Login
The Russia-based cybercrime group dubbed “Fin7,” known for phishing and malware attacks that have cost victim organizations an estimated $3 billion in losses since 2013, was declared dead last year by U.S. authorities. But experts say Fin7 has roared back to life in 2024 — setting up thousands of websites mimicking a range of media and technology companies — with the help of Stark Industries Solutions, a sprawling hosting provider that is a persistent source of cyberattacks against enemies of Russia.
In May 2023, the U.S. attorney for Washington state declared “Fin7 is an entity no more,” after prosecutors secured convictions and prison sentences against three men found to be high-level Fin7 hackers or managers. This was a bold declaration against a group that the U.S. Department of Justice described as a criminal enterprise with more than 70 people organized into distinct business units and teams.
The first signs of Fin7’s revival came in April 2024, when Blackberry wrote about an intrusion at a large automotive firm that began with malware served by a typosquatting attack targeting people searching for a popular free network scanning tool.
Now, researchers at security firm Silent Push say they have devised a way to map out Fin7’s rapidly regrowing cybercrime infrastructure, which includes more than 4,000 hosts that employ a range of exploits, from typosquatting and booby-trapped ads to malicious browser extensions and spearphishing domains.
Silent Push said it found Fin7 domains targeting or spoofing brands including American Express, Affinity Energy, Airtable, Alliant, Android Developer, Asana, Bitwarden, Bloomberg, Cisco (Webex), CNN, Costco, Dropbox, Grammarly, Google, Goto.com, Harvard, Lexis Nexis, Meta, Microsoft 365, Midjourney, Netflix, Paycor, Quickbooks, Quicken, Reuters, Regions Bank Onepass, RuPay, SAP (Ariba), Trezor, Twitter/X, Wall Street Journal, Westlaw, and Zoom, among others.
Zach Edwards, senior threat analyst at Silent Push, said many of the Fin7 domains are innocuous-looking websites for generic businesses that sometimes include text from default website templates (the content on these sites often has nothing to do with the entity’s stated business or mission).
Edwards said Fin7 does this to “age” the domains and to give them a positive or at least benign reputation before they’re eventually converted for use in hosting brand-specific phishing pages.
“It took them six to nine months to ramp up, but ever since January of this year they have been humming, building a giant phishing infrastructure and aging domains,” Edwards said of the cybercrime group.
In typosquatting attacks, Fin7 registers domains that are similar to those for popular free software tools. Those look-alike domains are then advertised on Google so that sponsored links to them show up prominently in search results, which is usually above the legitimate source of the software in question.
A malicious site spoofing FreeCAD showed up prominently as a sponsored result in Google search results earlier this year.
According to Silent Push, the software currently being targeted by Fin7 includes 7-zip, PuTTY, ProtectedPDFViewer, AIMP, Notepad++, Advanced IP Scanner, AnyDesk, pgAdmin, AutoDesk, Bitwarden, Rest Proxy, Python, Sublime Text, and Node.js.
In May 2024, security firm eSentire warned that Fin7 was spotted using sponsored Google ads to serve pop-ups prompting people to download phony browser extensions that install malware. Malwarebytes blogged about a similar campaign in April, but did not attribute the activity to any particular group.
A pop-up at a Thomson Reuters typosquatting domain telling visitors they need to install a browser extension to view the news content.
Edwards said Silent Push discovered the new Fin7 domains after a hearing from an organization that was targeted by Fin7 in years past and suspected the group was once again active. Searching for hosts that matched Fin7’s known profile revealed just one active site. But Edwards said that one site pointed to many other Fin7 properties at Stark Industries Solutions, a large hosting provider that materialized just two weeks before Russia invaded Ukraine.
As KrebsOnSecurity wrote in May, Stark Industries Solutions is being used as a staging ground for wave after wave of cyberattacks against Ukraine that have been tied to Russian military and intelligence agencies.
“FIN7 rents a large amount of dedicated IP on Stark Industries,” Edwards said. “Our analysts have discovered numerous Stark Industries IPs that are solely dedicated to hosting FIN7 infrastructure.”
Fin7 once famously operated behind fake cybersecurity companies — with names like Combi Security and Bastion Secure — which they used for hiring security experts to aid in ransomware attacks. One of the new Fin7 domains identified by Silent Push is cybercloudsec[.]com, which promises to “grow your business with our IT, cyber security and cloud solutions.”
The fake Fin7 security firm Cybercloudsec.
Like other phishing groups, Fin7 seizes on current events, and at the moment it is targeting tourists visiting France for the Summer Olympics later this month. Among the new Fin7 domains Silent Push found are several sites phishing people seeking tickets at the Louvre.
“We believe this research makes it clear that Fin7 is back and scaling up quickly,” Edwards said. “It’s our hope that the law enforcement community takes notice of this and puts Fin7 back on their radar for additional enforcement actions, and that quite a few of our competitors will be able to take this pool and expand into all or a good chunk of their infrastructure.”
Further reading:
Stark Industries Solutions: An Iron Hammer in the Cloud.
A 2022 deep dive on Fin7 from the Swiss threat intelligence firm Prodaft (PDF).
Article tags
With the advent of technology and the widespread use of mobile phones, scam calls and texts have become increasingly common. These annoying and invasive attempts to trick you out of your personal information can be frightening and frustrating. They often come in the form of ‘vishing‘ and ‘smishing‘ attacks. But what exactly are these types of scams, and how can you protect yourself against them?
Vishing and smishing are two common methods used by scammers to steal personal information. Vishing, a combination of ‘voice’ and ‘phishing,’ typically involves a scammer calling you and pretending to be from a trusted organization, such as your bank. They may tell you that there has been unusual activity on your account and ask for your personal information to ‘resolve’ the issue.
Smishing, on the other hand, combines ‘SMS’ (text) and ‘phishing.’ In this type of scam, you may receive a text message stating that you have won a prize, or that there is a problem with your account. The message will instruct you to click on a link, which will then try and trick you into providing personal information.
The main strategy of scammers behind vishing and smishing attacks is volume. They send out calls and messages to a large number of phones, hoping that at least a few will fall for the scam. There are several ways these scammers can get bulk phone numbers for their attacks:
Data breaches are a common way for scammers to obtain phone numbers, along with names and email addresses. This information can give them everything they need to launch effective vishing and smishing attacks. While some breaches result in the loss of credit card or government ID numbers, others simply provide basic personal information that can be enough to make their scams seem legitimate.
Another method scammers use to get phone numbers is by purchasing lists from data brokers. These online entities collect and sell detailed information about millions of individuals, including their phone numbers. These lists can be bought for a few dollars with just a few clicks. The data brokers don’t care who they sell to, so even scammers can easily purchase these lists.
→ Dig Deeper: How Data Brokers Sell Your Identity
Scammers often scour social media platforms and online forums to gather personal information, including phone numbers. People sometimes inadvertently share their contact details or other personal information in public posts, comments, or private messages. Scammers exploit these details to build their contact lists.
Scammers may also access publicly available records and directories, such as online phone directories, business listings, or government databases. These sources can provide them with a substantial amount of phone numbers and associated information.
Some scammers use phishing emails or fraudulent online surveys to trick individuals into disclosing their personal information, which can include phone numbers. They may pose as legitimate organizations or institutions, enticing recipients to provide their contact information in the process.
You may have already seen smishing attacks without realizing what they were. Here are a few examples of common smishing scams:
One feature that these messages have in common is that they all include a link. These links often have unusual character strings and web addresses that do not match the supposed sender of the message. This is a clear indication that the message is a scam.
Fortunately, there are steps you can take to protect yourself against these types of scams. Here are a few tips:
Scammers have tools at their disposal that can tamper with caller ID, making it appear as though the call is coming from a trusted organization. Do not rely solely on caller ID to determine the legitimacy of a call or text.
→ Dig Deeper: Be on the Lookout for Scam Tech Support Calls
If you receive a call or text message that seems suspicious, do not provide any personal information. Instead, hang up or ignore the text and contact the organization directly to verify the request.
If you believe you have been the target of a vishing or smishing attack, document the incident and report it to the company it was supposedly from. Many organizations have dedicated fraud reporting tools for this purpose.
As a general rule, avoid clicking on links in text messages, especially if they look suspicious or you do not recognize the sender. If you have concerns, always contact the organization directly.
→ Dig Deeper: The Latest Mobile Scams & How To Stay Safe
There are a number of strategies that you can employ to combat these types of scams. One of the most effective ways is to install comprehensive online protection software like McAfee+ on your phone. This software offers features such as web protection that warns you of suspicious links in texts, search results, and websites you browse. If your personal information appears on the dark web, the software can alert you and provide guidance on how to proceed. It can also help you remove your personal information from data broker sites, reducing your exposure to data breaches and spam calls.
Another strategy is to educate yourself on the telltale signs of a scam call or text. For instance, scammers often use scare tactics or threats to manipulate you into giving up your personal information. If you receive a message that seems to play on your emotions or tries to rush you into action, it’s probably a scam. Legitimate businesses and organizations will not typically resort to such tactics. If in doubt, always contact the organization directly to verify the validity of the message.
Internet service providers and mobile carriers have a crucial role to play in combating vishing and smishing attacks. By implementing advanced security measures, they can help protect their customers from these types of scams. For example, many carriers now offer features such as scam call blocking and identification. These features can help you identify potentially fraudulent calls and texts and avoid falling victim to these scams.
ISPs and mobile carriers can also educate their customers about the risks of vishing and smishing. By providing clear, easy-to-understand information about these scams and how to avoid them, they can empower their customers to protect themselves. As these types of attacks become more sophisticated, the role of ISPs and mobile carriers in combating them will only become more important.
McAfee Pro Tip: Regardless of the nature of these unwelcome calls, there are proactive measures you can take to safeguard yourself and even prevent them from reaching you in the initial instance. Know how to beat and block robocalls.
In conclusion, vishing and smishing are increasingly common types of scams that target individuals through phone calls and text messages. These scams can be frightening and invasive, but by understanding how they work and implementing strategies to protect yourself, you can significantly reduce your risk of being a victim. Comprehensive online protection software, being vigilant to the signs of a scam, and leveraging features offered by your ISP or mobile carrier are all effective ways to combat these scams. Remember, if something doesn’t feel right, it probably isn’t – always contact the organization directly if you’re unsure about a call or text.
The post Those Annoying Scam Calls and Texts: How to Fight Back Against Vishing and Smishing appeared first on McAfee Blog.
Read this statement, then read it again: Just five distracted seconds at 55 mph is equivalent to driving the length of a football field with your eyes closed. This alarming truth from the National Highway Traffic Safety Administration (NHTSA), highlights the need for parents to address the issue of distracted driving with their teens.
Additional distracted driving statistics are mind-blowing. According to the NHSTA, 77 percent of drivers admitted to using their phones while driving, 74 percent used their map app, 56 percent read emails or texts, 27 percent updated or checked their social media accounts, and shockingly, 19 percent of drivers—equivalent to one in five—engaged in online shopping while driving.
In the United States, distracted driving has become a leading cause of fatal crashes, accounting for 25 to 30 percent of all fatal crashes. Furthermore, overall highway fatalities have increased by 22 percent, as reported recently by The Los Angeles Times, which attributed this rise to the allure of technology turning our cars into “candy stores of distraction.”
While technology plays a significant role in distracted driving, other everyday choices and factors can also contribute to accidents. Eating while driving, managing a lively pet in the car, navigating unfamiliar streets, and even talking with peer passengers can distract young drivers. Studies have shown that crash risk doubles when teens drive with one peer passenger and quadruples with three or more teen passengers.
In the throes of summer, it’s a great time for parents to have a conversation with their teen drivers about the dangers of distracted driving and texting while driving. Here are some important topics to discuss and tips to help keep your kids safe on the road:
Remember, developing good (or better) habits takes time, effort, consistency, and parental involvement in teen driving. Preventing distracted driving with positive behavior change won’t happen overnight. Repeat yourself when it comes to road safety without apologies. Giving your child rules and expectations demonstrates love. By making some of these shifts, hopefully, you will worry less, raise wiser drivers, and improve safety for everyone on the roads.
The post Parent’s Guide: 8 Ways to Help Your Teen Combat Distracted Driving appeared first on McAfee Blog.
Article tags
act-1200
Article tags
Your phone buzzes. You hope it’s a reply from last night’s date, but instead you get an entirely different swooping feeling: It’s an alarming SMS text alerting you about suspicious activity on your bank account and that immediate action is necessary.
Take a deep breath and make sure to read the message carefully. Luckily, your assets could be completely safe. It could just be a smisher.
Smishing, or phishing over SMS, is a tactic where cybercriminals impersonate reputable organizations or people and trick people into handing over their personally identifiable information (PII) or financial details. Sometimes they can seem very credible with the information they have, and you may have even been expecting a correspondence of a similar nature.
So how can you tell when an SMS text is real and requires your attention? And how should you deal with a smisher to keep your identity safe?
Like email phishing and social media phishing, SMS text phishing often tries to use a strong emotion – like fear, anger, guilt, or excitement – to get you to respond immediately and without thinking through the request completely. Vishing is another phishing tactic over the phone, though instead of a text, the scammer leaves voicemails.
In the case of one coordinated smishing attack, cybercriminals not only impersonated financial institutions but collected PII on their targets ahead of time. The criminals then used these personal details – like old addresses and Social Security Numbers – to convince people that they were legitimate bank employees.1 But since when does a bank try to prove itself to the customer? Usually, it’s the other way around, where they’ll ask you to confirm your identity. Be wary of anyone who texts or calls you and has your PII. If you’re ever suspicious of a caller or texter claiming they’re a financial official, contact your bank through verified channels (chat, email, or phone) you find on the bank’s website to make sure.
Scammers also keep up with current events and attempt to impersonate well-known companies that have a reason to reach out to their customers. This adds false legitimacy to their message. For example, in the summer of 2022, Rogers Communications, a Canadian telecommunications provider, experienced an extended loss of service and told customers they could expect a reimbursement. Smishers jumped on the opportunity and sent a barrage of fake texts requesting banking details in order to carry out the reimbursement.2 However, Rogers credited customers directly to their Rogers accounts.
If you receive a suspicious text, go through these three steps to determine if you should follow up with the organization in question or simply delete and report the text.
Do you have text alerts enabled for your bank and utility accounts? If not, disregard any text claiming to be from those organizations. Companies will only contact you through the channels you have approved. Also, in the case of the Rogers smishing scheme, be aware of how a company plans to follow up with customers regarding reimbursements. You can find information like this on their official website and verified social channels.
ChatGPT might make it more difficult than spot smishing attempts because AI content generation tools usually use correct grammar and spelling. However, the tone is a good indicator of a scammer. If the tone of the text urges you to act quickly or proposes a dire consequence of ignoring the message, be on alert. While suspicious activity on your credit card is serious, your bank will likely reimburse you for charges you didn’t make, so you have time to check your bank account and see recent activities. Official correspondence from financial institutions will always be professional and will try to put you at ease, not make you panic.
Whenever you get a text from someone you don’t know, it’s a good practice to do an internet search for the number to see with whom it’s associated. If it’s a legitimate number, it should appear on the first page of the search results and direct to an official bank webpage.
Once you’ve identified a fake SMS alert, do not engage with it. Never click on any links in the message, as they can redirect you to risky sites or download malware to your device. Also, don’t reply to the text. A reply lets the criminal on the other end know that they reached a valid phone number, which may cause them to redouble their efforts. Finally, block the number and report it as spam.
A great absolute rule to always follow is to never give out your Social Security Number, banking information, usernames, or passwords over text.
To give you peace of mind in cases where you think a malicious actor has access to your PII, you can count on McAfee+. McAfee+ offers a comprehensive suite of identity and privacy protection services to help you feel more confident in your digital life.
1PC Mag, “Scammers Are Using Fake SMS Bank Fraud Alerts to Phish Victims, FBI Says”
2Daily Hive, “Rogers scam alert: Texts offering credit after outage are fake”
The post What Is Smishing? Here’s How to Spot Fake Texts and Keep Your Info Safe appeared first on McAfee Blog.
Article tags
FreshRSS