Connect with us

Market Research

World Scam 2022: Top-Five Schemes Cybercriminals Are Running Amid the Biggest Sport Event

Published

on

The FIFA World Cup Qatar 2022 is the most awaited sports event of 2022 for football fans and kicks off on November 20. As well as exciting hundreds of millions of fans worldwide, it’s also attracted the interest of cybercriminals looking to make a fast buck.

To get a better overview of how scammers are trying to monetize football fans’ interest, Kaspersky experts have analyzed World Cup-related phishing websites from around the globe designed to steal users’ identifying and banking data. Kaspersky researchers have found fake pages offering everything from tickets or event merch, to match streaming services, plus numerous giveaways and NFT scams exploiting the World Cup.

Ticketing scams

As with all major global sports events, fake tickets are the spread bait most used to lure victims and this World Cup is no exception. Additionally, Qatar 2022 is only offering digital tickets, increasing the risk of running into malicious resources. Kaspersky experts discovered numerous phishing pages offering to buy tickets for FIFA matches. Needless to say, users will lose personal data, banking details, and money. Additionally, scammers may start also using the stolen data for other purposes or sell it on the Dark Web.

Gifts

No big public event is complete without fraudsters imitating extremely generous giveaways. Kaspersky experts also found phishing pages offering to win two tickets to the World Cup. This is quite popular where usually each user becomes a ‘lucky’ winner; with the chosen ones only needing to pay a delivery fee.

Merchandise
Another way to steal users’ data is via fake FIFA-related merchandise stores. While the offer of a T-shirt of your favorite team, phone cases with popular players, or signed soccer balls sounds good, after entering your data and transferring money to make a purchase, fans lose their cash to fraudsters instead.

Crypto and NFT frauds

A distinctive feature of the threat landscape on the eve of the 2022 World Cup has been the active spread of various crypto scams, mostly exploiting the popularity of NFTs. Some offer to make a bet on a match and win cryptocurrency, others to win worldwide related NFT art. All the user needs to do is enter crypto wallet credentials, so the ‘prize’ transfers directly. In such a scenario, scammers gain access to all savings and related wallet data.

Another scheme is crypto investment fraud is a bright example of a dubious investment. Fraudsters actively create real coins and convince a user to invest in them while promising the victim potential currency growth. In real life, such initiatives are almost never a success as users have spent money on something that will never develop.

Flights and accommodations

Pandemic-imposed limitations will also see the 2022 World Cup stage many offline events with live viewers, involving thousands of tourists in Qatar – something scammers have not missed. Kaspersky experts have observed numerous phishing pages imitating airline services offering tickets to Doha. The analysed webpage shows all the classic signs of scams – nice appearance, wrong spelling, freshly registered domain, and limited functionality of the site. Although the site mimics a global airfare aggregator, the user can only choose Qatar in the list of destination countries. Once flight details are entered, the victim is offered the chance to enter personal data along with ID and credit information.

“Major sports events always attract the attention of cybercriminals. With this World Cup, scammers got very creative, as we have observed a variety of fraudulent schemes employed. We see how they are trying to benefit most from the situation and exploit as many trendy topics as possible, including a growing number of NFT scams related to the World Cup. At the same time, there are many so-called traditional scams out there from giveaways and fake tickets to merch stores. These schemes are simple, yet, effective, and that is why such fraudulent pages are eternal companions of big events. We encourage users to be attentive when they receive offers that seem too good to be true and carefully check the validity of the messages they receive,” comments Olga Svistunova, a security expert at Kaspersky.

To avoid falling victim to a scam, users are advised to:

  • It will be safe to check the link before clicking. Hover over it to preview the URL, and look for misspellings or other irregularities
  • It’s better not to follow links from e-mails at all. Instead, you can open a new tab or window and enter the URL of your bank or other destination manually.
  • Consider what kind of information is being requested. Legitimate companies don’t contact you out of the blue via unsolicited emails to ask you for personal information such as banking or credit card details, social security numbers, and so on. In general, unsolicited messages telling you to ‘verify account details’ or ‘update your account information should be treated with caution.
  • Use a reliable security solution that identifies malicious attachments and blocks phishing sites.
  • A grammar and spelling check is an effective way to identify a scammer. Typos and bad grammar are red flags. So too is odd phrasing or unusual syntax, which might result from the email being translated back and forth through the translator several times.

Cyber Security

The Average Time to Investigate a Cybersecurity Incident is Around 26.1 Days, says Binalyze

Published

on

With the intricacies of the digital world growing exponentially, the relevance of effective and timely Digital Forensics and Incident Response (DFIR) cannot be overstated. Recognising this need for insight, Binalyze, in collaboration with the global market intelligence firm IDC, is excited to publish a compelling new report: “The State of Digital Forensics and Incident Response 2023”.

Based on an extensive survey conducted in June 2023, the study brings into focus the perspectives of over 100 cybersecurity professionals from five Middle Eastern countries. This diverse respondent pool consists of individuals directly influencing the cybersecurity functions within their organizations, with roles spanning SOC analysts, DFIR professionals, Incident responders, Threat hunters, SOC managers, and Directors.

The key findings of the report are critical for anyone involved in DFIR, from SOC teams to individual analysts and investigators. Report highlights include:

  • According to the research and subsequent analysis, the average time to investigate an incident is approximately 26.1 days, and the time to resolve incidents is an additional 17.1 days.
  • The importance of reducing “detection-to-resolution” times for efficient incident management.
  • The ongoing skills shortage: 81% of respondents identified this as a major challenge.

“Our world thrives on digital connections, but with this connectivity comes vulnerabilities. As the frequency and intensity of cyber threats surge, the importance of DFIR in understanding, mitigating, and learning from these threats is paramount. There is a real and urgent need for forensic visibility at speed and scale. AIR is a game changer here and should be at the centre of all SOCs DFIR effort,” says Ahmet Öztoprak, Senior Sales Director of META at Binalyze.

This report serves as both a wake-up call and a guide. By leveraging the insights from the top cybersecurity professionals in the Middle East, ‘The State of Digital Forensics and Incident Response 2023’ aims to provide companies with the knowledge and solutions they need to combat emerging cyber threats effectively and maintain resiliency.

Continue Reading

Cyber Security

Cybercriminals Used Malware in 7 Out of 10 Attacks on Individuals in the Middle East

Published

on

Positive Technologies analyzed attacks on individuals in Middle Eastern countries between 2022 and 2023. Malware was used in 70% of successful attacks. More than half of these attacks involved spyware. The vast majority of attacks used social engineering techniques. In 20% of phishing campaigns, the attack was multi-pronged, exploiting multiple social engineering channels simultaneously.

“According to our data, cybercriminals employed malware in 7 out of 10 successful attacks on individuals in the Middle East region. More often than not, the attackers infected users’ devices with spyware (three out of five malware attacks). This type of malware collects information from the infected device and then passes it on to the attacker. Depending on the task, spyware can steal personal and financial data, user credentials, as well as files from the device’s memory,” the company said.

Positive Technologies Information Security Research Analyst Roman Reznikov said, “By using spyware, attackers can compromise not only personal and payment information and personal accounts, but also corporate credentials, network connection information, and other sensitive data. The stolen data is then offered for sale on the dark web forums. As a result, a skilled attacker can gain access to an organization and carry out a successful attack, leading to non-tolerable consequences: disruption of technological and business processes, theft of funds, leakage of confidential information, attacks on customers and partners.”

In the vast majority (96%) of successful attacks on individuals in Middle Eastern countries, social engineering techniques were employed. Most often, these were mass attacks in which the criminals aimed to reach the maximum number of victims. To achieve this, they actively leveraged current news about significant global and regional events, including the 2022 FIFA World Cup Qatar.

In every fifth (20%) phishing campaign, the attack was multi-pronged, exploiting multiple social engineering channels simultaneously. Criminals led the victims through a series of steps until the device was infected and data stolen. For instance, users could be lured through social media accounts that contained links to a messenger channel from which the victim would install a malicious application.

One of the reasons for the success of social engineering is the numerous data leaks from various organizations. “According to our research on the cybersecurity threatscape in the Middle East, 63% of successful attacks on individuals in the region resulted in leaks of confidential information. The majority of stolen information consisted of personal data (30%) and account credentials (30%). Cybercriminals were also interested in payment card data (10%) and user correspondence (8%).” the company added.

On the dark web, malicious actors sell information about users and also provide stolen data archives for free. Criminals use the compromised information in subsequent attacks on users. For example, a successful attack on a bank could result in fraudulent actions against its customers. Cybersecurity experts recommend that users follow cyber-hygiene rules.

Companies also need to ensure the security of employee and customer data. Data breaches cause reputational and financial damage and put at risk users whose information has been compromised. To maintain cyber-resilience, it’s essential to regularly assess the effectiveness of security measures and pay special attention to the verification of non-tolerable events.

Continue Reading

Market Research

Cybercriminal Forums Host Attack & Evasion Research Contests, Says Sophos

Published

on

Sophos has announced its discovery regarding the role of research contests within cybercrime forums. These contests serve as a source of inspiration for the development of new attack techniques and methods to evade detection. Remarkably, these contests closely resemble legitimate security conferences’ “Call For Papers” and offer substantial financial rewards, peer recognition, and potential job opportunities to the winners.

Sophos X-Ops has detailed these findings in its latest report, titled “For the Win? Offensive Research Contests on Criminal Forums.” The primary objective of these contests is to foster innovation, and upon closer examination, the submitted entries provide invaluable insights into how cybercriminals strategize to overcome security challenges.

Interestingly, the landscape of these criminal forum competitions has evolved significantly over time. In the early days, cybercrime contests featured trivia quizzes, graphic design competitions, and guessing games. However, contemporary criminal forums are now encouraging attackers to submit comprehensive articles on technical subjects, complete with source code, videos, and screenshots. Following the submission, all forum users are invited to vote for the contest’s victor. Nevertheless, it’s worth noting that the judging process isn’t entirely transparent, as forum owners and contest sponsors also hold influence over the final decision.

“The fact that cybercriminals are running, participating, and even sponsoring these contests, suggests that there is a community goal to advance their tactics and techniques. There is even evidence to suggest that these competitions act as a tool for recruitment amongst prominent threat actor groups,” said Christopher Budd, director of threat research, Sophos. “While our research shows an increased focus on Web-3 related topics such as cryptocurrency, smart contracts and NFTs, many of the winning entries had a broader appeal and could be put to practical use, even if they weren’t particularly novel. This may be reflective of the priorities of the community but could indicate that attackers keep their best research to themselves as they can profit more from using them in real-world attacks.”

Sophos X-Ops delved into the examination of two notable annual competitions: one hosted by the Russian-language cybercrime platform Exploit, which offered a substantial prize pool of $80,000 to its 2021 contest winner, and another conducted on the XSS forum, featuring a prize fund of $40,000 in the year 2022. These contests have received sponsorship from influential figures within the cybercriminal community over several years, with notable contributors including All World Cards and Lockbit.

In the most recent iterations of these contests, Exploit centered its competition around the theme of cryptocurrencies, whereas XSS broadened its scope to encompass various topics, ranging from social engineering and attack vectors to evasion tactics and scam proposals. Many of the victorious entries concentrated on the exploitation of legitimate tools, such as Cobalt Strike. One of the runners-up even shared a tutorial on targeting initial coin offerings (ICOs) to raise funds for a new cryptocurrency, while another provided insights into manipulating privilege tokens to disable Windows Defender.

Continue Reading
Advertisement

Follow Us

Trending

Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.