CyberSecurity News Byte

Hosted ByJim Guckin

Welcome to CyberSecurity News Byte with Jim Guckin, your one-stop resource for the latest cybersecurity news, updates, and discussions. Our podcast is a vital tool for CyberSecurity and IT professionals, as well as technology leaders, who need to stay on top of the ever-evolving digital landscape.

Episode 51: March 27 2023


Instagram scam uses fake SHEIN gift cards as lure

  • Old Scam
    • Based off a tried-and-true method
  • Avast Researchers
    • targeting Instagram users from various countries including the UK, Australia, France, Spain, and Poland
  • Scam
    • comment from a random account on a user’s post
      • congratulates the victim saying they’re one of the 2023 lucky ones selected to receive a SHEIN gift card.
      • offers the user a link to their Instagram profile, and at the end, they mention a long list of Instagram users that will be notified about the mention to be lured as victims to this scam.
      • The scammers Instagram has a link to use for the giftcard
      • Victim is given 3 questions and timer.
      • No matter how the answer their answered are checked
      • The victim is presented with nine closed boxes to choose from.
        • it doesn’t matter which ones are chosen.
          • the first one will always be a failure.
          • second one will always be a winner
          • the victim is asked for a small amount of money:
        • After entering their personal details
          • the victim is asked for their credit card details
          • The goal here is to hide the real Terms and Conditions.
          • The victim is expecting a gift card valued in several hundreds of euros or dollars.
            • It seems that they have to pay a small amount of money to receive it, but what’s really happening is that they’re subscribing to a service
            • In Australia, for example, the victim is charged AUD $2 plus AUD $69 every two weeks.
            • In France, the amount charged is €2 plus €33 every two weeks. For some countries, the money that will be charged isn’t even disclosed. And of course, none of them will receive the gift card.

Linus Tech Tips Hacked

  • Linus
    • a Canadian YouTuber.
      • Linus Tech Tips
      • TechLinked
      • Techquickie
    • Creating and hosting YouTube channels
      • Most known for Linus Tech Tips (LTT).
    • channels have a combined subscriber base of over 26 million.
  • Attack
    • bypassed things like password and two-factor protections
    • targeted the session tokens
      • that keep you logged in to websites.
    • Malware
      • Linus Media Group’s team member downloaded a PDF
        • “what appeared to be a sponsorship offer from a potential partner”
      • included malware
        • accessed “all user data from both their installed browsers”
          • including session tokens
          • Access without needing to enter security credentials.
        • Damage
          • Over a decade of videos were deleted
          • streamed two videos featuring Elon Musk talking about cryptocurrency
            • One is named “OpenAI ChatGPT-4: The Game-Changing AI Technology”
              • Stream went down after around 35 minutes of broadcasting.
            • other is called “LinusTechTips & Elon Musk Special Crypto Giveaway”.
              • Taken down after around 20 minutes of broadcasting.
            • both livestreams appear to be identical
              • In the chat, a link to a presumably malicious “Crypto Giveaway” is present.
                • Appears to be a phishing attempt
                  • get cryptocurrency wallet details

Another one bites the dust

  • Breach Forums
    • Taken down
  • History
    • Darkweb
    • March 16, 2022 came online
    • Replaced RaidForums that was taken down a month prior
    • First post was a simple “Welcome”
    • administered by “pompompurin”
    • hosted Hacked Data of 1 billions globally
      • according to FBI
      • 7 million robinhood customers
      • 23 TB of Shanghai National Police Data
      • 60,000 records from DC Health Link Insurance Exchange
        • Congress
      • Breached was initially met with “skepticism from the cybercrime underground,” but “persisted and became the largest English-speaking data broker forum anywhere across the deep or darkweb.”
    • News
      • FBI arrested a 20-year-old named Conor Fitzpatrick
        • Admitted to being Pompompurin
        • Claimed to earn $1,000/day selling information
        • Peekskill, New York
        • accused of just one crime: conspiracy to commit access device fraud.
        • appeared in a federal court in New York on March 16 and was released on a $300,000 bond
          • If he’s convicted he faces a maximum penalty of five years in prison
        • FBI and the U.S. Department of Health and Human Services Office of Inspector general
          • conducted a disruption operation that caused BreachForums to go offline.
        • FallOut
          • hackers looking to sell data have to find a new venue
            • may need to rebuild reputation
          • Researchers who track illicit activity by cross-referencing posts and monikers across sites will have to find new ways in, too.
          • BreachForums team build new, or a whole new forum and even some temporarily looking to Telegram channels already popping up

Fake IRS tax email delivers Emotet malware

  • MalwareBytes
    • Director of Threat Intelligence, Jerome Segura
  • W-9 Email Danger
    • form you fill in to confirm certain personal details with the IRS. Name, address, and Tax Identification Number
    • used as a lure for people to download emotet malware
    • “IRS Tax Forms W-9” which appears to have been sent from “IRS Online Center”. The email, which contains an attachment
      • Let me know if you would like a hard copy mailed as well.
        Respectifully [SIC]

        Barbara LaCosta
        Department of Treasure

      • Attachment W-9
        • 709KB in size
        • Opened contains W-9 form.doc
          • 548 MB size
        • Opened will display
          • This document is protected
            Previewing is not available for protected documents. You have to press “enable editing” and “enable content” buttons to preview this document.
        • Macros run then Emotet is installed.