Plus, the return of REvil and the largest HTTPS DDoS attack ever.
In the first report produced through the Observatory function of the Europol Innovation Lab, Europol warns that the threats posed by deepfakes are increasing. Deepfake technology uses AI to alter existing images and sometimes create new ones. According to Security Week, deepfake threats fall into one of four categories: societal threats such as stoking social unrest, legal threats such as falsifying electronic evidence, personal threats such as harassment and bullying, and traditional cyberthreats such as extortion and fraud.
“Deepfakes are a real concern,” commented Avast Security Evangelist Luis Corrons. “In fact, we warned about them in our 2022 predictions. Technology is advancing so rapidly that there is no need for great expertise to create credible deepfakes. This can be great for jokes and memes, but it is terrible for advanced scams and misinformation campaigns.” Europol warned that deepfakes could lead to a situation where citizens no longer have a shared reality, and it could create societal confusion about which information sources are reliable. As technology advances, so does the sophistication of deepfake technology.
SEC increases crypto unit
This week, the U.S. Securities and Exchange Commission announced that its Cyber Unit was undergoing a name change and a near doubling of staff. The renamed Crypto Assets and Cyber Unit is “responsible for protecting investors in crypto markets and from cyber-related threats,” such as the recent Amazon token crypto scam. The added 20 positions will include supervisors, investigative staff attorneys, trial counsels, and fraud analysts. “Crypto markets have exploded in recent years, with retail investors bearing the brunt of abuses in this space,” said Gurbir S. Grewal, Director of the SEC’s Enforcement Division. For more on this story, see The Verge.
Is REvil being revived?
Avast researchers identified a new sample of ransomware as having been generated using information that only previous members of the defunct REvil ransomware group could have accessed. This leads experts to wonder if the group is reassembling after it seemed to fall apart when Russian officials reportedly arrested 14 members and raided more than two dozen locations in January. The sample indicates that the REvil ransomware strain is being augmented with new capabilities, but to Avast researcher Jakub Kroustek, that is not the worrisome part. “The code itself does not look any more dangerous compared to the previous versions,” he said. “The simple fact that we see this threat active again is disturbing.” For more, see Dark Reading.
Cloudflare blocks largest ever HTTPS DDoS attack
Content delivery network Cloudflare reported that it blocked the largest DDoS attack ever seen in the HTTPS category. HTTPS DDoS attacks require more computing power in order to establish a secure TLS encrypted connection, which is costlier to the attacker. The attack blocked by Cloudflare came in at 15.3 million requests per second from 6,000 unique endpoints. The victim was a Cloudflare customer operating a crypto launchpad. Experts say DDoS attacks have skyrocketed since the invasion of Ukraine, with many users misguidedly allowing the use of their machines for “hactivist” operations. See TechRadar for more.
Nobelium sets up new phishing sites
Researchers have identified over four dozen websites being used by Russian hacking group Nobelium for phishing attacks, some of which use typosquatting to further trick victims. Typosquatting is the tactic of using slightly misspelled brand names in order to pose as legitimate entities. While the misspelled brands in the new sites span a range of industries, most seem focused on posing as news and media outlets. Nobelium has most recently been seen attacking Ukrainian diplomats and members of NATO. It is also the group behind the 2019 SolarWinds attack. For more on this story, see Cyberscoop.
This week’s must-read on the Avast blog
Ever wondered about the risk of falling for a scam when you're on the hunt for a new rental? Here are some tell-tale signs that the advertisement you’re looking at online is a rental scam.