CyberheistNews Vol 5 #20 Adult Friend Finder Hack Is Nightmare Phishing Problem

Adult Friend Finder Hack Is Nightmare Phishing Problem
Guys, we have a real phishing problem with this Adult Friend Finder (AFF)  hack. This particular adult site is one of the most heavily trafficked  websites in the U.S. and has 40 million registered users. A rough guess is  that 10% of your users may be very worried at this time that their sexual  preferences and/or activities are going to come out. These end-users are  a security breach waiting to happen. You may have heard about it, but in short, the story is that the AFF site owed  $248,000 to someone, very likely an affiliate that was feeding them web  traffic, and apparently AFF did not pay up. The affiliate had a hacker  buddy who calls himself ROR[RG] and this guy decided to teach AFF a lesson.
He hacked them, exfiltrated at least 4 million records and then sent them  a ransom demand of $100,000 to return the data. Again, apparently AFF did  not pay up and ROR[RG] in retaliation posted these records on a Darknet  Tor site loaded with a ton of highly personal, sensitive information.

It includes their age, sexual preferences, state, zip code, username, IP  address, and if they are married or single, gay or straight, and are looking  for a "cheating one night stand" or more let's call it unorthodox sexual  activities. With a little bit of digging, these people are relatively easy  to find. Bev Robb, who does malware and Dark Web research, wrote a blog  post showing how easy it is.

FriendFinder Networks, a California-based company wrote that it had hired  FireEye's forensics unit, Mandiant, to investigate along with Holland and  Knight, a law firm, and a public relations company specializing in cybersecurity.

"We cannot speculate further about this issue, but rest assured, we pledge  to take the appropriate steps needed to protect our customers if they are  affected," it said. The company could not be reached for further comment.  UK TV Channel 4 reported it first, and stated exposed email addresses are  receiving a wave of spam. Here is their 4-minute segment.

Here Is The Problem

Any of these 40 million registered users is now a target for a multitude of  social engineering attacks. Just one example: you can imagine that a man  married to a woman but who is hunting down gay hookups on the side could  easily be blackmailed or receive a spear phishing email with a poisoned  link that infects his workstation. 

People that have extramarital affairs can be made to click on links in emails  that threaten to out them. I can already see the phishing emails that claim  people can go to a website to find out if their private data has been  released. This is a nightmare that will be exploited by spammers, phishers  and blackmailers who are now gleefully rubbing their hands.

Mass media has jumped on this, the news of this hack is on CNN, NBC, you  name it. If any of your users has registered on AFF, they have probably  heard about it and are worried. This is a nightmare phishing scenario.  Jilted spouses, divorce attorneys and private investigators are undoubtedly  already pouring over the data.

What To Do About It

This is not an easy one. I suggest you take immediate preventive action.  It only takes one second for a worried end-user (or admin) to click on  a link in an email and expose the network to attackers. I suggest you  send something like this to your friends, family and end-users. Feel  free to edit:

"Last week, news broke that the Adult Friend Finder website was hacked.  This is a one of the top adult website for people that want casual  encounters, possibly cheating on their spouse. The site has 40 million  registered users, and millions of these records are now out in the open,  exposing highly sensitive personal information. Internet criminals are  going to exploit this in many ways, sending spam, phishing and possibly  blackmail messages, using social engineering tactics to make people  click on links or open infected attachments. Be on the lookout for  threatening messages like this that slip through and delete them  immediately."

As you can see, stepping your users through effective security awareness  training is an absolute must these days. For KnowBe4 customers, we have  a new Social Networking template that lures people into clicking on a  link to the "haveibeenpwned" website to see if their personal sensitive  information was hacked. The subject of the template is "Hey, has your  Adult Friend Finder secret come out?" 

PS: If you have not done so already, find out how affordable Kevin Mitnick  Security Awareness Training is, and be pleasantly surprised:



Warm Regards,
Stu Sjouwerman

Quotes Of The Week
"Fidelity is the sister of justice." - Horace

"I told my wife the truth. I told her I was seeing a psychiatrist. Then she  told me the truth: that she was seeing a psychiatrist, two plumbers, and a bartender."  - Rodney Dangerfield
     Thanks for reading CyberheistNews!
Security News

What Our Customers Say About Us

"Everything is going great! We got the training integrated into our LMS so  everyone is taking it right along all our other required training. Even  with a brisk employee turnover, our click rate runs between 0 and 4%  depending on how many new employees are here “pre-training.”

"We receive genuine phishing emails from time to time (email security can’t  catch them all) and they are quickly detected and promptly reported  thanks to the training. I have recommended your security training and  phishing exercises to a number of colleagues, and some of them followed  up with a purchase.

"Many in my banking security peer group use and recommend you. Nice work,  you guys!" - P.J. CISSP, Information Security Officer 

InfoWorld's security guru Roger Grimes writes about KnowBe4's integrated  training and phishing platform. Check out this article:    


This Week's Five Most Popular HackBusters Posts

What are IT security people talking about? Here are this week's five most popular hackbusters posts:
    1. Spy Agencies Hijack Google Play Store to Install Spyware on Smartphones

    2. NetUSB Driver Flaw Exposes Millions of Routers to Hacking

    3. Who Really Invented Bitcoin?

    4. Anti-NSA Pranksters Planted Tape Recorders Across New York and Published Your Conversations

    5. Free Ransomware Decryption and Malware Removal ToolKit

Why Isn't User Training A Security Priority?           

Only about half of companies offer any kind of security training, a CompTIA  survey found. End users are widely seen as a weak link in the enterprise  security chain. More than 80 percent of respondents to a QuinStreet Enterprise  survey tapped end users as a top security risk for their organizations. 

Craig Williams, security outreach manager for Cisco's Talos Security  Intelligence and Research Group, said end users working outside the confines  of corporate networks are a key entry point for attackers launching  malvertising attacks.

"Attackers notice when machines are not up-to-date. They can find one that  is not following security best practices and then embed a link so you have  a landing page hosting a drive-by download attack. Then they use social engineering to trick users to look at that page, serve up some malware, and  you are compromised," he said in an interview with eSecurity Planet earlier  this year.

Despite this, however, recent research by IT trade association CompTIA found  that just 54 percent of companies offer any kind of security training, with  most doing so during employee onboarding. When CompTIA asked companies it  surveyed why they did not offer security training to employees, "the biggest  reason was there was no reason," said Seth Robinson, senior director of  technology analysis at CompTIA. Read the full article at:    


Researchers Observe SVG Files Being Used To Distribute Ransomware

Researchers with AppRiver have observed attackers sending out phishing emails  with SVG files attached – these files, when downloaded and executed, open up  websites that download what appears to be CryptoWall ransomware.

AppRiver observed thousands of phishing emails – one was sent from a Yahoo  address and claimed to include a resume – being sent to small stores, law  offices, IT businesses, schools and more, Jon French, security analyst with  AppRiver, told in a Thursday email correspondence.

In order for an infection to occur, user interaction is required more than  once, French indicated. First, a user must download the ZIP attachment in  the phishing email, which contains the SVG file. When the user opens the  SVG file, a small JavaScript entry will cause their browser to open to a  website that leads to another ZIP file being downloaded. This file contains  the payload, which must be manually executed.

When downloaded and executed, the SVG files cause websites to open up that  download what appears to be CryptoWall ransomware. Read the full article here:    


Study: Employees Acknowledge Risky Security Behavior, Continue To Do It           

While most people acknowledge the security risks of opening an email from  an unknown sender or downloading an app from an unauthorized app store, many  continue to engage in this risky behavior.

A new study from Blue Coat Systems found that 82 percent of U.S. employees  knew that opening an email from an unverified source is considered  “very risky;” however, 17 percent still admitted to doing so. This 17  percent could be mostly composed of people who weren't aware that this  behavior put their systems at-risk, said Hugh Thompson, CTO and senior  vice president, Blue Coat, in an interview with, although  the survey did not relate the two questions.

Even still, Thompson suggested that those knowledgeable of the risk could  be opening emails from unknown senders because, in reality, phishing emails  are becoming trickier, and their perpetrators are personalizing attacks.

Thompson went on to say that everyone has a weak spot that could entice  them to open an email, such as a favorite sports team, for example, and  with social media making this information readily available, creating a  convincing email isn't too difficult a task.

Considering that of the 250 U.S. respondents to Blue Coat's survey half  of whom were at the CIO level, even IT security pros fall victim to  various attacks.

“We do live in a time when anyone can be deceived,” Thompson said.  “Anyone can be phished, even the most paranoid.” Article at SC Mag:    


How Employee Training Can Affect The Organization

Employee training and awareness programs will have a huge effect on covered  entities, according to all three healthcare leaders. With anything from  phishing scams to sophisticated cyber attacks putting health data at risk,  it’s important for staff members to have a comprehensive idea of what type  of malicious activity to be on alert for.

“The trick is, how do we balance that with everything else that’s required  for [employees] to keep up their practices and actually what they need to  do: treat patients,” Ewell said.

Not only is employee training critical, according to Sah, employee training  at all levels is necessary. Everyone from senior level to contributors to  those affiliated with a covered entity’s partners and vendors must have an  understanding of proper health data security.

“All can fail if people are not aware,” Sah said. “And they need to be aware  in a way that when they see malicious activity or they see something  abnormal, that they have the awareness, knowledge, and know-how to take  the next step of action.”

For example, if an employee sees what they think might be a phishing email,  it’s essential to not only recognize it as malicious activity, but to then  take the next step and notify the necessary personnel. That will better  help the organization respond to the issue, Sah explained.

“A single person who is not aware can still cause a gap that can then be  leveraged to create the types of threats or attacks we’ve seen,” said Sah.  “[Employee training] is the most invaluable thing that any organization  can do.” Full article at HealthIT Security:


Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Get the latest about social engineering

Subscribe to CyberheistNews