The year 2018 was marked by different types of online scams, which made millions of victims either by email, WhatsApp messages, theft of personal data in the corporate system, blackmail or cryptocurrency mining. Cybercriminals have created new viruses or improved methods already applied before, showing that these types of crimes have not lost strength. Next, TechTudo brought together the main and most dangerous types of cyber attacks that took place in 2018.
READ: Bank slip: get to know three common Internet scams
WhatsApp: five tips for using the app safely
Want to buy cell phones, TV and other discounted products? Meet Compare TechTudo
Data theft occurs when criminals find a breach in the security of the corporate system. 2018 was marked as the year in which one of the biggest cyber attacks on customer data theft occurred in history. The victims were Marriott hotel chain guests.
Among the information to which the hackers had access were information such as name, address, telephone number, e-mail, date of birth, reservation dates, passport number and even the 500 million guest credit card.
Data leakage, such as password theft, was one of the most common attacks in 2018 Photo: Divulgao
Another case of significant data leakage that occurred in 2018 was with customers of Sky, the pay-TV operator. Personal information of 32 million Brazilians was exposed on the Internet. Among the leaked data were full name, email, service login password, IP address, payment methods, phone number and home address.
Facebook also suffered attacks on its system this year. Due to a social network bug, unpublished photos of more than 6 million users have been exposed. The flaw hit people who allowed third-party apps to access their profiles, and attackers were able to view the photos for 12 straight days, between September 12 and 25, until the problem was discovered and resolved. Prior to that, 50 million people who used the "see how" function were exposed by a security breach in the resource.
Phishing is one of the most common crimes on the Internet, as it is an easy scam to be applied. Just click on a malicious link to be directed to a fake page and have personal data stolen, such as bank passwords and, depending on the type, also spread viruses and Trojans on the contact list of the cell phone or social networks.
According to a survey by Kaspersky Lab, Brazil is the country that receives the most phishing attacks worldwide. In 2018, about 48 million Brazilians went through some type of scam during the last year, which represents almost 25% of the population.
Example of a fake message used in a phishing attack Photo: Reproduo / Gabriel Ribeiro
The virus can arrive by email or be hidden in Facebook ads, but through WhatsApp it is spreading faster. In 2018, several false promotions involving big brands like Boticrio and Coca-Cola promised prizes that didn't exist. The user clicked on malicious links that arrived through the messaging application and became a new victim.
A very recent case of sending malicious links through the messaging app occurred with the WhatsApp Retrospective scam, which may still be running around. The user receives a message that promises to retrieve old photos, status and even conversations, all to set up a detailed history of what was done in the app in 2018. Whoever clicks on the link and provides personal data becomes a new victim of the scam,
In addition to being one of the favorite apps for sending malicious links, WhatsApp was also used to propagate a new type of scam: cloning the cell number to ask friends and family for money, all through fake conversations.
The scam works like this: criminals buy new cell phone chips and contact the operator to retrieve a number allegedly lost along with a stolen cell phone. In this process, it is possible that the victims' personal information, such as address and CPF, may also be used to deceive service via the call center.
A new scam allows criminals to clone the cell phone number used to access WhatsApp Photo: Redroduo
With all the necessary information in hand, cybercriminals install WhatsApp on their cell phones and log into the victim's account. If the profile does not have password protection, it is possible to access groups and contacts, in addition to using the photo and name of the original user. With this security breach, scammers take advantage of the opportunity to send different types of messages, mainly requests for financial assistance, to the entire contact list of the user who has had their account cloned.
The scam called Sextortion or Sextorso, in Portuguese, was also highlighted in 2018. Victims receive threats by e-mail of the dissemination of photos or intimate videos that would be in the hands of cybercriminals.
To prevent the disclosure from being made to family and friends, the victim must pay criminals in up to 24 hours in cryptocurrencies. To convince the real danger, in the "subject" field of the email, hackers disclose any password or confidential data that really belong to the person being threatened.
In most cases, Sextortion is just a bluff, as criminals have no material on the victim, just some data that may have been stolen among the countless leaks that have already happened on the Internet.
There is another sextorso type that is more dangerous, as it causes the infection of victims' computers by means of a Trojan that steals information. The scheme is repeated: the criminal sends an email stating that he hacked the machine and recorded videos of the user while he was accessing pornographic sites.
The victim must send money in Bitcoins to prevent the material from leaking, but at that moment the scam actually begins. The scammers send a file for the user to download and make the payment through an alleged form found in the folder. In fact, the file is contaminated by a Trojan, which installs itself on the computer and hijacks all data on the computer.
5. Mining of virtual currencies
According to a survey by Skybox Security, a company specializing in digital security, in 2018, the illegal mining of virtual currencies, using the users' computer, became the favorite form of cybercriminal attack. The activity even surpassed that of ransomware, champion of 2017.
The scam using virtual currency mining became the favorite in 2018 Photo: FISL
The scam of mining virtual currencies, such as Bitcoins, is called Cryptojacking. Affected computers are exploited remotely with the intention of making their own money using computer resources, such as the processing power of computers and electrical power from the victim's home.
The irregular procurement of virtual currencies can happen in two ways. At first, criminals send malware by message. If the victim opens the infected file or link, it is possible to access all the machine's resources to generate the coins.
Cryptojacking is also being used on sites from unreliable sources, such as those offering tests or games. Every time the address is accessed, the user's computer can be used to mine coins. For this to happen, the site needs to be accessed numerous times. It is possible to use blockers in the browser to protect yourself from the scam.
Bank ATMs were also targeted by the cyberattack in 2018. The attack, called Jackpotting, consists of infecting the ISP with malware. Once malicious software is installed on the device's system, criminals can access the machine's settings and modify the data to withdraw money.
Another more direct way for criminals to break into the ATM by directly connecting equipment to the ATM card reader, in order to steal money or data from user cards, such as passwords, for example.
In August 2018, the United States Federal Bureau of Investigation, the FBI, even sent an alert to banks about a threat of coordinated Jackpotting attack that could reach the entire world. This specific attack did not happen, but banks remain vulnerable to the scam, due to security breaches, such as unprotected connection and incorrect firewall configuration, according to a recent analysis by Positive Technologies.
The WannaCry virus, which reached more than 150 countries in 2017, is still active Photo: Divulgao
The Wannacry ransomware started its wave of attacks in May 2017. It is a type of encryption malware that hijacks and blocks files and folders on the victim's computer. Unlocking the machine is done by paying a Bitcoin ransom.
The first Wannacry attack affected more than 300,000 computers in 150 countries, making it the largest ransomware attack in history. In Brazil, in addition to causing the interruption of the INSS service, the attack affected companies and public bodies in 14 states plus the Federal District.
After security systems were updated, Wannacry appeared to have been eradicated. But according to Kaspersky's latest IT threat assessment report in the third quarter of 2018, it was found that the malware is still active and attacked 74,621 users this year. The number corresponds to 28.72% of all ransomware attacks that occurred in the period. Therefore, Wannacry is still a real danger that can continue its performance indefinitely.
In July 2018, for example, a Brazilian variant of Wannacry emerged to make exclusively Brazilian victims. Cry Brazil is a virus that encrypts and hijacks computer files and changes the Windows wallpaper with a message in Portuguese asking for ransom to release the documents. The main security software can stop the virus from acting, but the protection is valid if the programs are up to date. In August, TSMC, the company that makes iPhone processors, had to stop production for three days after being hit by the WannaCry virus. The ransomware entered the computer network and quickly spread to more than 10,000 devices. According to the British website V3, the Taiwanese company admitted that the virus affected Windows 7 machines without security fixes.