Tech Support Scams: leveraging Spotify for Google and Bing SEO

Lawrence Abrams for Bleeping Computer: Tech Support Scammers Invade Spotify Forums to Rank in Search Engines

Extract: “Over the past few months, Tech Support scammers have been using the Spotify forums to inject their phone numbers into the first page of the Google & Bing search results. They do this by submitting a constant stream of spam posts to the Spotify forums, whose pages tend to rank well in Google.”

David Harley

‘Spider’ ransomware – apparently targeting Bosnia & Herzegovina?

Amit Malik for Netskope: Spider: A New Thread in the Ransomware Web

Extract: “Netskope Threat Research labs has detected new ransomware named Spider propagating in a mid-scale campaign. This ongoing campaign, identified on the 10th December,  uses decoy Office documents which usually arrive as email attachments. These attachments are auto-synced to the enterprise cloud storage and collaborations apps.”

The decoy Word document is written in Bosnian.

David Harley

Fake BSOD, Fake Tech Support

Tara Seals for Infosecurity Magazine: Tech Support Scam Malware Fakes the Blue Screen of Death

“The infamous Blue Screen of Death (BSOD) is one of the most-dreaded sights for Windows users. Adding insult to injury, a new malware is making the rounds that fakes a BSOD, and then tries to swindle victims into paying for tech support tools.”

Malwarebytes describes ‘Troubleshooter’ as a hijacker, but it’s one of those instances where a tech support scam edges close to ransomware.

David Harley

Streamlining a Tech Support Scam

Microsoft’s Windows Security Blog on Technet: New tech support scam launches communication or phone call app

“A new tech support scam technique streamlines the entire scam experience, leaving potential victims only one click or tap away from speaking with a scammer. We recently found a new tech support scam website that opens your default communication or phone call app, automatically prompting you to call a fake tech support scam hotline.”

The scam is supplemented by an audio message from ‘Apple Support’ (yeah, right…) that threatens to ‘disable and suspend your Mac device’ if the prospective victim closes the ‘alert’ window. However, the scam is ‘optimized for mobile phones’.

Commentary from Zeljka Zorz for HelpNet: New scam launches users’ default phone app, points it to fake tech support hotline

David Harley

Ransomware via RDP (Remote Desktop Protocol)

For Sophos, Mark Stockley describes how scammers are using RDP, a tool intended to cut down network and system administration costs for companies by allowing sysadmins and help-desk operators to access their customers’ systems remotely, to give them almost unlimited potential to reconfigure apps and services, making installing and executing ransomware a breeze.

Ransomware-spreading hackers sneak in through RDP

David Harley

Intermedia Vulnerability Report

The second part of a two-part report by Intermedia deals specifically with ransomware and includes a link to a video which I’m afraid I haven’t watched. There are also some interesting statistics. When a ransom gets paid, who pays it? According to Intermedia, 59% of employees have paid personally, and only 37% of those surveyed said that their employer had paid. (Which may say something sad about employee attitudes and unpleasant about employer attitudes.) Yet the company has previously reported that 19% of companies didn’t get their data back. (In sharp contrast to claims that ransomware gangs usually recover data because that’s their business model.) I’d guess that with the increase in wiper activity in recent months, the 2017 figures for unrecovered data could be appreciably here. (Are wipers ransomware? Well, that depends on individual cases, but they do often present themselves as if they are.)

David Harley