Facebook Home to 74 Black Market Groups

Infosecurity Magazine | April 05, 2019

Facebook Home to 74 Black Market Groups
Researchers at Cisco Talos detected an excess of 70 Facebook groups that have been selling black-market cyber-fraud services, some of which have managed to remain on Facebook for up to eight years, according to a Talos Intelligence blog post. For several months, researchers have been investigating online criminal flea markets on Facebook, discovering a collective list of 74 groups. Members of the groups offer a wide range of services described as “shady (at best) and illegal (at worst) activities,” according to the research. Though now removed, the groups were selling, buying or trading all types of illegal services, including "stolen bank/credit card information, the theft and sale of account credentials from a variety of sites, and email spamming tools and services. In total, these groups had approximately 385,000 members.” Credit cards were often sold with CVV numbers, as well as some of the victim’s additional identification documentation.

Spotlight

Are you still using the default password that came with your point of sale (POS) terminal? Or, using 12345 or password1? If so, you need to change it right away to protect your customers’ confidential payment card data. Passwords are an easy way for criminals to sneak in to access information if not updated from the default or, if passwords are too simple, it can also make it easy for data thieves to break in.

Related News

DATA SECURITY

CyberSN acquires Leader Matt Donato of cybersecurity staff to expand reach into the Southeast & Mid-Atlantic region

prnewswire | November 17, 2020

CyberSN, an innovation engaged ability securing firm in the U.S. zeroed in only on cybersecurity experts has reported its extension in the Southeast and Mid-Atlantic areas with the employing of Matt Donato and Drew Crisan in Charlotte, NC. Matt Donato joins CyberSN as its Managing Director South Region liable for all action from Washington DC to Florida. Preceding CyberSN Matt was one of the Founders of a Charlotte, NC based cybersecurity staffing firm. "I am so eager to join the CyberSN family and consolidate my affection for cybersecurity with the staggering assets at CyberSN. I am anticipating extending the CyberSN brand in this locale," said Donato. Drew Crisan additionally joins CyberSN as its Cybersecurity Recruiting Manager for the East and South Regions. CyberSN Founder and CEO Deidre Diamond said of the extension, "we are seeing an expanded interest for our administrations, particularly our Resume Service, called Talent Scout, where we accomplish a large portion of the work and our customers do half, for a large portion of the cost. This development with solid pioneers like Matt and Drew implies we can more readily support this area." North Carolina is a developing business sector with a 128% development in tech work postings in 2019 and an extended requirement for 3,960 extra data security examiners by 2024. These positions are progressively open to out-of-territory up-and-comers, which will permit neighborhood organizations to use the CyberSN public organization of employment searchers. As indicated by NCTECH's positions rundown, "the Charlotte locale added 39,413 tech occupations a year ago," which was instrumental in CyberSNs' choice to add assets to this district, said Diamond. "We are multiplying down broadly in all business sectors. Our resume administration, dispatched recently, has demonstrated to be truly attractive. With more administration hands on the wheel, we can support substantially more of the network we love," said Diamond. About CyberSN Founded in 2014, CyberSN is solely focused on the cybersecurity talent industry serving as a trusted brand across the U.S. Recognized by their unique care and dedication to the cyber community, diversity and inclusion initiatives, and KnowMoreTM, their cybersecurity job posting and talent matching platform.

Read More

DATA SECURITY

Cybereason Discovers Global Botnet Campaign Using Microsoft Exchange Vulnerabilities

Cybereason | April 23, 2021

Cybereason, the market leader in future-ready attack protection, reported today the discovery of a widespread, global campaign aimed at spreading the stealthy Prometei Botnet by attacking enterprises with a multi-stage attack to harvest computing power to mine bitcoin. To infiltrate networks, the threat actors, who tend to be Russian speakers, are exploiting previously disclosed Microsoft Exchange vulnerabilities used in the Hafnium attacks. Prometei has a sophisticated infrastructure in place to guarantee its longevity on infected machines. Though Prometei was first reported in July 2020, Cybereason believes the botnet dates back to at least 2016, a year before the now-famous WannaCry and NotPetya malware attacks, which infected over 200 countries and caused billions of dollars in damage. Prometei is still evolving, with new features and tools being added daily. “Because it has gone undetected, the Prometei Botnet poses a significant danger to companies. When attackers gain possession of infected machines, they can not only mine bitcoin by stealing processing power, but they can also exfiltrate classified information. The attackers may even inject the infected endpoints with other malware and work with ransomware groups to offer access to the endpoints if they so desire. To make matters worse, crypto mining consumes vital network computing power, adversely affecting business processes as well as the performance and reliability of sensitive servers,” said Assaf Dahan, Cybereason's senior director and head of threat research. Key findings from the research, include: • Wide range of Victims: Victims have been observed across a variety of industries, including Finance, Insurance, Retail, Manufacturing, Utilities, Travel, and Construction. Infected companies are based in countries around the world, including the United States, United Kingdom, Germany, France, Spain, Italy and other European countries, South America and East Asia. • Russian Speaking Threat Actor: The threat actor appears to be Russian speaking and is purposely avoiding infections in former Soviet bloc countries. • Exploiting SMB and RDP Vulnerabilities: The main objective of Prometei is to install the Monero crypto miner on corporate endpoints. To spread across networks, the threat actor is using known Microsoft Exchange vulnerabilities, in addition to known exploits EternalBlue and BlueKeep. • Cross-Platform Threat: Prometei has both Windows-based and Linux-Unix-based versions, and it adjusts its payload based on the detected operating system on the targeted machines when spreading across the network. • Cybercrime with APT Flavor: Cybereason assesses that the Prometei Botnet operators are financially motivated and intent on generating hefty sums of bitcoin, but is likely not backed by a nation-state. • Resilient C2 Infrastructure: Prometei is designed to interact with four different C2 servers which strengthen the botnet’s infrastructure and maintain continuous communications, making it more resistant to takedowns. Recommendations to companies for minimizing the Microsoft Exchange vulnerability include constantly scanning the environment for threats and imposing stricter patch management policies to ensure that all updates are deployed regularly. Sensitive network assets should also be hardened, multi-factor authentication implemented, and endpoint detection and response tools installed. About Cybereason Cybereason is a champion for today's cyber defenders, offering future-ready attack protection that unifies security from the endpoint to the enterprise and everywhere the battle moves. The Cybereason Defense Platform incorporates the industry's best detection and response (EDR and XDR), next-generation anti-virus (NGAV), and aggressive threat hunting to provide context-rich analysis of any component of a Malop (malicious operation). As a result, defenders will stop cyberattacks from endpoints to everywhere. Cybereason is a privately owned international company based in Boston that serves clients in over 30 countries.

Read More

DATA SECURITY

NPCore forms global partnership with Viet Cyber Security towards expansion into SE Asian IT security market

NPCore | November 26, 2021

NPCore, a joint venture member of Born2Global Centre, has its sights set on a greater share of the IT security market in Southeast Asia, recently joining forces with Vietnamese IT security service provider Viet Cyber Security. Together, the two companies set up NPCore Vietnam Joint Stock Company, a joint venture which will see them coordinate efforts in the IT security industry. NPCore is an AI-based new variant malware (APT) response solution provider offering optimal security solutions. NPCore has provided cyber security solutions and since 2021, it has participated in a project for supporting overseas expansion of D.N.A (Data, Network, AI) convergence products led by Born2Global Centre. The joint enterprise will see the two partners collaborate in technology and, more importantly, concerted sales and marketing activities in the Southeast Asian IT security market. The goal is to lay the foundation for a stable supply of IT security services in local markets to obtain market trust and continue expanding the business at an increasing pace. NPCore has confirmed that it is ready to aggressively engage Viet Cyber Security's local networks and customers towards expanding its market presence. NPCore's solution (Zombie Zero) can defend against any path through which malicious code can flow from the network to the endpoint. It currently holds 12 patents as well as the International Common Criteria (CC) certification for its proprietary security technologies and has more than 100 global references. "The local joint enterprise was established in Vietnam as it is a market with active investment taking place in national security, corporate IT security, and other fields. It will be a local platform for entry into the Southeast Asian markets Vietnam included and will put us on the map as an IT security service provider in the region." NPCore CEO Han Seung-cheol Furthermore, the joint venture between NPCore and Viet Cyber Security was established as part of the Born2Global Centre's partnership program. Through its support of DNA-convergence products and services, Born2Global Centre serves as a launchpad for innovative startups to enter global markets. Born2Global Centre provides startups with different levels of consulting services, from partnership exploration & creation to business establishment, operations, joint R&D projects, and market expansion.

Read More

Spotlight

Are you still using the default password that came with your point of sale (POS) terminal? Or, using 12345 or password1? If so, you need to change it right away to protect your customers’ confidential payment card data. Passwords are an easy way for criminals to sneak in to access information if not updated from the default or, if passwords are too simple, it can also make it easy for data thieves to break in.