06 December 2019

IRM Weekly Cybersecurity Roundup: Phishing scam targets gamers

Want the IRM weekly cybersecurity roundup sent straight to your inbox? Sign up to our newsletter. 

Phishing scam targets Steam gaming service users

Users of Steam, the video-game digital distribution service, are being tricked by a phishing scam. Cybercriminals have been targeting Steam users with fake giveaways to steal login credentials.

Phishing Scam Steam Gamers

Users are lured in by fake comments on Steam profiles stating the recipient has won a weekly giveaway and their prize can be found on a (malicious) website, ‘giveavvay.com’.

The phishing scam also states a $30,000 giveaway promotion featuring 26 days’ worth of free ‘skins’ for certain games. Users are caught clicking the sign-in button and entering their Steam login details, in which the attackers then steal.

The site also creates a “Steam Guard” security request (for logins from unrecognised devices) and prompts users to complete the process so the attackers also gain a special access code. And to feign authenticity, the site also displays a phoney chat screen on the left side of the page. These fabricated chat messages are comprised of randomly selected phrases that are inserted via JavaScript code.

Fortunately, users should receive a warning of suspected phishing activity due to the malicious site being hosted by Cloudflare. You can read more here.

Ohio voting system thwarts Russian hack attempt

A Russian-owned company attempted to hack the office that oversees Ohio’s voting systems on Election Day.

The State’s internal systems detected an “SQL injection” attack that attempted to insert malicious code onto their website.

Ohio Secretary of State, Frank LaRose, stated the cyber-attack was “relevantly unsophisticated”. The attack originated in Panama, but was traced back to a Russian-owned company.

LaRose told reporters: “They are poking around for soft spots”. He confirmed the votes cast in Ohio that day were not tampered with, as the election machines and the ballot counters used aren’t connected to the internet. You can read more here.

US charges two Russian Nationals alleged of running Evil Corp

Two Russian nationals have been charged in the US for alleging running the global cyber crime organisation Evil Corp.

The two men, Maksim Yakubets and Igor Turashev remain at large. The organisation,Those affected by Evil Corp include schools and religious organisation, stealing millions of dollars in more than 40 countries.

It is also alleged one of the men worked for Russian Intelligence.

The two have been indicted in the United States following unprecedented collaboration between the NCA, the FBI and the National Cyber Security Centre. You can read more here.

New data wiper malware targeting energy sector

A new data-wiping malware has been discovered after being used by state-sponsored hackers targeting energy and industrial organisation in the Middle East.

energy sector

The data-wiping malware dubbed ‘Zerocleare’ has been linked to two Iranian state sponsored hacking groups. The malware shared high-level similarities with ‘Shamoon’, one of the most infamous and destructive malware families, known for demanding 30,000 computers at Saudi Arabia’s largest oil producers in 2012.

Zerocleare uses a legitimate hard disk driver to overwrite the master boot recorder (MBR) and disk partitions of targeted computers running the Windows operating systems.

According to the researchers, the ZeroCleare attacks are not opportunistic and appear to be targeted operations against specific sectors and organisations. You can read more here

Quick-fire Updates:

Unpatched Android vulnerability exploited: An unpatched Android vulnerability known as ‘Strandhogg’ has been stealing user’s banking and other credentials as well as spying on user activities. You can read more here.

Elderly are being hit by “low-tech” fraudsters: Elderly victims are being tricked into handing over money via old-school methods of threatening letters, using fake Federal Trade Commission (FTC) branding. You can read more here.

Smart TV cybersecurity warning: The FBI has issued a warning to holiday shoppers buying Smart TVs. Shoppers have been warned that connecting an unsecured TV to the internet could be used as a channel for cybercriminals to gain virtual entry into homes. You can read more  here.

If you have any questions about this week’s roundup, or want to understand how you can improve your cybersecurity strategy, get in touch with IRM.