SCAM! And Phishing mail Alert | Latest Mails on Sextortion

 SCAM and Phishing Alert!!! 

This is what you are worried about in last couple of days, after receiving an email in your personal inbox. 

I know, XXXXX, is your password. You may not know me and you're most likely wondering why you are getting this e mail, correct?

In fact, I placed a malware on the adult videos (porn material) web-site and you know what, you visited this website to have fun (you know what I mean). While you were watching video clips, your internet browser initiated operating as a RDP (Remote Desktop) that has a keylogger which provided me access to your screen and also webcam. Immediately after that, my software program/ key logger gathered your entire contacts from your Messenger, FB, social networks, as well as email.

What did I do?

I made a double-screen video. 1st part shows the video you were watching (you have a good taste omg), and 2nd part shows the recording of your webcam.

exactly what should you do?

Well, I believe, $2900 is a fair price for our little secret. You'll make the payment by Bitcoin (if you don't know this, search "how to buy bitcoin" in Google).

BTC Address: 1MQNUSnquwPM9eQgs7KtjDcQZBfaW7iVge

(It is cAsE sensitive, so copy and paste it)

Note:

You have one day in order to make the payment. (I have a specific pixel in this email message, and at this moment I know that you have read through this email message). If I do not get the BitCoins, I will definitely send out your video recording to all of your contacts including family members, coworkers, etc. However, if I do get paid, I'll destroy the video immediately. If you want to have evidence, reply with "Yes!" and I will certainly send out your video to your 14 contacts. This is the non-negotiable offer, so please don't waste my personal time and yours by responding to this email message.

If you go to law and enforcement, no value will be there as this email is also hacked one. 

This is the message/ email you have received right? The amount hacker demanded may differ from victim to victim. 

So first of all, you need not to be worry. Don’t panic. Contrary to the claims in your email, you haven't been hacked (or at least, that's not what prompted that email). This is merely a new variation on an old scam which is popularly being called "sextortion." This is a type of online phishing that is targeting people around the world and aggressive on digital fears since 2018 year and continuing.

Reason you get this mail because, your mail id at somewhere may have breached. You may have registered at some website, forum, online training site, ecommerce site, etc. and that page may have been breached along with the user credential. As per the CERT-In advisory, although the listed passwords, shown as evidence that your account is hacked could be actual passwords that you used in the past, the attacker does not know them by hacking your account, but rather through leaked data breaches shared online.

So, the advice here is never ever pay them. 

If you pay the amount, you are not only losing your money but you are inspiring the scammers to continue phishing other people. If you do pay, then the scammers may also use that as a pain point to continue the blackmail with you, knowing that you are susceptible.

What you need to do:

• Immediately change the same password related to the account if you have.
• Change your password at regular interval of time. 
• Add multifactor authentication to all social and email accounts.
• Never send compromising images of yourself to anyone, no matter who they are.
• Don’t open attachments from people you don’t know, and in general be wary of opening attachments even from those you do know.
• Turn off [and/or cover] any web cameras when you are not using them.
• If possible, report the scam at nearest govt. cyber investigation office.

Stay Safe!

-DR

Cyber Security | Mobile Security & Malware

Mobile Security & Malware Attacks

Malware attack on smart phones, malicious dot apk files, Trojans, ransomware and viruses are known threats to mobile devices now a days. Rapidly increasing the use of mobile devices resulted in, mobile devices are becoming an increasingly attractive target of Cyber attackers or hackers. 

In case of Android mobiles, all the applications are available at Google Play store only. In that case, those are again verified or vetted by third party or google team before available on play store. Still there are some malware based payloads come through image file, video file, pdf files, etc. in hidden format unknowingly. As applications allowing users to view and make transactions on financial accounts, auction listings, paying bills, subscription renewals and shopping accounts linked to credit cards/ debit cards / Internet banking are becoming commonplace. The functionality of such applications are expanding to the certain point where they will be an favorite target for online cyber criminals. 

Again there are many associated risk of exposure of credentials to critical online services, banking apps, payment wallets, mobile devices can also expose information such as business contacts, call logs, geographic data, personal information including private photos and internal company information. 

Present malwares automatically sends SMS, pays self bills, destroys data, takes remote control on devices, installing key loggers, harvests tracking information on users, and even uses desktop computers to spread itself. Worms have expanded to use hardware ports such as Bluetooth, memory cards, and Wi-Fi as replication channels.

Even many worms and Trojans have been subjected of widely published press releases by security and antivirus vendors with their POC, which has made it somewhat unclear what the real threats posed are.  There are in fact a large number of mobile viruses and malicious programs, but few have succeeded in terms of infection rate.

Below are few examples on mobile device malware software:

Cabir

The first ever discovered mobile malware was planned for the Symbian OS in the form of the Cabir worm, and was largely analogous to early PC viruses the purpose was simple replication or vandalism. Cabir spread over Bluetooth connections, prompting users within range to install an application and asking repeatedly until the user accepted. The worm then made system modifications and began to scan for other Bluetooth peers within range. However, Cabir never gained a significant foothold in the market.

Beselo.B

The first worm that was used media files to spread was Beselo.B. This worm sent either JPG, MP3, or RM files over Bluetooth and MMS. It also copied itself onto Multi Media Cards (MMC), where it would infect any other phone into which the card was inserted. But it was not spreaded extensively.

WinCE/Brador.a

The Brador.a Trojan infected earlier Windows Mobile devices (2003), notifying the Trojan’s owner of the compromise and then listening on a TCP port for remote instructions. It had simple backdoor capabilities, that was allowing for uploading and downloading files, self executing commands, and sending list of directories and trees.

Finally the best practices are to keep your mobile safe and secure;

• Always keep your applications updated from trusted sites.
• Use antiviruses in mobiles
• Do not click unknown links and unverified links
• Do not believe on forward links always, without checking HTTPs
• Padlock symbol need to be watched also.
• For more on security tips you can check another post in this blog.

Do you have further queries and suggestions, feel free to add in comment section.

-DR

Cyber Security | Why Zero Trust is Important

The Importance of Zero Trust Network

Zero trust (ZT) is an important information security architecture. It brings us away from the perimeter defense-in-depth models of the past, to layers of control closer to what is valued most like information and data. ZT begins with infrastructure assurance; it has become universal across many applications and widely spread across multiple applications and up to different stack level. ZT assumes there is no implicit trust granted to assets or user accounts based solely on their physical or network location. ZT focuses on protecting resources (assets, services, workflows, network accounts, etc.

As the benefits of zero trust become increasingly clear, the pervasiveness of this model is evident, relying upon a trusted computing base and data centric controls as defined in NIST Special Publication 800-207 which was recently published for reference. Many organizations now referring this NIST standard as a guidance to ZT implementation. As per the publication NIST 800-207, the document is intended to describe zero trust for enterprise security architects. It is meant to provide a road map to migrate and deploy ZT security concepts to an enterprise environment. Cyber Security agency, cybersecurity managers, network administrators, and managers may also gain insight into zero trust and ZTA from this document. It is not intended to be a single deployment plan for ZTA as an enterprise will have unique business use cases and data assets that require safeguards. Starting with a solid understanding of the organization’s business and data will result in a strong approach to zero trust. (Source: NIST 800-207)

“As per Forrester research, zero trust network is focused on the network providing application isolation to prevent attacker lateral movement. It has evolved to become granular and pervasive, providing authentication and assurance between components including microservices.”

Source: CIS Security Blog

 The critical features of Zero Trust are based on the concept of Authentication, Authorization, Identity, Access Control, encryption, etc. ZT network relates to the network with isolation of applications by network segmentation, ensuring controls such as strong encryption and dynamic authentication are met.

As per NIST 800-207, a ZT architecture is designed and deployed with adherence to the following zero trust basic tenets:

1. All data sources and computing services are considered resources.
2. All communication is secured regardless of network location.
3. Access to individual enterprise resources is granted on a per-session basis.
4. Access to resources is determined by dynamic policy—including the observable state of client identity, application/service, and the requesting asset—and may include other behavioral and environmental attributes.
5. The enterprise monitors and measures the integrity and security posture of all owned and associated assets.
6. All resource authentication and authorization are dynamic and strictly enforced before access is allowed.
7. The enterprise collects as much information as possible about the current state of assets, network infrastructure and communications and uses it to improve its security posture.

For a ZT deployment, there are several data sources used during policy enforcement, access decisions as mentioned below;

• Continuous diagnostics and mitigation (CDM) system
• Industry compliance system
• Threat intelligence feeds
• Network and system activity logs
• Data access policies
• Enterprise public key infrastructure (PKI)
• ID management system
• Security information and event management (SIEM) 

Considering the current Pandemic situation, work from home or hybrid work pace system is mostly adopted by enterprises. In future many enterprises are going to continue this permanent work from home. Identity management is becoming more important and for that adoption of MFA (Multifactor Authentication) is being popular across may enterprises and corporates to defend the threat and protect their crucial data.

You can learn more from organizations on their Zero trust approach to become more familiar. 

*** 

If you have any suggestions and comments, please provide. 

-DR