Fraud Alert: 'Professional' Cyber Attacks Are Increasing, So Is Malware, Ransomware
Forget about the organised and large-scale duping or cheating of people that emanates from scam clusters such as Jamtara or Mewat, cybercrime today is a sophisticated business that regularly updates itself and its tools. Using the latest malware or trojans, new-age cybercriminals manage to stay a jump ahead of reputed cybersecurity experts and companies providing security suits. The middle and top management of Kaspersky, a well-known name in security software, was recently under a 'professional' attack using an invisible iMessage with a malicious attachment. This extremely technologically sophisticated spyware is called 'Triangulation' by Kaspersky. I will explain this in detail later.
At the same time, newer and more sophisticated (read: higher destroying capability) malware and ransomware with a  built-in capability to steal sensitive data and bypass antivirus programs are being inadvertently downloaded from third-party websites, says the Indian Computer Emergency Response Team (CERT-In). 
If you assume that these cyber attacks and the spread of malware and ransomware do not affect you, think again. These attacks can cause data loss, financial loss, and privacy invasion, lead to system slowdown and instability, give unauthorised access and control of your personal information and devices, and disrupt your online life.
Triangulation Attack
In a blog post, Kaspersky says its experts have discovered an extremely complex, professionally targeted cyberattack that uses Apple's mobile devices. The purpose of the attack is the inconspicuous placing of spyware into the iPhones of employees of at least their company – both middle and top management.
The attack is carried out using an invisible iMessage with a malicious attachment, which, using a number of vulnerabilities in the iOS operating system, is executed on a device and installs spyware. 
"The deployment of the spyware is completely hidden and requires no action from the user. The spyware then quietly transmits private information to remote servers: microphone recordings, photos from instant messengers, geolocation, and data about a number of other activities of the owner of the infected device," it says.
An indirect indication of the presence of Triangulation on the device is you cannot update iOS on your mobile device. 
According to Kaspersky, it could not find an effective way to remove the spyware without losing user data. You can reset infected iPhones to factory settings and then update the OS to its latest version. 
"Due to the closed nature of iOS, there are no (and cannot be any) standard operating-system tools for detecting and removing this spyware on infected smartphones. To do this, external tools are needed," it added.
If you notice that you cannot update your iPhone to the latest iOS, then it is time to do a thorough check. You may want to contact the Apple service centre or reputed professional firms to remove Triangulation from your device.
Android Botnet, Malware and Ransomware
According to CERT-In, the number of botnets on Android devices and malware and ransomware are increasing rapidly. All these new pieces of 'bad' software can cause huge losses in terms of personal data and finances to the user. 
For example, 'Daam', the new Android botnet, can steal sensitive data, bypass antivirus programs, and deploy ransomware on the targeted devices. The Daam malware communicates with various Android APK (Android package kit) files to infect the device. It is distributed through third-party websites or applications downloaded from untrusted or unknown sources.
Daam utilises AES encryption algorithm to encrypt files in the victim's device. Then, other files are deleted from the local storage, leaving only the encrypted files with '.enc' extension and a ransom note 'readme_now.txt'.
Here are a few more malware and ransomware that are spreading very rapidly across the world…
Nexus Android Banking Trojan
According to CERT-In, a malware campaign spreading Nexus Android banking trojan through the malware-as-a-service (MaaS) platform is active. The campaign is active on underground and private forums where criminals provide it on a subscription basis. Nexus is a framework for account takeover attacks (ATO) through which criminals attack the target application. Its primary focus is targeting banking portals and cryptocurrency services such as credential stealing and SMS interception. 
The components of Nexus show some similarity with an earlier developed banking trojan called SOVA. It contains a ransomware module as well which seems to be under active development. 
ViperSoftX Malware
A new version of ViperSoftX information-stealing malware is spreading, featuring sophisticated encryption methods and anti-analysis techniques such as byte remapping and web browser communication blocking. The latest version of this JavaScript-based remote access trojan (RAT) has enhanced capabilities to target password managers and scans for the presence of KeePass2 and 1Password password managers. 
ViperSoftX arrives as software cracks, activators, or key generators, hiding within benign-appearing software. The latest version masquerades as a fake software update for multimedia editors, video format converters, or cryptocurrency apps. 
Royal Ransomware
Royal ransomware targets multiple crucial infrastructure sectors including manufacturing, communications, healthcare, education, and individuals. It encrypts the files on a victim's system and demands a ransom payment in Bitcoin. The cybercriminals also threaten to leak the data into the public domain if denied payment.
Royal ransomware spreads through phishing emails, malicious downloads, abusing remote desktop protocol (RDP) and other forms of social engineering. 
Trigona Ransomware 
The ransomware targets poorly secured or misconfigured Microsoft SQL (MS-SQL) servers that are exposed to external networks and have weak credentials which paves the way for the attackers to get access through brute-force or dictionary attacks. 
Protecting yourself from malware and ransomware is crucial to safeguard your computer, mobile devices and personal information. 
Here are some essential steps you can take to enhance your protection...
1. Use reliable antivirus software: Install reputable antivirus software and keep it up-to-date. 
2. Update the operating system regularly: Enable automatic updates for your device's operating system, as updates often include critical security patches. It applies to computer operating systems (Windows, macOS, and Linux) and mobile devices (iOS and Android).
3. Update applications: Keep all your applications and software up to date, including web browsers, plugins, and extensions. Software updates often address security vulnerabilities that hackers can exploit.
4. Exercise caution with attachments and downloads: Be cautious when opening any attachments received through email or messaging platforms and downloading files from untrusted sources. Malware can often be disguised as legitimate files or attachments. Verify the sender's authenticity and only open attachments from trusted sources.
5. Be wary of suspicious links: Avoid clicking on suspicious links in emails, messages, or websites. 
6. Regularly back up your data: Back up your important files and data on a regular basis to an external hard drive or cloud storage service. In the event of a ransomware attack, having back-ups will help you restore your files without paying the ransom.
7. Be cautious of social engineering tactics: Cybercriminals often use social engineering techniques to trick individuals into revealing sensitive information. Be wary of unsolicited phone calls, messages, or emails asking for personal or financial details.
Remember that no security measure is foolproof, but following these practices can significantly reduce the risk of malware and ransomware infections.
How To Report Cyber Fraud?
Do report cybercrimes to the National Cyber Crime Reporting Portal or call the toll-free National Helpline number, 1930. To follow on social media: Twitter (@Cyberdost), Facebook (CyberDostI4C), Instagram (cyberdostl4C), Telegram (cyberdosti4c). 
If the fraud is related to your bank account, you need to immediately send an email to the official email ID of your branch (you can find it on the bank's website or your passbook) with a copy to the bank's customer care. Even if you have called the official number for customer care, you must still send an email describing your conversation with the bank executive, along with the time, date, and duration of the call. This will be helpful if you face a liability issue with the bank.
Free Helpline
Legal Credit