Barely a week goes by without a report of a massive data breach or another cyberattack that’s exposed sensitive user data or disrupted services.
Even as they occur like clockwork, most people aren’t aware of the tactics employed by hackers, which are evolving over time.
With everything from new hardware hacking tools to hired hackers at their disposal, cybercriminals are widening their attacks.
Kids are a target
Cybercriminals are increasingly targeting children, with last year seeing over seven million cyberattacks aimed at minors, a dramatic increase of 57% from 2021, according to a report from Kaspersky.
From January to December 2022, the cybersecurity company detected 39,973 files that included malware and potentially unwanted apps that were being distributed using popular children’s video game titles.
Globally, 232,735 users encountered these threats, according to the report.
Kaspersky found that in the same time period in 2020, 273,420 individuals were exposed to 53,010 unique files that were propagated under the guise of children’s games.
Popular video games that were targeted include Minecraft, Roblox, Among Us, Fortnite, Valorant and Poppy Playtime.
“Since children of this age often do not have their own computers and play on their parents’ devices, the threats spread by cybercriminals are most likely aimed at obtaining credit card data and credentials of the parents,” it stated in the report.
Attackers often disguise malicious files as mods, cheats or fake game downloads to lure gamers.
Back in 2021, a fake cheat program for Call Of Duty: Warzone included a remote-access trojan (RAT) that allowed a customised malware to be installed on the victim’s computer.
It was being sold to other hackers as a malware delivery tool, a prime example of malware-as-a-service (MaaS).
As many video game cheats require players to disable their antivirus programs in order to run them, it makes their machines more vulnerable to attacks.
Deceptive webpages offering free in-game currency like V-bucks for Fortnite and Robux for Roblox have also become another vehicle for hackers to trick gamers.
These sites usually ask for a payment card as verification before the supposed reward can be released, though this never happens.
Bypassing 2FA
Over a decade after Valve’s Gabe Newell expressed his confidence in two-factor authentication (2FA) by giving out his password at a conference, hackers have developed ways to circumvent the widely adopted security measure.
Take the case of popular tech YouTube channel Linus Tech Tips, which suffered a hack at the end of March.
The hack saw the deletion of the channel’s entire library of videos, which were replaced with a livestream peddling a cryptocurrency scam after the channel was renamed to Tesla.
This was not an isolated incident, as other channels, including one belonging to the Pakistan Cricket Board and another owned by Thai media company Workpoint Entertainment, were also hacked.
In the Linus Tech Tip case, it was revealed that the hackers gained access to the channel through a technique called “session hijacking”.
The tactic involves stealing a session key, token and cookies from a browser where an account is already logged in. The data will then be used to spoof the browser on another computer.
To sidestep the 2FA for the Linus Tech Tip channel, threat actors sent an email containing a malicious file disguised as a PDF.
An employee fell victim to the phishing email claiming to be a sponsorship opportunity.
When the person opened the file, malware hidden in the document transmitted all user data from the browsers, allowing the hackers to recreate an exact “copy” of the browsers on their computer without having to log in.
Hackers used another means to circumvent 2FA earlier this month – an extension for Chromium-based browsers – which was specifically used for targeting cryptocurrency.
Rilide, which contained malware, was masquerading as a browser extension for Google Drive and distributed via two channels: a phishing website advertised on Google Ads and a RAT that had infected computers.
When a withdrawal from a cryptocurrency exchange was conducted, the extension would inject a malicious script that redirected the transaction to a wallet belonging to the hacker.
It even went as far as replacing confirmation emails with a false request, tricking users into approving the transactions.
The extension was also able to monitor and take screenshots of browsing activities.
According to a report from BleepingComputer, the source code for the extension was leaked on a hacker forum following a payment dispute between threat actors, allowing others to replicate it.
Tools of the trade
MaaS is a term used to describe the illegal leasing of software and hardware on the dark web for use in cybercrime.
This includes providing a botnet – a network of infected computers that can be controlled remotely – for use in distributing malware. It was reported that it even came with technical support for conducting cyberattacks.
With MaaS, cybercriminals may not need the resources or technical know-how to create malicious programs to orchestrate attacks. This essentially makes cybercrime more accessible to wannabe hackers.
MaaS providers like DuckLogs and FusionCore offer their tools via subscription, claiming that they can be used to steal account information, files, and cryptocurrency; log keystrokes; execute programs remotely; create fake error screens; and even disable features in the operating system such as the command prompt, task manager, and registry.
These tools have become so widespread that cybersecurity company Avast found minors as young as 11 years old using cheaper services like Lunar for pranking friends.
To make it more appealing to youngsters, features like stealing gaming accounts, deleting Fortnite or Minecraft folders, or repeatedly opening a web browser to a porn site were highlighted by the seller.
In a blog post, Avast malware researcher Jan Holman said: “We presume that this is exactly the reason why the author of Lunar, known on Discord as Nex, advertises low prices for access to their malware builder.
“This hypothesis is also supported by the fact that a lot of the malware’s functionality, and definitely most of the plugins submitted by other members of the community, are aimed at annoying victims rather than causing actual harm.”
The service, which was offered via a Discord server for between €5 (about RM24) and €25 (RM120), has since been shut down following a report from Avast.
Weapon of choice
Ransomware is still an ever-growing problem, with statistics from a Trend Micro report indicating a 16% increase in Malaysia last year.
In the report, the cybersecurity company claimed it detected over 50 million different strains of malware, a 71% increase from the year before.
It also claimed that it blocked 555 million cyberattacks in 2022.
Many companies, both locally and globally, have fallen prey to ransomware attacks.
Just last year, hackers targeted Australia’s Medibank and stole both current and previous patient data, though they were unable to encrypt the internal systems.
In February 2022, graphics processing giant Nvidia saw itself becoming the victim of the Lapsus$ ransomware gang, which claimed to have syphoned off about 1TB worth of proprietary information, including source code and schematics.
This year, Taiwanese computing component manufacturer MSI confirmed that it was hit with a ransomware attack. In a filing with the Taiwan Stock Exchange, it said its information service system was compromised by the cyberattack.
Another popular form of cyberattack that is becoming increasingly potent is phishing.
Kaspersky reported that it had blocked 166 million malicious email attachments (up by 3% from 2021) and 507 million phishing links in Malaysia in 2022.
It added that many phishing attempts were presented as business correspondence, claiming to be invoices, bank slips, or business opportunities to convince recipients to open the attachments.
Boon or bane?
A device that looks a lot like a cheap children’s toy has been the subject of a lot of hype on TikTok.
At first glance, the Flipper Zero may look like a handheld digital pet console in the same vein as a Tamagotchi. It even uses a dolphin mascot to fit the “Flipper” moniker.
However, short clips on TikTok of “hackers” using the tool to play pranks like trigger doorbells, unlock car doors, change the displayed petrol prices in US gas stations and clone access cards gave rise to concerns that it could become a tool that opened up new avenues for cybercrime.
It got to the point that the Brazilian government seized a shipment of the tool due to its alleged use in crime, while Amazon removed it from its platform, citing that it was capable of credit card skimming (a claim that its creators deny).
The truth of the matter is that it’s a penetration testing tool that serves to identify if any vulnerabilities are present in a system.
It does this by reading and cloning wireless signals emitted by devices that use RFID (radio-frequency identification), NFC (near-field communication) and the sub-1 GHz radio band, as well as infrared, to circumvent security systems.
It has been reported that it can be used to allow intruders to brute force through an unencrypted digital security system of a private residence, office, or even a car, though this will require third-party modules.
Third-party modules expand the capability of FlipperZero – one module, for instance, gives it WiFi connectivity, allowing it to capture WiFi handshakes and gain access into the network. As it’s a versatile tool, it can be misused by threat actors, but it plays an important role in the cat-and-mouse game of discovering new vulnerabilities and being able to fix them before they are exploited.
The tool has been described as harmless by analysts, while the creators call it a “portable multi-tool for geeks”.
Also, penetration testing tools have been in existence for a long time – the HackRF One is another example – but it just so happens that Flipper Zero caught the attention of social media.