Latest news with #Dvuln
Daily Mail
16-05-2025
- Business
- Daily Mail
Australia Post customers warned to be on high alert for new 'Darcula' scam texts
Australia Post has issued a warning about a new scam exposing countless of its customers to massive personal and financial losses. The scam, known as 'Darcula', involves sending fradulent messages purportedly sent by Australia Post, advising customers that their delivery had failed due to an invalid post code. Customers are then asked to click on a link to a page that appears similar to Australia Post's website where they are asked to provide personal information. Australia Post shared the alert on its website on Friday, reminding Australians it would never call, text or email customers to request access to personal or financial information or payment. It also shared new research which found nine in 10 Aussies have received a scam text or call while nearly three-quarters have been targeted by scams mimicking parcel delivery services. 'Scammers prey on busy lifestyles and the excitement and urgency in waiting for a package', Australia Post chief information security officer Adam Cartwright said. 'The safest way to track your deliveries is directly through the official AusPost app. If you're expecting a parcel, don't click on suspicious links or respond to unexpected messages — always check the app first.' Hacker and founder of Sydney-based cybersecurity firm Dvuln Jamieson O'Reilly told Daily Mail Australia the consequences of falling prey to a Darcula scam could be dire depending on how far the scammer was willing to go. 'As soon as the victim enters their details, the information appears in the criminal's dashboard. They can watch it live and immediately use the information,' he said. 'They might drain bank accounts, steal identities, or sell the information on dark web forums.' Mr O'Reilly said the scam was an example of a 'Phishing-as-a-Service' platform. 'It gives cybercriminals a turnkey solution to launch sophisticated brand impersonation campaigns,' he said. 'Unlike older phishing kits that rely on hackers cloning legitimate websites and using these static phishing pages, Darcula is a little more innovative. 'It's offered as a subscription-based cybercrime toolkit that makes it incredibly easy for scammers to launch fake websites that look like trusted brands such as Auspost or DHL.' Mr O'Reilly said the new scam recently entered its third iteration, opening the field to less-skilled scammers who can benefit from the increasingly automated platform. 'Criminals don't need to be technical. They just pick a brand, choose a scam message (like 'you missed a parcel'), and Darcula sets everything up for them,' he said.
Daily Mail
30-04-2025
- Business
- Daily Mail
Thousands of Commonwealth Bank, ANZ, NAB, Westpac customers' login details are leaked on the dark web
Cybercriminals are sharing the banking passwords of thousands of Australian customers online, sometimes for free, and banks are unable to stop it. A recent sweep of dark web and encrypted messaging threads by information security firm Dvuln found at least 31,000 Australian internet banking passwords had been exposed by hackers in the last four years. The Sydney-based firm identified credentials belonging to at least 14,000 Commonwealth Bank customers, 7,000 ANZ customers, 5,000 NAB customers and a further 4,000 customers of Westpac. 'The actual number of compromised customer devices is likely substantially higher, as many infections remain undetected or are traded in private channels outside our visibility,' Dvuln said in a report released on Tuesday. The passwords were stolen through so-called 'info-stealer malware', a malicious software installed on devices through online ads, SMS messages and emails. Harvested data includes the usernames, passwords, browsing data, credit card details, local files and cryptocurrency wallets of Australian consumers. A global industry has spawned to take advantage of the hack, in which providers build the malware and distributors share the harvested information. 'The exposures were linked to consumer device infections, not breaches of bank systems,' Dvuln founder Jamieson O'Reilly told Daily Mail Australia. It was for this reason the affected banks were not named in the initial report, though Mr Jamieson has since confirmed the figures. 'Naming them could create misleading headlines and shift attention away from the real issue - the need for the public to improve cyber hygiene,' the expert explained. 'Our intent was to raise awareness and encourage collaboration across the sector, not to single out individual institutions.' Australian Banking Association chief executive Anna Bligh agreed, stating the issue related to breaches of individual devices including phones and laptops. 'Keeping customers secure online is the top priority for Australia's banks,' Ms Bligh told Daily Mail Australia. 'They continue to invest security defences to help keep customers safe, including using advanced intelligence systems to monitor both open and dark web sources for compromised customer credentials.' Cybercriminals can harvest valuable data for years after a device has been corrupted, allowing hackers to retrieve information to take over accounts and conduct fraudulent transactions long beyond the initial attack. The infections overwhelmingly targeted computers operating on Windows software though a growing number of mobile devices are also being targeted. Australian consumers are not unique in being targeted by the malware, with research from KELA identifying an estimated 3.9billion stolen passwords circulating online globally last year. So abundant is the harvested data that cybercriminals have begun selling bundles of credentials at discounts and even for free in a bid to secure future business. Given the depth and adaptability of the threat, the standard security approaches of multi-factor authentication and regular password changes may not solve the issue. Mr O'Reilly likened changing passwords from an infected machine to 'locking the door while the burglar is still inside'. Instead, customers should change their passwords from a separate device and to regularly undertake software and antivirus updates. 'Have a clean device. If you're dealing with money - banking, investments, tax - use a machine that's never touched a game, torrent, or a free movies app,' he said. Mr O'Reilly advised online banking be kept separate from the family computer. 'If your kids are using a computer, make sure it's not the one that has access to your financial life. This is the equivalent of not writing your bank PIN on a sticky note beside your front door. Yet it's happening in thousands of homes every day,' he said.
7NEWS
29-04-2025
- Business
- 7NEWS
Thousands of Australian bank login details leaked on dark web, and banks can't stop it
Thousands of Australians' bank login details are being passed around on the dark web and banks say there's little they can do to stop it. More than 31,000 sets of credentials — including those of at least 14,000 Commonwealth Bank customers, 7000 ANZ customers, 5000 NAB customers and 4000 Westpac customers — have been stolen from personal devices infected with malware, the ABC reported. The stolen details are now circulating on the messaging platform Telegram and dark web forums, according to Australian cyber intelligence firm Dvuln. The Australian Banking Association told the issue was not a breach of banking systems but a result of malware targeting individual users' phones and laptops. 'Keeping customers secure online is the top priority for Australia's banks,' ABA CEO Anna Bligh said. 'They continue to invest (in) security defences to help keep customers safe, including using advanced intelligence systems to monitor both open and dark web sources for compromised customer credentials.' The Australian Cyber Security Centre describes 'infostealer' malware as software designed to quietly infect a device, harvest sensitive data, such as banking logins, and send it directly to cybercriminals. The stolen data can include usernames, passwords, credit card details, cryptocurrency wallets, local files, and browser data, such as cookies, user history, and autofill form details. Dvuln founder Jamie O'Reilly echoed the ABA, saying the issue is not a vulnerability within the banks themselves. 'We've seen a tight correlation between the use of infostealer malware and using those passwords to conduct these types of attacks,' he told the ABC. O'Reilly said many attacks go unnoticed because they typically happen without warning. 'There may be a large number of fraud attacks happening against individuals and businesses … but there's been no public attribution because it's very difficult to trace back to a specific malware infection,' he said. 'A lot of this crime, on an individual level, goes unreported.' Despite the widespread problem with malware, there are few news stories or official cases directly linking fraud to infostealers. Once compromised, leaked information can have long-lasting consequences. O'Reilly found devices infected up to four years ago can still provide valuable data. His team also conducted tests in which they compromised ASX-listed companies using passwords that were four to five years old. Some cybercriminal groups offer stolen credentials for free to attract new buyers, while others sell the data at prices as low as $600 for access to up to 200,000 compromised devices. While most infected devices are Windows-operating PCs, cybercriminals are gradually targeting more mobile devices — though the scale of this threat is still much smaller. How to secure your bank account The ABA said banks would take immediate action to secure an account if they suspect a customer's credentials have been compromised. 'If a bank becomes aware that a customer's credentials may have been compromised, they take steps to secure their account and advise them on how to prevent further activity,' Bligh said. 'If customers have any concerns about their account details, they should get in touch with their bank as soon as possible.' The Commonwealth Bank also reassured customers it has additional measures in place to strengthen account security, including constant monitoring for suspicious activity and combatting emerging threats. 'We use advanced intelligence systems to monitor both open and dark web sources for compromised customer credentials,' it told 'We detect and block suspicious transactions in real time … have an integrated security approach combining cyber, fraud prevention, and resilience capabilities … continuously adapt our defences based on real-time threat intelligence and regular testing of our security systems.' Customers are also encouraged to take steps to protect themselves. These include creating unique, strong passwords and updating them regularly, installing and maintaining reputable anti-virus software, and monitoring accounts closely. The bank also recommends enabling transaction notifications and contacting it immediately if any suspicious activity is noticed.
West Australian
29-04-2025
- Business
- West Australian
Cyber security firm Dvuln warns Australian banks, customers of new wave of identity theft
An internet security group says Australia needs to prepare for a new generation of criminal software that penetrates big computer systems using stolen customer cookies. Security consultant Dvuln says stolen customer credentials are presenting a double challenge to Australian financial institutions — forcing them to defend the integrity of their own networks and protect customer accounts. Infostealer software not only steals the account name and passwords details that a person might store on their phone or computer. The malware can also harvest the digital cookies, or tokens, that allow users to move smoothly through a secure system after they have passed traditional log-ins and even advanced multi-factor authentication (MFA) systems. Dvuln said some infostealer systems had captured authentication tokens to the extent that they could entirely bypass MFA gateways. 'Criminal marketplaces have adapted to capitalise on these capabilities,' the security group said in a report. 'Some marketplaces now featured dedicated filters for 'token-included' credential packages that increased the likelihood of MFA bypass.' Israeli cybersecurity group KELA estimated in February that 330 million individual credentials were compromised by infostealer infections in 2024, enabling fraud and ransomware attacks. Dvuln said its research had identified the 30,000 Australian bank customer credentials in infostealer logs, but the actual number of stolen credentials was likely far higher. The banking details belonging to at least 14,000 CommBank customers, 7000 ANZ customers, 5000 NAB customers and 4000 Westpac customers. 'Many infections remain undetected or are traded in private channels outside our visibility,' he said. With lines continually blurring between organisational security and customer security, Dvuln said financial institutions, governments, customers and security experts needed collaborative approaches to address this growing problem. 'This is not about shifting responsibility to any single party, but rather recognising neat traditional security boundaries are being c
News.com.au
29-04-2025
- Business
- News.com.au
31k Aussies have had their banking details compromised
Banking passwords belonging to 31,000 Australian customers have been stolen using malware and traded through the dark web, with experts fearing customers could lose their money. According to an investigation by cyber intelligence researcher Dvuln, banking details belonging to at least 14,000 CommBank customers, 7000 ANZ customers, 5000 NAB customers and 4000 Westpac customers are available on the messaging platform Telegram and the dark web. Dvuln said Australian financial security was facing a silent threat of infostealer malware harvesting data but not from inside the walls of financial institutions. Dvuln co-founder Jamieson O'Reilly told NewsWire there was a thriving underground where criminals had changed the way they scammed victims. 'Instead of the traditional ransomware attack where they lock your computer and ask for money, criminals have found that it's much more lucrative to not be detected, not make any noise and just leave the malware on your device as long as possible so that every time you change your information, it is sent back to the criminal gangs that control it. 'It means they have this continuous stream of information that they can sell to other cybercriminals. 'So rather than one payment with a ransom, they're getting year-on-year payments in some cases where they've got a device infected for a long time.' Mr O'Reilly said while the research focused on the banks, there was a much larger problem for Aussie households. 'We chose to highlight the banking risk because that would get the everyday Australian's deserved attention, but there was a lot more information,' he said. 'If your computer is infected, it's not just your banking credentials. It's your whole personal identifiable information, your digital life,' he said. The hack, known as an infostealer, works by individual users' devices having malicious software unknowingly installed. The software will collect and send as much valuable data as possible to a cybercriminal before it is traded on the dark web. It overwhelmingly targets computers running on Windows and, as well as passwords, can capture credit card details, cryptocurrency wallets, local files, and browser data, including cookies, user history and autofill details. Some of the 31,000 devices mentioned above were infected as far back as 2021 but would still provide valuable data to hackers. Mr O'Reilly said this number represented just a fraction of the total number of people who could have been impacted by this scam. Globally, separate research from Kela shows more than 3.9 billion passwords have been stolen using this scam method. Dvuln said it started the research following Australia's superannuation hack in early April. Worse still, Dvulen research shows the scammers have evolved beyond simple password theft and are now able to capture authentication cookies, allowing them to bypass multi-factor authentications. 'It's important to say that MFA and all the other security controls are not useless, they definitely have a place,' Mr O'Reilly said. 'Use them whenever you get the opportunity. 'They won't stop this virus getting on your device, but they will make it harder for criminals to actually use the information on your device.' Australian Banking Association chief executive Anna Bligh said the issue relates to data being accessed from individual personal devices such as phones and laptops, not from any breach of bank security systems. 'Keeping customers secure online is the top priority for Australia's banks. They continue to invest security defences to help keep customers safe, including using advanced intelligence systems to monitor both open and dark web sources for compromised customer credential,' she said. Ms Bligh said if a bank became aware that a customer's credentials had been compromised, it could take steps to secure their account and advise them on how to prevent further activity. What should Aussies do to protect themselves Mr O'Reilly said it was important that Australians focused on good cyber-security awareness and evolved their thinking from traditional scams. 'I think what it shows, in terms of importance, is how much the public needs to wake up to the fact that criminals are making a good living off their information,' he said. 'And we need to get out of this mindset where if you're hacked, then you'll see big pop-up warnings on your computer.' According to the Commonwealth Bank, there are a few tips that can help slow down these types of scams. To enhance their security, customers should: • Create unique, strong passwords and change them regularly • Install and maintain reputable antivirus software • Monitor their accounts and enable transaction notifications • Contact their financial institution immediately if they notice anything suspicious Commonwealth Bank also said it was using advanced intelligence systems to track the dark web for compromised credentials, block suspicious payments and adapt their defences based on real-time threats.
