New Phishing scam aimed at Facebook users discovered
A new phishing scam targeting Facebook users has been discovered by security experts, with threat actors leveraging over 3,000 counterfeit profiles to pilfer account credentials.
Throughout February and March 2023, Group-IB researchers uncovered more than 3,200 fraudulent profiles, either hijacked or created by the cybercriminals orchestrating this operation. The scam has been conducted in over 20 languages, with the majority of profiles imitating Meta posting in English.
Security experts believe the primary objective of this campaign is to infiltrate the Facebook accounts of public figures, celebrities, businesses, and sports teams, among others. The aim is to obtain sensitive information and use it to breach additional accounts.
Technically, the cybercriminals behind this scheme predominantly employ phishing websites that mimic the Facebook login page, as well as session hijacking attacks designed to steal browser cookies.
The scammers impersonate Meta, Facebook's parent company, in their public posts and on over 220 phishing sites. They misuse Meta and Facebook's official logos on their social media profiles and phishing web pages to appear legitimate and gain users' trust. These fraudulent profiles, however, have no association with Facebook and are often promptly removed by the social media platform.
The scam highlights the risk posed by the frequent practice of using identical username and password combinations across multiple services.
Black Basta strikes again, this time against Canadian Yellow Pages Group
Ransomware group Black Basta has continued its campaign of double extortion and in the last week has published the data of the Canadian yellow pages.
The released data contains several sensitive documents and the breach has been confirmed by Yellow pages Canada, who in a statement confirmed they had performed an Incident Response investigation in order to assess the extent of the attacker's activity and secure systems moving forward. The group will also be moving to notify affected parties in compliance with data protection regulation.
Although this attack is likely devastating, Yellow Pages has shown maturity and resilience in its response to this attack and will likely greatly improve its future security posture as a result.
Google Ads used by ransomware gangs to spread Malware
Cyber security experts have recently revealed that the Bumblebee malware, specifically designed to target enterprises is being spread via Google Ads and SEO manipulation.
Initially detected in April 2022, Bumblebee is thought to be the brainchild of the Conti group, intended as a replacement for the notorious BazarLoader backdoor. The latter was primarily used to gain a foothold in networks and launch ransomware campaigns.
In September 2022, a new iteration of the Bumblebee malware loader was detected in the wild. As the trojanised software is aimed at corporate users, compromised devices are at risk of becoming the epicentre of future ransomware attacks.
Upon investigating a recent Bumblebee attack, cyber security researchers found that the threat actor capitalised on their access to the compromised system, manoeuvring laterally within the network just three hours after the initial breach.
A range of tools was deployed by the attackers and this extensive toolkit forms an attack profile indicative of the malware operators' intent to locate vulnerable network entry points, pivot to additional machines, extract data, and ultimately launch a ransomware attack.
Drop in Cyber Security Priority Among Organisations Linked to Rising External Business Pressures
According to the recently released Cyber Security Breaches Survey 2023, a lower proportion of organisations are prioritising cyber security this year. This shift in focus was attributed to changes in the external business environment, which are causing increased concerns for many companies.
Organisations across various sectors have reported facing higher costs and greater difficulties in financial planning due to inflation, increased energy prices, and uncertainty surrounding the economy. As a result, cyber security has seemingly taken a back seat among senior managers, who are now more preoccupied with these pressing issues.
Smaller businesses and charities appear to be most affected by this change in priorities. In these organisations, senior individuals responsible for cyber security are also grappling with a myriad of other challenges their organisations face.
This shift in priorities has led to a more reactive, rather than proactive, approach to cyber security, potentially leaving these organisations more vulnerable to cyber threats in the long run.
The survey also pointed out a change in the percentage of charities regarding cyber security as a high priority in recent years. In 2019, 75% of organisations deemed it a "fairly" high priority, compared to 72% in 2022 and 62% this year.
Wiltshire School Crippled by Cyber Attack: Ransom Demanded as IT Infrastructure Held Hostage
A secondary school in Wiltshire UK has faced significant disruption due to a cyber attack, with the culprits now insisting on a ransom for reinstating the school's IT infrastructure.
Chippenham's Hardenhuish School has had no choice but to inform the parents of its 1,623 students, following the discovery that cybercriminals had breached its systems during the weekend.
The cyber-attack impacted the school's local server, website, internet connectivity, WiFi, printing facilities, and internal phone networks.
Schools and educational institutions are increasingly becoming targets for such attacks, as they often hold sensitive data and may be more likely to pay the ransom to prevent further disruption to their operations. It is crucial for these organisations to implement robust cyber security measures to mitigate the risk of ransomware and other cyber threats.
