Viry a Červi

Gadget maker accused of 'corporate voyeurism' by gathering up footage against your wishes

A lawsuit filed against eufy security cam maker Anker Tech claims the biz assigns "unique identifiers" to the faces of any person who walks in front of its devices – and then stores that data in the cloud, "essentially logging the locations of unsuspecting individuals" when they stroll past.…

This one has it all: Donald Trump’s inner circle, a Beijing bot backlash, conspiracy theories, and more

Meet the newest member of the crypto rogues' gallery: Ho Wan Kwok, aka Guo Wengui, aka Miles Guo, whom the US Department of Justice on Wednesday arrested over what investigators have described as a "sprawling and complex scheme … to solicit investments in various entities and programs through false statements and representations to hundreds of thousands of Kwok's online followers."…

Looks to be the same baddies attacking VMware hypervisors last year

Suspected Chinese spies have exploited a critical Fortinet bug, and used custom networking malware to steal credentials and maintain network access, according to Mandiant security researchers.…

SBF alone pocketed $2.2B, or so this bankruptcy paperwork goes

In fresh filings in the FTX bankruptcy case, the cryptocurrency-exchange-slash-hedge-fund's liquidators say they've uncovered $3.2 billion (£2.6b) in payments and loans made to disgraced FTX founder Sam Bankman-Fried and his inner circle. …

Kaspersky cracks the code, so get busy before the next update comes

Good news for ransomware victims: Kaspersky security researchers say they've cracked the Conti ransomware code and released a decryptor tool after uncovering leaked data belonging to the notorious Russian crime group.…

Worried about rogue apps? Unsure about the new Outlook zero-day? Clear advice in plain English... just like old times, with Duck and Chet!

Gov staff using it on personal mobes just fine... it's not like ministers use WhatsApp etc for business ... oh wait

The United Kingdom government has banned use of Chinese social media platform TikTok among ministers and officials on their work devices as a “precautionary” measure over worries the app is used to snoop on Brits.…

Why patching matters: Everyone seemingly had a crack at security bug

Multiple criminals, including at least potentially one nation-state group, broke into a US federal government agency's Microsoft Internet Information Services web server by exploiting a critical three-year-old Telerik bug to achieve remote code execution.…

Victim offered two years of credit monitoring after highly sensitive records dumped online

A cancer patient whose nude medical photos and records were posted online after they were stolen by a ransomware gang, has sued her healthcare provider for allowing the "preventable" and "seriously damaging" leak.…

An email you haven't even looked at yet could be used to trick Outlook into helping crooks to logon as you.

Teen arrested yesterday while another man suspected of being a ViLE crime group member still 'at large'

A 19-year-old suspected of belonging to the "ViLE" crime group told a man authorities think is in the same gang that he "jacked into a police officer's account" and "the portal had some fucking potent tools" according to a complaint unsealed today in the Eastern District of New York.…

Download the full version of the report (PDF)

Hundreds of deals are struck on the dark web every day: cybercriminals buy and sell data, provide illegal services to one another, hire other individuals to work as “employees” with their groups, and so on. Large sums of money are often on the table. To protect themselves from significant losses, cybercriminals use regulatory mechanisms, such as escrow services (aka middlemen, intermediaries, or guarantors), and arbitration. Escrow services control the fulfillment of agreements and reduce the risks of fraud in nearly every type of deal; arbiters act as a kind of court of law for cases where one of the parties of the deal tries to deceive the other(s). The administrators of the dark web sites, in turn, enforce arbiters’ decisions and apply penalties to punish cheaters. Most often, these measures consist in blocking, banning, or adding to “fraudster” lists available to any member of community.

Our research

We have studied publications on the dark web about deals involving escrow services for the period from January 2020 through December 2022. The sample includes messages from international forums and marketplaces on the dark web, as well as from publicly available Telegram channels used by cybercriminals. The total number of messages mentioning the use of an escrow agent in one way or another amounted to more than one million, of which almost 313,000 messages were published in 2022.

Dynamics of the number of messages on shadow sites mentioning escrow services in 2022. Source: Kaspersky Digital Footprint Intelligence (download)

We also found and analyzed the rules of operating escrow services on more than ten popular dark web sites. We found that the rules and procedures for conducting transactions protected by escrow on various shadow platforms were almost the same, and the typical transaction pattern that involved escrow services was as follows.

Besides the posts relating to escrow services, we analyzed those relating to arbitration and dispute settlement. We found that the format for arbitration appeals was also standardized. It usually included information about the parties, the value of the deal, a brief description of the situation, and the claimant’s expectations. In addition, parties sent their evidence privately to the appointed arbiter.

What we learned about dark web deal regulation

• About half of the messages that mention the use of an escrow agent in one way or another in 2022 were posted on a platform specializing in cashing out and associated services.
• Cybercriminals resort to escrow services—provided by escrow agents, intermediaries who are not interested in the outcome of the deal—not just for one-time deals, but also when looking for long-term partners or hiring “employees”.
• These days, dark web forums create automated escrow systems to speed up and simplify relatively typical deals between cybercriminals.
• Any party may sabotage the deal: the seller, the buyer, the escrow agent, and even third parties using fake accounts to impersonate official representatives of popular dark web sites or escrow agents.
• The main motivation for complying with an agreement and playing fair is the party’s reputation in the cybercriminal community.
• A deal may involve up to five parties: the seller, the buyer, the escrow agent, the arbiter, and the administrators of the dark web site. Moreover, further arbiters may be involved if a party is not satisfied with the appointed arbiter’s decision and tries to appeal to another.

The reasons to learn how business works on the dark web

Understanding how the dark web community operates, how cybercriminals interact with one another, what kinds of deals there are, how they are made, and what roles exist in them, is important when searching for information on the dark web and subsequently analyzing the data to identify possible threats to companies, government agencies, or certain groups of people. It helps information security experts find information faster and more efficiently without revealing themselves.

Today, regular monitoring of the dark web for various cyberthreats — both attacks in the planning stages and incidents that have already occurred, such as compromise of corporate networks or leakage of confidential documents, is essential for countering threats in time, and mitigating the consequences of fraudulent or malicious activities. As the saying goes, forewarned is forearmed.

Business on the dark web: deals and regulatory mechanisms — download the full version of the report (English, PDF)

Phishing, dodgy domain names, and sophisticated attacks already deployed

The collapse of Silicon Valley Bank (SVB) late last week sent tremors through the global financial system, creating opportunities for short-sellers – and numerous species of scammer.…

Outgoing president alleges Beijing is systematically bullying strategically located island paradise

The outgoing president of the Federated States of Micronesia (FSM), David Panuelo, penned a lengthy letter last week accusing Beijing of rampant bribery, spying and other tactics – including an attempt to take control of the nation's submarine cables and telecoms infrastructure.…

Plus: Fixes for SAP, Adobe. Android, Chrome

Patch Tuesday  Microsoft's March Patch Tuesday includes new fixes for 74 bugs, two of which are already being actively exploited, and nine that are rated critical. Let's start with the two that miscreants found before Redmond issued a fix.…

In the game of cricket, 111 is an inauspicious number, but for Firefox, there doesn't seem to be much to worry about this month.

Not-so-smart SmartScreen flagged up by Googlers

Criminals are exploiting a Microsoft SmartScreen bug to deliver Magniber ransomware, potentially infecting hundreds of thousands of devices, without raising any security red flags, according to Google's Threat Analysis Group (TAG).…

A threat that needs two orgs to tackle it: the 'Integrated Security Fund' and the 'National Protective Security Authority'

Britain's domestic intelligence service MI5 will oversee a new agency tasked with helping organizations combat Chinese cyber-spies and other threats.…

And also, Ring hit with ransomware, too? No, says Amazon

Ransomware gang Lockbit has boasted it broke into Maximum Industries, which makes parts for SpaceX, and stole 3,000 proprietary schematics developed by Elon Musk's rocketeers.…

Names, addresses, SSNs all up for grabs

Medical device and software maker Zoll Medical says the personal and health information of more than a million people, including patients and employees, may have been stolen by crooks in January.…