Mar 22 2023
Welcome to Gone Phishing, your daily cybersecurity newsletter that’s hot like cyber-sauce.
Today’s hottest cyber security stories:
Well folks, to follow on from yesterday’s story on the arrest of BreachForums admin pompompurin, it looks like the party’s finally over for BreachForums, the place where hackers could get together and swap stolen databases like they were Pokemon cards.
In a shocking twist, the forum’s admin Baphomet announced yesterday that the site has been officially taken down. But fear not cybercriminals, it’s not all doom and gloom!
Baphomet, in a message posted on the BreachForums Telegram channel, stated that “it’s not the end” and that we should trust him on this one. Sure, we may hate him now and disagree with his decision, but he’s promised that what’s coming next will be better for all of us. Phew, what a relief, eh?!
“You are allowed to hate me, and disagree with my decision but I promise what is to come will be better for us all,” Baphomet noted in a message posted on the BreachForums Telegram channel.
Baphomet’s extended take (highly paraphrased lol):
But let’s be real here, we all know why the forum got shut down. It’s because the big, bad law enforcement finally caught wind of our shenanigans and got their grubby little hands on our configs, source codes, and information about us users.
And to add insult to injury, our beloved admin Conor Brian Fitzpatrick (aka “pompompurin”) got arrested for conspiracy to commit access device fraud. Looks like he won’t be joining us for any more hacking shenanigans anytime soon.
With BreachForums out of commission, we may have to migrate to underground forums to peddle our warez. But let’s face it, we’re hackers! We’re resourceful! We’ll find a way to keep our criminal activities going strong.
And if you’re worried about getting your fix of cybercrime activities, don’t fret. Telegram’s got you covered! It’s still a hot spot for all your malware, personal and corporate data dumps, and other illicit goods like counterfeits and drugs. So sit back, relax, and let the criminal activities continue.
In all seriousness, this is fantastic news. We’re sure they’ll eventually bounce back (they always do!) but, for now, let’s just enjoy this win, shall we?
In the midst of the ongoing conflict between Ukraine and Russia, various organisations in Donetsk, Lugansk, and Crimea related to government, agriculture, and transportation have fallen prey to a new modular framework called CommonMagic, as part of an active campaign. The Russian cybersecurity company Kaspersky, which identified the attacks in October 2022, refers to this activity cluster as “Bad Magic.”
Although the initial method of compromise remains unclear, Kaspersky suggests spear phishing or similar methods may have been used in the second stage of the attack.
The attack chain involves booby-trapped URLs that lead to a malicious ZIP archive hosted on a server. When the file is opened, a decoy document and a malicious LNK file are contained within, which ultimately results in the deployment of a backdoor named PowerMagic.
“Geopolitics always affect the cyberthreat landscape and lead to the emergence of new threats,” according to Leonid Besverzhenko of Kaspersky.
Although the malware and techniques employed in the CommonMagic campaign are not particularly sophisticated, the use of cloud storage as the command-and-control infrastructure is noteworthy.”
Stay safe out there!
Just when your old dear was beginning to get her head around QR codes, the scammers are showing up in full force to ruin the party as per.
Let’s have a quick look at the key facts regarding this new weapon the hackers have added to their ever expanding arsenal…
These are the latest facts and figures for Q4 with headlines to indicate key takeaways. We really make it easy for you, don’t we?
The rise of QR scan scams
Since October 2022, HP has seen almost daily QR code “scan scam” campaigns. These scams trick users into scanning QR codes from their PCs using their mobile devices – potentially to take advantage of weaker phishing protection and detection on such devices.
QR codes direct users to malicious websites asking for credit and debit card details. Examples in Q4 included phishing campaigns masquerading as parcel delivery companies seeking payment.
38% rise in malicious PDF attachments
Recent attacks use embedded images that link to encrypted malicious ZIP files, bypassing web gateway scanners. The PDF instructions contain a password that the user is tricked into entering to unpack a ZIP file, deploying QakBot or IcedID malware to gain unauthorised access to systems, which are used as beachheads to deploy ransomware.
42% of malware was delivered inside archive files like ZIP, RAR, and IMG
The popularity of archives has risen 20% since Q1 2022, as threat actors switch to scripts to run their payloads. This is compared to 38% of malware delivered through Office files such as Microsoft Word, Excel, and PowerPoint.
So, yeah careful which codes you get a snappy snap of…. Could come back and bite you in the proverbial.
So long and thanks for reading all the phish!