One Article Review
| Source |  RiskIQ |
|---|---|
| Identifiant | 8602974 |
| Date de publication | 2024-10-28 19:28:24 (vue: 2024-10-28 20:07:21) |
| Titre | Pig Butchers Join the Gig Economy: Cryptocurrency Scammers Target Job Seekers |
| Texte | ## Snapshot Proofpoint has reported a rise in cryptocurrency fraud scams that entice users with fake job offers. ## Description These scams, conducted by groups known for "Pig Butchering" (or romance-based cryptocurrency fraud), target people through social media, SMS, and messaging apps like WhatsApp and Telegram. Unlike traditional romance scams, these fraudulent job schemes target a broader, less affluent audience for smaller but more frequent payouts. The scam usually begins with an unsolicited message promoting a remote job opportunity, promising easy tasks such as reviewing products or boosting music streams. Once a victim agrees, they are directed to a fake registration site requiring a referral code. After completing tasks, victims encounter “errors” that result in a negative account balance, prompting them to make a cryptocurrency deposit to continue. Proofpoint has identified several fake companies and tasks across a range of industries, including fictitious roles associated with companies like TikTok, Daptone Records, and Temu. Once hooked, victims often see a small initial return but are encouraged to invest more to earn larger payouts. Proofpoint warns that scammers use psychological tactics like the sunk cost fallacy and loss aversion to keep victims engaged. Chainalysis reported that some of these scam sites have stolen hundreds of thousands in cryptocurrency within a few weeks, highlighting the significant financial impact of this fraud trend. ## Microsoft Analysis and Additional OSINT Context Job lures are an effective social engineering tactic used by threat actors with both financial and espionage motives, leveraging people\'s desire for new career opportunities. For financially motivated actors, job scams are a way to reach a broad audience-often those facing economic hardship-by offering work-from-home positions that appear lucrative yet are designed to extract money or cryptocurrency through fake fees, training deposits, or investments. In contrast, espionage-motivated groups tend to use job lures to target individuals with valuable access or information, such as employees in defense, technology, or government sectors. By posing as recruiters for prominent companies, these actors entice victims to click on malicious links or download files that grant them access to sensitive data. Both types of actors capitalize on the trust people place in professional recruitment communications, using platforms like LinkedIn, email, and even messaging apps to establish credibility and urgency. ## Recommendations Microsoft recommends the following mitigations to reduce the impact of this threat. - Turn on [cloud-delivered protection](https://learn.microsoft.com/en-us/defender-endpoint/linux-preferences) in Microsoft Defender Antivirus or the equivalent for your antivirus product to cover rapidly evolving attacker tools and techniques. Cloud-based machine learning protections block a majority of new and unknown threats. - Run [EDR in block mode](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/edr-in-block-mode?view=o365-worldwide?ocid=magicti_ta_learndoc) so that Microsoft Defender for Endpoint can block malicious artifacts, even when your non-Microsoft antivirus does not detect the threat or when Microsoft Defender Antivirus is running in passive mode. EDR in block mode works behind the scenes to remediate malicious artifacts that are detected post-breach. - Allow [investigation and remediation](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/automated-investigations?view=o365-worldwide?ocid=magicti_ta_learndoc) in full automated mode to allow Microsoft Defender for Endpoint to take immediate action on alerts to resolve breaches, significantly reducing alert volume. - [Enable](https://learn.microsoft.com/en-us/defender-endpoint/enable-controlled-folders) controlled folder access. - Ensure that [tamper protection](https://learn.microsoft.com/en-us/defender-endpoint/prevent-changes-to-security- |
| Notes | ★★ |
| Envoyé | Oui |
| Condensat | **© 2024 2024** 21562b1004d5/analystreport 365/security/defender 4b5e 5155 access accessed account across action actors additional af74 affluent after against age agrees alert alerts all allow analysis antivirus any appear apps are artifacts associated attack attacker audience authority automated aversion balance based begins behind block boosting both breach breaches broad broader but butchering butchers can capitalize career chainalysis changes click client cloud code com/en com/microsoft com/threatanalytics3/9382203e com/us/blog/threat common communications companies completing conducted configure content context continue contrast controlled copyright cost cover credential credibility criterion cryptocurrency customers daptone data defend defender defense delivered deposit deposits description designed desire detect detected directed distribution does download earn easy economic economy economy: edr effective email employees enable enabled encounter encouraged endpoint endpoint/attack endpoint/automated endpoint/edr endpoint/enable endpoint/linux endpoint/prevent engaged engineering ensure entice equivalent espionage establish even evolving executable extract facing fake fallacy fees fictitious files financial financially folder folders follow following fraud fraudulent frequent from full gig government grant groups hardening hardship has have highlighting home hooked https://learn https://security https://www hundreds identified immediate impact including individuals industries information initial insight/pig invest investigation investigations investments job join keep known larger learndoc learning less leveraging like linkedin links list local loss lsa lsass lucrative lures machine majority make malicious manage media meet message messaging microsoft mitigations mode money more motivated motives music negative network new non not ocid=magicti offering offers often once opportunities opportunity osint overview part passive payouts people permission pig place platforms posing positions post preferences premises prevalence prevent product products professional prohibited prominent promising promoting prompting proofpoint protection protection#how protections psychological range ransomware rapidly reach recommendations recommends records recruiters recruitment reduce reducing reduction reference#block references referral registration remediate remediation remote reported reproduction requiring reserved resolve result return reviewing rights rise roles romance rule rules run running scam scammers scams scenes schemes sectors security see seekers sensitive settings several significant significantly site sites small smaller sms snapshot social some stealing stolen streams subsystem such sunk surface tactic tactics take tamper target tasks techniques technology telegram temu tend theft them thereof these those thousands threat threats through tiktok tools traditional training trend trust trusted turn types unknown unless unlike unsolicited urgency us/defender use used users using usually valuable victim victims view=o365 volume warns way webmail weeks whatsapp when windows within without work works worldwide written xdr yet your “errors” |
| Tags | Ransomware Tool Threat Prediction |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.