A campaign by a group known as “Luna Moth” and “Silent Ransom Group” has “cost victims hundreds of thousands of dollars and is expanding in scope,” cybersecurity firm Palo Alto Networks’s Unit 42 said in its report.
The warning comes as Americans face relentless scam calls — and get little relief. By doing “callback phishing,” attackers prey on victims’ desire to not get billed for things they didn’t purchase. The tactic uses the targets’ impulses to cut expenses in a slowing economy against them.
Callback phishing schemes have “revolutionized data breaches,” AdvIntel researchers said in August in a report that focused on three separate groups conducting them.
Palo Alto Networks has responded to several cases involving Silent Ransom/Luna Moth.
The group has shown particular precision, Palo Alto Networks said. “This threat actor has significantly invested in call centers and infrastructure that’s unique to each victim,” its report said. Early on, the group would use recycled phone numbers, but it has begun to use unique phone numbers for each victim, limiting the ability of victims to easily detect whether they’re malicious, Palo Alto Networks said.
- Silent Ransom/Luna Moth is an offshoot of notorious ransomware gang Conti, according to AdvIntel. Palo Alto Networks said it couldn’t make a similar attribution yet.
The cases involving Silent Ransom/Luna Moth that Palo Alto Networks worked on “show a clear evolution of tactics that suggests the threat actor is continuing to improve the efficiency of their attack,” the company said. “Cases analyzed at the beginning of the campaign targeted individuals at small- and medium-sized businesses in the legal industry. In contrast, cases later in the campaign indicate a shift in victimology to include individuals at larger targets in the retail sector.”
Hackers have been using callback phishing since at least 2020, when the ransomware gang Ryuk began employing it.
- A target receives an email, saying that they’ll be billed for a subscription or payment. The email gives a phone number to call if they have any issues.
- When the target calls to dispute the charge, the call center purportedly walks them through steps they have to do on their computers. Instead, the call center actually gets the target to download a tool that gives attackers remote access to their computer.
- Once inside a victim’s systems, the attackers can steal an organization’s data and hold it for ransom.
And here’s a sample phone call from Palo Alto Networks:
Callback phishing has seen an extraordinary burst in frequency of late.
From the beginning of 2021 to the second quarter of 2022, callback phishing increased by 625 percent, email security company Agari calculated.
Malicious hackers carrying out the schemes are shifting their thinking to be more targeted and sophisticated in trying to hit specific victims, according to researchers from AdvIntel who wrote about three groups carrying out the attacks in an August report.
The attackers have gotten more sophisticated in their tricks. Earlier versions of callback phishing relied on victims downloading malware. Silent Ransom/Luna Moth, by contrast, doesn’t require its victims to download any malware at all, with the hackers instead relying on commercial tools designed to let IT administrators get remote access to computers and other publicly available tools, cybersecurity firm Sygnia said in a July report.
That can make the hackers harder to detect because legitimate tools are less likely to set off alarms with traditional anti-virus products, Palo Alto Networks said.
Callback phishing has been far more precise than ransomware’s random and repetitive targeting, AdvIntel said. Hackers have created phishing messages that are tailored to specific victims, the firm said.
- It’s also less reliant on technical expertise, instead focusing on human fallibility. And hackers have taken notice. “We can’t win the technology war because on this ground we compete with billion-dollar companies, but we can win the human factor,” said one Conti member in internal communications, according to AdvIntel.
- It requires more resources, though, Unit 42 Senior Threat Researcher Kristopher Russo told me. “It requires the threat actor to allocate someone to take the call with the victim, walk them through downloading the remote assist software and keep them on the line long enough to install the remote management software,” he said. “These attackers would also need to have business operations set up to track things like a reference number to have the details of the campaign against the victim including name, email, amount and service they sent the phishing email saying they’re subscribed to.”
Other groups relying on the technique include Quantum and Roy/Zeon, AdvIntel said. The Royal ransomware group also has reportedly dabbled with the method.
In trying to come up with a way to defend the attacks, cybersecurity researchers are also turning to the human factor.
“Since there are very few early indicators that a victim is under attack, employee cybersecurity awareness training is the first line of defense,” Palo Alto Networks advised.
Twitter users prepare for potential bugs, outages
Some critical Twitter teams have been whittled down to just one engineer — or none — after an exodus of hundreds of employees last week, Joseph Menn and Cat Zakrzewski report. That makes the site likely to crash eventually, engineers said.
“Every mistake in code and operations is now deadly,” according to a former engineer who left Twitter last week. Those left “are going to be overwhelmed, overworked and, because of that, more likely to make mistakes.” The systems could slowly degrade, it could take a longer time to fix bugs or Twitter could break when engineers implement Musk’s ideas on top of Twitter’s software, according to former employees.
The staffing changes could also affect content on the site. “Half the trust and safety policy team resigned, including a majority of those who work on spotting misinformation, spam, fake accounts and impersonation,” my colleagues write, citing two employees familiar with the team. “Many of those who chose to stay did so to keep their health insurance or because they would be subject to deportation without a job.”
Amazon Web Services says it’s shutting down a free encrypted messaging service
Wickr Me will stop accepting new users at the end of December and the consumer messaging service will shut down at the end of 2023, the Verge’s Emma Roth reports. The announcement comes around 17 months after Amazon Web Services announced its acquisition of Wickr. Wickr says its paid offerings won’t be affected.
“Recent reports suggest the app has become an outlet for criminals, with NBC News reporting in June that the app is ‘a go-to destination’ for people who want to share images of child sex abuse,” Roth writes. “It’s also been implicated in the past as a hub for drug dealers who’ve been forced off the dark web.”
(Amazon founder Jeff Bezos owns The Washington Post.)
European data protection chiefs: Qatar World Cup apps pose security risks
European data regulators are warning against downloading Qatar’s World Cup apps, citing big privacy risks, Politico reports.
Foreign visitors have been asked to download the World Cup’s official app, Hayya, and visitors to health care facilities are required to download Ehteraz, an infection-tracking app.
“One of the apps collects data on whether and with which number a telephone call is made,” the German authority said. “The other app actively prevents the device on which it is installed from going into sleep mode. It is also obvious that the data used by the apps not only remain locally on the device, but are also transmitted to a central server.”
The Qatari government didn’t immediately respond to requests for comment from the publication.
Thanks for reading. See you tomorrow.
Read More: news.google.com
Bitcoin 
Ethereum 
Tether 
BNB 
Solana 
USDC 
XRP 
Lido Staked Ether 
Dogecoin 
Toncoin 
Cardano 
Shiba Inu 
Avalanche 
TRON 
Polkadot 
Wrapped Bitcoin 
Bitcoin Cash 
Chainlink 
NEAR Protocol 
Polygon 
Internet Computer 
Litecoin 
Uniswap 
LEO Token 
Dai 
Fetch.ai 
Ethereum Classic 
Aptos 
First Digital USD 
Hedera 
Cronos 
Cosmos Hub 
Pepe 
Mantle 
Filecoin 
Immutable 
Stellar 
Stacks 
Render 
XT.com 
Optimism 
OKB 
Renzo Restaked ETH 
dogwifhat 
Arbitrum 
Bittensor 
VeChain 
Wrapped eETH 
Sui 
Maker