Record Earnings for Ransomware Hackers in 2023

 In 2023, ransomware hackers made more money than ever before. They earned $1.1 billion, setting a new record. This is a big increase from the $567 million they got in 2022. Chainalysis, a company that watches blockchain activities, shared this information.

The rise in earnings comes after a year when the money from ransomware dropped. But in 2023, things changed. More hackers joined in, and some big attacks brought in a lot of money. One hacking group, CL0P, made over $100 million by finding a way to break into a file-transfer service called MOVEit. This service is used by many businesses and governments. CL0P's attack on MOVEit made it the top ransomware for a while.

More people are trying ransomware because it can be very profitable. For instance, a group called Phobos lets other hackers use its ransomware. This makes it easier for more attacks to happen, even by those who are not very skilled.

Ransomware-as-a-service gangs, like LockBit and ALPHV, have made ransomware attacks go up by 68% in 2023. The US saw almost half of these attacks. The UK, Canada, Italy, and Germany also saw many attacks. The biggest ransom asked for was $80 million by the LockBit gang from Royal Mail.

The ransomware business is now worth billions. It has its own system with different roles like access brokers and software sellers. It even has things like employee of the month awards. LockBit was the biggest name in ransomware in 2023, but others are catching up.

Hackers are also finding new ways to stay hidden. They use normal tools in a way that does not look suspicious to carry out their attacks. This makes it hard to notice them. Malvertising, or harmful ads, also came back in 2023. These ads trick people into downloading malware.

Attacks on phones and computers have gotten more sophisticated. Android banking trojans were found 88,500 times. They pretend to be normal apps to steal banking details. Macs are also targeted more because they are used by many businesses.

As we moved into 2024, companies had smaller IT and security teams and budgets, making it a challenge to fight against these attacks.

Telegram is Home to Many Scammers and Cyber Criminals Who Sell Many Phishing Tools at Cheap Prices

 Telegram is a popular messaging app that has over one billion downloads and 700 million monthly users. However, this popular app is quite known for its selling and buying of phishing kits that scam users and sell their harmful wares. A cybersecurity startup, Guardio, published a report that sheds light on some phishing tools on Telegram. It was revealed that there are some harmful kits available on Telegram that can easily hack users’ social media and bank accounts logins. Guardia said that Telegram is a scammer’s heaven due to easy access and cheap prices of many phishing tools.

There are also many phishing groups on Telegram where different scammers share data with other scammers and use phishing tools for hacking and phishing. For a few years, Telegram has become a home to many seasonal scammers and newcomers who sell malicious tools to steal the data of people. Some of the expensive phishing tools on Telegram also let the scammers create fake pages that easily bypass the 2FA. Some of the bots on Telegram also create cryptocurrencies for giveaways where the buyers can choose different types of illegal Tesla and Space-X-themed products.

There is also a term called ‘web shells’ that scammers also buy. These web shells are used to create websites with phishing materials on WordPress by a backdoor script. A scammer was selling 50 shells for $20 worth of bitcoin and many people were placing orders through Telegram messages. Many cyber criminals on Telegram were also selling social media accounts, credit cards, and bank account logins, and some of them used verified blue ticks to appear trustworthy.

• Also read: Bug Bounty Bonanza: 835 Reports, $450K Rewards in 2023 - Surfshark Reveals Impactful Statistics

In 2022, a Telegram scammer stole $6.5 million from different users by luring them to give their personal information. The terms of services of Telegram clearly state that users are not allowed to send spam or scam users but Telegram hasn't taken any action against these scammers. The CEO of Telegram, Pavel Durov, says that Telegram removes millions of harmful content from its app and website but the rise in these cyber criminals on Telegram tells us otherwise.

Photo: Digital Information World - AIgen

X Users Are Being Bombarded With Risky Ads Including Crypto, Phishing Scams And AI ‘Undressing’ Apps

 It appears that tech entrepreneur Elon Musk’s war against advertisers across X might be taking a new turn with some unintended consequences.

Think along the lines of users complaining about the website being bombarded with poor-standard ads including those marketing questionable Crypto Services, Phishing and Malware Scams and ‘Undressing Apps’ through AI.

Today, a team member of DIW discovered a shady ad in the home feed that leads to an obvious phishing site. Despite the ad/post being reported through X tools, as it clearly violated the platform's guidelines, it is still live. Unfortunately, there's no quick/easy way of alerting X that a post poses a security threat to its users, as there's no distinct reporting category for phishing or cybersecurity issues. DIW reached out to Twitter for a comment but has not received any reply.

On the other hand, social media users and researchers have their say on this front including how the quality of such paid promotions across X keeps going from bad to worse and it’s a direct result of top advertisers exiting the app.

In the past few weeks, the figures have reached a new high and many called out the platform for the growing figures linked to these ads and how some people included community notes as promotions to help others steer clear of the act and risk losing a huge sum of funds.

Others feel these ads were increasing by the day and to now see it on the website too is just a lot. Such see them rising on their respective timelines and others saw the surge of apps calling for ‘undressing’ and that’s leaving a very disturbing feeling in their minds.

Through AI, these platforms enable users to produce pictures of real people in a naked stance. That is a clear violation of the platform’s own terms of service that inhibits all kinds of explicit imagery and behavior from being promoted through the platform. They are rapidly spreading through the web and as per experts from top social media analysis company Graphika, such tools could be wreaking havoc in terms of being used for the likes of sextortion and targeted campaigns linked to harassment of others.

Through AI, these platforms enable users to produce pictures of real people in a naked stance. That is a clear violation of the platform’s own terms of service that inhibits all kinds of explicit imagery and behavior from being promoted through the platform. They are rapidly spreading through the web and as per experts from top social media analysis company Graphika, such tools could be wreaking havoc in terms of being used for the likes of sextortion and targeted campaigns linked to harassment of others.

• Also read: X Forced To Defend Itself After Being Accused Of ‘Shadow Boosting’ Mr. Beast’s First Video On The App

For now, X has yet to generate any kind of comments linked to the ordeal that some refer to as shocking and dangerous.

The rise in such questionable content online through X is not very uncommon because other tech giants have been dealing with similar behavior and therefore gone as far as sending out apologies for the scam ads linked to the world of crypto.

Both advertisers and social media experts are telling the world that what we’re seeing happen on X is due to the large exodus of top advertisers leaving the app so that is why the firm is relying on smaller-scale advertisers to make money and that includes ad buyers that are less reputable in the industry.

One expert from an advertising agency called Mekanism spoke to a media outlet and mentioned how seeing such ads was clear evidence that big advertisers were gone and how X has gone to the bottom of the list of trying to make money and people happy.

The race is yet to be over but the behavior of X in handling this ordeal is concerning. Last month, critics reported witnessing ads that market things like stealing semen that kept on being promoted on the app, and the fact that suspicious ads keep increasing is just a lot to accept.

We think the biggest issues linked to X have to do with all large-scale advertisers walking out and the frequency arising reaching an all-time high. This really does give rise to a tough time for advertisers and users who are genuine fans of the platform.

By this behavior, it’s quite clear that X has zero desire to produce an environment that promotes brand safety. Seeing the likes of Apple and Disney amongst other leaders leaving the app due to Musk promoting anti-Semitic posts is proof of the challenges that X keeps on facing as we speak. Instead of sitting down and talking to them, he chose to tell them to f**k themselves and referred to the act as terrible blackmail.

Meta’s Instagram Is Full Of Fake Profiles That Are Catfishing Users But The Company Could Care Less

 Seeing scammers and imposters arise on social media is now a norm in the online world.

But you’d expect tech giants like Meta to do more to help safeguard its users online by getting rid of fake profiles. However, the reality seems to be far from that as many noticed the number of fake profiles surging across the Instagram app.

In the past year, we’ve seen the issue go from bad to worse and the app’s parent firm is really falling behind in terms of finding a solution to the matter, despite there being many signs that a certain profile is making use of another’s identity or image.

An investigation was also carried out by tech media outlet Bleeping Computer on this front and they noticed how a large number of reports were filed against such scam accounts featuring fake IDs and they were impersonating internet personalities or other public figures but ended up getting dismissed by the admin. Clearly, it’s a huge issue and no appeal made a difference, not to mention how the profiles continue to function on the app as we speak.

Conceptual image created with AIgen

After seeing all of this, it would not be wrong to mention that Instagram has transformed into a giant safe haven where scammers are working at large. People are interacting with others based on what they appear like on the outside or what their profile says, only to find out later on that it’s all a scam and nothing is real.

their profile says, only to find out later on that it’s all a scam and nothing is real.

Authenticity on social media is rare as it is and now that fake profiles are going unnoticed by Meta’s Instagram we’re seeing a major issue arise here. To pretend like you are someone other than your true identity is concerning and a major sign of catfishing. Anyone can produce two identities for several reasons. One of the main ones is to separate their real or personal endeavors from their professional world. But you need to be honest at least, right?

A growing number of users are speaking about how they keep on generating complaints on this front and seeing Meta dismiss them and leave those fake ID accounts as it is has them wondering what’s going on and if any safeguards were really in place. All they give as a part of the justification is linked to how they are following Community Guidelines and using both human and tech for reviewing purposes. And yes, no appeals work either so what is a person supposed to do, right?

When leading media outlets ask Meta to shed light on what’s going on, they are yet to hear back from any of the company’s reps. And that again is another red flag worth a mention.

Could this be the latest ploy from the tech giant in terms of selling blue ticks?

We don’t think such acts are a mere coincidence. They are becoming far too normal on the platform and something needs to be done before it’s too late.

Plenty of imposters seem to be targeting real profiles of leading public figures, influencers, law enforcement officers, and creators involved in producing adult content. They then start following the followers located on the actual account. And their hope is to attain followers back to ensure they are getting the tag of being authentic. They then block the profile that they are copying and this ensures no contact is made with the real user in question.

Those who are suffering are the real ones who fear their identities are being used for catfishing purposes and they cannot do anything about it because Meta takes on a silent stance. So what could the reason be?

Well, the news is that Meta is forcing users to purchase blue ticks to try and ensure they attain greater protection perhaps they wish to increase their user numbers by not labeling these kinds of content as spam or a fake profile.

Today, the subscription is priced between $12 to $15 and it’s not cheap to get Meta Verified, not to mention an added business for the company with these staggering monthly earnings.

MFA is Powerless Against This Vicious New Hacking Tool

 Countless security protocols have been put into place in order to stave off potential cyberattacks, but in spite of the fact that this is the case hackers, malicious actors and cybercriminals only keep upping the ante. This has resulted in a cyber arms race, with cybersecurity professionals often playing catchup with the aforementioned malicious actors once all has been said and is now out of the way.

With all of that having been said and now out of the way, it is important to note that a brand new hacking tool has just been noted which might topple the current cybersecurity infrastructure that so many rely on to keep themselves safe online. This tool is called EvilProxy, and it can potentially steal authentication tokens used for MFA on websites with all things having been considered and taken into account.

The most concerning thing about this hacking tool is how easy it is to use because of the fact that this is the sort of thing that could potentially end up turning inexperienced newbie hackers into seasoned professionals who can pose a major threat. A cybersecurity research firm by the name of Resecurity is first discovered this hacking tool which was going by the name of Moloch at that time. They found it widely available on the dark web as PaaS platform which stands for Phishing as a Service.

This hacking tool can significantly improve the efficacy of phishing attacks. It works by taking you to a legitimate login page, one that would not contain any of the red flags that may have made users aware that their information is about to be stolen. The hacking tool then redirects the information that is put in, and that can result in even the most cautious of users having their log in data end up in the wrong hands.

Cybercrime is turning into an industry in its own right, and cybersecurity researchers will have to figure out a way to get ahead of the curve. Until that happens, the risks that are found on the internet will continue to multiply and become more pronounced.