Deepfake scams hit the mainstream, a fake version of paloalto’s Global Protect is being using to distribute malware and Russia has announced that our internet and GPS systems might be “fair game” for retaliation.
Welcome to Cyber Security Today for Friday August 30th. I’m your host, Jim Love
“Researchers at Palo Alto Networks have uncovered a concerning trend: dozens of scam campaigns using deepfake videos to promote fraudulent schemes. These campaigns, likely orchestrated by a single threat actor group, target victims across multiple countries and languages.
The scams primarily push fake investment opportunities and government giveaways, often impersonating public figures like CEOs and government officials. One prominent campaign, dubbed ‘Quantum AI,’ uses deepfake videos of Elon Musk to lure victims.
The researchers identified hundreds of domains hosting these scams, with each domain accessed an average of 114,000 times globally. The campaigns saw a significant spike in February 2024, with the number of active domains growing exponentially until March.
The threat actors often use more obscure video-hosting domains and content delivery networks to distribute their deepfakes and have moved their scam frequently to avoid being taken down.
While there have been a variety of different schemes employed by deepfakes, the Quantum AI scam has simple structure:
Scammers promote Quantum AI through social media ads or fake news articles. These often feature AI-manipulated videos of Elon Musk or other celebrities endorsing the platform.
Victims are directed to a scam webpage where they’re asked to provide their contact information.
A scammer calls the victim, instructing them to pay around $250 to access the Quantum AI platform.
Victims are told to download a special app for ‘investing’ more funds.
The app’s dashboard shows small, fake profits to build trust.
Scammers persuade victims to deposit more money, sometimes allowing small withdrawals to appear legitimate.
When victims try to withdraw larger sums, scammers either demand withdrawal fees or cite reasons like tax issues to block access.
Finally, victims are locked out of their accounts, with scammers pocketing the remaining funds.
In this scam, the attackers are essentially leveraging deepfake technology to add credibility to their fraudulent schemes, potentially causing significant financial losses to victims.
But it’s early in the game – expect attackers to explore even more creative applications of this technology.
Sources include: paloalto Unit 42
And on a related story about fakery and paloalto, security researchers at Trend Micro have uncovered a sophisticated cyberattack campaign targeting Middle Eastern organizations. The threat actors are using a fake version of Palo Alto Networks’ GlobalProtect, a widely-used enterprise VPN solution, as bait.
Trend Micro has not verified how malware is spread, but suspect it starts with a phishing email. The download or phishing email has a link to a ‘setup.exe’ file. This file deploys ‘GlobalProtect.exe’ along with configuration files, presenting a convincing installation window while secretly loading malware in the background.
This malware employs several evasion techniques, including sandbox detection and AES encryption for data exfiltration. It communicates with a command and control server using a URL designed to mimic a legitimate VPN connection portal for Sharjah-based offices in the UAE.
The malware can execute various commands, including running PowerShell scripts, downloading files, and uploading data to the attackers’ server.
While the threat actors remain unidentified, the operation appears highly targeted. The use of custom URLs for specific targets and newly registered command and control domains suggests a sophisticated approach aimed at evading detection.
Yet another reason to ensure that software is only downloaded from official domains and that people double check to make sure they haven’t been spoofed by a lookalike domain name.
Sources include: Bleeping Computer
Recent developments suggest Russia may be targeting critical Western communication infrastructure, potentially threatening global internet and GPS systems.
Dmitry Medvedev, deputy chairman of Russia’s Security Council, recently warned that undersea cables enabling global communications could be legitimate targets for Russia. While Medvedev is known for provocative statements, experts believe this threat should be taken seriously.
These undersea fiber-optic cables transfer 95% of international data across continents, supporting internet services, financial transactions, and more. NATO’s intelligence chief, David Cattler, has warned that Russia may be planning to target these cables in retaliation for Western support of Ukraine.
Simultaneously, Russia has been accused of interfering with GPS navigation systems, causing disruptions to commercial airline routes. This is seen as part of Russia’s ‘gray zone’ campaign against the West – covert actions below the threshold of open warfare.
The vulnerability of these systems is not new. During the Cold War, both the US and USSR surveilled undersea cables. However, our increased dependence on electronic communications has made these cables a critical point of vulnerability.
Experts argue that current protective measures are insufficient. While NATO has begun taking action to safeguard undersea cables, more robust government fallback plans are needed. The Center for Strategic and International Studies has called for increased international cooperation to coordinate responses to potential attacks on cables.
This situation underscores the urgent need for countries to develop resilience plans and alternatives to keep critical communications operational if key infrastructure is compromised. It also highlights the complexities of holding perpetrators accountable for sabotage in international waters.
As our reliance on connectivity from cable and satellite data grows across various sectors, from agriculture to food delivery, the potential for disruption through interference with subsea cables and GPS becomes an increasingly serious threat to national and economic security.”
Sources include: Business Insider
That’s our show. You can find the show notes with links at technewsday.com or .ca – take your pick.
Join us this weekend for a special show on AI which has a strong cybersecurity focus. We hope you’ll enjoy it. The show will drop just after midnight so it will be ready for your Saturday morning coffee.
I’m your host, Jim Love. Thanks for listening.
