Just before the new year, the Ukraine Cyber Police department arrested a cybercriminal hacker group (including three Ukrainians and one foreign national) from the Kharkiv region that was responsible for hacking more than 20,000 servers of private organizations around the globe. This was just the beginning of things to come.
As per preliminary investigation of the Ukraine Cyber Police department, the cybercriminal hacker group that has been active since 2014 targeted organizations mainly from Ukraine, Europe, and U.S. regions. From the hardware and other physical and virtual property confiscated during the raid, the officials learned that hackers sold the hacked server credentials and access points to various customers around the world. These servers were also used to create botnets for mining, DDoS attacks, installing software command centers with viruses and turning them into weapons for brute-force attacks.
Cyber forensics and cybersecurity experts later discovered that the same group was responsible for a much bigger fraudulent financial auction scam. The hackers established multiple fake call centers in the Kiev province to carry out trading in various international stock markets. They asked their victims to invest money through a fake trading environment (website), which was then getting credited to the hackers’ offshore accounts.
Astoundingly, the hackers managed to collect on an average US$100,000 every month by scamming the victims. Later when they inquired for cash withdrawal, the hackers carried out certain maneuvers, which led to the victims’ complete loss of capital.
As per a blog post, “Card Fraud in Ukraine,” the number of fraudulent operations with payment cards amounted to over 77,600 cases in 2018. The rate of fraudulent online transactions has since increased significantly. Experts suggest that the fraudsters are now switching from technological methods like social engineering for managing human actions, that includes features of human psychology. The easiest and the most effective way is by creating a fake online store or URL hijacking.
Recently, Venafi – a cybersecurity software provider that secures and protects cryptographic keys and digital certificates, said it has uncovered nearly 100,000 typosquatted/fake domains with valid TLS certificates impersonating as major retailers.
According to the analysis by Venafi, the top 20 online retailers were being targeted by 109,045 fake domains using valid TLS certificates. Of the 109,000 typosquatted domains, nearly 84,000 target retailers were from the U.S. Similarly, in the U.K., nearly 14,000 certificates were issued for targeting fake retailer domains, 7,000 certificates were issued in Germany, 3,500 in Australia, and 1,500 in France.