Cyber Security News – FBI Warns of Increase in Romance Scams – Australians Target of Password Spraying Attacks – Cyber Attacks Targeting Businesses on the Rise
FBI Warns Romance Fraud is Increasing
The US Federal Bureau of Investigation (FBI) issued a warning about the increasing occurrences of romance fraud and confidence schemes. The object of these cyber crimes is to establish an online relationship using a fake persona and then trick the victim into sending money, gift cards, or other gifts. Victims may also be converted into unknowing money mules when they transfer money across borders or open bank accounts at the behest of the scammer.
Romance and confidence are now the seventh most reported scam, according to the FBI. However, they are the second most costliest scam in terms of financial losses.
The US Internet Crime Complaint Center (IC3) reported that the number of reported confidence and romance fraud reports increased to 18,000 in 2018 up from 15,000 in 2017. The amount of money lost to cyber criminals increased to $362 million in 2018, up an astonishing 70% from about $211 million in 2017.
Romance fraud scammers meet victims on dating websites and social media. The scammers claim they are unable to meet in person because they are supposedly traveling or living abroad. After some time spent patiently establishing a relationship and trust the scammer convinces the victim to send money to them so they may visit and meet in person. The scammer claims that they cannot afford the travel expenses on their own. They may also claim that any wired funds were never received and request that they be sent more money. Still, other scammers may claim they were detained at the border and request more money to pay legal expenses or recover seized property. Beware of romantic interests that are unable to meet in person. Also beware of requests for money, gifts, gift cards, electronics from someone you never met in person. Never open a bank account for anyone outside of your immediate family.
Cyber Attack Attempts on the Rise for Businesses
Data on cyber attacks from a Malwarebytes report showed that ransomware detections on consumer systems decreased by twelve percent between June 2018 and June 2019. Detections have increased by 363% since June 2018 and by 14% since the first quarter of 2019. However, cyber threats against businesses increased over 200 percent for the same time interval. Specifically, ransomware detections targeting companies increased 195 percent quarter over quarter. Ryuk is currently the biggest ransomware threat for businesses. Mac and mobile malware detections increased quarter over quarter by over 60 percent. The primary malware affecting mobile devices was adware.
Australian Cyber Security Centre Warns of Password Spraying Attacks
The Australian Cyber Security Centre (ACSC) warned Australians about a high volume of ongoing password spray attacks targeting corporate services. Targets are webmail, remote desktop access, Active Directory Federated Services, and cloud based services. Breaching one of these systems may allow a hacker to gain access to corporate emails, corporate address directories that can be used in phishing attacks, remote desktop services, or gain higher privileges such as administrative access to networks.
What is Password Spraying?
Password spraying is a type of brute-force attack where a hacker attempts to compromise login credentials using a single password or username on multiple accounts. The password or username is tried on one account, if it does not work, then the hacker moves on to the next account and tries the same password. Often, password spraying is used slowly across a network to avoid detection by cyber security algorithms. Some password spray attacks may deploy lists of common passwords or simply traverse a list of generic usernames or standardized naming conventions from a corporate directory. This tactic allows hackers to go undetected by avoiding rapid or frequent account login attempt automated lockouts.
Weak and popular passwords are targeted in these cyber attacks. SysAdmins must work to detect password spraying attempts by analyzing authentication attempts over a defined time period. Look for a large number of invalid usernames or a suspicious ratio of login success verses login failure per IP address to detect attacks that are spread out over a longer duration.
Defend Against Password Spray Attacks
- Implement multi-factor authentication protocols
- Reset login credentials of affected accounts
- Enforce complex passwords, as well as a strong password, reset policy to decrease the likelihood of successful authentication
- Avoid setting up new user accounts or resetting login credentials using generic or easy to guess passwords
- Disallow passwords on the most common hacked password list