Because of the coronavirus, hackers have become even more dangerous and are attacking people around the world. How to protect yourself from them?
The global pandemic locked people at home: most companies transferred employees to remote work, and students and schoolchildren went to distance learning. The load on the global network has increased significantly - popular platforms are forced to deal with an influx of visitors (for example, YouTube has reduced the quality of video), and small and almost forgotten virtual services have returned to the market. However, not only IT companies are happy with the situation: the data of millions of people who came to the Internet attracted scammers and hackers. How cybercriminals use a global catastrophe for their own enrichment and whether there are ways not to fall for their tricks, Lenta.ru understood .
Exposure to fear
Fraudsters adapt to modern realities much faster than most Russians: taking advantage of the circumstances, they began to massively send out fake fines on behalf of the Ministry of Internal Affairs . Group-IB experts said that on April 10, attackers distributed fines via SMS and instant messengers. In the message, the addressees were addressed personally, indicating the name, surname and patronymic, and further clarified that the recipient is obliged to pay a penalty for violation of the self-isolation regime. Otherwise, the authors of the communication threatened to institute criminal proceedings. If the victim called back at the indicated number, the call was for
warded to the inquiry service of the Ministry of the Interior.
There were strange inconsistencies in the frightening message: the victim was given only a day to pay the fine, and the funds were offered to be transferred to the phone number registered in the Krasnodar Territory. In addition, the attackers referred to a certain non-existent FSIN resolution number 168-322: earlier it was also mentioned in numerous fraudulent letters with “fines” for visiting pornographic sites.
The Ministry of Internal Affairs also recorded an increase in theft of money from the accounts of Russians with the help of malware - in the tops of the most active dangerous programs on the whole planet banking Trojans Dridex and Trickbot were again noticed. Using spam mailings and phishing, criminals convince the victim to install a Trojan on his phone or computer, which collects payment information and withdraws funds from accounts. According to law enforcement agencies, fraudsters often also use "mirrors" of banking sites to steal funds: a phishing page is quite difficult to distinguish from a real one - the user should be warned by the lack of notifications about entering your personal account and the portal's denial of customer service. In such cases, the Ministry of Internal Affairs recommended blocking the bank account as soon as possible. According to statistics,In addition, the network records the growth of phishing pages and fake newsletters: introducing themselves as employees of banks and government agencies, criminals offer potential victims compensation for “losses”, credit vacations or assistance in obtaining loans, assistance in repaying funds for airline tickets and many other services, up to fake certificates of a coronavirus infection. Another common trick is a job offer on favorable terms. In fact, all of them are aimed only at deceiving payment details and personal data - in recent years, fraudsters have well mastered the methods of social engineering and do not miss the opportunity to apply them.
The head of the Positive Technologies analytics department, Evgeny Gnedin, in an interview with Lenta.ru explained that the user himself is powerless to make the Internet resource safe, where, for example, he pays for the purchase, the responsibility for opposing the attacks lies with the site owners. However, everyone should be careful about those sites that require bank card information and personal information, scans of personal documents, and more. You should always remember that any information that users enter on the pages of sites will remain on the Internet, which means that it can be stolen and used by attackers sooner or later. And of course, you need to set strong unique passwords for all services, and also, if possible, additionally enable two-factor authentication.
Mastering cybercriminals and new types of attacks. At the end of March, it became known about hackers who, having selected a password for the router, change the DNS settings. An unsuspecting user, entering the network, automatically gets to the page of the fake informational application about COVID-19, supposedly developed by the World Health Organization . A fake WHO insists that the user needs a program called COVID-19 Inform App, but instead he downloads the malicious Oski Trojan, which will capture all bank card information, passwords and cookies. Later, the information obtained will be used by criminals to steal funds, seize pages and phishing.
While fraudsters communicate with victims directly, many hackers went to war on Internet platforms that store huge amounts of various data on hundreds of millions of people, from card details to passport data and home addresses. The current realities place great responsibility on the services themselves: when almost the whole world has moved to the network, they cannot deceive the trust of users who have come to them. The sharp increase in user activity has become for them not only an occasion for further development, but also a powerful test for modernity and security. Unfortunately, not everyone managed.
Old enemy
In the spring of 2020, the most popular segment was the video communications segment, and especially the products that made it possible to organize conferences. So, for example, the volume of video calls made in Microsoft Teams only in March increased by 1000 percent compared to the previous monthly figures. Multiple growth can also boast Skype and Zoom. With such an influx of users, many criminals remembered the good old weapons that did not have time to show themselves in former times.
In March, the top ten most active malicious software in Russia turned out to be a virus Pykspa, which spreads via messages in to Skype. The worm can receive personal information of users and information about their contacts. According to experts from Check Point Software Technologies, it forces the application to send a phishing message with a link to all recipients, clicking on which new victims will download Pykspa to their personal devices. Millions of Skype users were at risk: at the end of 2019, the messenger was in the top of the most popular services among Russians, second only to WhatsApp, Telegram and Viber.
The last time a wide hacker campaign using this worm occurred five years ago - in 2015. The current activity of the virus can be explained only by a new round of popularity of programs for conferences and video calls. Now these massive attacks are more likely to target home users, not corporate users, but things can change at any time. Moreover, the number of Russians switching to a remote place is constantly growing - in just a few weeks of recommended self-isolation, the number of Russians working remotely increased by 14 percent.
Large services often become targets of attacks. However, there are those who turned out to be unsafe and without the participation of criminals: they were not ready for the huge flow of new users and did not have time to respond in time. Hackers can only exploit existing vulnerabilities.
Across the screen
The greatest interest of users around the world now is the Zoom service. His breakthrough in the market this spring seems almost fantastic: according to the report of the international consulting company IDC (International Data Corporation), the number of new users using the application worldwide in March 2020 exceeded the annual growth of users in 2019. If in December the daily audience of the program barely crossed the threshold of 10 million users, now this figure has increased by 20 times. In March, the capitalization of Zoom Video Communications grew by almost half during the week: then the whole world, having left offices, began to conduct meetings remotely.
A comic story is connected with this : during this period, investors accidentally several times raised the share price of the little-known Chinese equipment manufacturer Zoom Technologies - by more than 500 percent. This happened because during the exchange trading they mixed up the short exchange designations of the two companies (Zoom has a ZM ticker for video conferencing, and the Chinese company with only 10 employees has Zoom) and bought the wrong stock. A year ago, the same thing happened: when Zoom Video Communications went public, investors bought Zoom Technologies shares, raising them by 47 thousand percent.
Across the screen
The greatest interest of users around the world now is the Zoom service. His breakthrough in the market this spring seems almost fantastic: according to the report of the international consulting company IDC (International Data Corporation), the number of new users using the application worldwide in March 2020 exceeded the annual growth of users in 2019. If in December the daily audience of the program barely crossed the threshold of 10 million users, now this figure has increased by 20 times. In March, the capitalization of Zoom Video Communications grew by almost half during the week: then the whole world, having left offices, began to conduct meetings remotely.
A comic story is connected with this : during this period, investors accidentally several times raised the share price of the little-known Chinese equipment manufacturer Zoom Technologies - by more than 500 percent. This happened because during the exchange trading they mixed up the short exchange designations of the two companies (Zoom has a ZM ticker for video conferencing, and the Chinese company with only 10 employees has Zoom) and bought the wrong stock. A year ago, the same thing happened: when Zoom Video Communications went public, investors bought Zoom Technologies shares, raising them by 47 thousand percent.
In late March and early April, cybersecurity researchers pointed to a number of vulnerabilities that allowed cybercriminals to steal user login information, gain access to messages, and take control of cameras and microphones of interlocutors. Thousands of video call recordings were made publicly available - both corporate corporate conferences and private conversations. Journalists from The Washington Post spoke to several people whose conversations were online, and not one of them knew how this happened. It was assumed that the template names of automatically saved conversations could be manually found in the repositories. The security of current conversations turned out to be in a similar situation: earlier, Check Point employees found outthat any person could remotely connect to a random conference by selecting the number that the service assigned her. Because of this, password connections were later introduced.
Zoom CEO and founder Eric Yuan admitted that his company was not ready for a sharp increase in visitors. Leaks were due to the fact that video calls were assigned public identifiers, and the connection was not encrypted. Data encryption is one of the weaknessesservice: video calls are not protected by E2E principles (end to end, “end-to-end” encryption - in this case, only its participants can access the dialogue), which is implemented in a number of popular instant messengers or in some video communication services, for example, FaceTime. Most explain this by the features of the service. At the same time, it is indicated on the company's website that the connection in Zoom is end-to-end protected. American journalists have found that reading the employees of the service “end-to-end encryption” means protecting data transmitted between their own servers, but no one bothers to intercept the information when it is transferred from the user to the server. That is, such statements are essentially false, but attract users with loud promises. In addition, many users are confused,
200
millions
people used Zoom daily in March. Back in December, the service had only 10 million users
Until the company entered the conversation using passwords, there was a wave of zombombing around the world - zoom bombing, hooligan antics sabotaging the conversation: Internet trolls connected to other people's conversations and interfered with them - for example, they connected a demonstration of their own screen where they broadcast porn videos. There are also cases of "transfer" of records with Nazi symbols or violence. Most often, the chats of students and schoolchildren became victims of such rallies - in Saratov they recommended local schoolscompletely abandon Zoom-conferences after the incident with the broadcast of porn. Later, company employees corrected the shortcomings, and now, in order to limit interlocutors from inappropriate content, it’s enough to connect a password, allow the screen to be displayed only to the organizer of the conversation and not post links to the conference on social networks.
But this claim to the service does not end there. Experts believe that Zoom imposes its application on users, forcing them to download the program, and in the case of downloading on macOS it behaves like a dangerous program at all - it requires the user to enter a password to obtain administrator rights.
But this claim to the service does not end there. Experts believe that Zoom imposes its application on users, forcing them to download the program, and in the case of downloading on macOS it behaves like a dangerous program at all - it requires the user to enter a password to obtain administrator rights.
Reread, reviseIn late March, British researcher Matthew Hickey said that he had found a vulnerability in the Zoom application that could easily steal Windows user data using a URL link: when a user tries to follow a link in a chat, the system gives encrypted information about him, but it’s easy to crack . The very next day, his colleague Patrick Wardle from Objective-See announced that any criminal could edit the Zoom installer for macOS in such a way that he could not only quietly record all conversations, but also get access to all information, including the camera and microphone of the device. After some time, service employees fixed these vulnerabilities.
However, later experts discovered Zoom account databases for sale on the darknet: by April 13, more than half a million login-password pairs were sold or handed out for free on hacker forums along with user personal data. Specialists from Group-IB reported that a number of accounts sold on the network belong to users with a mailing address in the domain zone ru. It is assumed that the data obtained can be used for zombombing or as a basis for new serious cybercrimes (for example, having received a login and password from Zoom, criminals can use them to gain control over accounts in other services and steal money from the victim's account). It is known that the US Senate , the Ministry of Foreign Affairs of Germany, the authorities of the state of Taiwan, as well asSpaceX Corporation refused to use Zoom, because they considered it not safe enough.
The most harmless buyer who may be interested in personal data is the companies sending out spam ads. However, it is not known exactly how hackers will want to dispose of the information received and to whom it will be more profitable for them to sell it. The work of global corporations and government agencies online can even turn into large-scale industrial espionage, huge losses and risks. Natalya Kasperskaya , president of InfoWatch Group of Companies , believes that data leaks are often used to inflict reputational damage on companies - however, it is still unclear what the users themselves should do. Potentially, the state should protect the citizens, but most Russians are unlikely to seek help if they are “offended” by a foreign IT company.
According to Positive Technologies expert Evgeny Gnedin, if a database with users' personal data has leaked, then it most likely will not be able to be returned; however, if there is a suspicion that the organization secretly discloses your personal data or simply does not protect it, then everyone has the right to contact the supervisory authorities ( Roskomnadzor ) with a request to conduct an audit. Companies storing Russian data abroad may face a fine: for example, in February of this year, fines were imposed on Twitter and Facebook by court order.in the amount of four million rubles each. The federal law on data localization came into force almost five years ago, and all companies that process personal information of Russian citizens are required to comply with it. The user himself, whose data has been compromised, can also sue.
Customers whose data flowed into the network are recommended to be vigilant when receiving any offers by mail, phone or other means of communication. It must be understood that you are now in a zone of increased risk of attacks by fraudsters. If there were passwords among the leaked information, then you should change them and enable two-factor authentication, where possible. No need to disclose your data and payment card details, follow links to unfamiliar resources and enter information about yourself, download files from advertising mailings, click on banners
The main reasons for user data leaks are most often the abuse of authority by insider employees with access to such information and insufficiently reliable data protection - vulnerabilities or configuration errors. Leaks have become one of the key trends in the cybersecurity market in 2019, and this is also due to the approach of cybercriminals - cybercriminals began to combine the data collected over the past years into a single array for trading in the shadow market with more complete digital dossiers. There is no recipe for avoiding leaks - however, it is important to inform the company's customers about what has happened and to warn them of possible risks, to help counter fraudsters. This will not only save users, but will help maintain a reputation.
No comments:
Post a Comment