Ransomware, nation-state attacks, and supply chains were cited as the biggest threats in the Infosecurity Group’s annual report
Category Archives: News
Crypto Scammers Exploit: Elon Musk Speaks on Cryptocurrency
By Oliver Devane
Update: In the past 24 hours (from time of publication) McAfee has identified 15 more scam sites bringing the total to 26. The combined value of the wallets shared on these sites is over $1,300,000 which is an increase of roughly $1,000,000 since this blog was last published. This highlights the scale of this current scam campaign. The table within this blog has been updated to include the new sites and crypto-wallets.
McAfee has identified several Youtube channels which were live-streaming a modified version of a live stream called ‘The B Word’ where Elon Musk, Cathie Wood, and Jack Dorsey discuss various aspects of cryptocurrency.
The modified live streams make the original video smaller and put a frame around it advertising malicious sites that it claims will double the amount of cryptocurrency you send them. As the topic of the video is on cryptocurrency it adds some legitimacy to the websites being advertised.
The original video is shown below on the left and a modified one which includes a reference to a scam site is shown on the right.
We identified several different streams occurring at a similar same time. The images of some are shown below:
The YouTube streams advertised several sites which shared a similar theme. They claim to send cryptocurrency worth double the value which they’ve received. For example, if you send 1BTC you will receive 2BTC in return. One of the site‘s frequently asked questions (FAQ) is shown below:
Here are some more examples of the scam sites we discovered:
The sites attempt to trick the visitors into thinking that others are sending cryptocurrency to it by showing a table with recent transactions. This is fake and is generated by JavaScript which creates random crypto wallets and amounts and then adds these to the table.
The wallets associated with the malicious sites have received a large number of transactions with a combined value of $280,000 as of 5 PM UTC on the 5th of May 2022
Scam Site
Crypto Type
Wallet
Value as on 5PM UTC 5th May 2022
22ark-invest[.]org
ETH
0x820a78D8e0518fcE090A9D16297924dB7941FD4f
$25,726.46
22ark-invest[.]org
BTC
1Q3r1TzwCwQbd1dZzVM9mdFKPALFNmt2WE
$29,863.78
2xEther[.]com
ETH
0x5081d1eC9a1624711061C75dB9438f207823E694
$2,748.50
2x-musk[.]net
ETH
0x18E860308309f2Ab23b5ab861087cBd0b65d250A
$10,409.13
2x-musk[.]net
BTC
17XfgcHCfpyYMFdtAWYX2QcksA77GnbHN9
$4,779.47
arkinvest22[.]net
ETH
0x2605dF183743587594A3DBC5D99F12BB4F19ac74
$11,810.57
arkinvest22[.]net
BTC
1GLRZZHK2fRrywVUEF83UkqafNV3GnBLha
$5,976.80
doublecrypto22[.]com
ETH
0x12357A8e2e6B36dd6D98A2aed874D39c960eC174
$0.00
doublecrypto22[.]com
BTC
1NKajgogVrRYQjJEQY2BcvZmGn4bXyEqdY
$0.00
elonnew[.]com
ETH
0xAC9275b867DAb0650432429c73509A9d156922Dd
$0.00
elonnew[.]com
BTC
1DU2H3dWXbUA9mKWuZjbqqHuGfed7JyqXu
$0.00
elontoday[.]org
ETH
0xBD73d147970BcbccdDe3Dd9340827b679e70d9d4
$18,442.96
elontoday[.]org
BTC
bc1qas66cgckep3lrkdrav7gy8xvn7cg4fh4d7gmw5
$0.00
Teslabtc22[.]com
ETH
0x9B857C44C500eAf7fAfE9ed1af31523d84CB5bB0
$27,386.69
Teslabtc22[.]com
BTC
18wJeJiu4MxDT2Ts8XJS665vsstiSv6CNK
$17,609.62
tesla-eth[.]org
ETH
0x436F1f89c00f546bFEf42F8C8d964f1206140c64
$5,841.84
tesla-eth[.]org
BTC
1CHRtrHVB74y8Za39X16qxPGZQ12JHG6TW
$132.22
teslaswell[.]com
ETH
0x7007Fa3e7dB99686D337C87982a07Baf165a3C1D
$9.43
teslaswell[.]com
BTC
bc1qdjma5kjqlf7l6fcug097s9mgukelmtdf6nm20v
$0.00
twittergive[.]net
ETH
0xB8e257C18BbEC93A596438171e7E1E77d18671E5
$25,918.90
twittergive[.]net
BTC
1EX3dG9GUNVxoz6yiPqqoYMQw6SwQUpa4T
$99,123.42
Scammers have been using social media sites such as Twitter and Youtube to attempt to trick users into parting ways with their cryptocurrency for the past few years. McAfee urges its customers to be vigilant and if something sounds too good to be true then it is most likely not legitimate.
Our customers are protected against the malicious sites detailed in this blog as they are blocked with McAfee Web Advisor
Type
Value
Product
Blocked
URL – Crypto Scam
twittergive[.]net
McAfee WebAdvisor
YES
URL – Crypto Scam
tesla-eth[.]org
McAfee WebAdvisor
YES
URL – Crypto Scam
22ark-invest[.]org
McAfee WebAdvisor
YES
URL – Crypto Scam
2xEther[.]com
McAfee WebAdvisor
YES
URL – Crypto Scam
Teslabtc22[.]com
McAfee WebAdvisor
YES
URL – Crypto Scam
elontoday[.]org
McAfee WebAdvisor
YES
URL – Crypto Scam
elonnew[.]com
McAfee WebAdvisor
YES
URL – Crypto Scam
teslaswell[.]com
McAfee WebAdvisor
YES
URL – Crypto Scam
2x-musk[.]net
McAfee WebAdvisor
YES
URL – Crypto Scam
doublecrypto22[.]com
McAfee WebAdvisor
YES
URL – Crypto Scam
arkinvest22[.]net
McAfee WebAdvisor
YES
The post Crypto Scammers Exploit: Elon Musk Speaks on Cryptocurrency appeared first on McAfee Blog.
Smashing Security podcast #276: Webcam extortion, Michael Fish, and food foul-ups
A browser extension bug let malicious websites spy on webcams, hackers threaten the global food supply chain, and Michael Fish (not that one…) hacked into his female classmates’ online accounts, hunting for nude photos and videos.
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley.
Microsoft security vulnerabilities drop after five-year rise
The total number of Microsoft vulnerabilities reported in 2021 dropped by 5%, reversing a five-year trend that saw such vulnerabilities rising sharply, according to a new report from identity management and security vendor BeyondTrust.
A total of 1,212 new vulnerabilities were discovered in 2021, but their severity, as well as their location in the Microsoft family of software products, has changed substantially year over year. Vulnerabilities rated as “critical” on the CVSS standard dropped by 47% in the past year, reaching their lowest levels since BeyondTrust began issuing this report, nine years ago.
Vulnerabilities on Windows, Windows Server drop
Windows and Windows Server both saw sharp drops in total vulnerabilities detected, by 40% and 50%, respectively, while vulnerabilities affecting Microsoft’s Edge and Internet Explorer browsers hit a record high.
Advancing our Secure Home Platform with DNS over HTTPS
On the internet, the Domain Name System (DNS) is the way regular people access websites such as ESPN.com or BBC.com. However, the internet uses a unique series of Internet Protocol (IP) addresses to access websites which are tricky for humans to remember. Web browsers typically interact with websites through IP addresses, and DNS translates websites into IP addresses so browsers can access Internet resources. Historically, this has been done in the form of unencrypted clear text that ISPs and security providers such as McAfee can read and act upon to sort through risky websites or to improve network performance and intelligence.
However, this also opens up vulnerabilities of security and privacy. As an industry, (Apple, Microsoft, Google, and others) participants are moving toward encrypting this traffic to and from DNS servers with protocols such as DNS over TLS (DoT) and DNS over HTTPS (DoH). Unless the ISP offers DoT/DoH decryption (translation) capabilities, traffic could go directly to outside DNS providers such as Google DNS and Cloudflare who do. Without this visibility, unsafe websites cannot be seen and blocked using DNS filtering technology. Customers can visit sites created by criminals that can trick them to steal their account credentials, download ransomware, or show inappropriate content to their kids.
We’re advancing our Secure Home Platform (SHP) technology to future proof the ability for our partners to protect their customers, their families, and their connected home devices. McAfee is the first in the market to build and introduce this technology. McAfee and OpenXchange have partnered to provide an integration of a forwarder/translator (PowerDNS) with the home router-based SHP product that will make it possible to keep the traffic within the ISP network, as shown in the diagram below – allowing DNS filtering even in encrypted DNS environments.
The ISP can continue to read the traffic and stands to benefit in several ways:
Continued ability to offer security protections such as anti-virus, malware filtering, blocking phishing attempts, distinguishing legitimate services, content caching, and parental controls. McAfee Secure Home Platform protects customers/homes from potential harm from an average of 70 potential threats per week
Helps defend against DDoS, man-in-the-middle, and botnet attacks
More streamlined DoH connections – more private and secure, especially important to sophisticated consumers
Locate content based on user demand, and hence improve performance
The ISP is not burdened by support issues caused by traffic going outside their network and purview, e.g., to a third-party DNS provider – fewer unhappy customers and support calls due to fewer security incidents.
Help comply with Government regulations – block bad actors, terrorist websites, illegal file-sharing, child abuse, national security, court-ordered regulatory blocklists, ban foreign gambling, etc.
Consumers in turn benefit from these additional capabilities that ISPs can provide in security, privacy, and performance.
If you are interested in McAfee’s exciting new DoT-DoH technology for the Secure Home Platform, please contact your McAfee Account Representative for further details.
The post Advancing our Secure Home Platform with DNS over HTTPS appeared first on McAfee Blog.
Security Improvements for Our Ecommerce Customers
We were recently informed of a design flaw in our third-party ecommerce fulfillment system, cleverbridge, that could have potentially allowed customers to accidentally disclose their purchasing information (i.e., last 4 digits of credit card used, credit card expiration date, business contact information, product purchased and taxpayer ID, if provided) by sharing a private URL.
In response and out of an abundance of caution, we’ve worked with cleverbridge to implement additional controls to the ecommerce system to further reduce the risk of a customer accidentally sharing this information.
We would like to thank Lucas Lavarello of Kulkan Security and cleverbridge for their quick actions and collaboration.
PIXM releases new computer vision solution for mobile phishing
Computer vision cybersecurity startup PIXM has expanded its line of antiphishing products with the launch of PIXM Mobile, a solution to protect individuals and enterprises from targeted and unknown phishing attacks on mobile devices.
The cloud-based mobile product is aimed at identifying phishing attacks on mobile devices in real time, as a user clicks on a malicious link, using computer vision technology.
PIXM Mobile is designed to support any mobile application, including SMS — used in “smishing” attacks — social media, and business collaboration apps, as well as email and web-based phishing pages.
What SLTTs Should Know About the FREE CIS SecureSuite Membership
CIS has made CIS SecureSuite Membership free to SLTT governments in the United States. Learn how this can help you revamp your organization’s cybersecurity […]
Organizations Urged to Fix 41 Vulnerabilities Added to CISA’s Catalog of Exploited Flaws
The newly added vulnerabilities span six years, with the oldest disclosed in 2016
Manipulating Machine-Learning Systems through the Order of the Training Data
Yet another adversarial ML attack:
Most deep neural networks are trained by stochastic gradient descent. Now “stochastic” is a fancy Greek word for “random”; it means that the training data are fed into the model in random order.
So what happens if the bad guys can cause the order to be not random? You guessed it—all bets are off. Suppose for example a company or a country wanted to have a credit-scoring system that’s secretly sexist, but still be able to pretend that its training was actually fair. Well, they could assemble a set of financial data that was representative of the whole population, but start the model’s training on ten rich men and ten poor women drawn from that set then let initialisation bias do the rest of the work.
Does this generalise? Indeed it does. Previously, people had assumed that in order to poison a model or introduce backdoors, you needed to add adversarial samples to the training data. Our latest paper shows that’s not necessary at all. If an adversary can manipulate the order in which batches of training data are presented to the model, they can undermine both its integrity (by poisoning it) and its availability (by causing training to be less effective, or take longer). This is quite general across models that use stochastic gradient descent.
Research paper.