Last year concluded with several phishing campaigns, supplanting firms such as PayPal, Adidas, Amazon or Carrefour. In addition, cybercriminals are exploiting the vulnerabilities of IoT devices.

 

Phishing remains one of the main trends in the field of cybercrime. This is revealed in the ‘ESET NOD32 Barometer’ in December.

The cybersecurity company points out that several phishing campaigns were detected last month. For example, ESET cites a campaign that impersonated PayPal’s identity, with the intention of obtaining credit card details and bank account numbers for its victims. That is, following the traditional formula of such attacks.

On the other hand, it stops in campaigns that follow another modus operandi , imitating alleged surveys disseminated by different companies . For example, cybercriminals used the trademark Adidas , with the excuse of the false celebration of their centenary. They spread messages on WhatsApp, with supposed gifts that the firm would be making in exchange for filling out a survey and forwarding it to our contacts.

Cybercriminals also supplanted the identity of Amazon or Carrefour, by sending false surveys to try to obtain bank card details for their victims. They made users believe that if they submitted their response, they could be able to get a high-end smartphone for just one euro.

In addition, ESET highlights the incidence of Emotet . It is a malicious code that has evolved, from being a banking Trojan to malware that downloads other malicious codes such as ransomware. To do this, Emotet uses an old tactic: attach malicious Office documents in emails with suggestive issues.

During the past month of December, these matters have varied: Christmas congratulations, company dinner celebrations, etc. Variants have also been found in Spanish in which an attached file was not included but a link was used, using as bait a matter as suggestive as a supposed rise in the minimum wage.

On the other hand, the cybersecurity company reports on the growing threat of attacks on Internet of Things (IoT) devices . Specifies that one of the devices with more security problems during the last years is the IP cameras.

ESET indicates that in December it found several cases with these devices as protagonists, either due to the exposure of the data of its users or the invasion of its privacy by part of unwanted viewers.

Highlights the case of a cyber criminal who managed to access the IP camera installed in the room where an 8-year-old girl was sleeping. This unauthorized access not only invaded the privacy of the home, but the cybercriminal took advantage of the speaker capacity of the Ring camera to try to communicate with the child.

Another significant example was the intrusion in the closed-circuit television of a jail in Thailand. The attack allowed to spread the poor conditions in which the prisoners live, since the attacker published the images in Youtube. As he explained himself, he only had to find out the default passwords of these cameras to access them.

ESET also reports that Wyze , manufacturer of security cameras and other smart devices, suffered the data breach of 2.4 million of its users. The cybersecurity company explains that the gap was due to the bad configuration of an Elasticsearch database, allowing to reveal usernames, emails, webcam listings and even information such as height, weight, sex and bone density of some users.