This is your easyDNS #AxisOfEasy Briefing for the week of May 27th, 2024 our Technology Correspondent Joann L Barnes and easyCEO Mark E. Jeftovic send out a short briefing on the state of the ‘net and how it affects your business, security and privacy.

To Listen/watch this podcast edition with commentary and insight from Joey Tweets, and Len the Legend click here.

In this issue:

• easyURL is now URLTools
• Vulnerability in Apple’s Location Services Exposes Privacy Risks
• U.S. Treasury Targets Chinese Individuals Involved in 911 S5 Anonymity Service and Money Laundering
• BlackSuit Ransomware Gang Targets Critical Sectors in US
• Cybercriminals Exploit Discord for Malware and Phishing Attacks
• Man Sentenced for Laundering Over $4.5M Obtained from Business Email Compromise and Romance Fraud Schemes
• Hackers Claim Ticketmaster Data Breach: 560M Users’ Info for Sale

Elsewhere Online

• Hackers Exploit Flaw in Check Point VPNs, Patch Issued
• BreachForums Reemerges Post-FBI Crackdown
• Microsoft Reveals North Korea’s Latest Cyber Espionage Efforts
• AFF Scammers Caught Playing a Risky Tune, Says Proofpoint
• StackOverflow Becomes Breeding Ground for Malicious Python Code

easyURL is now URLTools

As you may know, we’ve been running a URL shortener (a la “tiny URL”) for years at easyURL

We have undertaken a long overdue rebuild of that service and soft launched it via URLTools.

That’s open to anyone to use, and has added capabilities in that it now supports https:// redirects.

But to unlock all the features, you’ll need to create a free account (we’ll integrate a one-click setup soon).

New capabilities include:

• SSL / https:// redirectts

• ability to add your own overlays and splash pages before destinations

• enhanced reporting on clicks

• QR codes to go with your URLs.

If you’re using URL redirects at an agency or marketing campaign level, what you really need is your own URLtools appliance at your own domain, fully managed by us, run by you, using your own branded, exclusive shortening domain.

Let us know if you’re interested in that by hitting “reply” or emailing support.

Until then, happy shortening!

Go to: https://urltools.com

Vulnerability in Apple’s Location Services Exposes Privacy Risks

Researchers at the University of Maryland have uncovered a critical vulnerability in Apple’s location services that could have far-reaching implications. The flaw allows unauthorized access to the location information of millions of routers and potentially enables tracking of an individual’s movements within seconds. The vulnerability exploits Bluetooth Low Energy (BLE) broadcasts and microcontrollers, which transmit data from devices without an internet connection to Apple’s iCloud servers. Central to this process is the Find My network, which relies on crowd-sourced location tracking.

However, security researcher Fabian Bräunlein highlights the challenge posed by Apple’s privacy-focused design. While the flaw isn’t a high-speed attack, it remains a risk. Bräunlein’s proof-of-concept service, “Send Me,” demonstrates how Apple’s network infrastructure can be leveraged for data transmission. The Find My network prioritizes privacy, but recent incidents involving AirTags and Wi-Fi networks underscore the need for ongoing vigilance. Users can opt out of data collection by appending “_nomap” to their network’s name or using similar methods for Google and Microsoft networks.

In summary, balancing privacy and functionality remains a delicate task as technology evolves. Continuous efforts are necessary to protect user data and privacy in the digital age. As the landscape of interconnected devices expands, addressing emerging security threats requires adaptability and a commitment to safeguarding user information.

Read: https://www.cysecurity.news/2024/05/new-apple-wi-fi-vulnerability-exposes.html

U.S. Treasury Targets Chinese Individuals Involved in 911 S5 Anonymity Service and Money Laundering

The U.S. Department of the Treasury has taken action against three Chinese individuals allegedly involved in operating the 911 S5 online anonymity service. For years, 911 S5 provided an accessible and cost-effective method for users to route their web traffic through compromised computers worldwide. Although the service allowed users to surf the web anonymously, it also turned their computers into unwitting relays for paying 911 S5 customers.

911 S5 gained popularity in the cybercrime underground due to its reliability and low prices. It became synonymous with the final step in cybercrime operations—routing malicious traffic through a geographically proximate computer to the victim. In July 2022, KrebsOnSecurity identified Yunhe Wang from Beijing as the apparent owner or manager of 911 S5. The recent Treasury action confirms Wang’s role as the primary administrator of the botnet powering 911 S5.

Jingping Liu, Wang’s co-conspirator, facilitated money laundering by converting virtual currencies paid by 911 S5 users into U.S. dollars. Liu used over-the-counter vendors to wire and deposit funds into bank accounts, which were then used to purchase luxury real estate properties for Wang. Additionally, Yanni Zheng, an attorney for Wang’s firm, assisted in laundering proceeds from 911 S5 into real estate holdings. The sanctions highlight the challenges of balancing privacy and functionality in the digital age, especially as interconnected device security evolves.

Read: https://krebsonsecurity.com/2024/05/treasury-sanctions-creators-of-911-s5-proxy-botnet/

BlackSuit Ransomware Gang Targets Critical Sectors in US

The BlackSuit ransomware group, believed to be a spin-off from the Royal ransomware gang, has been active since May 2023. Their primary focus is on US-based companies in critical sectors such as education and industrial goods. In a recent attack analyzed by ReliaQuest, the group demonstrated a sophisticated approach that reflects their experience and technical proficiency.

The attack sequence began with the threat actor gaining VPN access through a non-primary gateway lacking multifactor authentication. Over the next week, the attacker moved laterally across several Windows workstations, primarily using PsExec for remote administration. They compromised user accounts through Kerberoasting and AS-REP roasting. The attack resumed after a brief pause, with the attacker deploying ransomware from a virtual machine, obfuscating it from endpoint security tools. The impacted organization responded swiftly by rolling passwords and isolating the compromised site.

To mitigate such attacks, organizations should centralize network device configurations, monitor Windows event logs, and deploy robust endpoint detection and response tools. Additionally, disabling weak encryption types can strengthen passwords and deter adversaries.

Read:https://www.darkreading.com/cyberattacks-data-breaches/blacksuit-dozens-victims-curated-ransomware

Cybercriminals Exploit Discord for Malware and Phishing Attacks

Cybersecurity researchers at Bitdefender have discovered a concerning trend: Discord, the popular communication platform, is increasingly being exploited by cybercriminals to distribute malware and execute phishing campaigns. In their recent six-month analysis, Bitdefender identified over 50,000 malicious links on Discord, highlighting the platform’s growing vulnerability.

These malicious links encompass both malware and phishing attacks, constituting 39% of the detected malicious content. Cybercriminals employ deceptive tactics to trick users into downloading harmful software or revealing sensitive information. Users in the United States face a higher risk, accounting for 16.2% of the threats. Other affected countries include France, Romania, the United Kingdom, and Germany.

A common ploy involves fake offers of free Discord Nitro, enticing users with promises of premium subscription upgrades. Unfortunately, many fall victim to phishing or malware attacks. Discord has a history of being exploited by cybercriminals, and these findings underscore the importance of cybersecurity training and user vigilance. As the platform continues to grow, users must exercise caution with unknown links and stay informed about potential threats.

Read: https://www.hackread.com/discord-malware-attacks-as-50000-malicious-links/

Man Sentenced for Laundering Over $4.5M Obtained from Business Email Compromise and Romance Fraud Schemes

The U.S. Department of Justice (DoJ) has recently sentenced Malachi Mullings, a 31-year-old resident of Sandy Springs, Georgia, to 10 years in federal prison. He pleaded guilty to money laundering offenses related to more than $4.5 million obtained through business email compromise (BEC) schemes and romance scams.

Mullings’ modus operandi was intricate. He established 20 bank accounts under the guise of a fictitious company called The Mullings Group LLC. These accounts served as conduits for laundering fraudulent proceeds obtained through BEC attacks from at least 2019 to July 2021. His targets were diverse: a healthcare benefit program, private companies, and individual victims, particularly the elderly. The BEC scam, a form of targeted cyber attack, relies on social engineering ploys to trick unsuspecting executives and employees into sending money or sensitive data to accounts controlled by the perpetrators. In Mullings’ case, the funds flowed freely, netting millions of dollars.

But it wasn’t just about money. Mullings and his co-conspirators used some of the laundered funds to indulge in luxury purchases. Expensive cars and jewelry adorned their lives, with a Ferrari standing out as a conspicuous acquisition. The source of this extravagance? A romance scam that yielded $260,000.

Read: https://thehackernews.com/2024/05/us-sentences-31-year-old-to-10-years.html

Hackers Claim Ticketmaster Data Breach: 560M Users’ Info for Sale

In a grand display of criminal audacity, the hacking group ShinyHunters claims to have breached Ticketmaster, pilfering personal data from a staggering 560 million users. This 1.3 terabytes of stolen data, which includes sensitive payment details, is now brazenly up for sale on Breach Forums for a cool $500,000. Clearly, cybercrime has become a spectator sport, with ShinyHunters playing the starring role.

Adding insult to injury, ShinyHunters boasts about their technical prowess and resilience against the FBI’s recent efforts to shut down Breach Forums. Despite the FBI’s takedown attempts, the group swiftly reclaimed the domain, flaunting their dominance. Meanwhile, Ticketmaster’s cybersecurity reputation continues to plummet, with past bot-driven ticketing fiascos and previous hacking scandals piling on. Users are left to pick up the pieces, vigilantly monitoring their accounts and bracing for potential identity theft and financial fraud. Bravo, Ticketmaster, bravo.

Read: https://hackread.com/hackers-ticketmaster-data-breach-560m-users-sale/

Elsewhere Online

Hackers Exploit Flaw in Check Point VPNs, Patch Issued

https://hackread.com/hackers-target-check-point-vpns-security-fix-released/

BreachForums Reemerges Post-FBI Crackdown

https://securityaffairs.com/163841/cyber-crime/breachforums-resurrected-after-fbi-seizure.html

Microsoft Reveals North Korea’s Latest Cyber Espionage Efforts

https://www.infosecurity-magazine.com/news/new-north-korean-hacking-group/

AFF Scammers Caught Playing a Risky Tune, Says Proofpoint

https://www.computerweekly.com/news/366586694/Proofpoint-exposes-AFF-scammers-piano-gambit

StackOverflow Becomes Breeding Ground for Malicious Python Code

https://thehackernews.com/2024/05/cybercriminals-abuse-stackoverflow-to.html