Category: News

Meta takes down 63,000 sextortion-related accounts on Instagram

Meta announced the take-down of 63,000 sextortion-related Instagram accounts in Nigeria alone.

The action was directed against a group known as Yahoo Boys, a loosely organized set of cybercriminals that largely operate out of Nigeria and specialize in different types of scams.

Meta took down a host of accounts, including some 2,500 that belonged to a coordinated group of around 20 criminals which primarily targeted adult men in the US.

Sextortion, the act of blackmailing individuals for cash in return for not leaking sensitive images and videos, has been a problem for many years. Sextortion and sextortion scams are sometimes carried out by people familiar with the target, but most of the time, cybercriminals who have no relationship to the victim are to blame.

Additionally, Meta took down around 7,200 assets, including 1,300 Facebook accounts, 200 Facebook Pages and 5,700 Facebook Groups, also based in Nigeria. These accounts provided training, scripts, and complete guides for conducting scams. Nigeria still grapples with its reputation for being a source of internet-era fraud (the “Nigerian Prince” email scam is engrained in the public’s mind), and some residents are reportedly tricked into becoming scammers through predatory “classes” and programs that promise wealth.

Recently, after a successful operation targeting West African organized crime groups led to hundreds of arrests,  Isaac Oginni, Director of INTERPOL’s Financial Crime and Anti-Corruption Centre (IFCACC) said:

“The volume of financial fraud stemming from West Africa is alarming and increasing. This operation’s results underscore the critical need for international law enforcement collaboration to combat these extensive criminal networks.”

While Meta’s investigation showed that the majority of these scammers’ attempts were unsuccessful and mostly targeted adults, it did reveal some attempts to target minors. The Federal Bureau of Investigation (FBI) reported in January 2024 that it saw a huge increase in the number of sextortion cases involving children and teens, mainly where the criminals would threaten and coerce the victims into sending explicit images online.

Children are led to believe they are communicating with someone their own age and tricked into sending nude pictures, which will later be used to threaten the victim with exposure. Last month, the BBC reported on an example of how devastating the consequences of sextortion can be, especially on young ones. In that case, Meta handed over data relating to a Scottish teenager who ended his life after becoming the victim of a sextortion gang on Instagram.

A US Senate committee accused Meta in February of not doing enough to protect children online and called for action by social media giants, in general, to do better.

 In his opening statement, Ranking Member Senator Lindsey Graham held Mark Zuckerberg and the other CEOs to immediate account:

“Mr. Zuckerberg, you and the companies before us, I know you don’t mean it to be so but you have blood on your hands. … You have a product that’s killing people.”

Since then, Meta has said that it has learned new signals to identify accounts that are potentially engaging in sextortion, and the company is taking steps to help prevent these accounts from finding and interacting with teens.

“Our teams have deep experience in fighting this crime and work closely with experts to recognize the tactics scammers use, understand how they evolve and develop effective ways to help stop them.”

These takedowns seem to be a good indication that this is true. But these scammers will undoubtedly return to social media platforms to continue their cybercriminal run.

For those with children that don’t know where to start in keeping kids safe online, we recommend reading: Internet safety tips for kids and teens: A comprehensive guide for the modern parent.

The FBI asks that if young people are being exploited, they are the victim of a crime and should report it. Contact your local FBI field office, call 1-800-CALL-FBI, or report it online at tips.fbi.gov.

Stay safe!

We don’t just report on threats – we help protect your social media

Cybersecurity risks should never spread beyond a headline. Protect your social media accounts by using Cyrus, powered by Malwarebytes.

 Read More 

 

Russian ransomware gangs account for 69% of all ransom proceeds

Russian-speaking threat actors accounted for at least 69% of all crypto proceeds linked to ransomware throughout the previous year, exceeding $500,000,000. […] Read More 

 

New cyber security training packages launched to manage supply chain risk

NCSC publishes free e-learning to help organisations manage the cyber security risks across their supply chains. Read More 

 

This AI-Powered Cybercrime Service Bundles Phishing Kits with Malicious Android Apps

A Spanish-speaking cybercrime group named GXC Team has been observed bundling phishing kits with malicious Android applications, taking malware-as-a-service (MaaS) offerings to the next level.
Singaporean cybersecurity company Group-IB, which has been tracking the e-crime actor since January 2023, described the crimeware solution as a “sophisticated AI-powered phishing-as-a-service platform” Read More 

 

ServiceNow Flaw Let Remote Attackers Execute Arbitrary Code

ServiceNow recently disclosed three critical vulnerabilities (CVE-2024-4879, CVE-2024-5217, and CVE-2024-5178) affecting multiple Now Platform versions, allowing unauthenticated remote code execution and unauthorized file access. 

The vulnerabilities, with CVSS scores ranging from 6.9 to 9.3, pose significant risks of data theft, system compromise, and operational disruption. 

Active exploitation attempts by foreign threat actors targeting both private and public sector organizations were detected and mitigated, highlighting the severity of the issue. 

Numbering approximately 300,000 globally and primarily concentrated in the US, UK, India, and EU, they represent a significant target for potential remote probing.

Join our free webinar to learn about combating slow DDoS attacks, a major threat today.

While access restrictions vary, their widespread adoption in enterprise environments confirms ServiceNow as a prevalent platform for digital workflow management. 

Additional search engine data indicates between 13,300 and 23,000 network hosts as potential targets, emphasizing the broad attack surface available to adversaries for network mapping and reconnaissance. 

Adversaries exploit vulnerabilities in popular applications before patches are released, targeting enterprises identified through search engine scans, which utilize proprietary bots and tools to gather information about web servers, applications, and network devices, creating valuable intelligence for attackers.

Three critical ServiceNow vulnerabilities enabled unauthenticated remote code execution on nearly 42,000 exposed instances.

While patches exist, active exploitation attempts targeting over 6,000 sites, predominantly in finance, have been observed.

Attackers leverage these vulnerabilities to test for remote code execution and exfiltrate database credentials.

Researchers have developed detection methods and automated tools to identify vulnerable systems, highlighting the critical need for prompt patching and robust security measures to prevent data breaches and unauthorized access. 

Upon the public disclosure of vulnerability details, multiple threat actors initiated aggressive scanning campaigns to identify exploitable ServiceNow instances.

Leveraging a publicly released proof-of-concept as a catalyst, adversaries focused on exploiting CVE-2024-4879, a critical vulnerability enabling unauthenticated remote code execution. 

By chaining title injection, template injection bypass, and filesystem filter bypass, attackers accessed ServiceNow data.

Network sensors found probing requests that were used to check for vulnerabilities before injecting payloads and validating responses with certain multiplication results, which show that an attempt to exploit the vulnerability was successful. 

Attackers exploited a vulnerability in login.do to inject malicious code. The first payload retrieved the path to the database configuration file, potentially revealing database details. 

The second payload queried the “sys_user” table and attempted to dump usernames and passwords. While most passwords were hashed and remained secure, leaked usernames and other metadata could aid attackers in further reconnaissance. 

A recently disclosed vulnerability in a popular enterprise application was actively exploited within a week of its release, targeting diverse organizations globally.

Attackers successfully compromised energy, data centers, government, and software development entities, demonstrating the vulnerability’s widespread impact. 

According to Resecurity, poor patch management and outdated systems exacerbated the issue. While the collected data suggests potential cyberespionage, timely patch releases mitigated further damage. 

Threat actors are actively targeting enterprise applications like ServiceNow on the Dark Web, seeking compromised access to IT service desks and corporate portals.

Initial Access Brokers (IABs) capitalize on poor network hygiene by monetizing stolen credentials and harvesting data through infostealers. 

Protect Your Business Emails From Spoofing, Phishing & BEC with AI-Powered Security | Free Demo

The post ServiceNow Flaw Let Remote Attackers Execute Arbitrary Code appeared first on Cyber Security News.

 Read More