AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 09/01/2020

Cybercriminals Make Millions Selling Stolen Fortnite Accounts, New Research Shows

Thousands of stolen Fortnite accounts are selling like hotcakes in underground marketplaces, amassing around $1.2 million a year for cybercriminals, a new report shows. The Fortnite Underground Cybercrime Economy report sheds light on a million-dollar business that capitalizes on the popularity of the free-to-play video game that managed to attract over 350 million players within three years of its launch. According to researchers from Night Lion Security, each Fortnite account sells for between $200 and $250 on average. Still, some can even sell for thousands of dollars, depending on the value of a characters’ in-game skin.

How are cybercriminals managing to crack and steal Fornite accounts? Researchers point the finger to the high number of data breaches and data brokers that fuel the black market for gaming accounts. “Hacking groups like Gnostic Players and Shiny Hunters account for a vast majority of breaches involving stolen user data, and are indirectly responsible for fueling an entire criminal economy of stolen accounts,” the report said.


Apple’s automated notarization process mistakenly approved Mac malware

Security researchers have discovered that Apple’s macOS app notarization process has mistakenly approved a piece of malware disguised as a Flash installer. Apple requires Mac app developers — even those outside of the App Store — to submit apps for notarization, which checks them for security issues and malicious code. If they don’t pass notarization, apps will be blocked by Gatekeeper. But macOS security researcher Patrick Wardle and Twitter user Peter Dantini have found that at least one piece of malicious code appears to slipped through Apple’s safeguards. On Friday, Dantini noticed that a Flash installer adware campaign actually featured malicious code that was notarized by Apple. The effect of that notarization is that the installer wouldn’t be blocked by the built-in Gatekeeper security function. If a user clicked on it, the installer would simply run and deliver its payload on a system.


Amazon Receives FAA Approval for Prime Air Drone Delivery Service

Amazon Prime Air has just received Federal Aviation Administration approval to start commercial drone deliveries of small packages. The online retailer has been conducting regular delivery drone tests since 2013 with the ultimate goal of using the flying machines to deliver items in just 30 minutes, first in low-population areas with packages weighing no more than 5 pounds. Read more for two videos and additional information. The company stated that while the Prime Air drone fleet isn’t quite ready to immediately deploy package deliveries at scale, it’s actively flying and testing the technology to ensure smooth operations. One competitor is Alphabet-owned Wing, who became the first drone delivery company to receive FAA approval for commercial deliveries in the US last April.


Iranian hackers are selling access to compromised companies on an underground forum

One of Iran’s state-sponsored hacking groups has been spotted selling access to compromised corporate networks on an underground hacking forum, cyber-security firm Crowdstrike said in a report today. The company identified the group using the codename Pioneer Kitten, which is an alternative designation for the group, also known as Fox Kitten or Parisite. The group, which Crowdstrike believes is a contractor for the Iranian regime, has spent 2019 and 2020 hacking into corporate networks via vulnerabilities in VPNs and networking equipment.


Single & penniless: FBI warns of $475M lost to romance scams

The Federal Bureau of Investigation is warning of online romance scams, an ongoing online fraud trend that can lead to large financial losses, as well as devastating emotional scars. The scammers behind this type of fraud are using fake online identities to gain their victims’ trust on social media and dating websites. Once the targets are lured in, scammers are taking advantage of the illusion of a romantic relationship to manipulate them into sending them money or financial information later to be used in other types of fraud schemes. The 2019 Internet Crime Report published by FBI’s Internet Crime Complaint Center (IC3) says that romance scams (also known as confidence fraud) are behind higher financial damages when compared to other reported online crimes.

Related Posts