AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 12/01/2020

Gift card hack exposed – you pay, they play

As you probably know, gift cards that you purchase online are typically delivered by email to a recipient of your choosing as a secret code and a registration link. So, receiving a gift card code is a bit like getting hold of the number, expiry date and security code from a prepaid credit card – loosely speaking, whoever has the code can spend it. Although gift cards are meant to be used by the intended recipient only – they’re not supposed to be transferable – there’s not much to stop the recipient allowing someone else to use them if they choose, and that means they can be sold on the cybercrime underweb. And for all that a $200 gift voucher, sold illegally online for, say, half its face value, doesn’t sound like much……crooks with access to a whole company’s worth of users – in this story, the company’s VPN supported about 200 people – can try to acquire not just one but potentially hundreds of pre-paid gift cards in short order.

 

Millennials lose $300 per fraud while elderly lose 4x more

The Federal Trade Commission’s (FTC’s) primary mission is to protect US consumers by halting unfair, deceptive, or fraudulent practices in the marketplace. Therefore, the data shared by the FTC on fraudulent activities show us a bigger picture of these imminent dangers. According to Atlas VPN findings based on official FTC records, millennials lose between $300 and $205 per fraud case, while elderly people lose up to $1,200. The amount lost to a scam is not the only important factor when it comes to evaluating which generation is most damaged by scams. Perhaps even more importantly, we should look at how often each age group losses money to cybercriminals. Interestingly, even though the average losses per fraud decreased in 2020, the number of scams increased by nearly 13%.

Average financial loss per scam is comparatively low for millennials, but they are scammed most often. In 2020, around 94 out of 100 thousand Americans ages 20-29 lost money to fraud, according to the FTC’s data.

 

DOJ is reportedly preparing antitrust lawsuits against Facebook and Google

Google has made plenty of statements in the past defending its practices, essentially saying that consumers aren’t forced to use Google products and services and that they exist as part of a competitive technology marketplace. Broadly speaking, the case against Google is that it uses its dominance in search and search advertising to box out potential competitors; among its tactics is paying to have Android phone manufacturers set Google search as default and pre-loading devices with Google apps. The company also pays to have Google set as the default search engine on the iPhone, as well. A potential case against Facebook would likely delve into whether the company abuses its position to stifle competition or puts user data at risk — the former claim will likely take a close look at the company’s acquisitions of Instagram and WhatsApp.

 

Hackers are targeting MacOS users with this updated malware

A newly discovered form of malware is targeting Apple MacOS users in a campaign which researchers say is tied to a nation-state backed hacking operation. The campaign has been detailed by cybersecurity analysts at Trend Micro who’ve linked it to OceanLotus – also known as APT32 – a hacking group which is thought to have links to the Vietnamese government. OceanLotus is known to target foreign organisations working in Vietnam including media, research and construction and while the motivation for this isn’t fully understood, the aim is thought to be to using espionage to aid Vietnamese-owned companies. The MacOS backdoor provides the attackers with a window into the compromised machine, enabling them to snoop on and steal confidential information and sensitive business documents.

 

How to tell if your security camera has been hacked

There are terrifying stories of hackers taking over security systems and spying on families through their cameras. These stories can make you feel a little paranoid if you have a security system. Connectivity features can enhance your security system by giving you remote access to your video feed and allowing you to store your security recordings in the cloud. However, these connectivity features are also a drawback since they represent a vulnerability and could allow a criminal to gain access to your video feeds. There are a few signs to watch out if you have some cameras inside or outside your home, and knowing about these signs will help you react fast if there is a breach. Let’s go over the most common signs that a hacker gained access to your security system.

 

Four years after the Dyn DDoS attack, critical DNS dependencies have only gone up

In 2016, Dyn, a provider of managed DNS servers, was the victim of a massive DDoS attack that crippled the company’s operations and took down domain-name-resolving operations for more than 175,000 websites. While some sites managed to stay up by activating a redundancy and switching DNS resolving to secondary servers, many websites were not prepared and remained down for almost a day as Dyn dealt with the attack. Four years later, a team of academics from Carnegie Mellon University have conducted a large-scale study of the top 100,000 websites on the internet to see how website operators reacted to this attack and how many are still operating with one single DNS provider and no other backup. Their findings, published at the Internet Measurement Conference last month, show that, currently, in 2020, 89.2% of all websites use a third-party DNS provider rather than managing their own DNS server.

Related Posts