Risks Rundowns

In a shocking revelation, Japanese and U.S. authorities have officially linked the $308 million cryptocurrency heist from DMM Bitcoin in May 2024 to North Korean cyber actors. These attackers, part of the TraderTraitor group (also known as Jade Sleet , UNC4899 , or Slow Pisces ), used sophisticated tactics to pull off this massive theft. Who’s Behind It?   TraderTraitor is notorious for: Social Engineering : Targeting multiple employees simultaneously to breach systems. Malware-Laced Apps : Disguising malicious tools as cryptocurrency-related software. Sophisticated Scams : Pretending to be recruiters or collaborators, even on platforms like GitHub . How They Did It   Targeting Employees In March 2024 , a Ginco employee (a Japanese crypto wallet company) was duped by a fake recruiter into running a malicious Python script , setting the stage for the attack. Compromising Systems With the script, attackers gained access to Ginco’s communication systems using session cookies...

In an effort to humanize victims and hold scammers accountable,  INTERPOL  is pushing to replace the term  "pig butchering"  with  "romance baiting"  for scams involving fake cryptocurrency investments under the guise of romantic relationships. Why the Change? The term  "pig butchering" , derived from the Chinese phrase "杀猪盘" ("shā zhū pán"), has been criticized for dehumanizing victims and discouraging them from reporting these scams. "Romance baiting" , on the other hand, shifts focus to the scammers’ manipulative tactics and prioritizes respect for victims. How It Works   Originating in  China in 2016 , romance baiting scams typically follow a pattern: Building Trust : Scammers target victims via social media or dating apps, developing a fake relationship over time. Investment Push : Victims are coerced into investing in fake cryptocurrency platforms. Financial Loss : Once the money is sent, victims are left empty-handed as...

Cyber threats are evolving faster than ever, with ransomware and AI-driven phishing attacks reaching unprecedented levels. Traditional security methods like SMS-based One-Time Passwords (OTP) are no longer enough to protect against sophisticated tactics like Generative AI phishing and Ransomware-as-a-Service (RaaS) . According to the latest advisory from CISA and the FBI (AA24-242A) , implementing phishing-resistant multi-factor authentication (MFA) is now a critical defense. Ransomware is at Record Levels   The numbers tell the story: Ransomware payments have surged by 500% in 2024 , with incidents averaging $2 million per attack, according to Sophos’ "State of Ransomware 2024" report. Median payments skyrocketed to $20 million in 2023 , compared to $1.4 million in 2022. This explosion in ransomware success is fueled by Generative AI , enabling cybercriminals to craft phishing attacks that are nearly impossible to detect. How Generative AI is Changing Phishing   Cybercri...

In an unprecedented sting operation, the FBI has taken down a massive cryptocurrency fraud network by launching its own fake crypto token, NexFundAI . This cleverly disguised operation, part of Operation Token Mirrors , exposed illegal trading schemes like wash trading and pump-and-dump scams —and scammers are paying the price. How It Worked   The FBI created NexFundAI , a fake cryptocurrency marketed as a revolutionary bridge between finance and artificial intelligence . Behind the scenes, however, it was a trap designed to attract scammers engaged in market manipulation . Wash Trading : Scammers used fake trades with their own tokens to inflate the token's price, luring unsuspecting investors into buying. Once prices peaked, the fraudsters sold off their tokens for profit, leaving regular investors with worthless assets. Who Got Caught?   The operation led to the arrest of 18 individuals and entities involved in market manipulation schemes. Among those charged were major ...

  A security researcher, Johann Rehberger , has uncovered a critical vulnerability in ChatGPT's long-term memory feature , potentially allowing attackers to store false information or inject harmful instructions into the system. OpenAI, which introduced this feature in February 2024 , has partially addressed the issue, but significant risks remain. What Happened?   ChatGPT’s long-term memory is designed to store user preferences, beliefs, or personal details for future interactions, enhancing personalized conversations. However, this feature also opened doors to prompt injection attacks , enabling malicious actors to: Inject false information (e.g., claiming the user is 102 years old or lives in the Matrix). Manipulate ChatGPT to guide future conversations based on these fake memories. Rehberger demonstrated this vulnerability with a proof-of-concept (PoC) exploit, revealing the potential for significant damage. Advanced Exploitation: Data Exfiltration   In a more sophi...

  In a major victory for cybersecurity, law enforcement agencies have dismantled an international criminal network running a Phishing-as-a-Service (PhaaS) platform known as iServer , which targeted over 483,000 victims worldwide . The operation, codenamed Operation Kaerb , was a coordinated effort involving Spain , Argentina , Chile , Colombia , and Peru . What Happened? iServer’s Reach : The PhaaS platform exploited victims in multiple countries, with Chile (77,000), Colombia (70,000), and Ecuador (42,000) being the hardest hit. Arrests and Seizures : 17 arrests were made. 28 searches conducted. Over 921 items seized, including electronic devices, weapons, and mobile phones. Mastermind Arrested : An Argentinian national, believed to have run iServer since 2018, was arrested as part of the takedown. What is iServer?   Unlike typical phishing operations, iServer focused on unlocking stolen or lost phones. It allowed criminals, known as "unlockers," to use a web-based ...

In a dramatic cybercrime case, Australian authorities arrested a man for setting up fake Wi-Fi networks mid-flight to steal passengers' personal data. Here’s what went down: The In-Flight Data Theft During a domestic flight, airline staff spotted a suspicious Wi-Fi network onboard. Upon landing in Perth, police searched the suspect—a 42-year-old man from West Australia—and found a portable Wi-Fi device, laptop, and phone in his carry-on luggage. Authorities discovered that he had created fake Wi-Fi networks, tricking passengers into logging on and unknowingly handing over sensitive information like email addresses and social media credentials. Further investigation revealed that he had pulled off similar scams at airports in Melbourne , Adelaide , and other locations. How the Scam Worked Using a portable Wi-Fi device, the suspect set up "Evil Twin" hotspots that mimicked legitimate networks. Unsuspecting passengers connected to these fake networks, believing they were us...

Cybercriminals are stepping up their game with a sneaky phishing scam that combines Google Drawings and WhatsApp links to steal sensitive information. This clever tactic tricks users into handing over their details while dodging traditional security systems. How It Works It starts with a phishing email disguised as an Amazon account verification request. Clicking the link doesn’t take you to Amazon—instead, it redirects you to a graphic hosted on Google Drawings . This makes the scam appear legitimate and bypasses many security filters. Why Google Drawings? Hackers use Google Drawings to hide malicious links in a graphic. Users, worried about their accounts, often click these links without realizing they’re being redirected to a fake site. Shortened Links for Extra Deception The links take you to a fake login page, but not directly. Hackers use WhatsApp links and URL shorteners like qrco[.]de to disguise their tracks, making it harder for security systems to detect the phishing att...

Looking for an edge in your favorite game? Be careful—it could cost you more than just your rank. Cybercriminals are targeting gamers with fake cheat sites, delivering Lua-based malware that can wreak havoc on your system. How It Works Hackers prey on student gamers searching for cheat engines like Solara and Electron. They create fake websites offering “free cheats” but instead deliver ZIP files hosted on GitHub. These files contain a Lua compiler and scripts designed to compromise your computer by connecting to a command-and-control server , which then downloads additional malware, such as RedLine S****r . Why It’s So Dangerous This malware is designed to stay hidden: Obfuscated Scripts : The Lua scripts are obfuscated, making them hard to detect by security software. System Persistence : Once installed, it can establish persistence, hide its processes, and deliver more harmful payloads. Credential Theft : Infostealers like RedLine collect usernames, passwords, and sensitive data, w...

  Imagine landing a promising tech job interview, only to find out it’s a trap set by hackers. That’s the reality many software developers are facing, as North Korea-linked hackers use fake job interviews to spread malware. This malicious campaign, known as Contagious Interview , was uncovered by Palo Alto Networks' Unit 42 in late 2023. How It Works Hackers disguise themselves as employers on job platforms, offering interviews to unsuspecting developers. Victims are asked to download malware disguised as coding assignments. The attack begins with the installation of Beaver*** , a downloader that works on both Windows and macOS systems. This then loads Invisible**** , a Python-based backdoor designed to give attackers control over the infected system. Their Sneaky Techniques These hackers have refined their methods to stay effective: They use fake video conferencing apps, built with the Qt framework , to spread malware seamlessly across platforms. Once Beaver*** is installed, it st...

  —Here’s What You Need to Know: T-Mobile has confirmed it was targeted in a months-long cyber-espionage campaign orchestrated by Chinese hackers known as Salt Typhoon (also called Earth Estries). This group has been quietly infiltrating major U.S. telecom companies, including AT&T and Verizon, to access sensitive communications from high-profile targets. What Happened? Salt Typhoon, a highly sophisticated cyber-espionage group active since 2020, exploited vulnerabilities in telecom networks. Using advanced tools, the attackers snuck into systems unnoticed, aiming to harvest private data from some of the biggest names in U.S. telecom. How Did They Do It? These hackers didn’t just walk through the front door—they used stealth and persistence to break in: Exploiting Vulnerabilities : They targeted flaws in systems like Microsoft Exchange and used tools to deploy malware. Installing Backdoors : With tools like cURL , they downloaded custom backdoor programs to maintain secret acc...

----- Here’s What Happened:  Imagine walking out to your car, only to find it’s honking, unlocked, or even started—all without you touching a thing. That’s the kind of nightmare Kia owners narrowly avoided, thanks to researchers who discovered vulnerabilities that could have given hackers remote control over vehicles using nothing but a license plate number. What Went Wrong? Cybersecurity researchers found flaws in Kia’s systems that affected almost all models manufactured after 2013 including my 2015 Kia Rondo. These vulnerabilities allowed hackers to control key car functions, like unlocking doors, starting the engine, and even honking the horn—all within 30 seconds. Even more alarming, this didn’t require a Kia Connect subscription. If your car had the hardware, it was fair game. How the Hack Worked The problem wasn’t with the cars themselves but with the dealer infrastructure used to activate vehicles. Here’s how attackers could pull it off: Create Fake Access : Hackers exploit...

---- Here’s How: Imagine receiving a frantic call from law enforcement saying someone’s life is in danger—they need critical information fast to save them. Now, picture hackers pretending to be those officers, bypassing legal checks to steal private data. That’s exactly what’s happening, and the FBI is sounding the alarm. Here’s the scam: Cybercriminals hack into government or police email accounts, then send fake "emergency data requests" to major tech companies like Apple, Meta, Google, and Snap. These requests, claiming life-threatening emergencies, push companies to hand over sensitive user details like email addresses, phone numbers, and usernames—no questions asked. The trick works because in real emergencies, companies often skip the usual legal protocols to act quickly. Hackers exploit this loophole, pretending to be in a rush to save lives, while secretly stealing your data. Since 2021, these fake requests have been on the rise, with a surge in 2023-2024. Notorious h...