Jul 26 2023
Welcome to Gone Phishing, your daily cybersecurity newsletter that’s the #Israel to cybercrime’s #Palestine. Or vice versa 🤔😂
Today’s hottest cyber security stories:
👮 FBI: Tech support scams collect cash in SHIPPING CONTAINERS
💻 Hackers go toe to toe with police as they swap extortion tactics
📜 Years old secret code reveals its fatal flaw: a backdoor 🚪
📰 🚨 FBI Warns of Surge in Tech Support Scams Targeting Elderly 🚨 📰
The FBI has issued a warning about a recent rise in tech support scams targeting older adults across the United States. Scammers are now adopting a new tactic, instructing victims to send cash hidden within magazines or similar items through shipping firms. 😱
In the past, tech support scammers typically asked for money via bank transfers, cryptocurrencies, or gift cards. However, they've now changed their approach, making it even more crucial for the elderly to stay alert. 😔
These scammers use various methods like phone calls, texts, emails, and pop-up windows to pose as legitimate company representatives. They trick victims by claiming there are fraudulent activities linked to their accounts or by promising subscription refunds. 😞
Once they've gained the victim's trust, scammers ask them to download remote access software, which gives them control over the victim's computer. They then log into the victim's bank account and deliberately deposit a larger sum of money, asking the victim to return the extra cash to avoid losing their job. 🎣💻💰
I came across ZZZ money club during the crypto market bull run when everyone’s a winner, even during the bear market this discord group has been amazing at giving information on projects and ways to make passive income in various ways.
The group is very active and everyone in this private discord group is very chatty and helpful.
If you are interested in joining the group you can through the link below.
📰🕵️♂️ New Strategy Alert: Criminal Hacker Groups Favour Data Theft Over Ransomware 🕵️♂️📰
Ransomware gangs are shifting their tactics to target innocent companies for cryptocurrency theft. Instead of using traditional ransomware that encrypts computer files, they now opt for data theft. The strategy involves stealing sensitive data and threatening to publish it unless a payment is made. 😱💻💰
This change in approach follows years of relentless ransomware attacks on schools, hospitals, businesses, and government organisations. Notable incidents, like the Colonial Pipeline attack in 2021 and the attack on Ireland's public health system, brought operations to a standstill. 😞🚫⛽
Lizzie Cookson, from the cyber extortion incident response firm Coveware, highlights that the cyber extortion landscape has been gradually shifting towards data theft for the last two years, and it's now gaining momentum. 📈💻🔒
This shift also coincides with law enforcement's increased efforts to crack down on ransomware, prompting some hacking groups to adjust their tactics. For example, the LockBit gang forbids affiliates from encrypting files for critical infrastructure and medical facilities but allows them to steal data. 🚫🏥💽
This new approach allows targeted entities to continue their operations, but the fallout from leaked data can still be detrimental to the company, customers, or patients. 🏢🤐💔
According to cybersecurity experts, incidents relying solely on data theft without encryption have surged by over 50% since last year. A report from Coveware revealed that 70% of attacks against companies with over 10,000 employees were limited to data theft only. 📈🔐💻
The Clop extortion gang has been actively using this strategy in recent months, exploiting software flaws to compromise data from various organisations, including British Airways, the British Broadcasting Corp., and Minnesota's Department of Education. 🔍🛡️💼
Businesses and organisations must stay vigilant and implement robust cybersecurity measures to protect themselves from these evolving threats. 🔒💪🌐
🗞️ Extra, Extra! Read all about it 🗞️
Each fortnite, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!
💸 The MoneyFitt Morning: A daily heads-up on what's important in investing & business. Loved by investors of all levels.
📈 Trends.vc: Discover new markets and ideas. Join 55,248 founders using this free newsletter to stay ahead.
😈 The API Hacker Inner Circle: Join a community of developers, testers, and hackers who are upskilling their API hacking tradecraft
Let us know what you think!
📰🔒 Critical Radio Communication Technology Reveals Alarming Vulnerabilities 🔒📰
For over 25 years, a secretive technology used worldwide for data and voice radio communications has finally been exposed by Dutch researchers, revealing serious flaws, including a deliberate backdoor. 😱📻
The encryption algorithm embedded in radios sold for commercial use in critical infrastructure contains a backdoor, allowing potential attackers to snoop on communications and manipulate systems.
This technology is widely used in pipelines, railways, electric grids, mass transit, and freight trains. A breach could trigger blackouts, halt gas pipeline flows, or redirect trains, posing significant risks to public safety and security. 🚂🔌🛢️
Moreover, the same radio technology, found in systems used exclusively by police forces, military, intelligence agencies, and emergency services, was discovered to have a separate vulnerability. This flaw allows decryption of encrypted voice and data communications, enabling attackers to spread misinformation or divert personnel and forces during critical moments. 💬🚓🚑🔓
The vulnerabilities were found in the European radio standard called TETRA, used by companies like Motorola, Damm, and Hytera since the '90s. The flaws remained hidden because the encryption algorithms were kept secret until now. 🕵️♂️🔍
Although TETRA is less common in the US, it is still used in at least two dozen critical infrastructures, including electric utilities, state border control agencies, oil refineries, chemical plants, major East Coast mass transit systems, international airports, and a US Army training base. Identifying users is difficult as TETRA is embedded in radios supplied through resellers and integrators. 🇺🇸📻🛡️
This revelation underscores the importance of thorough security evaluations for critical communication technologies to protect against potential threats. 💪🔐👨💻
Stay safe out there cyber-squad!!
So long and thanks for reading all the phish!