November 19, 2019

Ho Ho OUCH! There are 4x more fake retailer sites than real ones

By Lisa Vaas

Two more weeks until Cyber Monday!

Ready to shop? Got your list ready? Eyes peeled for deals? Psyched about brewing a nice pot of coffee, sitting down at your keyboard, typing in your favorite retailer’s site, tap-tap-tapping in your payment card info, hitting the buy button, and presto!

You’ve been phished!

OK, maybe you won’t stumble onto a copycat retailer site, but boy oh boy, the chances of that have blossomed like a jungle of parasitic mistletoes. According to research from Venafi, the total number of Transport Layer Security (TLS) certificates used by typosquatting domains to give themselves the aura of being safe and secure is now 400% greater than the number of authentic retail domains.

The specific numbers: Venafi found 109,045 TLS certificates on lookalike domains, compared with 19,890 on authentic retail sites. Over half of the certificates used on the imposter domains were certificates from Let’s Encrypt: an automated certificate authority that pumps out free certificates… including, say, the 15,270 “PayPal” certificates issued in 2017 to sites used for phishing.

The numbers are a bit mind-boggling: it means that there are now 4x the number of fake sites as legitimate retail sites. The number has more than doubled since 2018.


Sophos 2020 Threat Report: AI is the new battleground

By Danny Bradbury

AI is the new battleground, according to a report released by SophosLabs this week. The 2020 Threat Report highlights a growing battle between cybercriminals and security companies as smart automation technologies continue to evolve.

Security companies are using machine learning technology to spot everything from malware to phishing email, but data scientists are figuring out ways to game the system. According to the report, researchers are conceiving new attacks to thwart the AI models used to protect modern networks… attacks which are starting to move from the academic space into attackers’ toolkits.

One such approach involves adapting malware and emails with extra data that make them seem benign to machine learning systems. Another replicates the training models that security companies use to create their AI algorithms, using them to better understand the kinds of properties that the machine learning models target. That lets attackers tailor malicious files to bypass AI protections.

The other big AI-related worry is generative AI, which uses neural networks to create realistic human artefacts like pictures, voices, and text. Also known as deepfakes, these are likely to improve and present more problems to humans who can’t tell the difference. Sophos predicts that in the coming years, we’ll see deepfakes lead to more automated social engineering attacks – a phenomenon that it calls ‘wetware’ attacks.

Automation is already a growing part of the attack landscape, warns the threat report. Attackers are exploiting automated tools to evade detection, it says, citing ‘living off the land’ as a particular threat. This sees attackers using common legitimate tools ranging from the nmap network scanning product to Microsoft’s PowerShell in their quest to move laterally through victims’ networks, escalating their privileges and stealing data under the radar.

Online criminals are also tying up admin resources with decoy malware, which they can drop liberally throughout a victim’s infrastructure, the report warns. This malware carries benign payloads, enabling them to misdirect admins while they furtively drop the real payloads.


Booter boss behind millions of DDoS-for-hire attacks jailed

By Lisa Vaas

The US has sentenced a 21-year-old man from the US state of Illinois to 13 months in prison for running multiple distributed denial of service (DDoS) services with names that sound like somebody squeezed them out of a London youth subculture: ExoStresser, QuezStresser, Betabooter, Databooter, Instabooter, Polystress, and Zstress.

A profitable set of snazzily named services, at that: Sergiy P. Usatyuk has also been ordered to forfeit the more than half a million – $542,925 – that he made from the DDoS-for-hire scheme. That money came both from renting out his services and from space he sold to his brethren booter operators so they could advertise on his sites.

Also, up for forfeiture: all the gear Usatyuk used to run his site-jamming floods, or which he bought with his ill-gotten loot – namely, dozens of servers and other computer equipment.

Usatyuk was convicted on one count of conspiracy to cause damage to internet-connected computers.

He and an unnamed buddy developed and ran the so-called booter services and related websites from around August 2015 through November 2017. They were behind the launch of millions of DDoS attacks against targeted victim computers that rendered targeted websites slow or completely zombified, and that discombobulated normal business operations. During just the first 13 months of the scheme, the users of the booters launched 3,829,812 attacks.

The bragging rights went up as advertising collateral: As of 12 September 2017, ExoStresser advertised on its website that the one booter service alone had launched 1,367,610 DDoS attacks and caused targets to suffer 109,186.4 hours of network downtime: some 4,549 days.

Booters – also known as stressor’s or DDoS-for-hire – are publicly available, web-based services that launch these server-clogger-upper attacks for a small fee or, sometimes, none at all.

As befits the “stresser this” and “stresser that” brand names for Usatyuk’s offerings, DDoS-for-hire sites sell high-bandwidth internet attack services under the guise of “stress testing.” DDoS attacks are blunt instruments that work by overwhelming targeted sites with so much traffic that nobody can reach them. They can be used to render competitor or enemy websites temporarily inoperable out of malice, lulz or profit: some attackers extort site owners into paying for attacks to stop.

One example is Lizard Squad, which, until its operators were busted in 2016, rented out its LizardStresser attack service. An attack service that was, suitably enough, given a dose of its own medicine when it was hacked in 2015.



Advanced Computer Services of Central Florida

Centrally located in Winter Haven, we serve residential and business clients in and around Polk County.

9 Camellia Drive
Winter Haven, FL 33880

Our Promise to You

Plain language, no tech-talk

We will never try to over-sell you a product you don't need.

Advanced Computer Services of Central Florida is your local, hometown computer service and repair company that can do more than just fix your PC.  We offer highly skilled professionals who can be counted on to give you sound advice on upgrades, software and hardware, commercial & residential networks, hardwire or secure wireless.

No trip charges within Polk County

No after-hours or weekend fees

$45.00/hr Residential

$65.00/hr Commercial - free system evaluation