N2K Networks launches Learning Layer, the newest segment on the CyberWire Daily podcast.
N2K Networks, previously CyberVista and The CyberWire, announced today the launch of their new monthly podcast learning segment, Learning Layer, on the CyberWire Daily podcast. Read More
New Breed of Romance Scams Employs Fake Cryptocurrency Exchanges
AhnLab’s Mobile Analysis Team has uncovered a sophisticated new wave of romance scams that exploit the burgeoning interest in cryptocurrency investments.
Unlike traditional romance scams that ask for money directly, these new schemes involve intricate manipulations, including the use of fake cryptocurrency exchanges to defraud victims.
Scammers initiate contact through social media, creating posts designed to attract the attention of potential victims.
These posts are generally innocuous and do not mention cryptocurrency directly.
The perpetrator sends a DM upon being followed by the victim and urging them to take the conversation to a messenger app with a translation feature
Once a victim engages with the post, the scammer uses direct messages to express gratitude and gradually moves the conversation to a messenger app equipped with translation features, enhancing their deceit by breaking language barriers.
Over several days, the scammer builds a rapport and assesses the victim’s susceptibility to the scam, reports the AhnLab Team.
Offhandedly mentioning cryptocurrency profits
They hint at lucrative cryptocurrency investments, sharing tales of substantial profits from a secret source, thus sparking interest in their unsuspecting target.
When a victim shows interest, the scammer introduces a fake cryptocurrency exchange, steering them away from legitimate platforms.
They fabricate advantages and restrictions to convince the victim that their recommended exchange is superior.
The scammers go as far as listing their fake exchange, “CoinB”, on popular platforms like Wikipedia and Namuwiki, misleadingly associating it with the reputable “Coinbase”.
This false information is propagated through social media platforms like YouTube and Facebook.
“CoinB” listed on Namuwiki and Wikipedia
Victims are encouraged to use a virtual account to familiarize themselves with the app, deliberately designed only to showcase features necessary for the scam.
This step includes a fake demonstration of profit, deepening the victim’s trust and investment desire.
Exfiltration of Personal Information
In the final stages, victims input their financial and personal information into the app to register and purchase coins.
This risks their financial loss and exposes them to potential identity theft.
Entering financial and personal information in the app, including cryptocurrency wallet address
The impact of these scams is profound, extending beyond financial losses to include emotional distress and potential identity theft.
The global reach of these scams, facilitated by translation features in messaging apps, highlights online fraud’s increasing sophistication and danger.
To combat these scams, individuals must be vigilant and skeptical of unsolicited investment advice and opportunities.
Here are several preventive measures:
Verify the legitimacy of any cryptocurrency exchange before use.
Be cautious of individuals who rush or pressure you into financial decisions.
Keep anti-malware software updated to protect against malicious applications.
Educate oneself about common tactics used in online scams to recognize red flags better.
This new breed of romance scams underscores the necessity for continuous education on cybersecurity practices and the importance of maintaining skepticism online.
Users are urged to report suspicious activities and help authorities halt these fraudulent schemes.
Hacker Customize LockBit 3.0 Ransomware To Attack Orgs Worldwide
[[{“value”:”
Hackers leverage the LockBit 3.0 ransomware due to its sophisticated encryption functionalities, which enable them to successfully encrypt victims’ files and request a ransom in order to supply decryption keys.
The stealthiness of LockBit 3.0 enhances the attack methods, which allow threat actors to have a better chance of successfully deploying ransomware by enabling them to trespass into systems without permission.
Cybersecurity researchers at Kaspersky Labs recently discovered that hackers are actively exploiting customized LockBit 3.0 ransomware to attack organizations worldwide.
Customize LockBit 3.0 Ransomware
Recently, the threat actors demonstrated their power to obtain unencrypted administrator logins through an incident response engagement.
Such credentials were used to design and generate the latest variant of LockBit 3.0 ransomware.
To perform lateral movement, this customized malware utilized stolen passwords, turned off Windows Defender, wiped out event logs, and finally encrypted data across the network.
A simplified LockBit 3.0 builder makes it easier for threat actors to select options such as impersonation, network share encryption, process termination, and network propagation via PsExec.
Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Stopping 99% of phishing attacks missed by
other email security solutions. .
This occurrence explains the danger involved in identity theft as well as how conveniently threat actors weaponize tools like LockBit 3.0 into highly individualized and evasive ransomware threats.
The builder allows attackers to customize ransomware by selecting which files, directories, and systems to encrypt or exclude based on the target’s network architecture.
Tailored malware is generated, including the main executable (LB3.exe) for delivery, a decryptor, password-protected variants, and injection techniques.
Running this custom build demonstrates its ransomware functionality, though paying the ransom is inadvisable and unlikely to recover files.
Custom ransom note (Source – Securelist)
Files were successfully decrypted in a secure laboratory using the decryptor that researchers had made themselves for their ransomware sample.
However, after Operation Cronos in February 2024, which led to the confiscation of their infrastructure and decryption keys by law enforcement agencies, the true LockBit group temporarily stopped its activity.
Besides this, the LockBit declared they had resumed operations shortly. The check_decryption_id utility will allow users to verify if they have the right keys for known victims.
The check_decrypt tool assesses decryptability, but the outcome depends on multiple conditions, and this tool just checks which conditions are met in the analyzed systems.
A CSV file is created, listing decryptable files and providing an email address for further instructions on restoring them.
This toolset caught our attention because we had investigated several LockBit threat cases.
Researchers ran victim IDs and encrypted files through the decryption tool, but most showed the same result, “check_decrypt” confirmed decryption was impossible using known keys.
The leaked builder was used by LockBit competitors to target Commonwealth of Independent States companies, violating LockBit’s rule to avoid compromising CIS nationals, triggering a dark web discussion where LockBit operators explained their non-involvement.
Recommendations
Here below we have mentioned all the recommendations:-
Utilize robust antimalware.
Employ Managed Detection and Response (MDR).
Disable unused services and ports.
Keep all systems and software updated.
Conduct regular penetration tests and vulnerability scans.
Provide cybersecurity training for staff awareness.
Make frequent backups and test them.
Secure your emails in a heartbeat! To find your ideal email security vendor, Take a Free 30-Second Assessment.