IT NEWS

We are just three days into 2022, which means what better time for a 2021 retrospective? But rather than looking at the biggest cyberattacks of last year—which we already did—or the most surprising—like we did a couple of years ago—we wanted to offer something different for readers and listeners.

On today’s episode of Lock and Code, with host David Ruiz, we spoke with Malwarebytes Labs’ editor-in-chief Anna Brading and Labs’ writer Mark Stockley about what upset them the most about cybersecurity in 2021. These two have seen it all in the past year, helping either assign, write, edit, and publish every single blog that went onto Malwarebytes. That means every ransomware attack, every inadequate backup, every VPN blunder, and every industry-shifting vulnerability, has been reviewed, read, and understood by our guests. And for everything covered on Lock and Code in 2021? Well, host David Ruiz joins the conversation this time, equipped with any information he gleaned about cybersecurity basics, critical infrastructure, and much more.

Interestingly, when you get a trio of news writers into the same (Zoom) room to talk about a certain industry, they also, invariably, begin talking about how that industry was reported on. Like Mark Stockley said in today’s episode, his top complaint about cybersecurity in 2021 wasn’t even about the industry’s failings, but about the way that newspapers and outlets write about the industry.

I think that there’s a sort of dispassionate view of the world that comes through in a lot of cybersecurity news that’s kind of calling balls and strikes, as if computer security is a thing that happens to computers.

Mark Stockley

Tune in to hear all this and more on this week’s Lock and Code podcast—the first episode in our third season—by Malwarebytes Labs.

You can also find us on Apple Podcasts, Spotify, and Google Podcasts, plus whatever preferred podcast platform you use.

The post What angered us most about cybersecurity in 2021: Lock and Code S03E01 appeared first on Malwarebytes Labs.

IP sniffers, also known as packet sniffers, network analyzers, or protocol analyzers, are tools which play an essential role in the monitoring of networks, and in troubleshooting network-related issues. In essence, IP sniffing is monitoring traffic over a TCP/IP network.

IP sniffers intercept the traffic flowing in a digital network and log the data, which is then presented in a human-readable form for analysis. Network administrators and hackers of all stripes can use them to understand the state of a network at any time, find network vulnerabilities, and measure network performance.

What is packet sniffing?

When a distinction is made between IP sniffing and packet sniffing, a packer sniffer is a tool that analyzes all the inbound and outbound packets of a network. In addition, it looks at the path taken by each packet and interprets the logs to give users more visibility into their network. Some of these tools can also be used to monitor routers, switches, server traffic, network hardware, and even networks as a whole.

What is a Wi-Fi sniffer?

A Wi-Fi sniffer is a specific type of network analyzer or packet sniffer that is designed to work with wireless networks. Wi-Fi sniffing can be accomplished with a dedicated piece of electronic equipment or a software application.

What is meant by “sniffing attack”?

A sniffing attack involves the illegal extraction of unencrypted data by capturing network traffic through packet sniffers. They are used by cybercriminals to steal customer data and compromise network security. Sniffing attacks, which pose a significant security risk, enable common network threat types such as man-in-the-middle attacks, insider threats, etc.

By placing a hardware or software packet sniffer on a network in promiscuous mode, a malicious intruder can capture and analyze all of the network traffic. There are two types of sniffing attacks:

• Active sniffing

Sniffing in the switch is called active sniffing. A switch is a point-to-point network device. The switch regulates the flow of data between its ports by actively monitoring the MAC address on each port, which helps it pass data only to its intended target. In order to capture the traffic between targets, a sniffer has to actively inject traffic into the LAN to enable sniffing of the traffic.

• Passive sniffing

Any traffic that is passing through the non-switched or unbridged network segment can be seen by all machines on that segment. Passive sniffers operate at the data link layer of the network. Any data sent across the LAN is actually sent to each and every machine connected to the LAN. This is called “passive” since sniffers placed by the attackers wait for the data to be sent to them and don’t inject any additional network traffic.

IP sniffing vs IP spoofing

Spoofing and sniffing are two very different things. IP spoofing means creating IP packets with a false source IP address. To carry out IP spoofing, attackers need the following:

• A trusted IP address that the receiving device would permit to enter the network. There are numerous ways to find device IPs. One way is Shodan, a searchable database of IP address-to-device mappings.
• The ability to intercept the packet and swap out the real IP header for the fraudulent one. A network sniffing tool or an Address Resolution Protocol (ARP) scan can be used to intercept packets on a network and gather IP addresses to spoof.

Is IP sniffing legal?

Port sniffing is a process of reading and interpreting data that is transferred on a specific network communication port. Security analysts typically rely on port sniffing programs to determine software vulnerabilities. These analysts must inspect software applications for proper encryption and unwanted data exposure.

Whether IP sniffing is legal or not depends on a few circumstances.

• Location and applicable laws

There are about as many, very, different laws as there are legislators. In the US several Federal laws prohibit or restrict network monitoring and the sharing of records of network activity. These laws were drawn up to protect online privacy.

• Who is doing the monitoring

Ownership of the data is a key differentiator. Certain types of network monitoring and data access are prohibited. People who violate the prohibitions may be sued by the people whose privacy they invade.

• What they do with the gathered data

Again, if sharing gathered information results in a breach of privacy, it could result in legal consequences.

As a rule of thumb, you are allowed to monitor traffic in a private network that falls under your responsibility for troubleshooting purposes, and as long as you don’t share the gathered data with anyone else.

The post What is IP sniffing? appeared first on Malwarebytes Labs.

People that predict tomorrow’s weather by looking at today’s are often right. Cloudy today? It’ll probably be cloudy tomorrow. The same is often true for cybersecurity threats. Looking back at 2021 it looks a lot like 2020: A lot of ransomware attacks.

So, when I was asked to write about the three most significant cyber-attacks of 2021, it was no real surprise that my thoughts turned to ransomware attacks.

But what made these three stand out from the other attacks this year, and from many we’ve seen before, were not the direct consequences for the targeted systems, or even the people in the organizations that were attacked, but the consequences for people far beyond those organizations.

The three I’ve chosen are:

• The Conti ransomware attack on Ireland’s Health Service Executive
• The REvil ransomware attack on Kaseya VSA
• The Darkside ransomware attack on the USA’s Colonial Pipeline

Let me explain why I chose these three from the multitude of ransomware attacks we went through in 2021.

The human cost of a ransomware attack

On May 14, Ireland’s Health Service Executive (HSE) was paralyzed by a cyberattack which turned out to be Conti Ransomware. The attack forced the organization to shut down more than 80,000 affected endpoints and plunged it back into the age of pen and paper.

Our colleague, Mark Stockley interviewed a doctor working in one of the affected hospitals.

Because of the ransomware attack, the doctor had to put in hours of extra effort after his day’s work just to determine which of the next day’s appointments he would have to cancel for lack of information. And then he could expect to deal with those anguished, sometimes angry patients, when he told them their appointment cannot go ahead.

“Imagine the scenario,” he said. “Patients will wait literally two years to see us. After two years they get a call saying ‘I’m sorry I can’t see you and I have to reschedule you and I can’t say when, because of the ransomware’. They know it’s not my fault but they are upset and very annoyed.” The doctor’s understatement kicks in. “They teach us ways to speak to angry patients, but it’s not nice.”

Asked what he would say to the attackers if he could speak to them , he responded with:

“If your loved one was sick. Would you do this? If you had somebody you cared about, would you do this to them. That’s what I’d ask them.”

“I think they lost their humanity.”

Four months later, after drafting in the army to help restore its systems, and after cancelling tens of thousands of appointments, HSE was still not fully recovered.

The ultimate supply-chain attack

On July 2, a severe ransomware attack against the popular remote monitoring and management software tool Kaseya VSA forced Kaseya into offering this urgent advice to its customers: Shutdown VSA servers immediately.

Members of the REvil ransomware gang had managed to push out a malicious Kaseya VSA update that encrypted machines and networks running the highly privileged software. The impact of the attack was enormous. Kaseya VSA is one of the more popular remote monitoring and management tools used by Managed Service Providers (MSPs) to administer their customers’ systems. The MSPs that were hit by the attack saw not only their own systems encrypted, but also the systems of their customers too.

An attack on one organization quickly became an attack on thousands.

The attack hit at a painful point in time for the Dutch Institute for Vulnerability Disclosure (DIVD), a volunteer-run organization that found a remote code execution flaw in Kaseya VSA on April 1, 2021. It was working with Kaseya to patch the VSA vulnerabilities for months prior to the attack. It took Kaseya quite a lot of effort and time, and more and more expertise to get the right patch out—to get it tested, to get it through quality assurance. And then, disaster struck just before the patches went out.

Only rarely do companies allow us a look inside their organization while they are recovering from a ransomware attack. Many find it more convenient to keep a low profile or to be secretive. We went over the work that had to be done by a Dutch MSP to repair the damage done by this attack. Doing this provided us with some valuable insights.

And our colleague David Ruiz talked to Victor Gevers, chair of the DIVD, on an episode of Malwarebytes’ Lock and Code podcast, about the ransomware attack that his organization was racing to prevent.

Gevers’ damning verdict on the current state of software: “The quality of products that are online and are exposed to the Internet are not up to par for the current situation that we are in and this is going to screw us over in the long term.”

Vital infrastructure is called vital for a reason

On May 10 the FBI confirmed that the Colonial Pipeline had been attacked by Darkside ransomware. The pipeline exists to supply gasoline and other products across the southern and eastern United States. It is the largest of its kind in the US, reportedly transporting almost half of the fuel consumed by the east coast. The US government declared an emergency and brought in emergency powers to ensure people would still be supplied with fuel.

The attack spurred new rules for critical infrastructure that represent a tidal shift in how the Transportation Security Administration (TSA) has protected pipeline security in the country for more than a decade. But it also made clear that the federal government is no longer satisfied with private industry’s lagging cybersecurity protections. President Joe Biden signed an Executive Order to place new restrictions on software companies that sell their products to the federal government.

A spokeswoman for the National Security Council explained at the time the importance of a requirement, that contractors would only gain access to federal systems on a “need-to-know” basis. Further, contractors would also have to notify government customers of any breach, bringing new transparency to the government about ongoing and increasingly frequent cybercrimes.

One other remarkable aspect of this attack that led to an 11-day shutdown and gas shortages in the eastern US, is that the US Department of Justice recovered much of the ransomware payment.

Ransom payments are the fuel that propels the digital extortion engine, and the recovery of the payment marked something of a turning point in the year. Ransomware attacks continued, but life became more uncomfortable for the gangs involved.

In August, we welcomed Lesley Carhart to the Lock and Code podcast to talk about critical infrastructure cybersecurity. Surprisingly, she managed to reassure us that while there are improvements to be made to critical infrastructure security, it’s not nearly as bad as some people think.

Have a safe 2022, everyone!

The post The three most significant cyberattacks of 2021? appeared first on Malwarebytes Labs.

Last week on Malwarebytes Labs:

• When a deepfake “empire” continues to grow
• Everything you always wanted to know about NFTs (but were too afraid to ask): Lock and Code S02E24
• Police forces pipe 225 million pwned passwords into ‘Have I Been Pwned?’
• Logistics giant warns of scams following ransomware attack
• FBI traces and grabs back $150 million theft that was turned into bitcoins
• Dridex affiliate dresses up as Scrooge

Stay safe, everyone!

The post A week in security (Dec 20 – 26) appeared first on Malwarebytes Labs.

German logistics giant Hellmann Worldwide Logistics has issued a warning that data was stolen from the company when it was hit with a ransomware attack on December 9, 2021. It is not entirely clear what type of data was extracted, but the company says it is warning partners and customers to double check their communications with it, as a precaution. Criminals could use the leaked data to make social engineering attacks more believable, so Hellmann is asking people that do business with it to look out for fraudulent mails and calls.

…the forensic investigation has meanwhile confirmed that data was extracted from our servers before our systems were taken offline on December 9. We are currently investigating what type of data was extracted and will proactively provide further information as soon as possible. We are in regular contact with relevant government authorities.

Please note that the number of so-called fraudulent calls and mails has generally increased. Whilst communication with Hellmann staff via email and telephone remains safe (inbound and outbound), please make sure that you are actually communicating with a Hellmann employee and beware of fraudulent mails/ calls from suspicious sources, in particular regarding payment transfers, change bank account details or the like.

Hellmann is one of the largest international logistics providers. Founded in 1871, it handles 16 million shipments per year by air, sea, road, and rail, and is active in 173 countries.

Stolen data

On December 9 it became obvious that there were problems at Hellmann Worldwide Logistics.

By the time the firm’s IT team responded, the threat actors had already exfiltrated sensitive files from the compromised servers. Many ransomware operators use the threat of leaking stolen data for extra leverage during the ransom negotiation stage. While companies can use backups to recover from data encryption without paying the ransom, they can’t use them to contain leaks.

And indeed, when the negotiations between Hellmann and the threat actor fell apart, the RansomExx group published some 70 GB of stolen documents on its leak site. The data reportedly included business agreements, intra-company emails, and more.

Free to download

The stolen data can be downloaded by anyone, including other criminals, who may use it to add insider knowledge to business email compromise (BEC) attacks and phishing attempts, to give them more credibility.

RansomExx

While RansomExx is not one of the ransomware operators that you see in the news often, they do have a reputation for going after big targets. In the past the group has attacked Konica Minolta, Gigabyte, and the Lazio region in Italy (including its COVID-19 vaccination registration portal).

The RansomExx ransomware is a rebranded Defray777 ransomware, which has become a lot more active since June 2020. The ransomware itself is highly targeted. Each sample contains a hardcoded name of the victim organization.

The group uses different methods to gain entry into a target’s network. In earlier cases the threat actors established an initial foothold through common banking trojans such as IcedID or Trickbot. From there, they deployed the Vatet loader, the PyXie RAT, and Cobalt Strike, before executing the ransomware entirely in memory.

And, similar to other ransomware operations, RansomEXX has also been known to breach networks using vulnerabilities or stolen credentials.

In February, the group was found abusing vulnerabilities in the VMWare ESXi product, allowing them to take over virtual machines deployed in enterprise environments and encrypt their virtual hard drives. Malwarebytes blocks RansomExx as Malware.Ransom.Agent.Generic.

Stay safe, everyone!

The post Logistics giant warns of scams following ransomware attack appeared first on Malwarebytes Labs.

On December 1, 2021, the Tokyo police arrested an employee of Sony Life Insurance on suspicion of fraudulently obtaining 17 billion yen through an illegal money transfer from an overseas unit.

On the same day 3,879 bitcoins, worth about $150 million, were seized by law enforcement, and on the December 20 the US government took action in federal court to return it back to Sony.

The theft

The funds were embezzled by Sony employee Rei Ishii, who pretending to conduct a legal fund transfer in May 2021. He allegedly transferred the money from SA Reinsurance Ltd’s bank account to a different bank account overseas, by falsifying transaction instructions, which caused the funds to be transferred to an account that Ishii controlled at a bank in La Jolla, California. He then quickly converted the funds to bitcoins, as criminals do.

Although Sony had a double authentication process set up for international money transfers, requiring both Ishii and his supervisor to sign them off, Ishii is said to have instructed the company’s bank to change the contact email address for his boss, which enabled him to initiate and sign-off money transfers.

Sony Life Insurance discovered the unapproved money transfer in August, and US law enforcement were able to trace the bitcoin transfers to a specific Bitcoin address, and then to an offline cryptocurrency cold wallet.

The recovery

The FBI—in cooperation with Japan’s National Police Agency, the Tokyo Metropolitan Police Department, Tokyo District Public Prosecutors Office, the Japan Prosecutors unit on Emerging Crimes (JPEC), and with assistance from Sony and Citibank—then obtained the private key needed to control the Bitcoin address. This allowed them to recover all the bitcoins that could be traced back to the theft.

An FBI press release on the matter spells out how long the long arm of the law is when agencies in different countries cooperate:

Second, the FBI’s footprint internationally through our Legal Attaché offices and the pre-existing relationships we have established in foreign countries—in this instance with Japan—enabled law enforcement to coordinate and identify the subject. The FBI’s technical expertise was able to trace the money to the subject’s crypto wallet and seize those funds … Criminals should take note: You cannot rely on cryptocurrency to hide your ill-gotten gains from law enforcement.

The end?

The FBI intends to return the stolen funds to the victim, and Ishii has been charged in Japan. However, the FBI continues to investigate the crime. The Major Frauds and Public Corruption Section and Asset Recovery Section of the US Attorney’s Office for the Southern District of California is handling the proceedings, with significant assistance from the Department of Justice Criminal Division’s Money Laundering and Asset Recovery Section and Computer Crime and Intellectual Property Section.

The post FBI traces and grabs back $150 million theft that was turned into bitcoins appeared first on Malwarebytes Labs.

Threat actors are hoping to catch a few more victims before they leave work for the Christmas holidays. The recent malicious spam campaigns (malspam) we and others have observed appear to have been created by someone who wants to play Scrooge and add onto people’s already heightened state of anxiety.

The lures are particularly mean playing on people’s fears for job security and Covid infections. Unsuspecting users will open those attachments and get infected with Dridex a multi-purpose loader that can drop additional payloads, including ransomware.

Dark lures

An email captured by TheAnalyst shows fake termination letters being sent out by a Dridex affiliate. What kind of employer would terminate someone on Christmas eve?

We’ve also seen similar morbid subjects using the latest Covid variant, Omicron, likely from the same threat actor.

The email claims that 80% of the company’s employees have tested positive for Omicron and that you were a close contact. Opening at the so-called test results in the attached document delivers malware.

Maldoc leads to Dridex

The Excel document is password protected in order to prevent sandboxes from analyzing and flagging it as malicious. In fact, it also requires user interaction to click on a pop-up dialog in order to run the macro.

It drops a .rtf file into %programdata% and executes via mshta.exe:

This is used to download the actual payload, hosted on a Discord server.

This binary belongs to the Dridex malware family:

Malwarebytes customers are protected against this attack thanks to our Anti-Exploit layer which automatically closes the malicious attachment before it can deliver its payload.

As always, we recommend users to stay particularly vigilant when opening emails, especially if those sound urgent and require immediate attention. When in doubt, it is best to contact your IT or HR department to ask for more information and confirm whether the email is legitimate.

Indicators of compromise

Malicious documents

Dridex payloads

Network IOCs

cdn[.]discordapp[.]com/attachments/914830201811238985/923509961307357205/cPRBQdzjCbfmuhammadismyfriend.bin

The post Dridex affiliate dresses up as Scrooge appeared first on Malwarebytes Labs.

On his blog, Troy Hunt has announced a major milestone in the ‘Have I Been Pwned?’ project, thanks to the contributions of two of the world’s foremost law enforcement agencies, the FBI and the NCA (the UK equivalent of the FBI, the National Crime Agency).

This enormous injection of used passwords has puffed up the world’s largest publicly available password database by 38%, according to Hunt.

‘Have I Been Pwned?’

‘Have I Been Pwned?’ (HIBP) allows users to type in an email address, phone number or password and find out how many times they’ve been involved in a data breach. So, if HIBP says your email address was involved in the great big LinkedIn breach of 2012, the Canva breach of 2019, or any other notable episode of credential theft, you know to change your passwords on those systems, and not use them anywhere else. If it says a password you use has breached, you know to never use it again.

In recent years, HIBP has been integrated with a number of third-party systems like password managers and web browsers, so they can alert users immediately if they attempt to use a credential that might already be in the hands of cybercriminals.

The site has been around for almost a decade, and through the years it has proven itself to be an extremely useful tool for everyday Internet users, governments, and organizations alike. The project is run by Troy Hunt with support from the community. The model he uses makes sure that privacy is maintained and passwords can safely be checked without any risk of disclosure. And it’s extremely well used. To give you some perspective, in the last month, there were 1,260,000,000 occasions where a service somewhere checked a password against HIBP’s Pwned Password API.

Hunt says the system stores minimal information about each user, and it only stores SHA-1 hashes of passwords (because you can generate a hash from a password, but you can’t generate a password from a hash). If you enter a password to see if it’s been pwned, it’s immediately turned into a SHA-1 hash and checked against the database.

Police pipeline

In May of 2021, Hunt announced that the FBI had reached out to him and discussed what it might look like if the FBI were to feed compromised passwords into HIBP and surface them via the Pwned Passwords feature.

Over the last few months the HIBP project has been revamped to allow data be fed into the system as they are made available by law enforcement. This new pipeline enables the ingestion of passwords from law enforcement agencies, like the FBI and the NCA.

The NCA contribution has been enormous. At some point the NCA indicated it had hundreds of millions of passwords it believed weren’t already in the Pwned Passwords store of 613 million password hashes. After cross-checking, 225,665,425 turned out to be brand new. Adding them has inflated the total Pwned Passwords count to 847,223,402.

Have you been pwned?

While it is useful to know whether your personal details or credentials have been leaked, it is much more important to act on the information. So, what do you do now, knowing that your account might have been compromised?

For starters, change your password. Your new password needs to be hard to guess, and the best way to ensure that is to let a password manager do it for you. If you’re doing it yourself, pick something that is hard to guess: Avoid individual words, and avoid passwords that look like words with a few numb3r5 sprinkled in them. Instead, go for lengthy pass phrases or long, meaningless combinations of letters, numbers, and other characters.

Lastly, use two-factor authentication (2FA) to add a layer of protection to your accounts. We strongly suggest using a hardware key like a YubiKey. The next best option is a one-time password (OTP) app like Google Authenticator. Take note that some big-name companies like Facebook have already started giving their users the option to use a hardware key. So if you want to do that, check if your online service provider offers it, too, and take advantage of it.

Stay safe!

The post Police forces pipe 225 million pwned passwords into ‘Have I Been Pwned?’ appeared first on Malwarebytes Labs.

Last week on Malwarebytes Labs:

• Spear phish, whale phish, regular phish: What’s the difference?
• Kronos crippled by ransomware, service may be out for weeks
• 5 security lessons from 18 months of working from home
• What SMBs can do to protect against Log4Shell attacks
• After Log4j, December’s Patch Tuesday has snuck up on us
• Grindr fined for selling user data to advertisers

Stay safe!

The post A week in security (Dec 13 – 19) appeared first on Malwarebytes Labs.

I’ve been quite vocal on the impact of deepfakes, in terms of where the most harm takes place. Back in 2019, we looked at malign interference campaigns. I took the line that, other than revenge porn, this was where deepfakes were likely to have the most influence. Although people keep talking about major election interference, nothing of significance ever happens. Indeed, election fakes tend to be pretty bad.

Meanwhile, in smaller scale but significantly more personal cases, horrible fakes of teenagers were the order of the day. When you make fakery easily available to all on DIY mobile apps, the results are inevitable: People are going to be awful to one another. Deepfake shenanigans are primarily all about mass producing harmful fake porn of individuals without consent.

On that subject specifically, there’s news of yet another site offering easy DIY deepfake porn.

The beginnings of a Deepfake empire?

The unnamed site in question uses AI to generate nude images of women. Sites in the past along these lines have tended to operate in isolation. This time, the site is using “partner agreements” and referral systems to generate look-alike services. If one site goes down, others are ready and waiting to take its place.

Researchers claim the images are “hyper realistic” and are able to generate nude / pornographic imagery even if the photo submitted contains fully clothed individuals. Site operators say they’re building a decentralised model to help ward off the threat of takedowns while raking in the cash. Wired reports up to 50 million visits between January and October of 2021. One day alone apparently saw hundreds of thousands of image uploads run through the fakery tool. These are big numbers, with big money implications.

Reactive measures

When action started to be taken against the main site with payment accounts suspended and hosting removed, numbers fell, which seems to have kickstarted the partner program drive. Wired states that a spin-off site operator claims to be paying about $500 to the main site in return for being able to generate up to 10,000 naked edits.

With the traffic numbers these sites are doing, many would view $500 as a small outlay to generate so many fakes. The spin-off sites funnel image creators down the payment route after allowing visitors to generate some free images initially. It’s a guaranteed money spinner, and fake DIY sites aren’t exactly difficult to find online. As many sites and creators go off and promote their content on social media, it’s becoming increasingly easier to find dubious services along these lines and make use of them.

Where does the deepfake harm lie?

The majority of non-consensual deepfake imagery targets women, and always has done. For every vaguely humorous fake of Tom Cruise being Tom Cruise, there’s a significant amount more women placed into content they want no part of. Laws continue to struggle with dealing with the problem. With anonymous creators generating thousands of images on the fly in other jurisdictions, it’s an uphill struggle to take the reins on the situation.

The genie’s bottle: broken

Deepfakes appear to be seeping into most aspects of technological life. Witness someone resurrect their father, then be utterly mortified by what they’ve done. You’ve got those who continue to talk about the risk it poses to business. Elsewhere, the tattered remnants of “deepfakes could derail the US elections” continue to burn out quietly in the corner.

For most everyone else, though, the only real probable harm is from what pretty much kicked things into the mainstream arena in the first place: Pornographic images created without permission. I’m willing to bet that’s going to be the biggest issue for a long time to come.

The post When a deepfake “empire” continues to grow appeared first on Malwarebytes Labs.