The IT Nerd

With the rising popularity of streaming services, they have also become the prime target of cybercriminals. Some hackers may be after a free ride on your Netflix or Spotify account, others after your personal details, while a chunk of hackers try to profit by selling hacked streaming accounts on the dark web. 

The Atlas VPN team, using data from Whizcase, reports that dark web accounts for popular streaming services are sold for an average of $11.

The cheapest accounts belong to SoundCloud users. They are being sold for as little as $6. 

On the other side of the spectrum are Apple Music and Disney+. They have the biggest price tag among hacked streaming accounts on the dark web, around $15 and $14, respectively. 

Spotify and Netflix accounts are offered at $12 each, while Hulu and Twitch accounts are sold for $11, followed by HBO Max at $10. In the meantime, hacked accounts of Amazon Prime Video users are being offered for $9.

Streaming accounts typically contain not only the user’s name, surname, date of birth, and contact information but also often have linked payment methods, making them a valuable target for cybercriminals.

Fraudsters frequently gain unauthorized access to people’s streaming accounts using login credentials obtained from data breaches. This happens because many people use the same login information for multiple accounts. If one of the accounts gets compromised in a breach, others are also at risk. Hackers can also use phishing scams to trick people into giving away sensitive information that can then be used to access their accounts.

To read the full article, head over to: https://atlasvpn.com/blog/this-is-how-much-hacked-streaming-accounts-cost-on-the-dark-web

The first-ever thorough analysis of the state of cybersecurity of the US defense industrial base (DIB) reveals that nearly 90% of its contractors do not meet the required security standards.

Defense contractors possess sensitive national security information and are being constantly targeted with sophisticated hacking operations led by state-sponsored hackers.

The in-depth analysis of the Pentagon supply chain was commissioned by CyberSheath, a cybersecurity compliance service provider, and was carried out by Merrill Research, a leader in providing custom, multi-methodological research services. Access the State of The Defense Industrial Base Report here. 

The survey questioned 300 US-based DIB contractors via an online survey in July 2022.

The supply chain of the departments in question was evaluated using the Supplier Risk Performance System (SPRS), which is the DoD’s single, authorized system to retrieve supplier security performance information.

Contractors who do not possess an SPRS score of 70 or higher are deemed non-compliant with the Defense Federal Acquisition Regulation Supplement (DFARS) criteria.

The DFARS is a set of cybersecurity regulations the DoD imposes on its contractors. The DFARS, which has been in effect since 2017, demands a score of 110 to be considered fully compliant.

Data presented by Atlas VPN shows that a startling 89% of contractors have an SPRS score of less than 70, which means that they do not meet the legally required minimum.  

Over 25% of the supply chain received SPRS scores between -170 to -120, while only 11% of surveyed contractors received a score that is regarded as compliant.

The research conclusions show a clear and present risk to US national security.

These findings should not be easily overlooked, considering the current global political tensions and the constant barrage of attacks from state-sponsored hackers.

Areas of non-compliance

Approximately 80% of the DIB does not monitor its systems 24/7/365 and does not use security monitoring services headquartered in the United States. Using foreign cybersecurity services has a risk on its own.

Other flaws were discovered in the following areas:

• 80% do not have a vulnerability management system.
• 79% do not have a robust multi-factor authentication (MFA) system in place, and 73% do not have an endpoint detection and response (EDR) solution.
• 70% of organizations have not implemented security information and event management (SIEM)

These security measures are legally required by the DIB, and if they are not satisfied, the DoD and its capacity to undertake armed defense face a major danger. 

To read the full article, head over to: https://atlasvpn.com/blog/nearly-90-of-the-pentagon-supply-chain-fails-basic-cybersecurity-requirements

Despite Linux’s reputation as the most secure operating system, it is not immune to malware. In fact, Linux malware has become increasingly prevalent in recent years as more and more devices and servers run on Linux operating systems. 

According to data analyzed by the Atlas VPN team based on malware threat statistics from AV-ATLAS, new Linux malware threats hit record numbers in 2022, increasing by 50% to 1.9 million.

The majority — 854,690 — of new Linux malware samples were detected in the first quarter of 2022. In the second quarter, new malware samples dropped by almost 3% to 833,065.

New Linux malware numbers plummeted again in the third quarter of the year, this time by a whopping 91% to 75,841. However, in the fourth quarter of 2022, they picked up again, growing by 117% to 164,697. 

Other operating systems see a decline in new malware 

While Linux malware reached never-before-seen numbers in 2022, the total number of new malware developments actually fell. Compared to 2021, when 121.6 million samples were detected, new malware numbers dropped by 39% to 73.7 million in 2022. 

Android saw the most significant fall in newly-programmed malware. New Android malware samples declined by 68%, from 3.4 million in 2021 to 1.1 million in 2022.

Next up is Windows. Despite being the most targeted operating system last year, with over 95% of all new malware threats aimed at it, Windows still had a 40% decline in new malware samples. They fell from 116.95 million in 2021 to 70.7 million in 2022. 

Finally, new malware applications aimed at macOS plunged by 26% from 17,061 in 2021 to 12,584 in 2022. 

To read the full article, head over to: https://atlasvpn.com/blog/new-linux-malware-hits-record-highs-in-2022-rising-by-50

One of the key selling points of blockchain is its security. The technology’s decentralized nature should make it resistant to tampering and fraud. However, as with any technology, blockchain is not immune to hacking.

According to the data collected by the Atlas VPN team, blockchain hackers stole over $3.5 billion worth of cryptocurrencies in 2022.

Blockchain bridges lost $1.2 billion worth of cryptocurrencies in just 16 events. Ronin Network sidechain bridge suffered the biggest hack of the year, as the attacker walked away with $610 million.

Furthermore, the BSC ecosystem lost over $870 million in 76 attacks or scams in 2022. The Ethereum ecosystem is not far behind, with 49 events resulting in losses of more than $500 million in cryptocurrencies.

Other crypto-related projects and people were victims of 48 hacks, causing nearly $370 million in losses.

In addition, it is worth mentioning that while we did not include the FTX collapse that lost more than $8 billion of its customers’ money, it is considered a fraudulent exchange by most crypto experts.

Cybersecurity writer at Atlas VPN, Vilius Kardelis, shares his thoughts on blockchain hacks:

“As the use of blockchain technology continues to grow and become more mainstream, we can expect to see a corresponding increase in the number of hacking attempts targeting these systems.”

Blockchain hacks are on the rise

Despite the fall of the crypto market in 2022, cybercriminals are still targeting blockchain networks and exchanges for their financial gain.

In 2022, cybercriminals and scammers caused a total of 301 blockchain incidents. Last year hacks rose by 27% compared to 2021, when researchers registered 237 blockchain events.

The first quarter of 2022 started strong with 79 blockchain incidents, the most recorded in a quarter at that time. However, in the second quarter, hacks were up by 24% and reached new heights at 98 events.

Due to the fallen prices of most crypto, blockchain hacks have dipped significantly to 56 events in the third quarter, a 43% drop compared to Q2. While the crypto market is still down, blockchain hackers and scammers came back with more schemes in the last quarter of the year, with 68 incidents and more than $1 billion in stolen profit.

To read the full article, head over to: https://atlasvpn.com/blog/blockchain-hackers-stole-over-3-5-billion-in-2022

The latest data analyzed by Atlas VPN reveals that as of December 2022, companies paid a total of €2.83 billion in 1401 cases for violating various data protection laws.

Out of that, GDPR fines in 2022 total €832 million, which is 36% lower than the €1.3 billion paid in 2021.

However, last year stands out not in the total sum fined but in the severity of the charges imposed on a single entity — Meta.

The data for the analysis was extracted from Enforcementtracker. Note that not all cases are made public.

While the heftiest sum charged for violations was recorded in Q3 of 2021, the third quarter of 2022 was also significant, as businesses were penalized €430 million. 

Meta fined hundreds of millions repeatedly

Distinctively, the majority of the penalties in 2022 were paid by a single tech behemoth – Meta. 

The Data Protection Commission (DPC), an authority for GDPR enforcement in Ireland, imposed a €405 million fine for Meta Platforms Ireland Limited (Instagram) on September 5th, 2022. 

Two issues were found with the processing of personal data pertaining to child users of Instagram. 

The children’s email addresses and phone numbers were publicly exposed when using the Instagram business account function, and Instagram profiles of kids were public-by-default.

Another hefty sum of €265 million was penalized to the same entity on November 25th, 2022, when the DPC declared that Meta had infringed two articles of the EU’s data protection laws after details of Facebook users from around the world were scraped from public profiles in 2018 and 2019.

Moreover, the DPC issued a “reprimand and an order” forcing Meta to “bring its processing into compliance by executing a range of specified remedial activities within a specific deadline”. 

Meta complied and made the adjustments within the required timeframe.

To date, Meta has paid around €1 billion for GDPR violations.

To read the full article, head over to: https://atlasvpn.com/blog/eu-businesses-fined-over-%E2%82%AC830-million-for-gdpr-violations-in-2022-meta-paid-over-80

According to Atlas VPN analysis, Google’s video platform removed a record number of channels last quarter  — 5.8 million. 

Prior to Q3 2022, the highest volume of removed channels was recorded during the third quarter of 2021, at 4.8 million terminations. 

Over 91.2% of all removed channels last quarter were flagged as either misleading, participating in scams, or simply spamming.

The number of channels removed in Q3 2022 increased by 1.8 million compared to Q2, representing a growth of 46%. 

The figures were extracted from the YouTube Community Guidelines enforcement report. 

Another 194 thousand channels, or 3.3% of the total, were terminated due to breaking YouTube’s community guidelines by showcasing nude or sexual content.

An official statement by YouTube notes that the high volume of terminated channels might be due to the actions they have taken to preserve their workforce and cut in-office staffing in response to COVID-19. 

Most videos deleted in India

When YouTube deletes a channel, all of its videos are removed as well. Together with 5.8 million channels, due to channel-level suspension, more than 5.6 million videos were removed in the third quarter of 2022.

Surprisingly, one country stands above the rest in terms of the volume of recordings terminated. 

Throughout Q3 2022, as many as 1.7 million videos originating from India were deleted. The second country on the list — Indonesia, saw 629 thousand videos removed. 

The United States stands in third place, with 534 thousand removals. Brazil (276 thousand) and Russia (218 thousand) round up the top five countries in terms of deleted Youtube videos as a result of overstepping community guidelines. 

Interestingly, video and channel removal reasons differ completely.

While 91.2% of channels were removed due to spamming, misleading, and scams, only 3.9% of videos were removed based on these grounds. 

In contrast, the largest portion of videos were terminated due to child safety concerns, totaling 2 million videos deleted, comprising 36% of the total.

To see the full article, head over to: https://atlasvpn.com/blog/youtube-removed-a-record-5-8-million-channels-in-q3-2022

Domain names help us navigate the vastness of the world wide web and find the information and services we are looking for. However, malicious actors abuse the importance of domain names by registering ones that are identical or similar to existing trademarks, company names, or personal names, hoping to profit from the confusion. It is called cybersquatting.

According to the data presented by the Atlas VPN team based on the information provided by the World Intellectual Property Organization (WIPO), cybersquatting cases reached record highs in 2022.

In total, 5,616 cybersquatting disputes were filed to the WIPO this year — nearly a 10% rise from 2021.

If we look at the historic numbers of cybersquatting complaints, they have been steadily growing over the past six years. Compared to 2000, cybersquatting disputes have risen by a whopping 202%. 

In total, 61,284 cybersquatting complaints have been filed to WIPO from 2000 till now.

After registering the look-alike domain names, cybersquatters may attempt to sell them to the trademarks they are copying or use similarities in domain names to attract traffic to their own website. Among the latter are those that use domains to lure victims into phishing attacks.

To read the full article, head over to: https://atlasvpn.com/blog/cybersquatting-cases-reach-record-highs-in-2022

Internet service providers (ISPs) often advertise internet speeds that are significantly higher than the actual speeds experienced by consumers.

According to the Atlas VPN team’s analyzed data, internet speed can be up to 3 times slower than advertised. As the numbers suggest, the faster internet packages are usually far from real speeds, while the slower internet plans are more true to what is advertised.

Internet packages up to 125 Mbps deliver the speeds ISPs advertise. Some people could reach even higher speeds than advertised in the plan.

The further we go, the actual speed goes further from what is advertised in the deal. The advertised 400 Mbps packages have a median tested speed of 256 Mbps.

The most significant difference is in premium plans that offer 940 Mpbs and up. The median tested speed of the advertised 1200 Mbps deal is only 360 Mpbs. That is a 70% contrast between what is offered by the ISPs and what internet users actually get.

Cybersecurity writer at Atlas VPN Vilius Kardelis shares his thoughts on the difference between advertised and actual internet speeds:

“There are many factors that can contribute to slower internet speeds than what is advertised by ISPs. While it can be frustrating, it is important to understand that there are limitations to internet technology and that speeds can vary depending on a variety of reasons.”

Why is that?

One of the main reasons for slower internet speeds is network congestion. When a large number of people are using the internet simultaneously, it can cause the network to become overloaded and lead to slower speeds.

Another reason is that internet speeds can be slowed down by hardware limitations on a user’s device. Furthermore, many ISPs have “fair usage policies” that limit the amount of bandwidth a user can consume at any given time.

To read the full article, head over to: https://atlasvpn.com/blog/actual-internet-speed-can-be-up-to-3-times-slower-than-advertised

Social media has made our communication much more convenient, allowing us to easily keep in touch with family and friends and connect with like-minded people within a matter of seconds. However, it also made it much easier for cybercriminals to con us.

According to the data presented by the Atlas VPN team, consumers in the United States lost a whopping $931 million to social media scams this year (approximately $3.4 million per day). 

In total, 131,409 social media scams were reported in the first three quarters of 2022. While only approximately a tenth (12%) of reported scams took place on social media, it was the most lucrative channel for fraudsters bringing in more funds than any other medium. 

Websites and apps were the second most profitable channels for cybercriminals. Fraudsters looted $692 million via 136,553 scams on websites and apps from Q1 through Q3 of 2022. 

Phone call scams occupy the third spot on the list. FTC recorded 229,494 such schemes in the first three quarters of this year, which brought criminals $590 million. 

Next up is email fraud. Overall, 195,571 such scams were documented in the first three quarters of this year, which cost victims $309 million.

Meanwhile, scams conducted via text messages earned criminals $231 million. Despite occupying the fifth space in terms of losses, text message fraud was the most frequently reported, with 252,647 fraud instances disclosed in Q1 through Q3 of 2022.

Fraudsters also employed online ads and popups in their schemes. While FTC documented only 27,678 such cases, online ads and popup scams brought in $131 million.

Finally, US consumers also reported 25,803 mail scams. Collectively, such scams earned cybercriminals $53 million.

To read the full article, head over to: https://atlasvpn.com/blog/us-consumers-lost-over-930-million-to-social-media-scams-in-2022

For the second year in a row, merchants reported rises across the board in numerous key measures that assess the extent to which fraud affects eCommerce. 

From higher income lost to fraud to more eCommerce orders being rejected as fraudulent to increased chargebacks and disputes, the average statistics retailers reported rose internationally over the last year.

The most significant shift in fraud payment prevention spending was recorded in North America, where businesses upscaled their spending two times, from 5% of their annual revenue in 2021 to 10% in 2022, according to data presented by Atlas VPN. 

The figures mentioned were extracted from the Global Fraud and Payments Report 2022, in-depth research conducted by the collaborative efforts of Cybersource, the Merchant Risk Council (MRC), and Verifi. 

The study included 1,060 merchants active in eCommerce fraud and payment management. SMBs ($50k to <$5mn) amount to 38% of the sample size, Mid-Market ($5mn to <$50mn) to 25%, and Enterprises ($50mn+) to 37%. The poll was conducted in November and December of 2021 globally. 

The majority of the companies (60%) were in the physical goods & retail sector, a quarter in the other products & services category, and the remaining surveyed merchants were in the travel & tourism (9%) and digital goods & entertainment (6%) industries.  

Besides North America, another significant change from 2021 to 2022 appeared in the Asia-Pacific (APAC) region, where companies decreased their allocated part of the revenue for fraud prevention by 6%. 

Before, businesses in the APAC area were spending the highest portion of their earnings on payment fraud prevention, but after these changes, they fell in line with the global average, which stands at 10% in 2022.

Mid-market companies allocate most funds

Moving on to fraud prevention by company sizes, interestingly, the average metrics of Mid-market businesses now outnumber those recorded by SMB and corporate eCommerce enterprises. 

While Mid-market firms spend an average of 11% of their annual revenue on payment fraud prevention, SMBs only spend around half as much, at 6%.  

The reasoning behind this is likely because Mid-market businesses are large enough to be enticing targets for fraudsters yet have lesser budgets and fewer employees, tools, and resources to use for fraud protection. Thus, midsize firms may suffer disproportionately from eCommerce fraud.

To read the full article, head over to: https://atlasvpn.com/blog/businesses-in-north-america-double-their-2022-spending-on-payment-fraud-prevention