Imagine depositing a sum of your hard-earned money into an investment platform you trust, with the promise of significant returns. The deposit is not reflected in your account, but you assumed it was merely a matter of waiting for the funds to clear. You continued checking intermittently – a day turns into a week, into a month. It then dawned on you: you got scammed.
This is the harsh reality that investment scam victims have to face. In the latest annual scams and cybercrime brief, the Singapore Police Force shows that scam victims in Singapore lost S$651.8 million in 2023, with a record high of over 46,000 cases reported. Out of which, S$204.5 million was lost in 4,030 reported cases of investment scams.
Through sophisticated techniques and advanced technologies, threat actors are exploiting the internet's foundational infrastructure and the trust of everyday consumers to pull off huge scams. In a threat intelligence report that we recently released, the activity of a malicious Domain Name System (DNS) threat actor 'Savvy Seahorse' was exposed. This threat actor had been orchestrating online investment scams targeting victims worldwide.
CNAME is the name of the game
In the digital landscape, the DNS serves as the backbone of internet navigation, translating the web addresses we know into the IP addresses needed for devices to communicate. This crucial system, however, is also a prime target for exploitation due to its foundational role in online connectivity.
CNAME records, a type of DNS entry, serve a critical role by allowing the redirection of one domain name to another. These records are shortcuts that help users reach a website using different names. However, for undiscerning consumers, cybercriminals can exploit these shortcuts to trick people into visiting fake websites under the guise of a legitimate website.
Masters of the use of fake bots and phishing sites
Exploiting CNAME records is how DNS threat actors like Savvy Seahorse are conducting their scams. By initially directing users to seemingly legitimate websites that mirror the appearance and functionality of trusted sites, these attackers foster a sense of security among users. Later, however, they stealthily redirect these users to fraudulent sites designed to scam, phish, or deploy malware.
They also adopt advanced techniques such as incorporating fake ChatGPT and WhatsApp bots that provide automated, highly convincing responses to users, urging them to enter personal information in exchange for alleged high-return investment.
Savvy Seahorse's technique of using DNS CNAMEs to manage their malicious operations shines a spotlight on how DNS remains the most effective way of tracking and disrupting the activities of cybercriminals.
The price to pay for businesses
The real-world consequences of DNS threats, exemplified by schemes like those of Savvy Seahorse, extend far beyond the digital realm, affecting individuals and businesses alike. Beyond the financial damage, these attacks against businesses can also lead to the compromise of sensitive data, and erode trust in online systems.
This erosion of trust not only impacts customer loyalty but can also deter potential new clients. Additionally, falling victim to such cyberattacks may attract the attention of regulatory bodies, resulting in legal challenges and potential fines, further complicating the path to recovery and stable operation.
Stemming the problem at its roots
To effectively detect and mitigate DNS threats, businesses need a multi-layered security approach. Organisations can protect themselves through regular monitoring and auditing of DNS records, implementing DNS security extensions (DNSSEC) to prevent tampering, and educating staff about phishing and other common cyber threats.
Additionally, deploying advanced threat detection systems that leverages AI technologies can automate and accelerate the speed at which suspicious DNS activities are detected, enhancing the organisation's ability to respond to and mitigate these threats. By stemming the problem at its root with robust DNS security measures, businesses can safeguard against these sophisticated cyber threats, emphasising the importance of proactive defence strategies.
The increasingly sophisticated techniques that cybercriminal groups like Savvy Seahorse are employing today underline the complex and evolving nature of cyber threats in the digital age. With investment scams reaching alarming heights, the necessity for enhanced cybersecurity measures has never been more critical.
Combating cyber threats is a collective challenge requiring concerted efforts from individuals, businesses, and cybersecurity professionals to fortify the digital landscape. At the end of the day, vigilance, education, and advanced security measures are our best defences in ensuring the safety and integrity of our online world.
The post titled "From hope to tragedy: The rising cost of DNS-based investment scams" was authored by Dr Renée Burton, Vice President of Threat Intel, Infoblox
About the author
No comments:
Post a Comment