Blue checks on the black market

Verified Twitter and IG accounts are in high criminal demand, plus more newsbytes of the week.

Scammers are stealing verified Twitter and Instagram accounts in order to resell them on the black market to other scammers who will use them to promote NFT frauds. According to investigative reporting by The Verge, sales of these stolen accounts are often transacted on Telegram, at a rough cost of $200 per verified account. “Such thefts occur regularly, with dozens losing their profiles every day, if the frequency of new listings on marketplaces for verified profiles is any evidence,” states the report. 

The primary tactics being used to hijack the accounts are credential stuffing and phishing. NFT scammers then buy the accounts in order to flaunt the blue checkmark verifying it as official, which helps them push their phony or nonexistent NFT tokens onto unsuspecting users. Haseeb Awan, CEO of secure mobile provider Efani, commented, “In a single ordinary NFT scam, it’s very easy for scammers to make hundreds of thousands of dollars.”

Vice Society ransomware gang survives on mediocrity

The education and health care sectors have been the primary targets for ransomware gang Vice Society over the past two years, and researchers believe the group endures due to the mediocre nature of its attacks. “You have the top-tier groups developing their own zero-days and acting all polished and professional,” commented a security researcher at Tenable, “but meanwhile, Vice Society is just chugging along, not really innovating, stealing tools from other folks, but they have just enough stability to launch attacks, get paid, keep moving.” So far, the biggest target Vice Society has hit has been the Los Angeles Unified School District, and some experts wonder if the group understood how big the district was before targeting it. See Ars Technica for more.

CISA adds Cisco and Gigabyte flaws to catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two Cisco product flaws and four Gigabyte product flaws to its Known Exploited Vulnerabilities catalog. The Cisco vulnerabilities both impact the AnyConnect Secure Mobility Client for Windows, while the Gigabyte vulnerabilities impact Gigabyte App Center drivers, the Aorus graphics engine, the Xtreme gaming engine, and the OC Guru utility. All six of the new flaws can lead to a local attacker gaining elevated privileges. For more details, see SecurityWeek

POS malware steals over 167,000 credit card numbers

Researchers have discovered a pair of point-of-sale (POS) malware variants that together have stolen over 167,000 credit card numbers from mostly U.S. locations between February 2021 and September 2022. The command-and-control centers for both variants – MajikPOS and Treasure Hunter – were found hosted on the same server, though it is unknown who launched the attacks or if they had sold or used the stolen information. Researchers value the data at more than $3.3 million. See Cyberscoop for more. 

Interpol prepares for crime in the metaverse

Last week, Interpol unveiled what it called “the first ever metaverse specifically designed for law enforcement worldwide.” This “Interpol Metaverse” is intended to give officers around the world the tools for cross-border knowledge sharing via avatars. The platform will also be used for forensic investigation training and other policing activities. Interpol warned that criminals are already beginning to exploit the metaverse; and, as the tech continues to develop, future metaverse crimes could include crimes against children, data theft, money laundering, financial fraud, counterfeiting, ransomware, phishing, and sexual assault and harassment. To learn more, see ZDNet

This week’s must-read on the Avast blog 

Read our top articles on how to navigate online safety at any age, with actionable tips to help you protect your family. 

--> -->