TweakTown NewsRefine News by Category:
Microsoft is again warning Internet users of a sophisticated scam, with the company most notably discussing tech support scams. In this particular type of scam, a caller will be informed of an infected laptop or PC, which can be cleaned up if the user pays a "hefty fee" for service.
A scammer that ran this type of Microsoft tech support scam operation in the UK and received a four-month suspended sentence - a lenient sentence that he likely wouldn't have received in the United States - with many scammers going unchecked by law enforcement.
"What's really alarming is that this type of scam shows no signs of slowing down," Microsoft said in a blog post. "Increasingly, we hear via our frontline support team, and even from friends and family, that these scammers are getting bolder, targeting not only individuals but also businesses. It is appalling that they're taking advantage of your trust in Microsoft in an attempt to steal your money. It's immoral, it's disrespectful and it's certainly illegal."
Despite an earlier promise not to release any security patches to the aging Windows XP operating system, Microsoft will fix an Internet Explorer bug that has hit IE 6 through 11.
Organizations unable to migrate from XP, such as the British government and the IRS, are paying for custom support from Microsoft - but regular end users will have to fend for themselves until they decide to upgrade.
Security company Pure Hacking noted that companies and users relying on XP are open to more security risks - and while Microsoft offered up a fix this time around - don't expect it in the future.
The cybercrime ecosystem is continually evolving from simply public vandalism, with hackers largely interested in compromising users for monetary gain. There also is a growing underground market designed for criminals to sell, share, and trade attack methods, stolen information, and knowledge.
"When big guys get arrested they are usually found to be living lives of luxury," said Stefan Tanase, Kaspersky Lab Global Research and Analytics senior security researcher, in a statement to ITWeb. "It's a lucrative endeavor for many. There are two ways to make money, either by stealing money directly from the user such as credit card details or banking logins, or using the user's resources - computer, connection or similar - to provide services to other cybercriminals."
California Attorney General Kamala Harris noted that cybercrime is a real threat that the government and private sector companies must be better prepared to address.
The Ultimate Fighting Championship (UFC), currently the No. 1 mixed martial arts (MMA) promotion in the world, has sued an alleged Internet pirate, seeking $32 million in damages. Steven Messina, 27, is accused of uploading 141 UFC pay-per-view (PPV) events to The Pirate Bay and other online websites - and even included a PayPal donation link for his troubles.
Messina was able to operate below the radar until he started claiming to be the "Provider of Best MMA & Boxing rips online!," which is when the UFC began to take notice.
UFC President Dana White has talked sternly against Internet piracy, and seems ready to share the same Draconian approach that music and movie copyright holders held years ago. However, people trying to monetize on pirated PPV events should expect to be busted eventually, especially if their operation continues to grow at a rapid pace.
Cybercriminals wanting to launch phishing attacks are finding a valuable asset when using the 30-day free trial of Microsoft Azure, according to Internet intelligence company Netcraft. Specifically, free hosting, subdomains and SSL certificates immediately give phishers great tools, and they are using the basic features of Azure to launch attacks.
To register for the trial, Microsoft now wants customers to provide credit card information and a phone number that can be used to verify each user. The software company is pushing end-users and business clients into the cloud, so ensuring its Azure platform is safe from abuse by cybercriminals should remain a major effort.
Meanwhile, cybercriminals are becoming extremely savvy in their attempts to send spam, phish users, spread malware, and do anything to compromise Internet users.
An alleged Anonymous member, Fidel Salinas, 27, has been indicted in the U.S. District Court Southern District of Texas, including 18 counts of cyberstalking. Due to his alleged computer crimes, Salinas is now facing 44 charges, stalking an unnamed female, and computer hacking attempts into Hidalgo County, La Joya Independent School District, and the McAllen The Monitor newspaper.
"From on or about June 6, 2011, to on or about January 6, 2012, in the Southern District of Texas and within the jurisdiction of the Court, defendant, Fidel Salinas, Jr., knowingly and intentionally conspired and agreed with other person or persons to access a computer without authorization or to exceed authorized access, and thereby obtain information from a protected computer."
If convicted, Salinas faces up to 10 years for each charge, according to the FBI. It seems that governments are becoming increasingly annoyed with actions from Anonymous members, which is exactly the expected response.
Research indicates a whopping 90 percent of the top 30 most visited Internet piracy websites in the United Kingdom contained some form of malware or "Potentially Unwanted Programs" (PUPs) to compromise user systems.
The piracy sites often rely on social engineering techniques to trick users into clicking fraudulent links: "These fake play buttons, and that sort of thing, are very much driven by the desire of people to download content," said according to the group. "We view it as a kind of social engineering attack on the users who are tricked into downloading stuff."
In an ongoing effort to combat piracy, copyright holders might have more success trying to inform users of the security threats they open themselves up to when downloading content - it would be a unique twist on sometimes rudimentary scare tactics.
England faced the largeset amount of mobile malware during the first quarter of 2014, with 15-20 malware files blocked for every 10,000 users, averaging to about one in every 500, according to security firm F-Secure. Following England, the United States, India and Germany each had five to 10 malware blocked per 10,000 users, with Saudi Arabia and Netherlands trailing behind.
Google is being urged to improve Android security, as it could face a drastic issue due to the massive amount of security threats.
Also in the report, F-Secure noted that 99 percent of malware during the quarter was aimed at the Android OS - though with software and hardware developers boosting security - many of the attempted intrusions weren't successful. A previous report found 97 percent of mobile malware is targeting Android devices, and threats in 2013 at least doubled year-over-year - with security specialists increasingly informing users to be vigilant about what they install on their smartphones and tablets.
Cybercriminals based in Nigeria are reportedly launching wire fraud attacks against U.S. companies, with private sector companies alerted to the potential threat, according to security firm TrustedSec. A number of U.S. companies are dealing with data breaches, while scores of others aren't even aware they've been affected.
The criminals are compromising third-party vendor or partner email accounts - specifically for accounting and invoicing - register a domain name to closely mimic the compromised company, and then the criminals will request refunds, lines of credit, or change orders. Sometimes this doesn't work, and they resort to email spoofing - all in an effort to get money wired from the impacted company to the criminals.
"The scary part with this one is that they are using already trusted third parties and already have knowledge of certain financials from these companies," said David Kennedy, TrustedSec founder, in a statement to SCMagazine. "The wire transfers are initiated because they already have a trust relationship with the company."
A whopping 99 percent of mobile threats during the first three months of 2014 targeted the Google Android platform, with 275 total Android threat families and variants, according to security firm F-Secure Labs. Compared to Q1 of 2013, Android faced 149 new threat families, as cybercriminals perfect their craft in an effort to compromise smartphones and tablets.
"These developments give us signs to the direction of malware authors," said Mikko Hypponen, F-Secure Chief Research Officer, in a press statement. "We'll very likely see more of these in the coming months. For example, mobile phones are getting more powerful, making it possible for cybercriminals to profit by using them to mine for cryptocurrencies."
The private sector has taken great interest in developing Android security - along with hardware manufacturers using the open source platform - but there is still a lot of work left to do. Companies also have found they need to do a better job speaking with Android users, alerting them of security threats, while teaching them how to remain more secure.