VF Corp, the parent company of popular sneaker brand Vans, has disclosed a significant data breach impacting approximately 35.5 million consumers, according to a recent Reuters report. The breach, which stemmed from a cyber attack detected on Dec. 13, led to disruptions in the company’s e-commerce operations and affected global customer orders.

In a recent regulatory filing, VF Corp revealed that the cyber attack caused delays in order fulfillment and resulted in the cancellation of some product orders. Despite these operational challenges, the company has assured stakeholders that it does not anticipate any material impact on its financials.

One of the key concerns arising from the incident is the breach of personal data. VF Corp clarified that while a substantial number of consumer records were compromised, the company does not store sensitive information such as social security numbers, bank account details, or payment card information in its IT systems. This limitation in data storage has potentially mitigated the severity of the breach.

Furthermore, VF Corp stated that there is currently no evidence suggesting that consumer passwords were acquired during the cyber attack. This information provides some reassurance to affected consumers regarding the security of their accounts.

In response to the incident, VF Corp has taken steps to restore its IT systems and data. The company reported that it has substantially recovered the systems impacted by the cyber attack. However, it is still addressing minor operational issues that have arisen in the aftermath.

The post Vans maker VF Corp hit by cyber attack, personal data 35.5 million compromised appeared first on ReadWrite.

Saturday witnessed a cyberattack on the Spanish city of Calvià in Majorca, with hackers now demanding 10 million euros to be paid to restore functionality to integral systems.

The Calvià City Council website has been offering updates on the situation, saying the local authority is “working to recover normality as soon as possible, after having been subject, early last Saturday, to a Ransomware cyber attack, through which it is intended to extort money from the council.”

Majorca’s mayor, Juan Antonio Amengual, has reiterated that the extortion attempt will not be answered, as reported in the Majorca Daily Bulletin.

Ransomware attack slows Spanish council.

Amengual took to X to post about the current state of play and mentioned that the council continues to work with experts to stop the attack:

Trabajamos con expertos y otras instituciones para atajar el ciberataque

El Ayuntamiento no se detiene, sigue funcionando algo más lento, pero en marcha

Los hechos han sido denunciados a Guardia Civil pic.twitter.com/GS5a1L0Y0x

— Ajuntament de Calvià – Ayuntamiento de Calviá (@_Calvia) January 15, 2024

In the social media post, he said, “We (Calvià City Council) work with experts and other institutions to stop the cyber attack. The City Council does not stop, it continues to function a little slower, but moving.”

The Calvià City Council will work with the Telematic Crimes Group of the Spanish Civil Guard and hopes to keep residents and onlookers updated through the official website.

Spain and Ukraine are seeing cyberattacks.

Spain is not the only country that has been battling against cyber-security threats like the Ukraine, which has seen national impact of hacking late last year.

The largest telecommunications company, Kiyvstar, and banking power Monobank were subject to the hacking attempt. The cell provider going down would cause a communications blackout for millions.

In the United States, Distributed Denial of Service (DDoS) attacks and hacking attempts were seen across 2023 for Sony and Open-AI.

Open-AI, creator of ChatGPT reported the “an abnormal traffic pattern” that caused outages for developers in November.

Sony-owned studio Insomniac Games was the focus of one of the most scathing cyber attacks in December 2023.  This would lead to the blackmail of the studio for 50 Bitcoin (BTC), equivalent to around $2 million.

The studio and Sony refused to give in to these demands, resulting in sensitive information being released to the public alongside business strategy and company documents.

Image Credit: Pexels

The post Spanish cyberattack: ransom of €10million demanded by hackers appeared first on ReadWrite.

Hackers are specifically targeting prominent verified accounts on X, formerly known as Twitter, to promote crypto scams and drop links to drainers.

They are focusing on profiles belonging to government and business figures and entities with gold and grey verifications, leaning on the pretense of legitimacy as part of the nefarious intent.

A crypto drainer is a form of malware that targets cryptocurrency wallets by tricking the victim into consenting to a malicious transaction.

As reported by Bleeping Computer, Google subsidiary Mandiant, a cyber intelligence company bought for $5.4bn, was hijacked this week when it was used to distribute a fake airdrop which subsequently applied the drain.

The report also detailed how Malware Hunter Team has been monitoring X for this type of activity with the following gold and grey accounts flagged as compromised.

Profiles attributed to Canadian senator Amina Gerba, nonprofit firm The Green Grid, and Brazilian politician Ubiratan Sanderson were used as examples of those to have been penetrated by hackers.

The account of Amina Gerba, a senator in the Canadian Senate got pwned, renamed & being used to spread scam. And as she is a senator, the account has a gray checkmark.

The actors are using it to fake as the "LFG" project that not even have a blue checkmark on their account.
pic.twitter.com/keeyUPyggz

— MalwareHunterTeam (@malwrhunterteam) January 2, 2024

Previously on Twitter, a blue tick or checkmark indicated a verified account. It could have been a mainstream, renowned company, a sports personality or a senior politician but since Elon Musk’s takeover and re-branding of the social media platform as X, all that has changed.

Now, anyone can pay a subscription fee to have a blue checkmark, bringing with it certain user benefits including the ability to edit posts.

A gold tick attached to an X account denotes an official organization or company, while the grey mark represents a government office or an individual official. They are supposed to promote trust, reliability, and authenticity as well as be bound by eligibility criteria.

Despite this, the associated costs for verification and the supposed difficulty of impersonating an official account have not proven to be an effective barrier to hackers seeking to manipulate the social media platform to scam unsuspecting users.

CloudSEK, a digital risk monitoring platform, has outlined the rise of a new black market where hackers trade compromised gold and grey X accounts for prices ranging from $1,200 to $2,000 in what is a stark reminder of the dangers that can be hiding in plain sight online.

The post Hackers hijack X accounts for crypto scams, including Google’s Mandiant appeared first on ReadWrite.

Arion Kurtaj, an 18-year-old hacker, has been sentenced to an indefinite hospital order following his involvement in the leak of unreleased Grand Theft Auto game footage, according to a recent BBC report. Diagnosed with acute autism, Kurtaj was a key figure in the notorious hacking group Lapsus$, known for targeting several tech giants, including Uber, Nvidia, and Rockstar Games, the developer behind GTA.

The group’s cyber-attacks, which involved data theft and ransom demands, caused nearly $10 million in damages to the affected companies. The court determined that Kurtaj’s advanced hacking skills and persistent inclination towards cyber-crime posed a significant public risk. Consequently, he will remain in a secure hospital for an indefinite period, subject to ongoing assessments by medical professionals.

The Lapsus$ group’s notorious hacks

Kurtaj’s most infamous act was the leak of 90 clips from the highly anticipated Grand Theft Auto 6. He managed to breach Rockstar’s internal systems and threatened to release the game’s source code unless contacted by the company. Remarkably, he executed this hack while under police protection and without his primary hacking tools, using an Amazon Firestick, a hotel TV, and a mobile phone.

Rockstar Games reported substantial financial and operational impacts due to Kurtaj’s actions, including a recovery cost of $5 million and extensive staff hours. Additionally, the City of London Police revealed that Lapsus$ sent threatening messages to 26,000 EE customers, further demonstrating the group’s wide-reaching cyber-terror.

In a related trial at Southwark Crown Court, another Lapsus$ member, a 17-year-old, was found guilty alongside Kurtaj. This younger hacker, involved in attacks on Nvidia and BT/EE, received an 18-month Youth Rehabilitation Order, including strict supervision and a prohibition on VPN usage. He also faced charges for stalking and harassing two young women.

The Lapsus$ group, primarily composed of teenagers from the UK and Brazil, gained infamy for their audacious cyber-attacks on multinational corporations like Microsoft and Revolut. Their combination of social engineering and technical hacking skills led to a comprehensive report by US cyber-authorities on the activities of teen hacker gangs.

This report emphasized the ease with which Lapsus$ members infiltrated highly secure organizations, highlighting significant cybersecurity vulnerabilities. The total financial gain from Lapsus$’s cyber-crimes remains uncertain, as no companies have publicly acknowledged paying ransoms, and the hackers did not release passwords for the seized cryptocurrency wallets.

The post Teen hacker behind GTA leak sentenced to indefinite hospital order appeared first on ReadWrite.

The Federal Bureau of Investigation has taken a significant step in combating the notorious Blackcat hacker group, also known as ALPHV, by releasing a decryption tool aimed at assisting over 500 victims of cyberattacks worldwide. The FBI’s strategic move, as reported by SBC Americas, is part of a broader effort to dismantle the group’s operations, which have inflicted substantial financial damage over the past 18 months.

Blackcat, responsible for extracting hundreds of millions of dollars through ransomware attacks, targeted various entities, including a notable attack on MGM Resorts in the fall. This particular attack compromised sensitive customer data, such as social security and passport numbers, though on a limited scale. MGM Resorts experienced a week-long shutdown of its computer systems, incurring approximately $100 million in recovery costs.

In response to these escalating threats, the FBI, under the leadership of Deputy Director Paul Abbate, developed the decryption tool as a countermeasure. This tool has already played a crucial role in preventing around $68 million in ransom payouts. Abbate emphasized the FBI’s commitment to defeating ransomware campaigns and assisting victims in recovering from such attacks.

The release of the decryption tool marks a proactive approach by the FBI to address the cybersecurity challenges posed by groups like Blackcat. Deputy Attorney General Lisa O. Monaco highlighted the importance of these efforts, stating that the Justice Department’s actions have enabled businesses, schools, healthcare, and emergency services to resume operations after being affected by ransomware.

In addition to the decryption tool, the FBI has infiltrated Blackcat’s network, seizing several websites operated by the group. This disruption is part of a larger strategy to dismantle the cybercrime ecosystem and prioritize victim support.

The MGM Resorts attack and subsequent FBI actions have elevated cybersecurity to a top priority within the industry. Companies are now more aware of the need for robust security measures and the importance of collaborating with law enforcement agencies to tackle cyber threats effectively.

The post FBI’s decryption tool a powerful weapon against Blackcat hackers appeared first on ReadWrite.

The United Kingdom’s (UK) government is at high risk of a “catastrophic ransomware attack” due to a lack of focus and funding, in a stark warning from a parliamentary report.

As reported by The Record, the government has been accused by the nation’s Joint Committee on the National Security Strategy (JCNSS) of not effectively planning to prevent a large-scale cyber attack that could “bring the country to a standstill.”

The news will add more pressure onto Prime Minister Rishi Sunak who is currently under heavy scrutiny on matters of illegal immigration. He breathed a sigh of relief on Tuesday after his key Rwanda bill passed its first Commons hurdle but further challenges will be presented in the new year.

The parliamentary report was highly critical of the former Home Secretary Suella Braverman for failing to address the ransomware threat:

“We found that the Home Office’s public output on cyber security and ransomware has been almost nonexistent, and has been dwarfed by its focus on small boats and illegal migration,” the JCNSS said.

UK failing to invest sufficiently in cyber security

Any potential attack is likely to be aimed at the UK’s critical national infrastructure (CNI) which consists of national assets that keep the country running, including energy supply, water supply, health, transport and telecommunications.

In recent times, the UK’s National Health Service (NHS) has been targeted which saw patient data fall into the hands of cyber attackers and a council in the North of England was crippled for more than two weeks, as outlined by the Guardian.

In the response, the JNCSS has recommended that the responsibility for ransomware should be taken away from the Home Office and put within the remit of the Cabinet Office, in conjunction with the National Cyber Security Centre and the National Crime Agency “to be overseen directly by the Deputy Prime Minister, as part of a holistic approach to cyber security and resilience.”

The government will be aware of the threat posed by these forms of cyber attacks and the damage that can be caused, but unless it acts appropriately, it will see the UK remain in a vulnerable position. This was reflected in the joint committee report with one of its findings damning the government which “knows that the possibility of a major ransomware attack is high, yet it is failing to invest sufficiently to prevent catastrophic costs later on.”

image credit, pixabay, pexels.com

The post UK government risking ‘catastrophic ransomware attack’ appeared first on ReadWrite.

In the latest high-profile gaming hack, it seems Spiderman 2, and current Wolverine developer Insomniac Games has been breached, by a group called Rysida, who has published screenshots from Wolverine, alongside the identity pages of passports of staff, past and current, suggesting that the data stolen is from multiple departments.

Rysida has said that Insomniac has seven days to agree to a ransom or they will release the data, but, somewhat confusingly also seem to be auctioning the heist off to the highest bidder online.

A message from the group says, “With just 7 days on the clock, seize the opportunity to bid on exclusive, unique, and impressive data,” Rhysida said in its leak message online.

“Open your wallets and be ready to buy exclusive data. We sell only to one hand, no reselling, you will be the only owner!”

Do I hear 50 Bitcoin in the room?

The starting bid is a rather ambitious 50 Bitcoin, which works out around $2 million dollars.

Insomniac Games is a Sony studio and the PlayStation manufacturers told Eurogamer, “We are aware of reports that Insomniac Games has been the victim of a cyber security attack. We are currently investigating this situation. We have no reason to believe that any other SIE or Sony divisions have been impacted.”

Rysida, named after a species of caterpillar is suspected to be a Russian group and was responsible for the recent ransomware attack on the British Library last month. 

According to that same Guardian article US government agencies released an advisory note on Rhysida, stating that the “emerging ransomware variant” had been deployed against the education, manufacturing, IT, and government sectors since May. 

The Government also said it had also seen the Rhysida gang running a “ransomware as a service” (Raas) operation – this is a system where the group would hire out its tools and share profits with other criminal enterprises involved.

It is unclear at this point what will happen next, but we will keep this story updated with any developments.

The post PlayStation game dev hit by major ransomware attack – stolen data being auctioned off appeared first on ReadWrite.

The largest cyber attack of the Russia-Ukraine War so far has hit a Ukrainian telecom giant, causing a cellular blackout for millions.

Kyivstar is Ukraine’s largest broadband and mobile network operator. The attack left over 24.3 million mobile subscribers without a stable connection in the country.

CEO of Kyivstar, Oleksandr Komarov told a television newscast “War is also happening in cyber-space. Unfortunately, we have been hit as a result of this war,” as reports Reuters.

Kyivstar’s infrastructure partially destroyed

“(The attack) significantly damaged (our) infrastructure, limited access, we could not counter it at the virtual level, so we shut down Kyivstar physically to limit the enemy’s access,” Komarov said.

Veon, the parent company of Kyivstar released a statement on the incident stating “The network of its Ukrainian subsidiary Kyivstar has been the target of a widespread hacker attack in the morning of 12 December 2023, causing a technical failure.” Via the Veon website.

This morning, @TwiyKyivstar was targeted by a hacker attack, causing a technical failure in communication and internet access.

Kyivstar is committed to keeping Ukraine connected and is working on restoring communication as soon as possible. https://t.co/ENSYlZex4E pic.twitter.com/AwNuAzFc8T

— VEON (@VEONGroup) December 12, 2023

Veon also stated that Kyivstar technical teams are “working in close cooperation with Ukrainian law enforcement agencies to determine the circumstances and consequences of the interference in the Kyivstar network. At the time of this release, the personal data of subscribers has not been compromised, to the best of Kyivstar’s knowledge.”

Cyber attacks hit other services in Ukraine

Kyivstar was not the sole target of the cyber attacks taking place as Monobank, one of Urkaine’s largest banks was also affected.

A massive denial of service (DDoS) attack was also reported by Monobank’s CEO Oleh Horokhovskyi via their social channels.

He announced “ Massive DDoS attack on mono. Target of attack: entry points to Amazon (Banks, website). Everything is under control.”

Image credit: Anete Lusina, Pexels.

The post Ukraine cyber attack: Telecom giant Kyivstar hit by blackout appeared first on ReadWrite.

The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency have exposed new details about the cybercrime group Scattered Spider and its collaboration with the notorious ALPHV/BlackCat ransomware operation in an advisory published on Friday.

According to a Bleeping Computer report, Scattered Spider — tracked by multiple aliases including 0ktapus, Starfraud, and Octo Tempest — has been responsible for some of the most high-profile ransomware attacks in recent years. The fluid collective of English-speaking hackers as young as 16 has relied on cunning social engineering tactics to breach the networks of companies like MailChimp, Reddit and Twilio.

Now, the FBI reveals that select members of Scattered Spider have joined forces with ALPHV/BlackCat, the Russia-based ransomware cartel behind major attacks on oil giant Shell and Costa Rica’s government. This alliance allows the Scattered Spider actors to encrypt and lock systems using BlackCat, then extort victims for ransom payments.

Experts say Scattered Spider’s loose, decentralized structure makes the group difficult to track. The FBI knows the identities of at least 12 individuals but has yet to prosecute any members. Some are believed also to be part of “The Comm,” a network of hackers involved in recent violent crimes.

Scattered Spider’s access tactics exploit human vulnerabilities. Posing as IT staff, they trick employees into handing over credentials via SMS phishing, phone calls, and fake domain names impersonating corporate services. Once inside, they covertly install RAT malware and monitoring tools to steal data and learn about incident response efforts in Slack or email. This allows Scattered Spider to evade detection, create fake accounts to move laterally and determine how victims are trying to kick them out.

The advisory warns they take interest in source code, certificates, and credential repositories.

Experts urge strengthening MFA, email security, network segmentation, and patching against the MITRE techniques listed by the FBI. They also advise implementing robust data recovery plans and offline backups to empower recovery after an attack.

The exposure of Scattered Spider’s inner workings sheds light on the human infrastructure behind sophisticated cybercriminal networks executing ransomware attacks. It also exemplifies the evolving cyber threat landscape, where threat actors share capabilities to maximize profits from extortion.

Photo by Pixabay.

The post FBI exposes Scattered Spider’s alliance with notorious ransomware gang appeared first on ReadWrite.

Google has initiated a lawsuit against unidentified individuals in India and Vietnam, alleging a scam that exploits the growing interest in artificial-intelligence tools. According to The Wall Street Journal, the scam specifically targets U.S. small businesses, tricking them into compromising their social-media-account passwords.

The Bard AI chatbot scam

The fraud involves deceiving small-business owners into clicking Facebook ads promising a download of Google’s Bard artificial-intelligence chatbot. However, these ads are misleading: Bard is a web-based platform and is not available for download. Hackers using bogus names like Google AI and AIGoogle Bard FB operate an organized scheme with ads falsely claiming affiliation with Google.

When victims click the offer to download Bard, malware infects their devices and steals their social-media credentials. The hackers then hijack these social-media accounts to disseminate more malware-linked ads. Google’s lawsuit, filed in a federal district court in Northern California, seeks to stop the scam and obtain damages. According to Google’s general counsel, Halimah DeLaine Prado, this may be the first lawsuit of its kind aimed at protecting users of a major tech company’s AI product.

While the full impact of this scam is still unclear, Google has reportedly filed about 300 takedown requests to remove these deceptive ads. While Facebook and other platforms have been generally responsive to these requests, the threat persists.

This scheme is indicative of a broader trend of malware scams targeting businesses, as noted by Facebook’s parent company, Meta Platforms. In May, Meta blocked 1,000+ malicious URLs offering ChatGPT-based tools, many originating from Vietnam, from being shared on its platforms.

Protecting users in the AI era

The lawsuit underscores the challenges and risks as interest in AI tools surges, particularly for small businesses on social media. It also highlights the need for heightened vigilance and robust protective measures against such sophisticated cyber scams.

The post Hackers exploit AI interest in malware scam, Google files lawsuit appeared first on ReadWrite.

A significant move against hackers is underway as 40 countries, led by the U.S., prepare to sign a pledge. According to Reuters reporting, this commitment aims to halt ransom payments to cybercriminals and dismantle their funding mechanisms, according to a senior White House official.

Rising threat of ransomware attacks

Ransomware attacks have seen a global surge, with the U.S. bearing the brunt, accounting for 46% of such incidents. Anne Neuberger, the U.S. deputy national security adviser for cyber and emerging technologies, highlighted the gravity of the situation in a virtual briefing. Neuberger mentioned that the problem would continue as long as ransomware criminals are being paid.

In these attacks, cybercriminals encrypt an organization’s systems, demanding ransoms for decryption. They often pilfer sensitive data, threatening its release if not paid. Recent victims include MGM Resorts International and Clorox, both still grappling with the aftermath.

A collaborative effort to curb cybercrime

The alliance’s strategy focuses on cutting off the hackers’ financial lifeline. Enhanced information sharing about ransom payment accounts is central to this plan. Lithuania will develop one of the two proposed information-sharing platforms, with Israel and the UAE collaborating on the second.

Furthermore, the U.S. Department of Treasury will facilitate the sharing of a “black list” among partner countries. This list will spotlight digital wallets used for ransomware transactions. Neuberger also mentioned the integration of artificial intelligence to scrutinize blockchain, aiming to pinpoint illicit funds. Notably, Chainalysis, a blockchain analytics firm, reported in July that crypto payments to ransomware attackers might reach their second-highest annual total this year.

The post 40 countries unite against cybercriminals, vowing to stop ransom payments appeared first on ReadWrite.

DNA testing company 23andMe is once again in the spotlight for the wrong reasons. A hacker has leaked millions of 23andMe user records on a cybercrime forum. TechCrunch reporting indicates it is the same hacker, aka Golem, who began selling 23andMe user data earlier this month. Golem claims the new dataset contains information on individuals from Great Britain, emphasizing the presence of data from “the wealthiest people living in the U.S. and Western Europe on this list.”

According to TechCrunch, the recent data dump includes names, email addresses, and other personal details of users. The motive behind Golem’s repeated leaks of 23andMe user data remains unclear, however.

In response to the breach, 23andMe spokesperson Andy Kill told TechCrunch via email, “We were made aware of this new leak today, and we are currently reviewing the data to determine if it is legitimate.”

A pattern of 23andMe data leaks

The attack seems to have roots tracing back several months. On Aug. 11, a hacker on another cybercrime forum, Hydra, advertised a set of 23andMe user data. According to TechCrunch, this set matched some of the user records leaked two weeks ago. The hacker on Hydra claimed possession of a whopping 300 terabytes of 23andMe user data, though no evidence was provided to substantiate this claim.

23andMe states it is actively investigating the situation and has advised its users to change their passwords and enable two-factor authentication as immediate precautionary steps.

The post 23andMe hacker leaks more data, claims to have wealthy users’ records appeared first on ReadWrite.

Mozilla fixed a critical zero-day vulnerability affecting its Firefox web browser and Thunderbird email client via emergency security updates.

The security flaw in question — CVE-2023-4863 — stemmed from a heap buffer overflow in the WebP code library.

“Opening a malicious WebP image could lead to a heap buffer overflow in the content process,” Mozilla said in an advisory published on Tuesday, adding: “We are aware of this issue being exploited in other products in the wild.”

The not-for-profit software developer addressed the zero-day exploit for:

• Firefox 117.0.1
• Firefox ESR 115.2.1
• Firefox ESR 102.15.1
• Thunderbird 102.15.1
• Thunderbird 115.2.2

The details surrounding the WedP flaw being used in attacks have not been shared, but users have been strongly advised to update their versions of Firefox and Thunderbird.

Google already patched Chrome

Mozilla software was not alone in using the vulnerable WebP code library version.

Google patched its Chrome web browser on Monday while warning that “an exploit for CVE-2023-4863 exists in the wild.” Its security updates have been rolling out and are expected to cover its entire user base in the weeks ahead.

Apple and The Citizen Lab identified the flaw

Apple’s Security Engineering and Architecture team first reported the flaw on Sept. 6, alongside The Citizen Lab at the University of Toronto’s Munk School — the latter famous for identifying and disclosing zero-day vulnerabilities.

Citizen Lab recently identified two zero-day vulnerabilities used to deploy NSO Group’s infamous Pegasus mercenary spyware onto up-to-date iPhones. Apple patched the vulnerabilities last week before backporting them to older iPhone models — such as the iPhone 6s, iPhone 7 and iPhone SE.

The post Mozilla patches Firefox and Thunderbird against zero-day exploits appeared first on ReadWrite.

In an era where technology permeates every aspect of our lives, privacy has become a precious commodity. Unfortunately, there are individuals and organizations exploiting this vulnerability for their gain. One such example is TheTruthSpy, a collection of Android surveillance apps known as “stalkerware.” These apps, including Copy9 and MxSpy, have compromised hundreds of thousands of people’s phones worldwide. But who is behind this sinister operation, and how have they managed to evade detection for so long?

TheTruthSpy, developed by the Vietnam-based startup 1Byte, has been a lucrative venture, bringing in millions of dollars in customer payments since 2016. However, selling spyware comes with legal and reputational risks, especially in the United States, where demand for TheTruthSpy has been steadily growing. To navigate these challenges, 1Byte devised an intricate scheme involving a network of fake American identities, forged passports, and manipulated financial systems.

Meet Benjamin and Dulce, two fictitious sellers of TheTruthSpy. On the surface, they appear to be ordinary Americans, but their true purpose is to serve as fronts for 1Byte. Their forged documents, including passports, driver’s licenses, and Social Security cards, allowed 1Byte to funnel illicit customer payments into their bank accounts. These fake identities were meticulously crafted, complete with photoshopped faces and fabricated personal information. Through this elaborate charade, 1Byte managed to keep its true identity hidden while reaping the profits.

Dulce and Benjamin played crucial roles in 1Byte’s financial success. In the early years, PayPal served as the primary payment processor for TheTruthSpy. Customers would purchase the software through various branded spyware websites, and the money would flow into PayPal accounts under Dulce and Benjamin’s names, which were actually controlled by 1Byte. Dulce alone netted $239,000 in 2016 and $886,000 in 2017, while Benjamin consistently earned tens of thousands of dollars each month selling other cloned stalkerware apps.

As TheTruthSpy’s popularity grew, PayPal’s systems began flagging transactions and restricting access to 1Byte’s accounts. To overcome this obstacle, 1Byte employed various tactics, including using multiple PayPal accounts and offering full-year subscriptions to customers in exchange for resolving disputes. These strategies helped keep the money flowing, but 1Byte realized that relying solely on PayPal was not a sustainable solution.

1Byte recognized the need to process customer payments through credit cards to meet growing demand. However, credit card processors viewed spyware as a high-risk product due to its association with illegal activities. To circumvent this issue, 1Byte established partnerships with smaller payment facilitators known to work with riskier products. This allowed them to accept credit card payments, albeit with higher fees. Yet, some payment processors eventually caught on and terminated their agreements with 1Byte.

To maintain control over the payment process, 1Byte developed its own checkout website called Affiligate. Disguised as a marketplace for app developers, Affiligate served as a front for selling TheTruthSpy and its cloned apps. Behind the scenes, 1Byte employees created fake marketplace accounts and utilized their personal email addresses, inadvertently compromising the security of their own site. Affiligate relied on an outside company, Stripe, to handle credit card processing, enabling 1Byte to continue its operations.

TheTruthSpy’s operation remained hidden for years, with its vast trove of compromised phone data hosted in Texas web hosting data centers. However, a massive cache of files, including customer information, was leaked, exposing the inner workings of 1Byte’s surveillance ring. The leaked data shed light on the company’s financial spreadsheets, customer transactions, and the individuals who purchased the stalkerware. This breach also revealed 1Byte’s security lapses, including a potential ransomware attack and the exposure of its handlers’ identities.

Stalkerware, including TheTruthSpy, poses a significant threat to individuals’ privacy and security. While possession of such software is not illegal, using it to record calls and private conversations without consent violates federal and state laws. The authorities have taken action against stalkerware operators, but overseas operators like 1Byte remain largely out of their jurisdictional reach. TheTruthSpy continues to operate unabated, putting countless victims at risk of having their personal information fall into the wrong hands.

If you suspect that your phone has been compromised by TheTruthSpy or any other stalkerware, there are steps you can take to protect yourself. Utilize the free lookup tool provided by TechCrunch to check if your phone has been compromised. If confirmed, follow their guide on how to remove the spyware from your device. However, be aware that removing the spyware may alert the person who planted it.

In summary, TheTruthSpy, a dark player in the world of stalkerware, has managed to operate covertly for years, exploiting vulnerabilities in the financial system and leveraging fake identities to conceal its true nature. While steps have been taken to combat stalkerware, the battle against such invasive surveillance tools is far from over. It is crucial for individuals to remain vigilant, protect their digital privacy, and stay informed about emerging threats like TheTruthSpy. With continued awareness and collective action, we can strive for a safer and more secure digital landscape.

First reported on TechCrunch

Frequently Asked Questions

Q. What is TheTruthSpy, and how does it operate as a stalkerware?

TheTruthSpy is a collection of Android surveillance apps categorized as “stalkerware.” These apps compromise individuals’ phones, allowing unauthorized access to private data, call recordings, and conversations without their knowledge or consent. TheTruthSpy is developed by the Vietnam-based startup 1Byte and has been a lucrative venture since 2016.

Q. How does 1Byte evade detection while profiting from selling spyware?

1Byte employs an intricate scheme involving fake American identities, forged passports, and manipulated financial systems. Two fictitious sellers named Benjamin and Dulce serve as fronts for the company, allowing them to funnel illicit customer payments into their bank accounts. Through this elaborate charade, 1Byte has successfully kept its true identity hidden while reaping significant profits.

Q. How did 1Byte process customer payments initially, and what challenges did they face?

In the early years, PayPal served as the primary payment processor for TheTruthSpy. However, PayPal’s systems began flagging transactions and restricting access to 1Byte’s accounts. To overcome this, 1Byte used multiple PayPal accounts and offered full-year subscriptions to resolve disputes. Yet, relying solely on PayPal was not sustainable.

Q. How did 1Byte manage credit card payments despite the high risk associated with spyware products?

Credit card processors viewed spyware as high-risk due to its association with illegal activities. To overcome this, 1Byte partnered with smaller payment facilitators known to work with riskier products. This allowed them to accept credit card payments, although with higher fees. However, some payment processors eventually caught on and terminated their agreements.

Q. How did 1Byte establish control over the payment process through Affiligate?

1Byte developed its checkout website called Affiligate, disguised as a marketplace for app developers. It served as a front for selling TheTruthSpy and its cloned apps. Behind the scenes, 1Byte employees created fake marketplace accounts and utilized their personal email addresses. Affiligate relied on an outside company, Stripe, to handle credit card processing, enabling 1Byte to continue operations.

Q. What exposed the inner workings of 1Byte’s surveillance ring?

A massive cache of files, including customer information, was leaked, shedding light on the company’s financial spreadsheets, customer transactions, and the individuals who purchased TheTruthSpy. This breach also revealed security lapses, including a potential ransomware attack and the exposure of 1Byte’s handlers’ identities.

Q. Is stalkerware illegal, and what actions have been taken against stalkerware operators?

Possessing stalkerware is not illegal, but using it to record calls and private conversations without consent violates federal and state laws. Authorities have taken action against stalkerware operators, but overseas operators like 1Byte remain largely out of their jurisdictional reach.

Q. How can individuals protect themselves from stalkerware like TheTruthSpy?

Individuals can use TechCrunch’s free lookup tool to check if their phones have been compromised by TheTruthSpy or any other stalkerware. If confirmed, TechCrunch provides a guide on how to remove the spyware from the device. However, be aware that removing the spyware may alert the person who planted it.

Q. How can we combat the threat of stalkerware and protect digital privacy?

The battle against invasive surveillance tools like TheTruthSpy requires continued awareness and collective action. Individuals must remain vigilant, protect their digital privacy, and stay informed about emerging threats. By working together, we can strive for a safer and more secure digital landscape.

Featured Image Credit: Unsplash

The post TheTruthSpy: The Stalkerware That Made Millions appeared first on ReadWrite.

In a recent cybersecurity breach, North Korea-backed hackers targeted cryptocurrency clients by infiltrating the systems of JumpCloud, a prominent U.S. enterprise software company. The breach, attributed to a sub-group of the notorious Lazarus hacking group called Labyrinth Chollima, highlights the persistent threat posed by state-sponsored cyber attacks. This article explores the details of the breach, the motivations behind North Korea’s hacking activities, and the implications for the cryptocurrency industry.

JumpCloud, a directory platform that provides authentication, authorization, and user/device management solutions for enterprises, confirmed that it experienced a breach in June. The company detected the intrusion and promptly initiated its incident response plan to mitigate the threat, secure its network, communicate with customers, and engage law enforcement. Although JumpCloud did not explicitly identify the nation behind the attack, cybersecurity researchers from Crowdstrike and SentinelOne have attributed it to North Korea-backed hackers.

Lazarus, the hacking group believed to be responsible for the JumpCloud breach, has a long history of targeting the cryptocurrency sector. This state-sponsored group has been actively tracked by cybersecurity companies since 2009 and is known for its association with North Korea’s sanctioned nuclear weapons program. Lazarus has previously targeted prominent crypto entities such as the Ronin Network and Harmony’s Horizon Bridge.

Both Crowdstrike and SentinelOne researchers have independently linked the JumpCloud breach to Lazarus. Adam Meyers, the Senior Vice President for Intelligence at Crowdstrike, stated that the group responsible for the attack is one of the most prolific adversaries associated with North Korea. Similarly, Tom Hegel, a researcher from SentinelOne, confirmed that indicators of compromise (IOCs) shared by JumpCloud are linked to a range of activities attributed to the Democratic People’s Republic of Korea (DPRK), commonly known as North Korea.

In addition to the JumpCloud breach, North Korean hackers may also be behind a recent social engineering campaign targeting GitHub customers. GitHub, a popular platform for software development collaboration, revealed that the campaign aimed at the personal accounts of employees from technology firms associated with the blockchain, cryptocurrency, and online gambling sectors. The attack was attributed to a group operating in support of North Korean objectives, commonly tracked as TraderTraitor by the Cybersecurity and Infrastructure Security Agency (CISA).

North Korea has a history of utilizing crypto-stealing operations to finance its sanctioned nuclear weapons program. The country’s army of illicit IT workers fraudulently gain employment worldwide, generating funds to support the regime’s weapons of mass destruction programs. To counter these activities, the U.S. government has imposed sanctions on North Korea’s illicit IT workforce and is offering rewards for information that can disrupt North Korean hackers.

The JumpCloud breach impacted a small and specific set of customers, given that the company’s software is used by over 180,000 organizations and boasts more than 5,000 paying customers. While the exact details of the breach’s impact on these customers remain undisclosed, JumpCloud responded swiftly to the incident, resetting affected customers’ API keys and implementing necessary measures to secure their network and perimeter.

The targeted attacks on cryptocurrency-related entities highlight the vulnerabilities within the industry. As cryptocurrencies continue to gain popularity and value, they become attractive targets for state-sponsored hacking groups seeking financial gain or funding for illicit activities. The industry must remain vigilant and implement robust security measures to safeguard digital assets and protect users’ sensitive information.

The JumpCloud breach serves as a reminder that all organizations, regardless of their size or industry, must prioritize cybersecurity. State-sponsored hacking groups, like Lazarus, possess advanced capabilities and constantly evolve their attack techniques. It is crucial for enterprises to invest in comprehensive cybersecurity measures, including employee training, threat intelligence, vulnerability assessments, and incident response plans.

In summary, the North Korea-backed hacking incident targeting JumpCloud and subsequent attacks on cryptocurrency-related entities demonstrate the ongoing threat posed by state-sponsored cybercriminals. Lazarus, a well-known hacking group associated with North Korea, has a history of targeting the cryptocurrency sector to finance the country’s nuclear weapons program. The cryptocurrency industry must remain vigilant and adopt robust security measures to mitigate the risk of such attacks. Furthermore, all organizations should prioritize cybersecurity to protect their assets and sensitive information from state-sponsored hacking groups.

First reported on Reuters

Frequently Asked Questions

Q. What is the recent cybersecurity breach involving JumpCloud?

In a recent cybersecurity breach, North Korea-backed hackers targeted JumpCloud, a prominent U.S. enterprise software company. JumpCloud provides authentication, authorization, and user/device management solutions for enterprises. The breach involved infiltrating JumpCloud’s systems and was attributed to a sub-group of the Lazarus hacking group known as Labyrinth Chollima.

Q. What is Lazarus, and what is its history with cryptocurrency-related attacks?

Lazarus is a hacking group associated with North Korea that has been actively tracked by cybersecurity companies since 2009. The group is notorious for its association with North Korea’s sanctioned nuclear weapons program. Lazarus has a history of targeting the cryptocurrency sector to finance illicit activities and has been linked to previous attacks on crypto entities such as the Ronin Network and Harmony’s Horizon Bridge.

Q. How did researchers link the JumpCloud breach to North Korea-backed hackers?

Researchers from Crowdstrike and SentinelOne independently linked the JumpCloud breach to Lazarus, a North Korea-backed hacking group. Adam Meyers from Crowdstrike stated that the group responsible for the attack is one of the most prolific adversaries associated with North Korea. Tom Hegel from SentinelOne confirmed that indicators of compromise (IOCs) shared by JumpCloud are linked to a range of activities attributed to North Korea.

Q. What is the motivation behind North Korea’s hacking activities in the cryptocurrency sector?

North Korea has utilized crypto-stealing operations to finance its sanctioned nuclear weapons program. The country’s illicit IT workers fraudulently gain employment worldwide to generate funds for supporting the regime’s weapons of mass destruction programs. The cryptocurrency industry’s growing popularity and value make it an attractive target for state-sponsored hacking groups seeking financial gain or funding for illicit activities.

Q. How did the JumpCloud breach impact its customers?

While specific details of the breach’s impact on JumpCloud customers remain undisclosed, the company responded swiftly by resetting affected customers’ API keys and implementing necessary measures to secure their network and perimeter. The breach reportedly affected a small and specific set of customers, considering that JumpCloud’s software is used by over 180,000 organizations and has more than 5,000 paying customers.

Q. What can the cryptocurrency industry do to protect against such attacks?

The cryptocurrency industry must remain vigilant and implement robust security measures to safeguard digital assets and protect users’ sensitive information. This includes investing in comprehensive cybersecurity measures, such as employee training, threat intelligence, vulnerability assessments, and incident response plans.

Q. How can organizations protect themselves from state-sponsored hacking groups like Lazarus?

All organizations, regardless of size or industry, must prioritize cybersecurity to protect their assets and sensitive information from state-sponsored hacking groups. This includes adopting robust security measures, investing in employee training, and staying updated on the latest cybersecurity threats and attack techniques.

Q. What are the broader implications of state-sponsored cyber attacks like the one on JumpCloud?

State-sponsored cyber attacks pose a persistent threat to various industries and organizations worldwide. The JumpCloud incident highlights the need for enterprises to take proactive measures to protect against such attacks. It also underscores the importance of collaboration between the private sector and governments in countering state-sponsored cyber threats.

Featured Image Credit: Unsplash

The post North Korean Hackers Are Targeting Your Cryptocurrency appeared first on ReadWrite.

Once again, Chinese hackers have successfully breached U.S. government defenses. According to recent reports, Chinese hackers used a vulnerability in Microsoft’s cloud email service to access the accounts of thousands of government workers in the United States. Microsoft has determined that a Chinese hacking group known as Storm-0558 was responsible for the attack. An estimated 25 email accounts were compromised, including those belonging to government agencies and consumers with ties to these agencies.

In order to gain unauthorized access to Outlook Web Access (OWA) in Exchange Online (EOL) and Outlook.com, the attackers used forged tokens, according to Microsoft’s technical analysis of the attack. After impersonating Azure AD users, the hackers were able to breach corporate email accounts by exploiting a token validation flaw. For about a month, the malicious activity went undetected until customers began notifying Microsoft of strange email behavior.

According to Charlie Bell, Microsoft’s top cybersecurity executive, the adversary is intent on espionage, including hacking into email systems to collect intelligence. He elaborated that such an adversary is motivated by espionage to abuse credentials in order to gain access to data stored on secure systems.

According to Microsoft, the hacking group known as Storm-0558 is relatively new, emerging, or “in development,” but it has access to significant resources. However, the company has not disclosed which government agencies were compromised. A National Security Council spokesman confirmed that multiple government agencies across the United States were hit.

A flaw in Microsoft’s cloud email service was used in the attack. Microsoft has been tight-lipped about the flaw that the Chinese hackers exploited. The company has confirmed, however, that the threat has been eliminated, and the intruders can no longer access the compromised accounts.

Determining the full extent of the attack’s damage will take some time. Whether or not any sensitive information was exfiltrated during the month that the hackers had access to — is unknown, and Microsoft has not commented on the matter. There has been no official word from the United States government either.

The attack prompted the United States government to demand increased security from its procurement contractors. What the government has done to prevent further attacks is unknown. The U.S. government, however, is expected to take preventative measures to guard against future attacks of this nature.

Concerns have been raised about Chinese hackers’ attack on U.S. government email accounts via Microsoft’s cloud email service. Government agencies, especially those with access to sensitive information, need strong cybersecurity measures, as demonstrated by this attack. New threats and security holes must be monitored constantly, and preventative action must be taken. This incident emphasizes the fact that maintaining cybersecurity is an ongoing process that needs our full attention at all times.

The threat of cyber attacks will only increase as the world becomes more interconnected. Each person, business, and government agency is responsible for prioritizing cybersecurity. This way, we can keep our information protected and still reap the benefits of the digital age.

First reported on TechCrunch

Frequently Asked Questions

Q: What happened in the recent Chinese hacking incident involving U.S. government defenses?

A: Chinese hackers exploited a vulnerability in Microsoft’s cloud email service to gain unauthorized access to the accounts of thousands of government workers in the United States. The attack was attributed to a Chinese hacking group known as Storm-0558.

Q: How did the hackers gain access to the email accounts?

A: The attackers used forged tokens and exploited a token validation flaw to impersonate Azure AD users and breach corporate email accounts in Outlook Web Access (OWA) and Outlook.com.

Q: How long did the malicious activity go undetected?

A: The malicious activity went undetected for about a month until customers reported unusual email behavior to Microsoft.

Q: What is the motive behind the Chinese hacking group’s actions?

A: According to Microsoft’s top cybersecurity executive, the Chinese hacking group is motivated by espionage and aims to collect intelligence by hacking into email systems.

Q: What actions has Microsoft taken to address the attack?

A: Microsoft has eliminated the threat and confirmed that the intruders can no longer access the compromised accounts. However, the full extent of the attack’s damage and whether any sensitive information was exfiltrated is still unknown.

Q: What measures has the U.S. government taken in response to the attack?

A: The U.S. government has demanded increased security from its procurement contractors and is expected to implement preventative measures to safeguard against future attacks.

Q: What is the significance of this attack on U.S. government email accounts?

A: This attack highlights the need for strong cybersecurity measures, especially for government agencies with access to sensitive information. It emphasizes the ongoing nature of maintaining cybersecurity and the importance of constant monitoring and preventative action.

Q: What happened in the recent Chinese hacking incident involving U.S. government defenses?

A: Chinese hackers exploited a vulnerability in Microsoft’s cloud email service to gain unauthorized access to the accounts of thousands of government workers in the United States. The attack was attributed to a Chinese hacking group known as Storm-0558.

Q: How did the hackers gain access to the email accounts?

A: The attackers used forged tokens and exploited a token validation flaw to impersonate Azure AD users and breach corporate email accounts in Outlook Web Access (OWA) and Outlook.com.

Q: How long did the malicious activity go undetected?

A: The malicious activity went undetected for about a month until customers reported unusual email behavior to Microsoft.

Q: What is the motive behind the Chinese hacking group’s actions?

A: According to Microsoft’s top cybersecurity executive, the Chinese hacking group is motivated by espionage and aims to collect intelligence by hacking into email systems.

Q: What actions has Microsoft taken to address the attack?

A: Microsoft has eliminated the threat and confirmed that the intruders can no longer access the compromised accounts. However, the full extent of the attack’s damage and whether any sensitive information was exfiltrated is still unknown.

Q: What measures has the U.S. government taken in response to the attack?

A: The U.S. government has demanded increased security from its procurement contractors and is expected to implement preventative measures to safeguard against future attacks.

Q: What is the significance of this attack on U.S. government email accounts?

A: This attack highlights the need for strong cybersecurity measures, especially for government agencies with access to sensitive information. It emphasizes the ongoing nature of maintaining cybersecurity and the importance of constant monitoring and preventative action.

Featured Image Credit: Markus Spiske; Unsplash; Thank you!

The post US Government Emails Hacked: What You Need to Know appeared first on ReadWrite.

First reported on TechCrunch

The post Security Compromise: LetMeSpy, a Phone Tracking App, Admits to Being Hacked appeared first on ReadWrite.

In the ever-evolving landscape of technology, cybersecurity has become a paramount concern for governments and organizations worldwide. With the rise of nation-state and state-backed hackers, the need for robust measures to combat cyber threats has become more pressing than ever. The U.S. Department of Justice (DoJ) has recently taken a significant step in this direction by announcing the creation of a new unit within its National Security Division, dedicated to tackling cybersecurity challenges. This article delves into the details of this development, highlighting its significance and implications for national security.

Cyber threats originating from nation-state and state-backed hackers have been on the rise, posing a considerable risk to national security. In response to this growing concern, the DoJ has established a specialized unit aimed at pursuing and disrupting such cyber threats. This unit will work in close collaboration with the existing national security team within the DoJ, enabling them to scale up their operations and expedite the prosecution of threat actors.

Assistant Attorney General Matt Olsen states that the new unit will not only focus on nation-state threat actors but also target state-sponsored cybercriminals, associated money launderers, and other cyber-enabled threats to national security. By formalizing this unit within the DoJ’s hierarchy, the department aims to streamline its efforts and enhance its ability to combat cyber threats effectively.

Although the DoJ’s announcement did not explicitly mention Chinese cyber efforts, it is worth noting that China has been a major concern in the realm of cybersecurity. The U.S. government, including top cybersecurity officials, has consistently emphasized the threat posed by Chinese cyberattacks. China’s tactics include compromising telecommunications firms, conducting cyber intrusions targeting journalists and dissidents, and launching cyberattacks capable of disrupting critical infrastructure.

Chinese cyber activities have also extended to corporate and industrial espionage. There have been instances where Chinese-backed hacking groups have targeted U.S. entities to gain intelligence and access sensitive data. This has raised concerns among government and corporate executives, particularly as China attempts to bridge the technological gap by leveraging U.S. innovation and research.

While Chinese cyber efforts have been a significant concern, it is important to recognize the threats posed by other nations as well. Russian and North Korean cyber actors have also been involved in cyber intrusions and attacks, albeit with different motives and tactics.

Russian hackers and ransomware groups have been known to engage in profit-driven activities, often extorting their victims for financial gain. These groups are highly skilled and capable of inflicting significant damage, but their attacks are typically less coordinated and strategic compared to those originating from China.

On the other hand, North Korean cyber actors have been involved in various cyber campaigns, targeting financial institutions, cryptocurrency exchanges, and other entities to generate revenue for themselves or their government. These attacks are often motivated by economic factors, and their impact can be severe.

Building cases against state-backed cyber threat actors can be a complex and time-consuming process. The global nature of cyber threats, coupled with the ability of threat actors to conceal their identities and operate from remote locations, presents significant challenges for law enforcement agencies. Investigations can take years to gather evidence and identify the individuals responsible, and even then, it is not always possible to make arrests.

To address these challenges, the newly established cybersecurity unit within the DoJ will serve as an incubator for early-stage cases. This will allow the unit to invest the necessary time and resources in conducting detailed and comprehensive investigations. By doing so, the DoJ aims to enhance its ability to disrupt cyber threats and bring threat actors to justice.

The creation of a dedicated cybersecurity unit within the DoJ’s National Security Division marks a significant step in combating cyber threats and protecting national security. With a focus on nation-state and state-backed hackers, the unit aims to increase the scale and speed of disruption campaigns and prosecutions. While Chinese cyber efforts have been a major concern, the unit will also address threats from other nations, such as Russia and North Korea. By investing in early-stage cases and leveraging the expertise of its national security team, the DoJ is positioning itself to be at the forefront of the fight against cyber threats.

As technology continues to advance, it is crucial for governments and organizations to prioritize cybersecurity and stay one step ahead of malicious actors. The establishment of this cybersecurity unit signals a proactive approach by the DoJ, demonstrating its commitment to safeguarding national security in the digital age.

First reported on: Silicon

The post Fortifying National Security: Inside the DoJ’s New Cybersecurity Unit Combatting State-Backed Hackers appeared first on ReadWrite.

In an age that everything goes viral on social media within a few hours, disinformation and black propaganda is the last thing that a business needs. An unhappy customer, competitors, or even foreign government-affiliated attackers can be the director of a wide-scale disinformation campaign.

Big brands are usually the common targets of disinformation campaigns due to clickbait purposes.

In addition to the reputation, the bigger brands need to be concerned about fake news impressions on the stock market. According to the survey by CHEQ, fake news costs the stock market $39 billion annually and $78 billion for the global economy.

Featured Partner for Social Scheduling Learn More on Later's website Free Version: 14-day Free Trial Starting Price: $18 / monthly Integrations: Instagram, Tiktok, Facebook, Twitter, Youtube...

You can’t expect regular users to look for the originality of news or video that they watch on social media. They believe what they see. It is a fact that social media users these days are too bored to seek the originality of what they see. Therefore, it is the responsibility of a business to protect its customers from being exposed to disinformation campaigns.

Disinformation campaigns can take different forms. They can be deep fake videos, sharing a tweet with false information at a large scale, or blog posts trying to tarnish a business’s reputation.

In every media these show up in, individuals and companies need to be well prepared and not be confused. Here are some proven and effective ways to confront disinformation campaigns that target businesses.

1. Be prepared for any scenario

When dealing with disinformation campaigns, always remember that an ounce of prevention is worth a pound of cure. If your business is not exposed to disinformation yet, it doesn’t create any safe zone for you against future endeavors.

Every business needs an “Emergency Response Strategy” when the reputation and identity are in danger, and customers are overwhelmed with a bunch of false information like worst buying experiences and defamation.

Featured Partner for Social Scheduling Learn More on Later's website Free Version: 14-day Free Trial Starting Price: $18 / monthly Integrations: Instagram, Tiktok, Facebook, Twitter, Youtube...

Teams in different departments should be involved in the development and implementation of this Emergency Response Strategy strategy.

The roles and responsibilities of each team must be clear to prevent confusion in response. Bafflement helps the attackers to multiply the impression of their disinformation. So just stay calm and try to lead and manage the situation appropriately.

Social Listening

One good way to prevent the situation from getting out of control and limiting the spread of false information is to strengthen social listening. Social listening has been initially a part of marketing programs, but it is also essential to oversee the information shared on social media about your brand in disinformation campaigns.

2. Engage and communicate

When it comes to tackling disinformation campaigns, engagement and communication are key. Attackers are trying to create a toxic atmosphere around the brand by spreading false information to change people’s mindsets. Let’s think of this as a battle between good and evil.

Spread the correct news with your audience.

The evil tactic is focused on sharing false information, and you can thwart this tactic by spreading the right news and engaging with your audience. The infantry of the brand goes through different platforms and starts sharing information that is the opposite of what the attackers insist is true.

Address your audience directly — tell the truth of the situation.

Address your audience directly and tell them what is happening. Engagement helps to reduce the effectiveness of disinformation campaigns. Use the verified accounts in social media to respond to the misinformation to ensure the users that the response is coming directly from the brand.

Starbucks’s response to the news of “Dreamer Day” Campaign on Twitter is a good example of answering directly from the brand.

Shortly after the news broke, Starbucks actively warned its users on Twitter about the campaign, saying it is a hoax. This is how to take care of your customers.

Featured Partner for Social Scheduling Learn More on Later's website Free Version: 14-day Free Trial Starting Price: $18 / monthly Integrations: Instagram, Tiktok, Facebook, Twitter, Youtube...

3. Take legal actions

The last thing you can do is to take legal actions against the source of disinformation campaigns and the people circulating those fake news on social media. The company’s legal team can file a complaint on local courts and the Federal Trade Commission (FTC).

Requesting platforms to remove fake news is another option on the table.

Some platforms like Facebook and Twitter have taken positive steps to counter fake news and pursue stricter policies. However, brands can directly ask social media to remove fake and false information.

Image Credit: joshua miranda; pexels

The post 3 Ways Businesses Can Tackle Disinformation Campaigns appeared first on ReadWrite.

Being successful in the business world ultimately boils down to two fundamental steps. The first of these steps is to supply something to satisfy public demand at a reasonable price. The second of these steps is to show an idea to the right people at the right time.

How to Make New Friends and Promote Your Business

Unfortunately, this is often the limiting step for many people who start their own businesses and who are otherwise capable and insightful. With this information in mind, the following are simple yet effective methods to make new friends and promote your business.

Featured Partner for Social Scheduling Learn More on Later's website Free Version: 14-day Free Trial Starting Price: $18 / monthly Integrations: Instagram, Tiktok, Facebook, Twitter, Youtube...

Calls to Action

The first method to make new friends and promote your business is to insert calls to action in the team’s email signatures. A single employee can receive over one hundred emails daily, and as a result, a team of several employees can see this number multiplied rapidly.

Using a call-to-action button is more attractive, compelling, and dynamic as an opportunity for promotion than the usual websites or job titles.

Google My Business

The second method to make new friends and promote your business is to set up a Google My Business Account. In addition to a search engine, Google also acts as a small business directory, with three big advantages for companies reliant on local businesses, the first being that one’s local business is listed on Google search as well as Google maps.

The second is that it enhances search engine optimization to enable businesses to be found more easily by customers looking for relevant products and services. The third is that it is favorable to customers adding reviews, which further help Google display the business with essentially free advertisement.

Joint Ventures

The third method to make new friends and promote your business is to set up a joint venture. Among the easiest ways to showcase an offer to the right individuals is to locate and target an audience that contains the sort of people you happen to be looking for.

Advertising can accomplish this task, but a better option still in the short term is to join forces with other businesses that are targeting the same audiences as you, provided they are not competing with you, of course. Joint ventures are highly effective and can attract more customers and quickly.

Webinars & Presentations

The fourth method to make new friends and promote your business is to give a webinar or a presentation, which can be just as effective offline as well as online. Offering webinars and workshops can draw in target audiences and enable you to collect contact information in order to follow up in the future.

Once you have located your target audience, start setting up meetings, seminars, or similar events such as a lunch period where information is provided to attendees.

Discounts & Free Trials

The fifth and final method to make new friends and promote your business is to offer free or discounted products or services. These products and services are an excellent way to attract new clients and friendships, and, based on the particular business model being used, could even prove to present effective ways to demonstrate your CRM.

Featured Partner for Social Scheduling Learn More on Later's website Free Version: 14-day Free Trial Starting Price: $18 / monthly Integrations: Instagram, Tiktok, Facebook, Twitter, Youtube...

You could even receive a loss in order to generate market share and drive referrals, leads, sales, and the like. If you happen to be offering an app as a service and product, a free app or trial is a great strategy if you wish to know how to get people to download your app.

Conclusion

Making new friends and promoting one’s business is ultimately a self-started and self-directed effort. There is no single solution or method, and a lot of trial and error is necessary to get the best result.

Nonetheless, following some of the aforementioned tips can help promote your business with rather low investment on your part and gather some momentum.

Image Credit: helena lopes; pexels

The post How to Make New Friends and Promote Your Business appeared first on ReadWrite.