US Department of Justice catch their man.

Mar 28 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily newsletter that does for cybersecurity what Nigeria does for cybercrime.

Today’s hottest cyber security stories:

  • Han Solo-man charms spinsters, scams $1million
  • GoAnywhere (but here!) zero-day attack
  • Major cybersecurity warning for Australian Google users

HAN SOLO-MAN CHARMS SPINSTERS, SCAMS $1MILLION

In a hilarious turn of events, a 31-year-old Nigerian man, Solomon Ekunke Okpe, has been sentenced to four years in an American jail for his part in online scams that targeted US citizens and banks, resulting in up to $1 million in losses to unsuspecting victims.

After being arrested in Malaysia, Okpe was extradited to the US, where he stood trial and received his prison term. According to the US Department of Justice, Okpe and his accomplices pulled off a range of scams between 2011 and 2017, including business email compromise, work-from-home, check-cashing, romance, and credit card scams.

Their targets included individuals, banks, and businesses in the US and other countries, who fell prey to email phishing attacks that aimed to steal login credentials and other sensitive information. The group’s ultimate goal was to cause over $1 million in losses to US victims, although it’s unclear whether they succeeded.

The gang’s victims included First American Holding Company and MidFirst Bank, among others. Okpe’s co-conspirator, Johnson Uke Obogo, was also sentenced to prison for his involvement in the scams, albeit for a shorter term than Okpe.

GOANYWHERE (BUT HERE!) ZERO-DAY ATTACK

More and more organisations are coming forward to confirm that they have been affected by the newly exposed zero-day exploits, which have been wreaking havoc on Fortra’s GoAnywhere managed file transfer (MFT) software in the wild.

The vulnerability, tracked as CVE-2023-0669, was made public in early February, with a patch being released just a week later. However, it wasn’t long before malicious actors, believed to be a Russian-speaking group called ‘Silence’, began exploiting the flaw to distribute their Cl0p ransomware.

In the past week, the ransomware group has started publishing on their Tor-based leak site the names of several organisations they claim have been impacted by the attack, including high-end retailer Saks Fifth Avenue, consumer goods giant Procter & Gamble, and mining company Rio Tinto, among others.

The City of Toronto and Pluralsight have also come forward, admitting to being affected by the breach.

Previously, several other big-name organisations had confirmed that they had been impacted, including sustainable energy giant Hitachi Energy, cybersecurity firm Rubrik, healthcare provider Community Health Systems, and California-based digital bank Hatch Bank.

In response to a SecurityWeek inquiry, a City of Toronto official confirmed that some data had been compromised in an incident involving a third-party vendor, although they did not specifically name Fortra’s GoAnywhere service.

Saks Fifth Avenue also admitted to being affected by the attack, stating that some of their data had been stolen but insisting that no genuine customer data had been compromised.

Meanwhile, Pluralsight reported that they had immediately ceased using GoAnywhere following Fortra’s notification of the incident, and that they had alerted all affected customers to the risks associated with the attack.

THAT’S NOT A SCAM; THIS IS A SCAM!

Google has just released a new update with some serious weaknesses, and they’re warning users to update their web browser ASAP. Apparently, several teams of experts discovered eight high-risk bugs that cyber criminals could exploit to steal money and data.

The bugs are so dangerous that one of them could allow hackers to access users’ saved passwords, while another gives them access to human-interface devices like mice, touchscreens, and keyboards. Yikes!

Google is keeping the details of these bugs under wraps until enough users have updated their platform to prevent alerting scammers. In the meantime, they’re thanking all the security researchers who worked with them to prevent these bugs from ever reaching the stable channel.

To ensure your safety, Google advises users to update their Chrome web browser to the latest version (111.0.5563.110/.111 for Windows or 111.0.5563.110 for Mac).

You can check if your browser needs to be updated by opening Chrome, selecting “more” (the three dots in the right-hand corner), heading to settings, and then “About Chrome.” If your browser needs to be updated, it will ask you to relaunch.

With a surge in security breaches and hackers targeting Australian data, it’s more important than ever to stay up-to-date with your web browser’s security features.

According to research by data leak detection service Surfshark, Australians’ personal information was being stolen at a rate more than 20 times above the global average in December.

Stay safe out there, mates!

So long and thanks for reading all the phish!

Recent articles