Security News

BEC scam swindles $2.3M from small U.S. town

Plus, a ransomware group shuts down and releases a decryptor, while a botnet shuts down and goes up for sale

“We have fallen victim to an internet-based crime that has defrauded our taxpayers of $2.3m,” reads an August 23 press release put out by the Town Administrator of Peterborough, New Hampshire. It continues, “We do not believe that the funds can be recovered by reversing the transactions, and we do not yet know if these losses will be covered by insurance.” The business email compromise (BEC) scam was detected when ConVal School District reported it had not received its monthly $1.2 million transfer from the town. Scammers had tricked town staff into diverting the funds to a criminal account. Realizing this, Peterborough administrators contacted federal authorities, and the Secret Service Cyber Fraud Task Force began investigating. The agency found that the money had already been converted to cryptocurrency. Peterborough town staff involved in the scam have been put on leave, though there is no suspicion that any were involved in the scheme. The Secret Service continues to Investigate the matter. For more, see The Record

Ragnarok ransomware shuts down and releases decryptor

The Ragnarok ransomware group, a prominent force in the ransomware world since January 2020, has seemingly shut down operations, leaving behind a master key that will decrypt any file locked up by its ransomware. Bleeping Computer reported that there was no note explaining the move, simply a major change to the group’s website. Whereas it used to post the names of its victims along with a vow to release sensitive data if those victims did not pay, the site now simply provides short instructions on how to decrypt files. “Looking at the leak site, it seems like the gang did not plan on shutting down today and just wiped everything and shut down their operation,” Bleeping Computer reported. The move could possibly be the result of the U.S. government’s new war on ransomware

Coinbase erroneously tells customers their 2FA setting had changed

Due to an internal error, cryptocurrency exchange Coinbase sent alerts to 125,000 of its customers last Friday falsely informing them that their two-factor authentication (2FA) settings had been changed. The unexpected and untrue emails were sent over a period of almost 90 minutes before the error was fixed, Coinbase admitted on Twitter. Some customers were so spooked by the alert that they panic-sold tens of thousands of dollars in cryptocurrency. “All of a sudden, the system just started sending stuff like a bug in the system, but it was not a malicious or third party error,” a Coinbase spokesperson told CNBC

Phorpiex botnet for sale

Operators of the Phorpiex botnet have ceased their activity and put the source code for the malware up for sale on the dark web. The ad claimed that the original authors of the code are no longer involved with the botnet, which is why it is now on the market. Should anyone buy the botnet, they will gain access to all previously infected machines. The Record reports that, for a cybercriminal, there are upsides and downsides to using the Phorpiex botnet. An upside is the amount of money that can be made, mainly from the cryptocurrency clipboard hijacking feature. But one major downside is that this particular botnet is not secure, and can be easily hacked by other parties to be hijacked for their own interests. 

Arizona and Georgia adopt digital IDs in Apple Wallet

Apple announced this week that Arizona and Georgia will be the first two states to add their driver’s licenses and state IDs to Apple Wallet on the iPhone and Apple Watch. The first places where customers will be able to use their Wallet IDs will be participating airports. “Users do not need to unlock, show, or hand over their device to present their ID,” Apple stated, explaining that customers will need only to tap their iPhone or Apple Watch at the identity reader. After Arizona and Georgia adopt the digital licenses, Apple claimed, Connecticut, Iowa, Kentucky, Maryland, Oklahoma, and Utah will follow suit.

This week’s ‘must-read’ on The Avast Blog

The Covid-19 pandemic has made the "second shift" harder for working parents. We've shared the stories of a couple working moms who have been affected, both on personal and professional levels.