ALERT:  Internet Capacity Warning

This new email scam is possibly fueled by the recent U.S. news that they have run out of IPv4 addresses in the U.S.

This new email scam is making the rounds at both homes and businesses.  

An email is currently being received, supposedly from “IT Services Support Department”, which claims that your Internet capacity is at 70%.  

In order to rectify the situation, they request you to contact “Help Desk” support, for which they helpfully include a link.

Once you click the link, you are asked to leave your user name and password at the (bogus) “Help Desk” site.

You thoughtfully receive a “Thank You” page once you have completed all steps.

THIS IS A SCAM

They are trying to hijack your email account.

In the past, you may have received notifications from your Internet provider about your email account exceeding its maximum storage limit.  However, the name of the service provider is always clearly visible, and they never ask you to click on a link to rectify the issue.

Do not click on links or attachments in emails from unknown or suspicious people.

If you suspect the item may be real, contact the company directly, from a number or email you look up elsewhere.

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shield up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

Facebook recently announced person-to-person (P2P) payments.  

This new feature that allows you to “instant-message” money to a friend, using your debit card and your friend’s debit card, which are, of course, connected to both of your bank accounts.

You simply need to attach your debit card to your Facebook messenger to send and receive money.  

To Send Money: 

1. Start a message with a friend.
2. Top the “$” (dollar) icon, and enter the amount you want to send.
3. Tap “Pay” on the top right, and add your debit card to send money.

To Receive Money:

1. Open your friend’s conversation.
2. Click “Tap Add Card” in the message.
3. Add your debit card to accept money for the 1st time.
4. You can also create a PIN for additional security.

The money transfer take between 1-3 business days.

Facebook, of course, claims this is all technically secure.

That’s what Apple thought when they introduced “Apply Pay”.  

 Fantastic Idea!  Until CyberCriminals got a hold of it, and started gaming the system, and making tons of cash doing it…

This new Facebook payment option could allow several kinds of scams.

To start with, you have to be alert when you get emails that claim a Facebook friend has sent you money.

Also, when a friend messages you, and their account has been hacked – there is a criminal trying to scam you, while impersonating your friend.

Use Extreme Caution with anything to do with Facebook Payments.

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shield up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

THREAT LEVEL:  HIGH

 Beware of unsolicited resumes!

This attack uses both infected attachments, and compromised websites to infect your computer!

Unsolicited resumes have been received worldwide.  The email contains a zip file the sender claims is a copy of their resume.  The zip file contains extremely nasty malware, called the Angler exploit kit (EK), that attacks your computer from several angles at the same time, until it finds a vulnerability.

Sample of an actual received email:

Since the end of May, CyberCriminals have started 2 new ransomware attacks, using both malicious spam and the Angler exploit kit (EK).  The attack wave increased significantly since the beginning of June.

Both campaigns are very active as of Friday June 12th.  

The path of infection:

How To Prevent Infection:

1. DO NOT  open any attachments that look anything like “my_resume.zip”.
2. DO NOT visit unknown websites.
3. Make sure all the applications on your computer are up to date.
4. You can go to Secunia to download the free Secunia PSI.  This scans for old software versions that need to be updated.
5. Call Technology by Design at 1-204-800-3166 and ask about our Core Security Package.  

Got Cyber-Bugs?

Call 1-204-800-3166

For Cyber-Extermination!

A new strain of ransomware has infected computers, over the past few months.  The infection is thought to be spread through infected sports websites, or through a compromised MineCraft installer.  Based on experts’ opinions, they state that this strain has a large global “installed” base, which means there are one heck of a lot of computers out there all over the world, with this virus installed…

It’s called “Locker”, and sat silently in infected computers, until midnight May 25, 2015.

At that time, it woke from its slumber and reared its ugly head, and wreaked havok in an ugly way.

Bleepingcomputer has a support topic that is 14 pages long, and they received 100s of emails from consultants all over the world.  Similar websites with topics related to this new strain are suddenly posted on all the major support boards, AV forums, etc.

Here’s what “Locker” does:

• A series of Windows services are used to install Locker on the computer, and encrypt data files.
• During the install process, Locker will check if the computer is a virtual machine, and will terminate installation if detected.
• Encrypts data files with RSA encryption, and does not change the file extension.
• After the encryption, it deletes your c:/shadow volume copies, and displays its ransom interface.
• If you backups failed and you are forced to pay the ransom, once the payment is confirmed, the ransomware will download the private key, and automatically decrypt your files.

The files that are encrypted have the following suffix extension:  .doc, .docx, .xlsx, .ppt, .wmdb, .ai, .jpg, .psd, .nef, .odf, .raw, .pem, .rtf, .raf, .dbf, .header, .wmdb, .odb, .dbf.  Locker does not change the file extension, so users will simply receive error messages from their applications that the file is corrupted.

Once the files are encrypted, a Bitcoin ransom is demanded from victims.  Once payment is confirmed, victims are provided with a “private key” in order to retrieve their data.

By Time of Publication:

CyberCriminal has remorse?  Or he’s made so much money already, he’s pulling out of this campaign, or he’s gotten cold feet & is afraid of getting caught by law enforement, or damaged by a local cyber mafia.  Either way, he claims the release was “a mistake”, and has uploaded a CSV file with a dump of the encryption keys.  He states that automatic decryption of all infected computers will start on June 2nd.

CyberCriminal states, “I am the author of the Locker ransomware and I’m very sorry about that has happened.  It was never my intention to release this.  I uploaded the database to mega.co.nz containing “bitcoin address, public key, private key” as CSV.  This is a dump of the complete database and most of the keys weren’t even used.  All distribution of new keys has been stopped.”

This seems very fishy.  If you build code like this, you know exactly what you are doing (and the fact that it was a ‘sleeper’ shows months-long careful planning).  If he was really remorseful, he’d refund everyone’s money (which hasn’t happened). So far, it’s not clear if current infection vectors (infected websites/ads etc) have been turned off yet.  

We can assume that this CyberCriminal wanna-be, is exactly that.  He’s a talented coder that sees all these other ransomware viruses/malware being very lucrative, and wants some of that money action.  However, he’s not yet experienced, because a “mix-up” like this would not happen with a professional CyberCrime gang.

If you have infected computers, there is a chance you can find the decryption key in this database:

https://mega.co.nz/#!W85whbSb!kAb-5VS1Gf20zYziUOgMOaYWDsI87o4QHJBqJiOW6Z4

This file does not seem to be malicious, based on a brief virustotal analysis.  It does contain a large quantity of RSA keys and Bitcoin addresses.  OPEN AT YOUR OWN RISK, until further analyses are completed.

TbyD will keep you posted, as more information is released.

Got Cyber-Bugs?

Call 1-204-800-3166

For Cyber-Extermination!

Adult Friend Finder (AFF) Hack Affects Businesses

Last week, news broke that the Adult Friend Finder (AFF) website was hacked.  The site bills itself as a “thriving sex community”, and as a result users often share sensitive sexual information when they sign up.  This is one of the top adult websites for people that want casual encounters, possibly cheating on their spouse.  The site is one of the most heavily trafficked websites and has 63 million registered users worldwide.  

Now millions of these records are now in the open, exposing highly sensitive personal information.  Internet CyberCriminals are going to exploit this in many ways, sending spam, phishing, and possibly blackmail messages, using social engineering tactics to make people click on links or open infected attachments.  Be on the lookout for threatening messages like this that slip through and delete them immediately.

This is not an easy one.  It only takes one second for a worried person to click on a link in an email and expose the whole network to attackers.  I suggest you send this link to this post, in order to warn people not to take the bait.

The Background Story:

The story goes that the AFF site owed $240,000 to someone, likely an affiliate that was feeding them webtraffic, and supposedly the AFF did not pay their bill.  The affiliate had a hacker buddy who calls himself ROR[RG], and this guy decided to teach AFF a lesson.

ROR[RG] hacked them, exfiltrated at least 4 million records and then sent them a ransom demand of $100,000 to return the data.  Apparently AFF did not pay again, and in retaliation, ROR[RG] posted the stolen data on a Darknet Tor site loaded with a ton of highly sensitive, personal information.  The stolen data includes their age, procreation preferences, state, zip code, username, IP address, email address, usernames, dates of birth, marital status, sexual preferences, and whether they are looking for a “cheating one night stand” or more “unorthodox” procreation activities.  With a little digging, these people are easy to find.

FriendFinder Network, a California-based company, hired a public relations company specializing in cybersecurity, and released this statement:

“FriendFinder Networks Inc…understands and fully appreciates the seriousness of the issue.  We have already begun working closely with law enforcement and have launched a comprehensive investigation with the help of leading third-party forensics expert. We cannot speculate further about this issue, but rest assured, we pledge to take the appropriate steps needed to protect our customers if they are affected.”

The company could not be reached for further comment.  UK TV Channel 4 reported it first, and stated exposed email addresses are receiving spam.  Here is their 4-minute segment:  http://www.channel4.com/news/adult-friendfinder-dating-hack-internet-dark-web.

The Problem:

The problem is, that any of these 40 million registered users are now a target for a multitude of social engineering attacks.  People that have extramarital affairs can be made to click on links in emails that threaten to out them.  Or phishing emails that claim people can go to a website to find out if their private data has been released.  This is a nightmare that will be exploited by all facets of CyberCriminals:  spammers, phishers, and blackmailers.  All of which are rubbing their hands together in gleeful greediness.  Undoubtedly jilted spouses, divorce attorneys and private investigators are already pouring over the data to see if it’s of any use to them.

How it Affects Your Business

&

What You Need To Do:

Take immediate preventive action.  It only takes one second for a worried end-user (any employee with computer access) to click on a link in an email, and expose the entire network to attackers.  

I suggest you send the link to this post to friends, family, coworkers, and employees, in order to warn people not to take the bait.  Explain that you are sending a mass email to everyone, without judgement, in order to protect them from further attacks.  Warn them that clicking on the link in an email has far worse implications.  

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shield up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

‘Red Bull’ Money Laundering Scam

Emails are being received that claim to be from ‘Red Bull’.  They offer to place Red Bull ads on your car for $600/week.  They explain the benefits of the “business offer”, and promise easy money that will basically pay for the whole car, gas money included.  

A sample of the email, below.

Sounds like a great deal, right?

Unfortunately, if something seems too good to be true, it usually is.

The first payment received is usually larger than originally agreed upon.  The CyberCriminals apologize for the “error”, and requests the you to wire the ‘extra’ money back to them, minus the your ‘fee’.

Oh yeah, and the cheque you were sent, was either a forged or stolen cheque, or a fraudulent wire transfer from an account that was illegally taken over by the CyberCriminals.

In both cases, you’ll be charged with fraud and money laundering.

This scam originally reared it’s ugly head during spring break in 2014.  

If you receive an email, or see an ad on Social Media stating it’s from Red Bull and offering you an opportunity to “work from home”.  Delete it immediately.

Beware of internet “work from home” schemes.  Most of them are fruadulent.

Warn family, friends, coworkers and employees.

You can’t stop CyberCriminals from targeting you, 

But you can be prepared for their arrival, and have full shields up.

Got Cyber-Bugs?

Call 1-204-800-3166

For Cyber-Extermination!