URGENT ALERT:  AdultFriendFinder Scams

A massive data breach of the adult dating and entertainment company Friend Finder Network has exposed more than 412 million accounts including over 15 million “deleted” records that had not been purged from the company’s databases.

The exfiltrated records included 339 million accounts from AdultFriendFinder.com, which the company promotes as the “world’s largest sex and swinger community.”  62 million accounts from Cams.com, and 7 million accounts from Penthouse.com were stolen, as well as a few million from other smaller properties owned by the company.

The data accounts for 2 decades worth of data from the company’s largest sites, according to breach notification LeakedSource, which obtained the data.

Why does this matter?  Because outside of the fact that people, even people who had deleted their accounts, private and personal information was stolen, CyberCriminals will be using this information to victimize these people again, and again.  Spammers, phishers, and blackmailers will be rubbing their hands together in anticipation, never mind the divorce lawyers and private investigators that will be pouring over their data for clients.  

All of these 339 million registered AdultFriendFinder users are now a target for a multitude of social engineering attacks.  People that had straight or gay extramarital affairs can be made to click on links in emails that threaten to out them.

As in the Ashley Madison case a while ago, you can expect phishing emails that claim people can go to a website to find out if their private data has been released.  A sample of one of the phishing emails sent out in the Ashley Madison case is:

Unfortunately, your data was leaked in the recent hacking of Ashley Madison and I now have your information.

If you would like to prevent me from finding and sharing this information with your significant other send exactly 1.0000001 Bitcoins (approx. value 625 USD) to the following address:

1B8eJ7HR87vbVbMzX4gk9nYyus3KnXs4Ez [link added]

Sending the wrong amount means I won’t know it’s you who paid.

You have 7 days from receipt of this email to send the BTC [bitcoins].  If you need help locating a place to purchase BTC, you can start here…

On the other side of the spectrum, other phishing emails will be received that lures people into clicking on a link to a website to see if their spouse has not been faithful.  The subject line will likely be something similar to “Your spouse was found on the AdultFriendFinder list”.

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

ALERT:  Fake Retail Apps for iPhone and Android

The New York Times has issued a warning to the public about a new kind of ID theft:  App ID Theft…just in time to deceive holiday shoppers!

Every holiday season, “retail apps” become popular.  Starbucks started the trend, but others have since copied.

Both Apple’s App Store and Google Play are getting crowded with fake “imposter” apps.

The counterfeiters are masquerading as big retail chains like Dollar Tree and Foot Locker, big department stores like Dillard’s and Nordstrom, online product bazaars like Zappos.com and Polyvore, and luxury-goods makers like Jimmy Choo, Christian Dior and Salvatore Ferragamo.

The fake apps trick you into dowloading them to your smartphone or tablet, and ask you to load your credit card.

5 Things to Remember When Downloading Apps:

1. Be very judicious in deciding what app to download.  Better safe than sorry!
2. If you decide to download an app, first check the reviews.  Apps with few reviews, or bad reviews, are a big Red Flag!
3. Never click on a link in any email to dowload a new app.  Only go to the website of the retailer to get the link to the legit app on the AppStore or Google Play.
4. Give as little information as possible if you decide to use an app.
5. Be very, VERY, reluctant to link your credit card to any app!

For more information on the New York Times’ warning, go to: http://www.nytimes.com/2016/11/07/technology/more-iphone-fake-retail-apps-before-holidays.html

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

New Locky Ransomware Released

There seems to be a new Locky ransomware phishing attack released this past week.

The emails claim to be “credit card suspended” or “suspicious money movement” warnings.

Graham Cluley reports:

“In the last few days there have been a spate of spammed-out attacks using similar techniques to dupe unwary internet users into clicking on an attachment that will lead to their Windows PC being infected with the notorious Locky ransomware.”

This attack is now using threats claiming that there have been “suspicious movements” of funds out of your bank account and/or that your credit card account has been suspended.

Here are a couple of examples of the phishing emails being received:

1.  “Suspicious movements” email:

2.  “Suspended card” email:

Attached to the email is a ZIP file containing a malicious Javascript file (.JS) that, once opened, downloads that most recent version of the Locky ransomware from a remote server.

The Locky CyberCriminals are extremely well-organized, and highly automated.  They change the names and contact details used in these phishing emails, so you cannot rely on them being the same.  Ransomware is CyberCrime’s most successful and lucrative business model, so you can count on the threat being around for a long time.

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

ALERT:  Another Tech Support Scam Making the Rounds

Tech support scams are getting more and more sophisticated.  

Security giant Symantec states, “These scams remain one of the major and evolving forces in the computer security landscape.  Between January 1 and April 30 this year, the Internet Crime Complaint Centre (IC3) received 3,668 complaints related to tech support scams, which amounted to adjusted losses of almost US $2.27m.”  And that’s just in the U.S.

Now, there’s a new scam that’s popping up on computer monitors everywhere.

The scam starts when the victim unknowingly visits a compromised website.  Then, according to Symantec, “the web page displays a fake ‘hard drive delete timer’ that warns the user that their hard drive will be deleted within five minutes.  A warning audio tone is also played in the background, which again warns the user that their system is infected.”

Victims then receive a popup “alert” on their monitor, claiming to be from the victims’ “Internet Service Provider”, or Microsoft, or something similar.  The popup ‘alert’ states it is warning the user that their hard drive will be wiped of all data…unless, of course, they call the fake customer support number (which of course they are nice enough to provide you with).  

Another variation is that your screen goes blue, and claims that your computer needs to be repaired.

DO NOT call any numbers provided to you via popups.  Do NOT click on any links.  Do NOT open any attachments.

If you think the warning might be legitimate, call your Internet provider, or whoever the popup is claiming to be from…but look up the phone number yourself.  Or go to their website by typing their website into the address bar yourself.  Never call numbers provided, click on links, or open attachments.

From January 1, 2016 through October, Symantec has blocked more than 157 million tech support scams.  

The U.S., UK, and Canada were the countries targeted the most by tech support scams.

 

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

ALERT:  Exotic Ransomware

New ransomware strain released by “EvilTwin” or “Exotic Squad” was discovered in early October.

Although the ransomware looks like all the other ransomware on the surface, in looking deeper, it could prove VERY annoying in the future.

The Exotic Ransomware will encrypt all files, just like other ransomware.  What it does differently than other ransomware, is that it also ecrypts executables in targeted folders on a victim’s computer, which makes the programs unusable.  Then it will hit the Desktop twice, making it appear although it was continuously monitoring for new files.

The encrypted files will then look similar to the ones below, when you go to look for them:

The ransomware will then download a background image for the lockscreen & display the lock screen similar to below:

When the timer reaches 0, Exotic will shutdown the computer.  

The ransomware appears to be in the development state, with 3 variants released over 3 days.  The latest contains the Jigsaw Ransomware-like screenlocker ransom note that demands $50 USD to decrypt the files.  

You shouldn’t be seeing it too much yet.  But you can bet it’s being geared up for widespread release soon!

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

ALERT:  Brad Pitt Suicide Scam

CyberCriminals are opportunistic, and the sensationalized divorce between Brad Pitt and Angelina Jolie has been used by CyberCriminals for a “celebrity death hoax”, which is unfortunately very lucrative for them.

There are several variants, some claiming it was a hanging, others that he died in a shooting range suicide, or a substance overdose.  The scam is currently on Facebook, but you can expect emails with links for “more details” and/or attachments that claim it is a video of his last moments.

Here is one version that making the rounds:

“Brad Pitt, 52, a multi-awarded American actor & husband of Angelina Jolie, 41, shot himself in the head at a shooting range on Sunday.  He was under significant stress because the couple ‘were going through a divorce and he had a history of depression’, sources have said.”

Do not click on any links, or open any attachments, from someone that you do not know, or cannot confirm the source.  Do not click on any ads or posts that claim to have insider information about a celebrity’s last moments, or videos, etc.

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

Old Ransomware Strain Spreading Through Cloud

An obscure 2-year old ransomware strain is rearing its ugly head, with a REALLY ugly twist

Normally, ransomware is spread through email phishing attacks, exploit kits, removable drives (USB sticks, etc.), or external network shares.  However, Virlock is a weird version of ransomware that not only encrypts files, but converts them into a file infector (similar to a virus).  It not only infects the usual documents and image-related files, but infects binary files as well.

If that wasn’t enough, Virlock also effectively weaponizes every data file it encrypts, converting each one into a propagation vehicle for the malware itself.  This means that the encrypted data files don’t just sit there, but they are used to spread the malware joy to other users through file sharing schemes.  It can even be spread via cloud storage and collaboration apps.  

How does this work?  Like this:

User A and User B are collaborating through the cloud storage app Box, using a folder called “Important”.  Both users have some of the files within the folder synced to their own machine.

User A falls for a social engineering attack, and get infected with Virlock ransomware on their own machine, encrypting all their files.  It also, at the same time, turns the files into new Virlock infector files, including the files which are synced on Box.  So, Virlock also spreads to the cloud folder and infects the files stored there which, in turn, get synced to User B’s machine.  

Now, User B clicks on any of the files in the shared folder on their box, the infected Virlock file is executed, and the rest of the files on the machine of User B become infected.  The infected files on User B’s machine now become Virlock infectors just like a virus.  

The bonus:  The scenario isn’t just limited to User A and User B, but will extend to all the users of an enterprise who are collaborating with each other.  Clever AND efficient.  

Like other ransomware strains, Virlock asks the victim for a Bitcoin payment in order to release their machine.  However, Virlock claims to be an “anti-piracy warning” from the FBI.  The message received by the victim states that pirated software has been found on their computer and threatens them with prison and/or a $250,000 file if they don’t pay a $250 “first-time offender” fine.  The message may look similar to the one below:

Unfortunately this social engineering method is tried-and-true, and has proven to be a money-maker for the CyberCriminals in past years in an effort to spook victims into paying their “fines” quickly.

The REALLY bad part of this ransomware?  It has a high possibility of reinfection.  Usually organizations pay Bitcoin ransoms trusting that they’re going to get their files back & not be reinfected with the same ransomware.  However, the strength of this ransomware strain is also its weak point.  Miss one infected file on some share that most admins forgot about…and sorry, you’re reinfected.

 

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

Phishing for Apples

 

Phishing attacks using fake Apple Store messages, fake landing pages, and sometimes fake login pages are a popular attack vector.  

 

They still make it through filters, as witnessed by the hundreds of reports every day.  These CyberCriminals are pros located in Eastern Europe, and test out their phishing emails in the UK.  Once all the bugs are ironed out, they set free the ‘polished’ attack on the US and Canada.

This one is particularly evil…and well-done.  

It may look similar to the email below:

Victims are receiving a fake Apple Store “refund request”, to trick users into trying to prevent getting charged for something they did not buy.  The CyberCriminals ask you to fill out a page with your full address and credit card information so you “will not get charged”.  If you or a friend or family member would fall for this trick, it’s highly likely that your credit card would get fraudulently charged up very quickly.

If you receive a “refund request” from any company, contact the company directly from the phone number or email contained on the website.  Do NOT click on any attachments, links, or use any email addresses and/or phone numbers provided in emails.  Although the contacted phone number and/or email may look/sound legit…these CyberCriminals are good!

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks