Tuesday, April 20, 2021
Home Blog

Fake COVID-19 vaccines are being promoted in Dark Web market

Fake COVID-19 vaccines

Fake COVID-19 vaccines are being promoted in Dark Web market

According to Resecurity, a Los Angeles-based cybersecurity company, the Dark Web market is currently overloaded with illegal pharmacy offerings related to COVID-19 vaccines and various illegal services related to vaccinations. 

Threat actors are now cashing in on the global pandemic and have started capitalizing on slow vaccine rollouts. These actors are selling fake or empty blanks of COVID-19 vaccination record cards along with counterfeit products.

Undercover police operations around the world have discovered fake covert 19 jabs claiming to be Pfizer and AstraZeneca on the dark web.

In the majority of the observed cases, cybercriminals are profiting from scamming people interested in buying the vaccines (without actually shipping anything) due to the extremely high demand and attention to COVID-19 globally.

Consumers should be careful when buying anything online, especially related to COVID-19, as official vaccines are not currently approved by selling online, and could be applied only by certified healthcare organizations having proper accreditation and specialists.


From toilet paper brawls to empty supermarket shelves these are memories that will forever remind us of how desperate we have become during the pandemic but, what has been discovered is perhaps the most alarming sign yet that people’s patience has all but run out.

Customers surfing on the dark web are prepared to do almost anything in the hope of saying goodbye to the virus for good.

This has become desperate times, and covid-19 has infected the world in such a way that people may be desperate enough to try to purchase the covid-19 vaccine online.

AstraZeneca and Pfizer are the two main vaccines on offer in cyber underground, and actors are claiming that these vaccines are from America or mainly international.

Each vaccine online has detailed product descriptions and states to be highly effective at preventing covid-19.

Most of these threat actors are actually even telling the buyer how to administer the vaccine so that the buyer will think they are purchasing a legitimate product.

Some of the vaccines are so cheap that some people might take the gamble and risk paying the money as some vaccines are being sold as little as $40. Notably, the threat actors prefer to get paid in cryptocurrency in order to stay anonymous.

In many cases, the victim has placed an order and paid for a product that actually does not exist or is in fact just salty water in the bottle.

Police have now urged the public to be patient and wait their turn to be vaccinated. It is impossible to vaccinate everyone at once and this is one of the largest peacetime logistic efforts that the world has ever done.

The message here is clear. People should rely on their doctor and pharmacist for pharmaceutical medication, not the dark web.

This is just another example of criminals attempting to take advantage of the community in what has become very trying times.

Interpol has issued a public warning reiterating that legitimate vaccines are not for sale after police in China and South Africa seized thousands of fake covert vaccine doses.

Counterfit Covid-19 Documents On Sale in the Darkweb Increases Fear of Cross-border Virus Spread.

Countries around the world are accelerating the vaccination process to win the fight against the virus.

Many countries are already planning on introducing these vaccine passports to ease travel, with the goal to force everyone to have the vaccine.

A vaccine passport is a recognised document that proves the holder is vaccinated and can now travel. But contrary to popular belief, this has now given birth to a new industry – the sale of fake vaccine passports on the dark web

These fake documents have allowed buyers to masquerade as vaccinated healthy individuals.

Apart from the fake vaccination documents, there are now even forged negative COVID-19 test results that are also being sold on the dark web.


Sold at just $250, the forgers ask for buyers’ details to create fake vaccination documents.

Further fake vaccination documents are also available for various different vaccines. This helps the forgers make the documents for the vaccine, which is likely to be in use in the buyers’ countries.

The buyers are then free to use these fake documents in their digital or printed formats to convince authorities that they are covid free.

Reports say that the darknet advertisements for COVID-19 vaccines have increased by over 300 percent.


These are reportedly being purchased by people seeking to board flights, cross borders and attend events. Even people who do not believe in the vaccine are purchasing this to convince authorities that they are healthy.


The fake documents risk spreading the virus to more people across the world. This is especially a concern for countries where vaccine rollout is yet to take place.

The use of fake documents also endangers people who cannot take the vaccine for medical reasons.

People who are buying and misusing these fake documents are endangering their own and those around them.


According to the FBI’s latest Internet Crime Report (IC3), US businesses alone lost more than $1.8 billion to business email compromise in 2020, while ransomware costs tripled, and phishing attacks doubled. From ransomware attacks to COVID-19 scams, 2020 was one of the worst years on record for cybercrime.

More than 500 million LinkedIn users’ data scrapped: What was their motive?

LinkedIn users’ data scrapped

LinkedIn personal Information Incident overview

A few weeks earlier, there was an incident where hackers deleted Facebook user information from their social media platforms. A few moments later, a similar case took place on LinkedIn. Cybercriminals intercepted the personal data of more than 500 million users for their use in yet another incident. Later, the hackers discovered an archive containing the users’ LinkedIn IDs, email addresses, full names, personal data, and PII.

According to a CyberNews article published on Tuesday, April 6th, this was the case. Last week, more than 533 million Facebook users had their data scraped off by hackers.

According to the paper, the data seized also included LinkedIn users’ social media profiles. The hackers went on to prove the validity of their attack by releasing another 2 million user records.

Moreover, users can also display the samples for $2 worth of credits. The hackers acted by auctioning off the crown jewels. The assessment shows that they are of the 500 million users for Bitcoin’s equivalent value. However, Candid Wuest, Vice President of Cyber-Protection Analysis, claims that the data does not contain any passwords or credit card information. This, therefore, means that they would sell for a meager price.

Confirmation of LinkedIn from the Data-Scrapping incident

Soon after the attack, officials from LinkedIn announced that criminals had intercepted data from their network. However, it reports indicating that it resulted from crapping rather than a data system violation. LinkedIn said in a weekly statement that it is investigating the suspected LinkedIn data posting. So far, it is clear that it was an aggregation of data from many websites and companies.

Scraping is a popular method used by cybercriminals to steal personal information from the internet. They use the tactic to resell data for profit and use the information for other malicious purposes. Scraped data works by engineering identity theft attacks, phishing attacks, and stealing victims’ personal information, among other nefarious activities.

While echoing the previous Facebook incident, the LinkedIn officials state that it will remain vigilant to any data misuse. Also, the officials will investigate expediently in case of an attack.

Data and Information Violation

It’s uncertain if the General Data Protection Regulation (GDPR) will bring proceedings against LinkedIn for data breaches. GDPR is a regulation that went into effect in May 2018 intending to protect personal data by establishing guidelines for businesses and organizations to handle it. According to the law, companies must also report data breaches within a certain amount of time or face penalties.

CyberNews now has online software that allows people to check if there is any compromise on data. CyberNews, therefore, advises that users must be careful before opening emails and messages from unknown senders.

Wuest further quelled phishing attacks’ claims by stating that it is uncommon for criminals to use such data for extortion and phishing attacks. Instead, the hackers may target job seekers on a platform like LinkedIn by offering them false job offers and later infecting them with Trojans. Golden Chickens group is behind the LinkedIn personalized phishing attacks.

Cybercriminals from Dark Web are hunting on unemployment benefits

unemployment benefits
Resecurity, A Los Angeles-based cybersecurity company, identified multiple cybercriminal groups and actors in Dark Web selling tools to abuse pandemic-related unemployment benefits services in the U.S.
Scammers are conducting what is called “credentials stuffing” attacks, using automated tools and large volumes of stolen compromised data and personal identifiable information (PII) collected from various data breaches. Using this data and frequently used passwords by users, they then brute-force the credentials to gain access to hardworking U.S. citizen accounts that are eligible for unemployment payment to defraud them.
The Coronavirus Aid, Relief, and Economic Security (CARES) Act passed by Congress and signed into law in March 2020 provided additional UI benefits to qualified individuals and helped provide unemployment insurance benefits during the COVID-19 pandemic to people who did not otherwise qualify, including business owners, self-employed workers, independent contractors, and those with a limited work history.
FBI have registered an unprecedented explosion of unemployment insurance (UI) fraud across multiple states. 
In some cases, inmates are filing for and getting thousands of dollars in pandemic unemployment assistance while sitting in their jail cells. Now charges filed and a wave of charges against thousands of inmates are still coming. And all this is just the tip of the iceberg of massive fraud. Inmates and their accomplices stealing money that is intended for honest hard-working families across America.
Thousands of inmates in county jails and state correctional institutions have been in on the scheme. Each person involved collecting thousands of dollars in pandemic unemployment insurance that is meant for workers sidelined by the Covid-19 pandemic.
Inmates along with their outside accomplices who filed the claims started being arrested last year. All these scammers have stolen taxpayers money and have undermined a safety net that millions have relied on during the pandemic.
One of the first inmates to be accused was murderer Lamont Wilford. He was charged along with his girlfriend Casey Norik and another outside accomplice who filed the unemployment claim.
This year unemployment fraud still continues on an unprecedented scale. As this fraud has now become so serious, each inmate charged could face an additional 20 years in jail and $50,000 in fines
In March, three members of a North County family were charged with defrauding the state employment agency out of 1.3 million dollars.
The defendants are accused of using the names of 64 prison inmates to apply for unemployment benefits.
One of the three defendants Miss Michelle Marquez appeared by a video call from Las Colinas in front of Judge Francis facing 16 felony counts that could put her in prison for up to 12 years.
Marques and her husband Ryan Kubista along with her mother-in-law Stacy Wright are all charged with unemployment fraud and grand theft.
Marquez is accused of using the names of 64 prison inmates to file for EDD benefits collecting more than 1.3 million dollars in illegal payments.
An arrest warrant alleges the defendants had EDD atm cards mailed to several different addresses in Escondido as well as UPS store mailboxes under the names of the prison inmates, and that investigators obtained surveillance images of Marquez and her husband withdrawing the funds from San Diego county atm machine.
The judge set bail at $900,000 in part because prosecutors thought Marquez might use the cash from the EDD fraud to bail herself out of jail.
She remains behind bars pending a bail review hearing then set for April 5th.
The arrest warrant, in these cases, did not say whether the 64 prison inmates were aware that their names were being used for this EDD alleged fraud. However, when you apply for EDD you have to provide a “social security” number.
All three defendants have been in trouble with the law before, in fact, when they served a search warrant on Marquez’s house in this case, they not only found 31 EDD atm cards, but they also found 30 grams of fentanyl.
In September 2020, the Beverly Hills police arrested 43 people. all of this in connection with the growing fraud scam.
Beverly Hills has long been known as the mecca for luxury shopping and it is not just enticing for those who have money. 
 Police now say it has become a destination for identity themes running unemployment insurance scams, who may very well have stolen your money.
Last year police made a total of 87 arrests in the Beverly Hills area, recovered 8 handguns and 181 EDD cards. Beverly Hills police also recovered approximately $467,000 total in cash and  $440,000 in US postal money orders.
Police stated that all of the cash and debit cards were obtained from scammers committing fraud against California’s employment development department. 
90 per cent of the people that were arrested were not from the state and were using out-of-state addresses.
Police said that some of the arrestees are from as far north as Alaska and as far east as New York and they are flying to California, moving into short-term rental homes in the La area and then applying for unemployment insurance using identity stolen through data breaches, sending debit cards and checks to their rentals as well as other homes that are vacant or have easily accessible mailboxes.
So, while many unemployed Californians wait months with nothing from EDD, scammers are getting cash in days.
It can take about three to four days after the scammers submit all the information into the computer until they have a card in their hand. Then these scammers will travel to Beverly Hills and spend this stolen EDD money on high-end merchandise within the business district of Beverly Hills.
Police told reporters that routine traffic stops led them to some of the people arrested. In other cases, luxury stores reported suspicious use of EDD cards.
Informants reported that at times when the cards have been maxed out, the scammers will then take out a couple more cards in order to pay for the goods. So, in theory, when buying a high-end pair of shoes or a high-end purse there maybe two or three cards attached to that single purchase.
However, even with 87 arrests and potentially millions more stolen, identity theft is a non-violent offence, which means it is a zero bail offence in California. Offenders don’t even go to jail. They get processed, fingerprinted, booked and they will be given a ticket to appear at a local court in 60 to 90 days.
Beverly Hills police along with many other police units in America have issued warnings to store owners and other high-end shopping areas to be on the lookout for these scammers. 
The sheer scale of this means that investigations across America are far from over.
Scammers have taken advantage of a public health emergency to cash in on the backs of normal working-class people across America to scam a system that is meant to help due to the pandemic.
Federal sources have stated this scam is still going strong all over the country and that the abuse could well reach billions of dollars.
Investigations continue

Industrial supply chain is in danger – new data published by REVil ransomware gang.

supply chain

REVil are targeting industrial supply chain – new victims published in Dark Web

The multinational conglomerate Honeywell International Inc. has reportedly suffered a disastrous blow as the ransomware gang REvil has published tax and business documents allegedly belonging to Honeywell on the DarkWeb. Possibly, it is just a beginning of a larger breach which is a part of “hack & leak” game by REvil. 
REvil (also known as “Sodinokibi”) was responsible for publishing documents related to the singer Lady Gaga back in May 2020, Spanish rail infrastructure manager ADIF,  world-leading French electronics manufacturing services (EMS) company Asteelflash, multiple IT providers, media companies, law firms, and has reportedly been at it again publishing sensitive data belonging to Honeywell Inc, Tata Steel, and tech giants Acer.
Read more about how to protect yourself here
At this time, the leak seems limited to just tax and business documents and nothing more, however, more information will emerge in the coming days.
Honeywell with more than $32 billion in revenue (in 2020), announced the malware attack on its networks on the 23rd of March on their official WEB-site. The circumstances of the attack remain unclear and haven’t been disclosed.  

It seems REvil might be behind this attack based on darknet rumours. The ransomware group actually took responsibility for the attack and announced it in “Happy Blog” located in TOR where they are publishing leaked data collected from victims.  
Ransom is now up to $70 million. 
Why this is bad for the industrial sector
As everyone around the world depends more and more on technology, the ability to shut down or destroy infrastructure, take control of machines and vehicles, and directly cause the loss of life has become a reality. The Fourth Industrial Revolution is speeding up integration of smart devices into all sectors of the economy which makes vendors and supply chain involved into it an especially attractive target for cybercriminals and nation-state actors. 
For any business to succeed in digital transformation need to focus on cybersecurity as a vital component of every single process and decision they want to take with the digital transformation.
The data breach in industrial manufacturing is amongst the highest as compared to any other industry. A single breach averages $5.2 million in the industrial sector, according to the 2019 Cost of a Data Breach Report by the Ponemon Institute.
So, as you can imagine this is not looking good for Honeywell Inc.
On the 23rd,  March Honeywell had announced to being a victim of another cyber attack with ReEvil allegedly being behind it, however, Honeywell responded with “we recently detected a malware intrusion that disrupted a limited number of our information technology systems. “
By the end of March REvil had mentioned Honeywell Inc. in a forum on the Dark web stating that the group would leak Acer and Honeywell data as both giants had not cooperated with ransom demands. REvil also stated they were not just looking at stealing data and locking out victims, but also plan massive DDoS attacks
According to Resecurity, an American cybersecurity company, the scope of the breach is not clear if not speculative yet, however, it is obvious this has connections with REvil. Resecurity went on to say that both intrusions could of happened as a result of leaked or compromised credentials to employee Citrix VPN or RDP access which is a typical vector in REvil operations. And highly likely that such access has been previously sold on the Dark Web by one of the hackers to the group.
“So called “Initial access brokers” – is a big concern and growing trend in Dark Web as they technically supply well-established ransomware gangs with access to various companies worldwide making their work much easier”, said Saraj Pant, a cyber threat intelligence analyst with Resecurity.
Researchers have said they have seen REvil expending its extortion tricks tactics and procedures (TTPs) in order to find out how to contact victim’s business associates and the media, in order to put on the maximum amount of pressure on victims to make them pay. With this REvil has recently announced capabilities to perform massive DDos attacks and also notifications of the victim’s partners to put even more pressure on them
At this time, no spokesman from Honeywell has come forward regarding the cyber attack claims or who they feel was responsible.
This is an ongoing story and will update regularly

Facebook Data Breach: Here’s How to Check if You Were a Victim


Hackers recently leaked 533 million Facebook users’ personal data on a hackers’ forum, cybersecurity experts said. Check out if you were a victim of the Facebook data breach.

The leaked data includes the victims’ names, contact details, email addresses, postal addresses, photos, and more. It is a massive data breach in the history of Facebook, cybersecurity researchers said. 

Even Mark Zuckerberg is a Victim

The irony is that even Facebook CEO Mark Zuckerberg is among the victims of the breach. Security experts said the users’ personal information became susceptible back in January, after which threat actors capitalized on the breached data repository. 

The compromised directory includes data of more than 32 million Facebook accounts in the US, 11 million in the UK, and 6 million in India, a threat intelligence firm told CNN

The news outlet Business Insider was the first to report the leak. 

Meanwhile, Facebook spokesperson Andy Stone has said that the leak comes from a 2019 data breach. We identified and fixed the problem shortly after, he added. 

Many Facebook users are curious whether the leak or previous leaks included their personal information. We will tell you how to check if you were among the Facebook data breach victims. Read on!

How to Determine if Your Facebook Data Has Been Breached?

Some information security platforms can help you check whether the recent or past Facebook data leaks affected your account. Haveibeenpwned.com is one of the famous platforms in this niche.

Follow the steps listed below to check if your Facebook data has been leaked. 

  1. Head over to haveibeenpwned.com from your PC or mobile device.
  2. Write the email you used to register for a Facebook account and then hit Enter.
  3. The website will display a full list of breached data directories where that contain your email address. You can even see a full list of the websites/companies that have access to your information and have been targeted by hackers previously.
  4. If your email address has been breached, haveibeenpwned.com will ask you to quickly change your password and activate 2-factor auth on your Facebook and email accounts. 
  5. By following the recommended security tips, you can rest assured that only you can access your email and social media accounts.

More Tips to Protect Your Data and Identity

Remember that cybercriminals are using newer and more complex methods to steal your personal data and identity information. In case your identity documents have been compromised, be sure to change and update them immediately. Not doing so can expose you to identity theft risks. Bad actors can steal your information and create fake identities to use in criminal activities. 

Also, make sure to update your passwords every now and then. And be careful when sharing or storing your important documents online, such as your passport, government-issued ID card, and driver’s license. 

It is always good to use a password manager to generate and store your passwords. For example, you could use some trusted services like Keeper and 1password for the purpose. The best part of these services is that they generate and save passwords that are extremely difficult to hack. 

Warning: If you were among the data leak victims, scammers would try to contact you or exploit your information for other malicious purposes. Make sure not to fall victim to hackers who might use the stolen data to get even more information from you. 

How Blockchain Is Changing the Cybersecurity Narrative Today


Blockchain, to most people, is simply a decentralized ledger system for recording cryptocurrency transactions. But there is more to it as it is proving to be a critical system for solving cybersecurity issues.

While blockchain was initially invented for bitcoin, its features like the cryptographic hash make it highly resistant to cyberattacks. This is a breath of relief to companies and people looking to share and store sensitive data, uphold privacy or do an online transaction. So, how is blockchain transforming cybersecurity in 2021?

A Ransomware Attack Solution

Ransomware is one of the most common forms of cyberattacks affecting users and companies globally. It involves the attacker locking victims out of critical networks and files. Some of these activities are so severe that victim organizations resort to traditional means of handling assets.

Consequently, blockchain technology can solve ransomware attacks and other related events. It accomplishes this by eliminating a single point of failure in organizations. This helps in maintaining the cloud systems and protecting against any form of threat.

Data Sharing Safety

Transmission and sharing of data between individuals and organizations in the private and public sector is the order of the day. While such activities are beneficial to a business optimal operation and productivity, it poses serious cybersecurity threats. A good example is when someone shares a confidential file mistakenly with the wrong person.

Companies also risk a lot by sharing private messages with several people and cannot restrict access. Fortunately, blockchain is providing a solution for such users to take control over data access and sharing.

Solving Password Challenges

An individual’s password is the gateway to cyber-attack vulnerability. More often than not, everyone tends to choose a password they will easily remember, and the problem is, other people will find it easy to guess the passwords as well. Plus, when a user forgets the password, recalling it may be a frustrating burden on its own.

The blockchain is offering a pretty fantastic solution to these controversial cases. One is a self-sovereign ID, a process requiring users to get a personal identifier linking a public ID on the blockchain.

When users are prompted or receive a message requiring a password, they use a private identifier to verify who they are. The decentralized approach in blockchain addresses the password challenge by preventing hackers from accessing organizations’ information and networks.

Reducing Cases of Deepfake Content

One of the areas raising concerns from cybersecurity experts is how to solve Deepfake content. Such acts pose significant threats to businesses operation, credibility, and general productivity. This is primarily crucial whenever the criminals create fabricated material to incite people against a particular brand. It is unimaginable the consequences and damages such activities can bring whenever a renowned leader is a victim.

The good news is, blockchain is proving useful by offering much-required assistance regarding verification of information. For instance, many videos and other types of data shared online have authenticity question marks. And many businesses, especially the supply chain, are already leveraging blockchain to verify products and handle counterfeit goods sales.

Time for Safer E-commerce Transactions

Since the COVID-19 pandemic hit, the E-commerce industry has soared to greater heights. This is highly related to the restrictions in place to combat the virus’s spread, which saw an increased number of online transactions. Yet, in the face of these new developments, cybercriminals also got the chance to advance their evils by hacking more online stores.

Even though blockchain is not a popular concept for e-commerce, it is an option with effective potential. Only a countable number of e-commerce stores are using blockchain technology, but this is expected to increase with time.

The Bottom-Line

Cybersecurity experts should, by all means, include new technologies like blockchain into their field for adequate protection. This technology proves to be highly reliable regarding cybersecurity. The most significant concern is the need to implement more innovative and protective ideas in blockchain’s decentralized approach.  

Cyberattacks Are Like Horror Movies, FCC Acting Chair Jessica Rosenworcel Observes


Federal Communications Commission acting chair Jessica Rosenworcel has observed that the recent breach of Microsoft Exchange shows cybersecurity threat is thriving due to inadequate internal and external defense. She further explained this by linking the recent attack on horror movies.

Rosenworcel, the interim FCC chair appointed by the United States President Joe Biden, issued this statement during a Center for Strategic and International Studies webinar. According to her, cyberattacks are much like scary movies in the manner by which they unfold. She explained this by pointing at how the country fights cyber threats by barricading external loopholes only to realize the danger is already hiding inside.

The recent attack on Microsoft Exchange servers has brought debate and concern on how responsible agencies and organizations should protect themselves. Rosenworcel, in the webinar, strongly likened the latest attack to scary movies. The chairwoman advanced her arguments by giving possible solutions while pointing out the limits that have made this campaign unsuccessful for a long time.

She did not shy away from emphasizing how for many years, their strive to protect themselves from external threats has been entirely wrong. While they have been concentrating on external sources, their greatest enemies have been lying right on the nation’s commercial networks. She, therefore, insists on the need for the responsible agencies to develop robust strategies that are not only focused on external threats but also those right within the country.

With the introduction of 5G and the nature of the potential threats it comes with, she is afraid more problems are likely to be experienced. She connoted the deployment of 5G networks will bring additional challenges for the Federal Communications Commission to handle and more unpredictable threats to nearly all sectors of life. Rosenworcel explained her horror movie theory on three significant attributes; never split up, have a backup plan and never open the door.

The scary movie tropes, ‘never split up,’ are highly applicable in the fight against cyberattacks. Here, Rosenworcel urges the essence of fostering trust among government agencies. Also, she points out the need for foreign partners to join hands in this quest. Like preventing the horror flicks, she suggested that institutions in this struggle must avoid as much fragmentation as possible.

Another essential tip for horror movie survival is never to open the door. Similarly, FCC and other agencies should fight cyberattacks by concentrating on external threats. The chairwoman affirmed the USA government realizes this by closing possible entries like delaying China’s ZTE and Huawei devices. She explained the steps the agency has taken to stop access to the US markets by the Chinese, like revoking domestic and international authorizations for some telecommunication companies with roots in China.

On having a backup plan, the acting chairwoman emphasized being at par with competitors. She reiterated the agency is looking to begin an inquiry into open radio access networks. The United States gets most of its RAN devices from outside companies, most of which are China-based. Therefore, the Federal Communications Commission is researching and implementing rules to encourage more local growth and supply of such equipment.

Rosenworcel said the United States will reduce as much as possible export of RAN equipment by diversifying supplies. She further explained the need to look into any possibility of network openness being the cause of the rampant cyberattacks. The FCC, through the chairwoman, affirmed its steadfast commitment to developing the right strategies to handle any case. She insisted that looking into network openness should be essential for the United States to get the issue right, especially on the 5G leadership end.

Hacker Puts Huge Database Stolen From Popular Marketing Platform Up for Sale Online

Popular Marketing Platform

Hacker Puts Huge Database Stolen From Popular Marketing Platform Up for Sale Online

The breach has exposed millions of Apollo.io users to targeted attacks. 

Threat researchers have revealed that a malicious actor is selling around 11 million records of French users’ data stolen from popular marketing platform Apollo.io. 

The data is up for sale on a notorious hacking forum, exposing the users to possible phishing, fruit-force, and other types of cybersecurity risks.

Apollo is a B2B sales prospecting and online marketing business based in the United States. 

The breached data directory contains a massive cache of information on millions of people from France, such as their complete names, contact details, geographical coordinations, work information, social networking accounts, etc. 

Meanwhile, more information about how the database was stolen from Apollo is yet to be revealed. It is also not clear whether the malicious actor has gotten hold of additional segments of the Apollo user data directory, besides the data on France-based users. 

Some experts suspect that the hacker may have extracted the information from a past infringement experienced by the marketing agency. 

Apollo is yet to issue a statement to validate the authenticity of the alleged breach. Also, the marketing firm has not yet notified its users and clients about any such data leakage.  

The Leaked Data

After slicing and dicing the leaked archive samples, researchers said the stolen database included personal and professional information about Apollo’s users possibly captured from the customers’ LinkedIn accounts. That consists of the France-based individuals’:

  • First and last names
  • Work and private email addresses
  • Contact numbers
  • The users home and workplaces addresses
  • Existing and previous work engagement details, such as posits held and company identification
  • LinkedIn profiles

About Apollo

Apollo is a B2B marketing and sales promotion company that offers sales prospecting solutions to businesses. It operates from San Francisco, helping businesses to locate, assess, and contact new leads to make sales.

The company mentions that it undertakes cybersecurity assessments every four months, performs frequent intrusion testings, and has cybersecurity defenses in place to protect user data. 

However, Apollo is not new to data leaks. The sales engagement company came under fire when hackers stole its database in 2018. The data directory contained records of 200 million users. 

Possible Repercussions of the Hack

Threat actors could use the stolen data in multiple ways to target the victims and their employers. For instance, they could send phishing links and spam emails to the victims, causing further damages.

Furthermore, the hackers could brute-force the victims’ email and social media passwords. The leak has exposed the users to the risk of the threat actors breaking into their work emails and targeting the companies where they work. 

The stolen data directory doesn’t carry extremely sensitive details like SSNs, scanned docs, or financial information. However, just the email addresses are sufficient for hackers to access sensitive information and documents, causing severe harm.

Furthermore, attackers that use sophisticated assault techniques could synthesize the stolen data with details obtained from previous attacks to form a clearer picture of their target individuals’ digital identities. They can then develop fake digital identities to inflict serious damages on the victims. 

Are You an Apollo User? Act Now!

If you are a user of Apollo solutions, you may have become a victim of this alleged leak. Make sure to take quick action to secure your data by taking the following steps:

  • Visit the company’s privacy page and submit a request to delete your data.
  • Alter your email address and social media passwords.
  • Generate new passwords with a reliable password generation tool.
  • Activate 2-factor verification for all your online accounts.

 Be careful of links you receive through emails or messages on your mobile. Avoid opening dubious messages or clicking on spammy links, or replying to anyone you don’t know.

Malicious DNS attributes of 70% of Phishing and Crypto mining according to Cisco

Crypto mining

A recent report from Cisco indicates that phishing and crypto mining accounts for more than 70% of DNS traffic. Furthermore, there is an alarming level of crypto mining in the technology industry than in any other field.

The main challenge comes with employees who have little or no understanding of the crypto field. They then go ahead to input miners in computers which in turn cause blocks. However, the financial space scored quite well since employees are trained on the risks and violations in cryptocurrency. Cases of crypto mining are therefore unheard of in this case.

On the other hand, ransomware cases accounted for about 6% an inch higher than crypto mining cases. According to the report, trojan-related activity combined with Ryuk and the Revil contributed to 5% of DNS Activity. Despite any form of cyber threat, companies are responsible for safeguarding their systems by using threat intelligence and robust security frameworks. Neustar International Security Council recently conducted a survey where cyber-security experts had anticipated a rise in DNS Security Threats. Indicators then prompted cyber Experts to safeguard their DNS systems attributing to about 59%. The rise in complexity and growth of the DNS threats makes more than 30% of cyber experts lack the confidence to combat threats when they emerge.

The manufacturing industry closely rivals the technology sector in cases of malicious DNS activity. There was recorded a 50% crypto mining activity and 20% ransomware cases on DNS activity. The manufacturing sector seems to be the new ground for destructive ransomware attacks. Big game hunting is considered the most significant trigger to the rise in ransomware attacks in this sector. Radical measures are called upon to avert the effects of ransomware, crypto mining, and phishing on the growing manufacturing industry.

Emotet and Trickbot Trojans are closely linked in DNS activity front/. The financial sector leads in cases of phishing and Trojans. Phishing attacks attributed a 46% level while Trojans took a 30% stake. According to the report, the sector is targeted more due to the many gaps and efficiencies that exist and the end goal, which is money. Despite the strides made in safeguarding financial bases from cyber threats, a lot is still at hand.

The SolarWinds case is still under investigation where personal data was highly manipulated in the attack. The SolarWinds attack led to the revelation that IT threats are susceptible to some industries more than others.

The financial sector leads with the highest level of data manipulation threats, leading to massive loss of resources. Half of all related financial companies globally have witnessed at least one malware attack on their systems, the report stated. The SolarWinds case shows how Sunburst malware was used to attack the DNS server. After looking at various DNS requests, the attacker would then base their response on the company’s preparedness. After careful consideration, the attacker would then see if it is worthy of launching another attack. Once the target is deemed worthy, a DNS callout is established to receive commands to continue running the attacks, eventually leading to a shutdown. 

26K Indian Websites Data Leaked in 2020 as National Cybersecurity Policy Delays

Data Leaked

26K Indian Websites Data Leaked in 2020 as National Cybersecurity Policy Delays

Cybersecurity has become a big concern worldwide, especially with the emergence of new data breaches. According to the state-owned Indian Computer Emergency Response Team, more than 26,100 Indian Websites were hacked in 2020. Sanjay Dhotre, the sitting minister of state for electronics and IT, issued the update on Thursday, March 18th.

As per the 1BM report, Indian companies suffered an average of $2 Mn due to data breaches. The minister connoted that India saw the second-highest number of cyber-attacks between 2016 and 2018. Furthermore, he observed that the cost of data breaches in India has risen by 7.9% from May 2018.

 The minister further outlined that more than 110 central ministry websites were also hacked in 2020, along with 54 departmental websites and 59 state government websites. The data came from the state-run cybersecurity department Cert-In that also highlighted that more than 17,500 websites were hacked in 2018, and 24,768 suffered a similar fate in 2019.

 Reporting on the same, the minister also noted that there are attempts to launch cyber-attacks on Indian cyberspace from time to time. He said that the attackers had impacted computers from around the globe. That is by relying on masked techniques and concealed servers to attack a system secretly.

 The team at CERT-In reported that according to the logs analyzed and made available to them, the computers’ IP addresses from where the attacks appear to belong to various countries. The countries include China, France, Pakistan, Russia, Indonesia, Netherlands, Brazil, Algeria, USA, Turkey, Serbia, Taiwan, and more.

Commenting on the same, the minister reported that the government is going above and beyond to ensure the same does not happen. The government has undertaken top-notch measures to prevent cybersecurity threats. He noted that some of the measures include formulating cyber crisis management plans, Cyber Swachhta Kendra, also known as botnet cleaning and malware analysis center, and empanelment of security auditing organizations supporting and auditing the implementation of best practices.

In January 2020, there was a high expectation that the Indian government would unveil an official cybersecurity strategy policy. The bid was to make the internet a safer and ideal place for citizens and businesses.

The move would make the government achieve its goals of raising the Indian economy. The best thing about unveiling internet security is to enhance coordination between various ministries that oversee all the aspects of public-private partnership, proper vital infrastructure protection, and cybersecurity.

Rajesh Pant, the national cybersecurity coordinator on cybersecurity, also stressed the private sector’s crucial role in creating safer connections online. He said that private players are an integral part of the critical information infrastructure.

Sequretek, a Mumbai-based cybersecurity firm, reported that India had seen a 4000% spike in phishing emails. Also, the firm reported a 400% uptake in the number of policy desecrations in 2020. On the other hand, Barracuda Networks reported that shifting to a remote working model due to the pandemic saw 66% of Indian Organizations experiencing at least one data breach or cybersecurity concern.

Some of the notable business startups that experienced data breaches included BigBasket, LimeRoad, Unacademy, and more. That is not all; in September 2020, Prime Minister Narendra Modi’s website was leaked.

Latest Articles

Fake COVID-19 vaccines

Fake COVID-19 vaccines are being promoted in Dark Web market

Fake COVID-19 vaccines are being promoted in Dark Web market According to Resecurity, a Los Angeles-based cybersecurity company, the Dark Web market is currently overloaded...