Jul 12 2023
Welcome to Gone Phishing, your daily cybersecurity newsletter that puts more pressure on cybercriminals than Sam Smith’s gut puts on his sparkly, sequined leotard 😳🙈😂
Today’s hottest cyber security stories:
🏦 Revolut online bank flaw lets hackers make off with $20m 💰
❤️ RomCom love RAT returns: targets NATO, Ukraine
🌐 Mozilla launches ‘Quarantine Domain’ feature to combat cybercrime 🎉
Turns out it’s not just France that’s been looted, folks. The poor sods at Revolut have been had and been had bad, and the worst part is they sort of asked for it! 😬 Let us explain…
So, sure, they’re a bank but still we don’t think Revolut will be too thrilled about having $20m stolen by opportunistic hackers who spotted a critical flaw in the online bank’s payment systems.
Not to rub salt in the wound but coming from a user of Revolut, I’m sort of glad it was their money, rather than their customers’. Is that terrible? 😳🙈
Anyway, the question is how did these devious devils manage to sneakily syphon $23* million before the scam was finally detected and dealt with (sort of) by Revolut? Well, it all started with discrepancies between Revolut’s U.S. and European systems 😵😵😵
Thanks to these discrepancies, scammers noticed that by “encouraging individuals to try to make expensive purchases that would go on to be declined.”
So it seems to us like Revolut would essentially cover the refunds themselves and before the system had a chance to rectify things, i.e., retrieve the money from the merchant, the criminals would withdraw the money from ATMs 💵💵💵
To be fair, though, the exact technical details associated with the flaw are currently unclear. Inside job? Ha, just kidding; don’t sue us, Revolut! 🧑⚖️📝
What we do know is, for such an essentially unsophisticated scam, this has got to be one of the most lucrative cyber heists in recent memory. I mean, it’s such an oversight by Revolut that you almost can’t blame the cybercriminals. Almost.
*About $23 million was stolen in total, with some funds recovered by pursuing those who had withdrawn cash. The mass fraud scheme is said to have resulted in a net loss of about $20 million for the neobank and fintech firm 🚫🚫🚫
Geez, somebody’s getting fired. You say you want a revolution. Well, you know, we all want to change the world 🎶
Incidentally, based on a variety of factors, this latest screw up being only one, we would be very weary of Revolut.
Quick word from our sponsors today – ZZZ Money Club
I came across ZZZ money club during the crypto market bull run, even during the bear market this discord group have been amazing at giving information on projects and ways to make passive income in various ways.
The group are very active and everyone in this private discord group is very chatty and helpful.
If you are interested in joining the group you can through the link below.
Guess who’s back, back again. Get Hugh Grant on the blower because it’s the notorious RomCom RAT back for the sequel! Our friends at BlackBerry (still a thing, apparently 👀) Threat Research and Intelligence have uncovered some juicy details about their latest escapades.
It seems these sneaky hackers have set their sights on two major targets. First up, they’re aiming their phishing attacks at the upcoming NATO Summit in Vilnius.
They’ve also been causing trouble for an organisation supporting Ukraine abroad. Stinks of Russia to us! 💀
The BlackBerry team traced the activity back to a sketchy IP address in Hungary on July 4, 2023. But these RomCom rascals are pretty proficient at covering their tracks.
FYI, RomCom goes by a few different names: Tropical Scorpius, UNC2596, and Void Rabisu. These cyber villains have been wreaking havoc on politicians in Ukraine, especially those cozying up to Western countries.
They’ve even taken a swipe at an American healthcare organisation that’s helping refugees from the war-torn country.
Their modus operandi? Well, they’re experts at spear-phishing, using cleverly crafted emails to lure their unsuspecting victims.
These emails lead folks to fake websites that host “trojanized” versions of popular software.
The latest documents uncovered by BlackBerry impersonate the Ukrainian World Congress, a legitimate non-profit. One document even pretends to be a letter supporting Ukraine’s inclusion in NATO.
Very interesting… 🤔
🗞️ Extra, Extra! Read all about it 🗞️
Each week, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!
💸 Millionaire Habits’s: Learn how to steal the simple habits of millionaire in 3 minutes or less straight from your inbox
🤯 Bot Eat Brain: Teaches how to harness the awesome power of AI whilst avoiding common pitfalls.
💅 Stand the f*ck out: Anxious about AI, wary customers, and rising competition? This on-trend newsletter could be just the ticket.
Let us know what you think!
Finally some good news! 🎉 Mozilla has announced that some add-ons may be blocked from running on certain sites as part of a new feature called Quarantined Domains.
“We have introduced a new back-end feature to only allow some extensions monitored by Mozilla to run on specific websites for various reasons, including security concerns,” the company said in its Release Notes for Firefox 115.0 shipped last week.
The company said the openness afforded by the add-on ecosystem could be exploited by malicious actors to their advantage. You’re telling us?! 😑
“This feature allows us to prevent attacks by malicious actors targeting specific domains when we have reason to believe there may be malicious add-ons we have not yet discovered,” Mozilla said in a separate support document.
We hope this shred of positivity in the often rather bleak cybersphere will keep you going through hump day, dear readers. Godspeed!
So long and thanks for reading all the phish!