[ad_1]
When Massachusetts-based business software maker Progress Corp disclosed this month that its file transfer system had been compromised, the issue rapidly acquired global importance.
A Russian-speaking gang called CL0P exploited the vulnerability to steal sensitive information from hundreds of companies, including British Airways, Shell and PwC. It was expected that the hackers would attempt to extort the affected organizations and threaten to release their data if the ransom was not paid.
However, cyber security experts said the nature of the data stolen in the attack — including the driver’s license, health and pension information of millions of Americans — signals another way hackers will make money: ID theft scams, which are among the latest. Combined with the so-called deepfake software could prove even more lucrative than extortion companies.
Heywood Talkow, chief executive of LexisNexis Risk Solutions, said, “I’m not a criminal, but I’ve been studying this for a long time – if I had that much information, and it was that ancient, it wouldn’t matter.” Government distribution.
Experts have long warned about the rise of deepfake scams, where criminals combine artificial intelligence software with personal information to create realistic digital likenesses of people to circumvent traditional security checks.
The number of deepfakes used in scams will exceed the whole of 2022 and then some in the first three months of 2023, according to Samsub, a Miami-based verification platform, with particularly high growth in Canada, the US, Germany and the UK. .
This is because the fake identity of a Western citizen not only opens up bank and traditional online scams, but also the theft of government benefits.
For example, Talkov said the kind of information stolen in the Progress hack — photos, names, dates of birth, home addresses and parts of their social security numbers — could be used to create fake video selfies, Which is used by many US state agencies to verify identity. ,
This may allow criminals to successfully claim unemployment benefits and apply for federal college loans, food stamps and other programs. They estimated that each stolen identity could be used successfully to steal up to $2 million from government benefit programs alone.
“As AI advances, more tools become available to fraudsters. , , The use of synthetic hoaxes is growing at an alarming rate,” said Pavel Goldman-Kalyadin at Samsub, who adds that the company will have to keep coming up with new ways to spot these sophisticated fakes.
On June 1, after at least one of its customers’ data was breached, Progress disclosed that hackers had found a previously undiscovered weakness in its software that allowed them to target its customers.
The breach ultimately led to the theft of data from Progress’s customers including oil company Shell and accounting rivals PwC and EY, as well as dozens of other US government agencies, including the Department of Agriculture, Maryland’s health services and the California pension system. One of the largest in the world.
The vast landscape of victims — many of whom have yet to publicly acknowledge the breach — are interconnected because of their reliance on a piece of software called MOVEit, made by Progress, which is designed to manage data compliance for companies. Was advertised as a safe method to do this. Processing rules protect their most valuable information, both in transit and in storage.
The second part of the robbery was expected to be extortion: demands for payment or leaking of data have been put on the dark web. For example, hackers recently posted a large amount of data from Shell, which is an indication that the company hasn’t paid the ransom. Shell said only a small number of its employees use the software, and the rest of its systems are untouched.
“This was not a ransomware incident,” the company said. “There is no evidence of impact on any other Shell IT systems. Our IT teams are investigating.”
The hackers, who declined to comment via email, also took advantage of a highly sophisticated webshell or backdoor that bypasses industry-standard security from companies such as Microsoft or CrowdStrike, according to two people familiar with the initial investigation into the hack. The measures appear to have been bypassed.
Progress said it is working with law enforcement and helping its customers to further secure their data, “including by implementing patches we have issued”.
The company said, “We are committed to playing a leading and collaborative role in the industry-wide effort to combat increasingly sophisticated and persistent cybercriminals intent on maliciously exploiting vulnerabilities in widely used software products.” “
Progress is relying on Charles Rivers Associates, a consultancy, the forensics division of DLA Piper, the law firm, and Google-owned Mandiant Cyber Security as it prepares for lawsuits against it.
The US Cybersecurity and Infrastructure Security Agency did not respond to multiple requests for comment.
The governors of Louisiana and Oregon have held emergency talks over the hack and have asked citizens to freeze their credit, change all their passwords and keep tabs on their benefits accounts.
“Organised crime syndicates, state operations and professional fraud groups are the most likely to use this information. , , With the intent to stem global ID fraud on a large scale,” said Ron Atzman, founder of au10tix, an Israel-based company that counts Google, Microsoft, PayPal and LinkedIn among its clients for identity verification.
Because the stolen data was genuine, he said, “it will be verified as genuine if there is a fraud attempt, allowing it to pass through most case-level checkpoints”.
He added: “We believe we will see an increase in serial fraud attacks across the board in the coming months due to the flow of stolen identity information into the hands of professional fraudsters.”
At the California Public Employees’ Retirement System, or CalPERS, CL0P hackers stole the personal data of nearly 769,000 retired members and their survivors. Data from recently deceased Americans was especially valuable on the black market, said a private cybersecurity officer involved in the investigation of several victims.
“You open credit cards in a deceased person’s name, take out loans, redirect Social Security payments, sign up for food benefits,” the person said. “Who will sound the alarm?” They said.










