment apps or shopping portals, particularly if the sender insists. It is better to go to the official website directly and log in to your account from there.
  • Double-check the format of the URL or the spelling of the company name, as well as read reviews and check the domain’s registration data before filling out any information.
  • Be wary of any deals that seem too good to be true. They typically are.
  • In order to protect your data and finance, it is safe practice to make sure the online checkout and payment page is secure. You’ll know it is if the web page’s URL begins with HTTPS instead of the usual HTTP; a padlock icon typically appears beside the URL, and the address bar in some browsers is green. If you don’t see this, do not proceed.
  • Make sure all of your software is up to date — update your operating system and software applications (attackers exploit loopholes in widely used programs to gain entry).
  • Make sure you’re on a secure network — logging on to the public Wi-Fi at the local coffee shop makes it far easier for attackers to access your online activity. It’s also better and safer to do online shopping on your own computer or device to avoid the possible risks of using someone else’s.
  • Despite taking as many precautions as possible, you probably won’t know something is amiss until you see your bank or credit card statement. So, if you’re still getting paper statements, don’t wait until they hit your mailbox. Log online to see if all of the charges look legitimate – if not, contact your bank or credit card immediately to fix the situation.

U.S. Charged 2 Iranian Hackers for Threatening Voters During 2020 Presidential Election

The Hacker News - 22 Listopad, 2021 - 08:14
The U.S. government on Thursday unsealed an indictment that accused two Iranian nationals of their involvement in cyber-enabled disinformation and threat campaign orchestrated to interfere in the 2020 presidential elections by gaining access to confidential voter information from at least one state election website. The two defendants in question — Seyyed Mohammad Hosein Musa Kazemi, 24, and
Kategorie: Hacking & Security

U.S., U.K. and Australia Warn of Iranian Hackers Exploiting Microsoft, Fortinet Flaws

The Hacker News - 22 Listopad, 2021 - 08:14
Cybersecurity agencies from Australia, the U.K., and the U.S. on Wednesday released a joint advisory warning of active exploitation of Fortinet and Microsoft Exchange ProxyShell vulnerabilities by Iranian state-sponsored actors to gain initial access to vulnerable systems for follow-on activities, including data exfiltration and ransomware. The threat actor is believed to have leveraged multiple
Kategorie: Hacking & Security

Facebook Bans Pakistani and Syrian Hacker Groups for Abusing its Platform

The Hacker News - 22 Listopad, 2021 - 08:13
Meta, the company formerly known as Facebook, announced Tuesday that it took action against four separate malicious cyber groups from Pakistan and Syria who were found targeting people in Afghanistan, as well as journalists, humanitarian organizations, and anti-regime military forces in the West Asian country. The Pakistani threat actor, dubbed SideCopy, is said to have used the platform to
Kategorie: Hacking & Security

11 Malicious PyPI Python Libraries Caught Stealing Discord Tokens and Installing Shells

The Hacker News - 22 Listopad, 2021 - 08:12
Cybersecurity researchers have uncovered as many as 11 malicious Python packages that have been cumulatively downloaded more than 41,000 times from the Python Package Index (PyPI) repository, and could be exploited to steal Discord access tokens, passwords, and even stage dependency confusion attacks. The Python packages have since been removed from the repository following responsible
Kategorie: Hacking & Security

North Korean Hackers Found Behind a Range of Credential Theft Campaigns

The Hacker News - 22 Listopad, 2021 - 08:12
A threat actor with ties to North Korea has been linked to a prolific wave of credential theft campaigns targeting research, education, government, media and other organizations, with two of the attacks also attempting to distribute malware that could be used for intelligence gathering. Enterprise security firm Proofpoint attributed the infiltrations to a group it tracks as TA406, and by the
Kategorie: Hacking & Security

Fake news ohrožují děti i dospělé. Jak zjistit, co je pravda a co ne, radí ředitel Avastu Ondřej Vlček

Zive.cz - bezpečnost - 20 Listopad, 2021 - 20:15
I ředitel globální bezpečnostní firmy pravidelně vysvětluje svým dětem, proč nemůžou být na telefonu nebo tabletu o hodinku déle a proč není svět na sítích stejný jako realita venku.
Kategorie: Hacking & Security

RedCurl Corporate Espionage Hackers Return With Updated Hacking Tools

The Hacker News - 20 Listopad, 2021 - 16:54
A corporate cyber-espionage hacker group has resurfaced after a seven-month hiatus with new intrusions targeting four companies this year, including one of the largest wholesale stores in Russia, while simultaneously making tactical improvements to its toolset in an attempt to thwart analysis. "In every attack, the threat actor demonstrates extensive red teaming skills and the ability to bypass
Kategorie: Hacking & Security

Experts Expose Secrets of Conti Ransomware Group That Made 25 Million from Victims

The Hacker News - 20 Listopad, 2021 - 16:13
The clearnet and dark web payment portals operated by the Conti ransomware group have gone down in what appears to be an attempt to shift to new infrastructure after details about the gang's inner workings and its members were made public. According to MalwareHunterTeam, "while both the clearweb and Tor domains of the leak site of the Conti ransomware gang is online and working, both their
Kategorie: Hacking & Security

Ransomware útočí na weby s redakčním systémem WordPress a požaduje výkupné

Zive.cz - bezpečnost - 20 Listopad, 2021 - 08:45
Koncem minulého týdne proběhla nová vlna útoků, během které bylo napadeno více než 300 webů běžících na redakčním systému WordPress. Na postižených stránkách se místo obsahu zobrazoval text požadující zaplacení výkupného ve výši 0,1 bitcoinu, tj. asi 130 tisíc korun. O podrobnostech informuje ...
Kategorie: Hacking & Security

Iranians Charged in Cyberattacks Against U.S. 2020 Election

Threatpost - 19 Listopad, 2021 - 20:49
The State Department has offered a $10M reward for tips on the two Iran-based threat actors accused of voter intimidation and disinformation.
Kategorie: Hacking & Security

6M Sky Routers Left Exposed to Attack for Nearly 1.5 Years

Threatpost - 19 Listopad, 2021 - 18:39
Pen Test Partners didn't disclose the vulnerability after 90 days because it knew ISPs were struggling with a pandemic-increased network load as work from home became the new norm.
Kategorie: Hacking & Security

California Pizza Kitchen Serves Up Employee SSNs in Data Breach

Threatpost - 19 Listopad, 2021 - 14:31
A hefty slice of data – that of 100K+ current and former employees – was spilled in an “external system breach,” the pizza chain said. 
Kategorie: Hacking & Security

Hackers deploy Linux malware, web skimmer on eCommerce servers>

LinuxSecurity.com - 19 Listopad, 2021 - 13:00
Attackers are deploying a Linux backdoor on compromised e-commerce servers after injecting a credit card skimmer into online shops' websites.
Kategorie: Hacking & Security

FBI Issues Flash Alert on Actively Exploited FatPipe VPN Zero-Day Bug

The Hacker News - 19 Listopad, 2021 - 10:27
The U.S. Federal Bureau of Investigation (FBI) has disclosed that an unidentified threat actor has been exploiting a previously unknown weakness in the FatPipe MPVPN networking devices at least since May 2021 to obtain an initial foothold and maintain persistent access into vulnerable networks, making it the latest company to join the likes of Cisco, Fortinet, Citrix, Pulse Secure that have had
Kategorie: Hacking & Security
Syndikovat obsah