STE WILLIAMS

People who are just trying to be good citizens of Facebookland, by reporting fake accounts set up by, say, a scammer pretending to be their dead granny, are being locked out of their own accounts by what looks like a glitch in Facebook’s reporting function.

Users frustrated at the lockouts had taken to Twitter to get Facebook’s attention with the hashtag #FacebookLockout. Some users said that for up to a month or more, there had been a Catch-22 loop, where reporting a scam account led to Facebook freezing the reporting user’s account, presenting them with a request to confirm their ID, and then failing to upload their ID.

2/ The #FacebookLockout affects #facebook, @FBBusiness, @Instagram Ads, and 3rd party Facebook Authentication. All… twitter.com/i/web/status/1…

—
Cory Comer (@corywcomer) October 14, 2019

Cory Comer, a marketing professional, said that he was locked out of his account for a week, with no help from Facebook. He told Mashable that nobody at his company could access its official Facebook page, either, given that Comer’s personal profile was connected to that of his business.

Comer has since gotten his account back, but he said that he’s talked to users who’ve been locked out of their Facebook accounts now for a month.

There can be any of a number of reasons behind getting locked out of an account – Facebook has done it when it suspects you’re not following its real name policy by using your real name or birthdate, or if they think that you’re using a fake account, for example.

But in this particular situation, the stories told by the #FacebookLockout account holders follow a similar pattern: they were locked out soon after reporting a fake profile.

All this headache, just for reporting a scammer, Comer said:

I had an old colleague of mine add me on Facebook as a friend. After I accepted the request, he reached out to me on Messenger and asked me to give him money. So I was like, ‘Alright, you’re not Dave,’ and I reported them. Just a few hours later, I was locked out of my account.

It is not, unfortunately, just a headache when you get locked out of your Facebook account. When it comes to businesses, it means lost revenues and/or wasted money spent on Facebook ad costs. Mashable spoke to one such Facebook user, Kara Missione:

My account has been locked 23 days now with zero assistance in any form from Facebook. I run a large part of my business on Facebook and we pay significant ad costs. I’ve lost income. Financially and emotionally it’s been a hit.

On Tuesday afternoon, a Facebook spokesperson acknowledged that there’s been an issue with unnecessary account verification requests, but that the problem has been “quickly” cleared up:

We worked quickly to fix an issue where we unnecessarily asked some people to verify their accounts after they reported account impersonation for someone else. We’ve removed this request and restored access to the affected accounts.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/FKCF-gt07L8/

Xbox gamers: fed up with seeing profanity in messages from other gamers? Microsoft has you covered. It’s about to roll out a new feature that will hide the language you don’t want to see.

Microsoft has spent years trying to train Xbox gamers to play nicely, with a code of conduct and a set of community standards. However, there will always be a subset of potty-mouthed players that want to crank up the bad language. This latest feature, called Message Safety, takes a stab at filtering out user messages that people might find offensive.

Gamers can use the Message Safety feature to filter text, along with content in images, videos, and animations. It’s also possible to filter web links for offensive content, according to Microsoft. You can also differentiate what you see in messages that you receive from people in your circle of friends and what you see in message requests from new people.

This isn’t the first time that Microsoft has let users control what they see. Its family content filters already let parents filter out games and movies for their kids based on the age rating.

Filtering out user-generated content is a much tougher problem, though. An 18 rating on a movie is pretty clear, but as Microsoft says, people interpret messages from other users in different ways. What might seem like mild trash talk to one person could be very upsetting to someone else. So the company has dodged the whole debate on what it considers beyond the pale by handing responsibility to the user. Instead of one ‘good or bad’ message filter, it offers four (well, three, with the fourth option being none at all).

In a video explaining the system, Xbox Live director of programming Larry Hryb says:

The feature was not created to limit the kind of content you and your friends can post online. Rather, it gives you as the recipient the ability to customise your gaming experience so that you only see content based on your individual preferences.

The ‘friendly’ setting errs on the side of caution, detecting and hiding as much offensive content as it can find, and will be the default filter for all child accounts.

The ‘medium’ setting tries to find a happy, um, medium, eliminating vulgar words intended to bully or discriminate, but leaving in the kind of competitive online joshing that gamers might exchange in fun.

For more adventurous gamers, ‘mature’ hides content that’s considered harmful for those receiving it, while unfiltered leaves everything in, allowing for the same linguistic wild west as before. If you decide that you want to turn the full Internet of Swears back on for a limited period, there’s a ‘view hidden content’ switch that you can turn on and off at will.

You’ll find Message Safety in Settings/Online Safety and Family, but not just yet. Microsoft is starting by offering the service to gamers in its insider preview programme and will expand to everyone else over time.

Its filters will work in 21 languages and will be available on the Xbox and on Xbox apps on PC and mobile.

You can see why the company is taking a phased approach to this. Deciding which content is fun trash talk vs harmful is subjective, and we imagine that Microsoft will be trying to handle this at scale using AI.

Will there be missteps? Probably. But this is still a laudable effort to tame a notoriously wild part of cyberspace. Three-quarters of gamers said recently that they suffered hate and harassment online, with one in ten reporting suicidal thoughts. Female gamers were the biggest target, according to the research from the Anti-Defamation League.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/nclkSAFPYh8/

For what seems like the umpteenth time this year, a big company has found itself struggling after a ransomware attack.

The victim this time is US mailing services company, Pitney Bowes, which made an announcement to explain why a range of its services had been disrupted.

The company is famous for its franking machines but these days that physical function is integrated with larger tracking systems, which in turn tie into parcel delivery networks.

This means you can frank parcels but also know where they are. Currently, some of those services might be down, the company said, including SendPro products, postage refill, ‘Your Account’ access, and the ‘Supplies’ web store.

We don’t know which ransomware is involved, nor when the affected systems might return. The company offered this reassurance:

In consultation with our security advisors on this issue, we do not believe there are other client risks. We have seen no evidence that customer accounts or data have been impacted.

Groupe M6 and beyond

In a separate ransomware incident, French media company Groupe M6 was hit by an attack at the weekend that took down servers and phone lines.

Although the company appears to have suffered only mild disruption, at least one other company, TV station TF1, tweeted that it had stopped email communication with Groupe M6 for fear of the infection spreading.

Le Groupe #TF1 interdit à ses collaborateurs toute communication par mail avec le Groupe #M6 suite à la cyber-attaq… twitter.com/i/web/status/1…

—
🍍 Anaël (@anaelgr) October 14, 2019

Only days before that, US company Alphabroder was hit by Sodinokibi, a derivative of the GandCrab ransomware.

According to CNN, different layers of US government and healthcare have already seen 140 incidents of ransomware in 2019 to date.

Earlier this month, the FBI put out another of its pained alerts on ransomware, which advised victims not to pay the ransom to recover files. It said that not only does this not result in a usable key, but more generally, it just encourages the crooks:

Paying ransoms emboldens criminals to target other organizations and provides an alluring and lucrative enterprise to other criminals.

One recent prominent holdout was the city of New Bedford in Massachusetts, which publicly refused the attacker’s demand for Bitcoins equivalent to $5.3 million.

What to do?

Sadly, ransomware attacks show little sign of abating, and our usual anti-ransomware advice applies, including the rather obvious reminder that “the only backup you’ll ever regret is the one you didn’t make.”

In short:

• Patch early, patch often. Don’t make it easy for the crooks to get in through the back door.
• Pick proper passwords. Don’t make it easy for the crooks to get in through the front door.
• Use two-factor authentication. Lock the front door, and bolt it too.
• Make regular backups. Ransomware isn’t the only way you can lose your files, so don’t risk keeping only a single copy.
• Keep an off-site backup. Ransomware often tries to find and wipe out any online backups first – so offline backups are your backup’s backup.
• Think before you click. Never open attachments or click through to web links just because an email tells you to.
• Use an up-to-date anti-virus, web filter and exploit blocker. Ransomware that can’t run can’t even read your files, let alone overwrite them.

For more advice, please check out our END OF RANSOMWARE page.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/FnL73iuw19c/

British food writer and activist Jack Monroe has had her bank account drained by hijackers, despite using two-factor authentication (2FA) to protect accounts.

On Friday, Monroe tweeted that her phone number had been SIM-jacked: hit with SIM swap fraud that enabled a hijacker to take over her phone number, intercept the codes sent for the 2FA she says she uses on all her accounts, and drained her accounts of what appeared, at least initially, to be about £5,000 ($6,350) – a figure that could rise.

The self-employed freelancer, who says she has to hustle “for every pound I earn,” said that her card details and PayPal information were apparently intercepted during an online transaction. Meanwhile, her phone number was ported to a new SIM card, Monroe said.

SIM swap fraud is one of the simplest, and therefore the most popular, ways for crooks to skirt the protection of 2FA, according to a warning that the FBI sent to US companies last month.

How the crooks swing a SIM swap

As we’ve explained, SIM swaps work because phone numbers are actually tied to the phone’s SIM card – in fact, SIM is short for subscriber identity module, a special system-on-a-chip card that securely stores the cryptographic secret that identifies your phone number to the network.

Most mobile phone shops out there can issue and activate replacement SIM cards quickly, causing your old SIM to go dead and the new SIM card to take over your phone number…and your telephonic identity.

That comes in handy when you get a new phone or lose your phone: your phone carrier will be happy to sell you a new phone, with a new SIM, that has your old number.

But if a SIM-swap scammer can get enough information about you, they can just pretend they’re you and then social-engineer that swap of your phone number to a new SIM card that’s under their control.

By stealing your phone number, the crooks start receiving your text messages along with your phone calls, and if you’ve set up SMS-based 2FA, the crooks now have access to your 2FA codes – at least, until you notice that your phone has gone dead, and manage to convince your account providers that somebody else has hijacked your account…

…which, hopefully, Monroe can do.

On Tuesday, she said that so far, she’s “played nicely” because she wants her phone number and money back, but that as soon as she gets them, she’s “going to town on both my phone provider and bank for allowing this to happen.”

Valuable PII posted publicly

Monroe said that at least one type of identity verification information – her birthdate – is publicly available, in her Wikipedia entry, so there’s no obfuscating that. (Though those of us who aren’t public celebrities with Wikipedia pages should at least try to keep that personally identifiable information [PII] out of the public eye.)

She pre-empted potential cybersecurity finger-wagging by pointing out that she doesn’t use publicly available email addresses on her financial accounts and that her passwords are “gobbledegook letters and numbers and special characters” – in other words, she’s using proper, tougher-than-nails, and, one assumes, unique passwords.

And before everyone comments:
I don’t use publicly available email addresses on my financial accounts.
My passwords… twitter.com/i/web/status/1…

—
☘️🇨🇾Jack Monroe (@BootstrapCook) October 11, 2019

(If you need to know how to cook up such passwords, please do read this. If you reuse the same password(s), please don’t. Here’s why it’s a bad idea.)

What to do?

When it comes to avoiding SIM swap fraud, Paul Ducklin has useful tips, and they’re certainly worth repeating now:

Watch out for phishing emails or fake websites that crooks use to acquire your usernames and passwords in the first place. Generally speaking, SIM swap crooks need access to your text messages as a last step, meaning that they’ve already figured out your account number, username, password and so on.

Avoid obvious answers to account security questions. Consider using a password manager to generate absurd and unguessable answers to the sort of questions that crooks might otherwise work out from your social media accounts. The crooks might guess that your first car was a Toyota, but they’re much less likely to figure out that it was a 87X4TNETENNBA.

Use an on-access (real time) anti-virus and keep it up-to-date. One common way for crooks to figure out usernames and passwords is by means of keylogger malware, which lies low until you visit specific web pages such as your bank’s logon page, then springs into action to record what you type while you’re logging on. A good real time anti-virus will help you to block dangerous web links, infected email attachments and malicious downloads.

Be suspicious if your phone drops back to “emergency calls only” unexpectedly. Check with friends or colleagues on the same network to see if they are having problems. If you need to, borrow a friend’s phone to contact your mobile provider to ask for help. Be prepared to attend a shop or service centre in person if you can, and take ID and other evidence with you to back yourself up.

Consider switching from SMS-based 2FA codes to codes generated by an authenticator app. This means the crooks have to steal your phone and figure out your lock code in order to access the app that generates your unique sequence of logon codes.

Having said that, switching from SMS to app-based authentication isn’t a panacea.

Malware on your phone may be able to coerce the authenticator app into generating the next token without you realizing it – and canny scammers may even phone you up and try to trick you into reading out your next logon code, often pretending they’re doing some sort of “fraud check”.

If in doubt, don’t give it out!

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/QJiDHTqtHDo/

These days, crooks aren’t just after your banking passwords or your credit card numbers.

Hacked social media accounts have real value in the cyberunderground, because they provide crooks with a way to reach out convincingly to your friends and family.

If a random stranger tells you to click a link, install an app, or download a file, you’ll be suspicious; but if your mum, or a close friend, or your boss does the same thing, you’ll be inclined to believe them.

So, following our recent warnings about scams trying to phish your Instagram account passwords…

…in this article we’ll show you the other side of that nasty equation.

Here’s what the crooks actually do with social network accounts once they’ve got access.

This one was received by one of our team via their LinkedIn account, and at first glance it seems unexceptionable:

The sender was someone that the recipient knows in real life and keeps in touch with professionally via LinkedIn.

Sending cloud-based documents to business contacts – using online file storage services such as OneDrive, DropBox and Google Docs – isn’t unusual.

If the file has a personal angle, such as privately asking you if you’re interesting in applying for a new job, it’s perfectly reasonable for the sender not to mention the nature of the document in the original message.

In this case, the recipient was suspicious right away because the sender used their full name, rather than the shortened form they usually go by.

The URL started with the believable text www.businessinsight, giving it a genuine look, but ended with the name of someone else’s website – in this case, an professional entertainer in the USA, whose server had apparently and unobtrusively been hacked.

Clicking the bogus link used a redirection script on the hacked server to divert the request to a second server, this time for a business in Mexico – complete with a valid HTTPS certificate to put a padlock in your address bar.

The final URL ended with /office365, so we’re assuming it was supposed to come up as a clone of the Microsoft Office365 login page that would invite you to enter your username and password – not entirely unexpected, given that the sender of the scam message explicitly mentioned using OneDrive, which is part of Microsoft’s Office365 ecosystem.

Fortunately, it looks as though the affected site in Mexico has already spotted this scam and removed the offending content, because we ended up on a 404 No Encontrado page – 404 is the HTML code for “not found”, and no encontrado means “not found” in Spanish:

What else are the crooks up to?

We wondered if the same crooks were running any other scams via different subdomains of the entertainer’s website, so we tried related text in place of businessinsights, and immediately hit pay dirt:

All the other subdomains we tried redirected us to one of several different “dating site” portals, all of them NSFW.

The content varied by the country from which we initiated the connection, but all of them made their nature pretty clear – and expected you to sign up and pay a fee before you could go much further.

As far as we could tell, all the diversions were handled via the same PHP redirection script on the unfortunate US entertainer’s site.

By redirecting only URLs that the entertainer himself didn’t intend to serve up, and thus wouldn’t know to look for, the crooks made sure that that the original web pages continued working just fine, so neither he nor his customers would see anything unusual.

Nevertheless, the redirection script provided the crooks with a general-purpose mechanism for running a range of different spamming, phishing and scamming campaigns at the same time, with the target site determined by the URL that the crooks used each time.

By default, the crooks seem to be trying to earn referral fees from sexual hook-up sites; but for at least one specific domain, they’re phishing for new online passwords.

What to do?

Our colleague promptly did the right things, namely: didn’t click through “just to see what might happen”; asked us to investigate; and contacted the sender to warn them that their account had almost certainly been hacked.

We recommend that you react the same way if someone you know acts out of character and sends you a message that doesn’t feel right:

• Check for giveaway mistakes. Unfortunately, the crooks don’t always make typos, or use the name you only get called by your mum when you are in trouble. But if they do make mistakes, look out for them, and use them as a sign that the message is bogus.
• Report suspicious messages and sites to your favourite cybersecurity company. You can report potential cyberthreats – files, emails and URLs – to Sophos via our Submit a Sample page.
• Let the sender know if you can. Friends don’t let friends stay hacked, so do your best to make the sender aware. But don’t reply only to the account you think has been compromised, because the crooks may very well see your warning first and delete it. Try contacting the sender via an alternative channel, such as a phone call.
• Pass on our advice about proper passwords and 2FA. Make sure you, your friends and your family are all making it as hard as possible for the crooks to get into your accounts.

And if you’re running a web server that doesn’t need or get a lot of attention because it’s there merely as an adjunct to your non-internet-based business – for example, if you’re a plumber, or a dog-walker, or an entertainer – then don’t leave your server to the depradations of the crooks.

Make sure that whoever looks after your website for you does the right thing, including keeping up with the following checklist:

• Patch early, patch often. That includes the operating system, the server applications, and any plugins added to extend the functionality of the site.
• Pick proper passwords and use 2FA. If you can do it in your home life, they can do it in their professional lives, too.
• Monitor and report changes. Most websites are organised via some sort of content management system (CMS) such as WordPress, Drupal or Joomla. These keep a systematic record of additions, deletions and changes – a changelog can often help you find new problems before the crooks do, or spot that crooks are snooping around before they do any real harm.

STAY SAFE ONLINE – OUR TOP TIPS IN JUST 60 SECONDS

The Naked Security team share their tips for staying safe online.

If you could give just one tip, what would it be… twitter.com/i/web/status/1…

—
Naked Security (@NakedSecurity) October 10, 2019

---

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/gPv7HneIlgQ/

Adobe has finally released its October batch of security updates. It was quiet on Patch Tuesday last week, and now it’s roaring in with scores of fixes for Reader, Acrobat, and Experience Manager.

The bulk of the bug fixes are for Acrobat and Reader, where a total of 67 CVE-listed flaws were patched today. Successful exploitation, by tricking someone into opening a booby-trapped document, will lead to arbitrary code execution with the logged-in user’s rights. Adobe says it has not yet received reports of attacks in the wild for any of these bugs.

While most of the vulnerabilities can be exploited to gain some type of remote code execution, there are a number of information disclosure flaws addressed this month, thanks in large part to a collection of 21 different out-of-bounds read flaws.

Another dozen of the patches are for CVE-listed vulnerabilities in Adobe Experience Manager. The most serious would allow an attacker to circumvent login requirements – things like cross-site request forgeries, cross-site scripting, and authentication bypass flaws.

Users can get the fixes by selecting “check for updates” from the Help menu.

Nothing to snort at

Admins will also want to set aside some time to make sure that any network appliances using Snort to analyse traffic get the latest rule update from Cisco Talos. The network security firm says it has added 76 new rules to address things like the recent vBulletin and Apple WebKit vulnerabilities that have been targeted in the wild.

“Talos has added and modified multiple rules in the browser-ie, browser-plugins, browser-webkit, file-multimedia, file-other, os-mobile, os-windows, server-other and sql rule sets to provide coverage for emerging threats from these technologies,” the Cisco outfit says of the update.

The rule update will not patch the actual flaws, but does include measures to prevent those attacks from being carried out on networks where Snort is being used to inspect and filter packets.

Finally, if anyone has not got around to installing last week’s Patch Tuesday fixes, now would be a good time to take care of that.

The October Patch Tuesday bundle included patches for 59 CVE-entries, among the more serious were code execution holes in Excel and remote desktop vulnerabilities that continue to be an issue for Microsoft.

SAP and Google Android patches were also released last week. ®

Sponsored:
What next after Netezza?

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2019/10/15/adobe_snort_patch/

Paying a ransom is strongly discouraged by experts. So, how do you protect your organization?

Because of a few key elements, ransomware is a growing threat for all Internet-connected enterprises. First, the barrier to entry in terms of cost is very low for adversaries because ransomware is inexpensive to purchase on the Dark Web. Second, ransomware is often distributed via email, which is also inexpensive (if not free) and can be used for targeted or random attacks. Finally, ransomware exploits the weakest element of cybersecurity: people.

Recently, the news of attacks in Atlanta, Baltimore, and throughout Texas have shown just how devastating ransomware attacks can be to state and local governments.

• Atlanta spent more than $2.6 million in 2018 to recover from an attack, where adversaries demanded roughly $50,000.
• In 2019, Baltimore will likely endure more than $18 million in expenses to recover from a ransomware attack that demanded 13 bitcoin (roughly $75,000).
• In Texas, widespread ransomware attacks have affected computer systems in 22 municipalities, with one mayor confirming that attackers demanded $2.5 million.

While the specific ransomware used in each of these attacks was different, there is a common theme that ran through these ransomware attacks: Intended victims were not prepared to respond.

While ransomware continues to rise, most experts and the FBI strongly discourage paying ransom because A) paying ransom does not guarantee systems or data will be restored, and B) paying ransom makes a victim much more likely to be targeted again.

How to Prepare for Ransomware Attacks
If you don’t pay a ransom, how do you reduce the impact of ransomware attacks? There are five best practices that can greatly reduce the likelihood of being attacked and, more importantly, can greatly reduce the impact if and when a ransomware strike occurs.

1. Asset identification and management: Having a current configuration management database and crown jewels assessment (CJA) are crucial. (A CJA identifies cyber assets that are most critical to the accomplishment of an organization’s mission.) Adversaries will target a combination of the most valuable and most vulnerable systems and data. You will want to view your environment from the perspective of an adversary.

2. Patch management: Knowing your own environment is not much value if you don’t also protect it. Most attacks are not flashy “zero-day” exploits. Adversaries are recyclers who will gladly use an old exploit against a new target. A prime example of this is Heartbleed, an attack that still successfully capitalized on a five-year-old vulnerability (CVE-2014-0160) because victim organizations refuse to adapt. Don’t be an easy target!

3. Threat intelligence: While most cybersecurity organizations continue to focus their gaze internally, the only way to move from reactive to proactive is through intelligence. Cybersecurity professionals who understand threat trends and the landscape, which includes adversaries, tactics, techniques, and procedures, are empowered to capitalize on such knowledge to prevent attacks.

4. Automation: Organizations are overrun with massive amounts of data, information, and intelligence. Considering the skills gap that is still challenging the industry, there is rarely enough time in the day to adequately address all critical or high-level security events, let alone the moderate and low risks. Only through automation, wherein machines capitalize on high-fidelity intelligence to take actions without human intervention, can cyber defenders have the time needed to focus on the biggest-impact security matters.

5. Training: Whether in the physical world or cyberspace, people continue to be the weakest link. A robust training program, one that continually incorporates rewards and retraining, will keep personnel aware and vigilant when it comes to the types of phishing campaigns that often lead to ransomware attacks.

Related Content:

• 8 Head-Turning Ransomware Attacks to Hit City Governments
• Ransomware Hits Multiple, Older Vulnerabilities
• Ransomware Strikes 49 School Districts Colleges in 2019
• The Rise of Bespoke Ransomware

Check out The Edge, Dark Reading’s new section for features, threat data, and in-depth perspectives. Today’s top story: “Works of Art: Cybersecurity Inspires 6 Winning Ideas“

AJ Nash has more than two decades of experience in intelligence collection, analysis, reporting, briefing, process improvement, and leadership. Prior to Anomali, he was a Senior Manager of Cyber Threat Intelligence at Capital One, Global Head of Cyber Intelligence at … View Full Bio

Article source: https://www.darkreading.com/5-steps-to-protect-against-ransomware-attacks/a/d-id/1336039?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

New research finds it’s now less than $10 for full credit details on a consumer, $100 for a distributed denial-of-service attack, and $50 for access to a US bank account.

The price of stolen financial information and hacker tools on the Dark Web have mostly stagnated over the past two years as the usefulness of stolen data becomes less certain amid a rise in data breaches.

In its annual survey of prices for certain services on the Dark Web, Flashpoint found that digital profiles and financial information, so called “fullz,” sold for between $4 and $10, slightly higher than in 2017, while the rental of exploit kits varied between $80 to $100 per day, about the same as 2017. Overall, prices have generally leveled off over the past two years, the company found.

“Even though things were stagnant in terms of pricing, it does tell us some things about where cybercrime is going,” says Ian Gray, director of Americas research and analysis for Flashpoint. “More credentials are out in the market, since breaches have gone up. If there is more quantity out there — and granted they are being reused — here is downward pressure on the prices.” 

Fraud has taken off, much of it powered by tools and information for sale on the Dark Web. In the first half of 2019, more than 3,800 data breaches and on average, 20 per day, were reported, resulting in the potential exposure of more than 4.1 billion records. 

The total number of incidents of online fraud also increased about 17%, according to the 2018 Internet Crime Report released by the FBI every year. More than 350,000 incidents were reported to Internet Criminal Complaint Center, 17% more than the previous year, with losses exceeding $2.7 billion, according to the annual report. Many of the fraud schemes, such as business e-mail compromise and remand fraud, are much more effective when personal information is used.

While the public Dark Web is not often used by the most sophisticated attacks, it can be a good proxy for the techniques on which cybercriminals are focusing, the Flashpoint report states.

“[M]onitoring product and price listings should provide a temperature check for the cybercrime climate because the number of listings are catered to the entry-level threat actor,” the report states. “Understanding price listings and future changes should inform how the cybercrime landscape is developing, and how businesses should respond to this threat.”

Flashpoint stressed that their data should not be considered an average or statistically rigorous, as the company noted that it looked for representative samples form popular marketplaces, and that many of the marketplaces have since been shut down.

In addition, the more sophisticated attackers do not typically use the public Dark Web, Gray says. “The cybercriminals who are more sophisticated are moving out of these public markets for cybercrime toward more secure, encrypted chat communication channels and decentralized market places,” he says.

Here are some pricing trends Flashpoint found: 

Fullz: Stable at $4 to $10

Data on US citizens is extremely cheap, with a single record costing anywhere from $4 to $10. Even profiles on US citizens that include a Social Security number and date of birth — all that’s really needed for new account fraud — cost just $5.

DDoS-for-hire services: Increased up to $100

In 2017, the more expensive distributed denial-of-service (DDoS) attacks cost no more than $27. Now, an attack can cost up to $100, Flashpoint found. These types of simple DDoS attacks are used by Internet malcontents to cheat at video games or harass other people. When attacking websites, criminals often charge more for the greater bandwidth and additional application-layer attacks required. 

Bank account access: Stable, between $25 to $75

While credentials to access bank accounts are typically priced depending on the amount of money in the account, the price appears to be mostly stable. Like other types of information, credentials cost more if they are talking European — not US — banks.

 

Not every survey of Dark Web pricing shows stagnant rates, however. One data point not found in the Flashpoint survey — the cost of credit card data— has seen some significant increases since 2015, jumping a third to 83%, depending on the country from which the data comes, according to a recent report from Armor.

Related Content:

• Cybercriminal’s Black Market Pricing Guide
• More Than 20 Data Breaches Reported Per Day in First Half of 2019
• Demystifying the Dark Web: What You Need to Know
• 6 Dark Web Pricing Trends

This free, all-day online conference offers a look at the latest tools, strategies, and best practices for protecting your organization’s most sensitive data. Click for more information and, to register, here.

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT’s Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline … View Full Bio

Article source: https://www.darkreading.com/attacks-breaches/more-breaches-less-certainty-cause-dark-web-prices-to-plateau/d/d-id/1336094?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

New research shows attacks increased ninefold year-over-year, coming from more than a quarter-million unique IP addresses.

Malicious actors aren’t tiring of the Internet of Things (IoT), with cyberattacks on network-connected smart devices and process controllers rapidly increasing in number. One network of honeypots, put in place by Kaspersky, saw 105 million attacks on IoT devices coming from 276,000 unique IP addresses in the first six months of 2019, compared with just 12 million attacks in the first half of 2018.

Kaspersky’s honeypot network found that while most IoT attacks are not very sophisticated, they sure are “quiet,” showing little evidence of successful infection until the victim is activated as part of a botnet. Mirai and its variants remain the most common attack payload, accounting for 39% of the infections. The methods used to infect IoT devices vary, ranging from brute-forcing device passwords — often through Nyadrop, which was seen in 38.57% of attacks — to exploits of unpatched vulnerabilities found in a wide variety of different devices.

Kaspersky’s honeypot network also determined the geographical source of the attacks, with China responsible for 30%, Brazil for 19%, and Egypt for 12%. That pattern marks a change from 2018, when Brazil was the leading attack source, responsible for 28% of the attacks seen in the first half of the year. 

Read more here.

This free, all-day online conference offers a look at the latest tools, strategies, and best practices for protecting your organization’s most sensitive data. Click for more information and, to register, here.

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Article source: https://www.darkreading.com/attacks-breaches/iot-attacks-up-significantly-in-first-half-of-2019/d/d-id/1336096?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple