Cybersecurity News Headlines for December 2021

The last edition of cybersecurity news headlines for 2021 reports on three stories. Two of them are related to scams and how scammers make millions of dollars by taking advantage of users. It has been revealed that scammers made $7.7 billion by scamming cryptocurrency investors. And it is estimated that fake giveaways and survey scams make scammers up to $80 million every month.  We also report on the ransomware attack on US gas/oil company Superior Plus.

 

 

Without further ado, here’s what made the biggest cybersecurity headlines in December 2021.

$7.7 billion worth of cryptocurrency stolen in 2021, according to researchers

According to research by software company Chainalysis, victims have lost over $7.7 billion worth of cryptocurrency worldwide in 2021. While it’s still a smaller sum than that lost in 2019, it’s still an 81% increase compared to 2020. Chainalysis has attributed the significant increase in losses to a relatively new type of scam known as rug pulls during which cryptocurrency project developers disappear with all of the users’ funds.

According to Chainalysis, pull rugs scams accounted for 37% of all scam revenue in 2021, a significant increase from just 1% in 2020. Overall, $2.8 billion of the $7.7 billion losses were the result of rug pull scams. Chainalysis describes rug pull scams as those that involve developers actually putting in effort into projects to make them seem legitimate before disappearing with all of the money. Developers often go as far as creating new crypto tokens and promoting them to investors.

“More specifically, most rug pulls entail developers creating new tokens and promoting them to investors, who trade for the new token in the hopes the token will rise in value, which also provides liquidity to the project — that’s how most DeFi projects start. In rug pulls, however, the developers eventually drain the funds from the liquidity pool, sending the token’s value to zero, and disappear,” Chainalysis said.

As much as $1.1 billion of the lost $7.7 billion was attributed to one particular Russia-based Ponzi scheme called Finiko. During 19 months of operations, the scam managed to attract over $1.5 billion worth of Bitcoin from investors. The scam first started in December 2019 and lasted until July 2021 when users noticed that they can no longer withdraw their funds. According to Chainalysis, Finiko promised monthly returns of up to 30% and even launched its own coin. The whole scam is believed to be created by an Instagram influencer who essentially took advantage of users’ desperate need to make money during the Covid pandemic.

Scammers make $80 million per month from fake giveaways and surveys

According to researchers at software company Group-IB, scammers are making about $80 million per month from giveaways and survey scams by impersonating known brands. The company has uncovered a new trend in scam campaigns involving fake surveys and giveaways to target users in more than 90 countries. Scammers use names of popular brands and targeted links to trick users into giving money to scammers and revealing their personal information. The number of impersonated companies is over 120, according to Group-IB.

The way these scams work is users are invited to participate in surveys in order to receive prizes but in addition to answering generic questions, they are also asked to provide their personal information, including banking data. Users are approached by scammers to fill in these surveys via SMS, ads on both legal and rogue sites, pop-ups, emails, etc. To make the scam appear more legitimate, scammers may register legitimate-looking domains. With these particular scams, users will see different content because scammers use users’ device parameters to customize the scams. Because users are redirected multiple times after clicking on the link, it takes quite a while for users to actually load the site displaying the scam.

“This is because the victims find themselves in a long chain of redirects, during which scammers gather information about their session, including country, time zone, language, IP, browser, and etc. The content on the final page will be determined based on what was learned about the user and tailored as much as possible to their possible interests,” researchers at Group-IB explain.

Once users reach the final site, they are asked to fill in a survey in order to receive a prize. The fake prizes are often gift cards from companies like Amazon, or tech from Samsung, Apple, etc. All kinds of brand names are used in these scams to appeal to victims. After users fill in the survey, they are asked to provide their personal information to supposedly receive the prize. Among the requested information is full name, email address, home address, phone number, and in many cases bank card data (expiration date and CVV).

Giving away personal information is bad enough but revealing payment card details can lead to very serious consequences. Using the acquired information, scammers can purchase various items online. The information can also be sold on hacker forums for other cybercriminals to use.

Group-IB has identified at least 60 different scam networks that use targeted links. One particular network contained over 50 domain names, and 10 million people were potentially affected by this network alone.

“Group-IB experts estimate the damage at $80 million per month, based on the number of sites detected, their minimum conversion, and an average money loss on a scam website,” researchers said.

Major natural gas supplier Superior Plus suffers a ransomware attack

Following the cyberattack on Colonial Pipeline in May, major natural gas supplier Superior Plus is the latest gas company to be hit. On December 14, 2021, Superior Plus released a statement revealing that the gas/oil company was victim to a ransomware attack on December 12.

Superior Plus is a major supplier of energy-related products/services to the US and Canada. It’s a multi-billion company that has a 38% market share. A similar attack on Colonial Pipeline in May caused fuel shortages in numerous US states after the company was forced into a shutdown that lasted six days. It appears that no customer or other personal data has been affected by the cyberattack. The gas supplier employed independent cybersecurity experts to carry out an investigation and deal with the attack.

“Upon learning of the incident, Superior took steps to secure its systems and mitigate the impact to the Corporation’s data and operations. Independent cybersecurity experts have been retained to assist the Corporation in dealing with the matter in accordance with industry best practices,” a statement released by Superior Plus said.

According to a statement, the company temporarily disabled certain systems while the investigation was underway. It was able to avoid prolonged operations downtime and appears to have brought the systems back online soon after the ransomware attack.

Not much information has been revealed about the attack, how it happened, or who is responsible. It’s also not known how long attackers were in the company’s systems as the intrusion was noticed only when the ransomware was launched. Whether a ransom demand was made is also currently unclear.

The attack on Superior Plus only reinforces the notion that ransomware gangs are increasingly more focused on targeting critical infrastructure entities.

References

• For you only: scammers invent new targeted tools to amplify fraud schemes. Group-IB.
• The Biggest Threat to Trust in Cryptocurrency: Rug Pulls Put 2021 Scam Revenue Close to All-time Highs. Chainalysis.
• Superior Plus Announces Cyber Security Incident. Press Release.