In some very alarming news this week we have seen malware masquerading as internet security, Twitter believing the Chinese government has set up house in London and an adult website breach that’s left governments around the globe vulnerable to cyberattacks. If you’ve been off enjoying the last weeks of the summer break, our roundup of the biggest stories in Tech and I.T. will bring you right up to date.
Fake internet security site delivers malware
An investigation has found this week that cybercriminals have cloned the NordVPN internet security website to fool users into downloading malware onto their devices. The almost exact replica of the Nord website has a valid SSL certificate, making the site look legitimate and bypassing browser security checks rendering it almost impossible for users to detect the fake site.
When visiting the cloned site, users can download the NordVPN client just as they would on the real site. The VPN client is installed onto the user’s system but then so is the malware – Win32.Bolik.2 banking Trojan.
The malware has qualities of a multicomponent polymorphic file virus. In using it cybercriminals can perform web injections, traffic intercepts, keylogging and steal information from different bank-client systems. The individuals behind this malicious campaign have focused on English-speaking targets and researchers suggest thousands of users have already visited the fake NordVPN website.
Kings College student an undercover Chinese agent?
Earlier this week social media giant Twitter announced that it had removed almost 1000 user accounts believed to belong to a Chinese state-backed effort to undermine protests in Hong-Kong. The company claimed that the accounts represented the most active proportions of this campaign. This was news to one Kings College student who appeared on Twitter’s list. 24-year-old Croatian born, Luka Ivezic, claims he has never been to China and the tweets that were flagged as suspicious by Twitter were his own.
It seems that an attempt to boost followers may be responsible for Luka’s appearance on the list. Luka’s father admitted that a freelancer he employed may have bought followers earlier this year. This activity is banned by Twitter for good reason. Not only does it misrepresent a person’s influence, but the “followers” you gain are generally made up of vast networks of bot and spam accounts. These networks may then be sold on for other uses. It could be that the network used to inflate Luka’s followers later came to be controlled by China to spread propaganda. Twitter would not, however, confirm this to be the case here.
It is thought that China put together an influence network to buy access to a large amount of Twitter accounts in order to spread information as protests in Hong Kong escalated. It seems that unfortunately for Luka, his account, may have been among them - even if it was never actually used. Read more here.
One million adult website members at risk from data breach
Over one million users of an adult content website have had their personal information leaked in a recent breach. The leaked details include usernames, personal email addresses, gender, locations, activity logs and in some cases full names.
Many of the users joined the site using government email addresses, adding vulnerability to not only users but their employers as well. With access to employee email addresses, criminal hackers can target government agencies and departments in a number of ways, raising serious questions about the use of work email addresses outside of the office. This is hugely concerning as it risks exposing an entire organisation to an attack. It is now more vital than ever that all organisations – government or otherwise – have strict measures around internet activity at work and the use of work email addresses for personal services.
Data breaches of this scale are always a serious issue and the sensitivity of the website makes it even more worrying as there is greater potential for hackers to exploit users whose identities have been exposed. Access to personal information gives hackers the opportunity to exploit users in ‘sextortion’ scams. Given the sensitive nature of this data breach, victims are incredibly vulnerable and likely to pay for fear of exposure online for being members of, and possibly posters to, the site. Leaking email addresses and names also gives phishers the ammunition to construct sophisticated phishing campaigns.
Those were some of this week’s top stories but if you want more content, follow us across our four social media channels: