Week 7: Encrypted VMware ESXi systems and purported stopping of social security benefits

Languages

Service navigation

Search

Navigation

Week 7: Encrypted VMware ESXi systems and purported stopping of social security benefits

21.02.2023 - The number of reports received by the NCSC fell slightly in the seventh week of 2023. The NCSC received an increasing number of reports of encrypted VMware ESXi systems and urgently recommends that all updates be applied. In addition, emails attracted attention in which it was claimed that the recipient's social security benefits would be stopped. However, a daily amount could be won in a competition. Other emails claimed that the minimum pension will be increased and that credit card details were needed for this.

Attacks on VMware ESXi systems – first reports now also from Swiss companies

After foreign CERTs reported attacks against VMware ESXi systems the week before last, the NCSC has now also received reports from companies where VMware ESXi servers have been encrypted. In total, the NCSC has so far received half a dozen reports of encrypted systems. Old security vulnerabilities are being exploited, for which patches have been available for around two years.

Recommendation:

  • The NCSC strongly recommends that all updates be applied immediately.

Social security benefits stopped and fake competition

Last week, the NCSC also became aware of an email claiming that a new social security reform was being introduced. All benefits that the recipient had previously been receiving would be stopped. However, the recipient could draw a ticket and win daily financial support, but this had to be done within the next 24 hours, otherwise the entitlement would lapse. The perfidious aspect of this scam is that it mainly targets people with low incomes.

If the victim clicks on the link, they are taken to a French website where they can choose from six tickets. Four of them are supposed to be losing tickets and two winning, with prizes of up to EUR 464. As one would expect, the website visitor always wins, no matter which ticket they click on, and they are promised a prize of EUR 185.97. The amount is supposed to be transferred to the victim's bank account as early as the following day and thereafter on a daily basis. However, the victim should not click on the "Back" button under any circumstances, and should watch a video on how to receive the money within the next 24 hours.

Choice of six tickets. Four are losing tickets. In each case, the victim "wins" EUR 185.97, which is paid out daily.
Choice of six tickets. Four are losing tickets. In each case, the victim "wins" EUR 185.97, which is paid out daily.

The video tells a hair-raising story about a successful businessman. He had amassed huge profits with a company but it had refused to pay him these profits for months. A team of talented developers, however, had now found a way to pay out these profits to people in need and to create the "Ticket d'or".

After some time, a link appears under the video where the daily transfer can be activated. A fee of EUR 9.95 is required for activation. For an additional EUR 10, the amount received can be increased by up to 37%. Payment is made by credit card. The NCSC assumes that this was a case of phishing or a variant of a subscription scam. The indicated fees (or usually a multiple thereof) are deducted from the credit card, but the services are then not provided.

For a fee of EUR 9.95, one can benefit from a daily payout. An extra fee is supposed to increase the amount by as much as 37%.
For a fee of EUR 9.95, one can benefit from a daily payout. An extra fee is supposed to increase the amount by as much as 37%.

False hope for higher minimum pension

In the case mentioned, the fraud was mainly directed at French citizens. However, last week saw a similar case targeting Swiss citizens. A website purporting to be run by the AHV claimed that the Federal Council had decided to increase the minimum pension by at least CHF 400. Here, too, the victim was asked to provide their credit card details in order to receive the promised money.

Credit card details have to be provided in order to receive a CHF 400 pension increase
Credit card details have to be provided in order to receive a CHF 400 pension increase

Using a purported statement by National Councillor Martullo-Blocher and a document allegedly signed by all the Federal Councillors, the fraudsters tried to gain the victim's trust. Here, too, the attackers tried to obtain credit card information. The NCSC was able to take down the website.

The signatures of all Federal Councillors and a statement by National Councillor Martullo-Blocher were intended to suggest to the victim that this was an official site of the Confederation.
The signatures of all Federal Councillors and a statement by National Councillor Martullo-Blocher were intended to suggest to the victim that this was an official site of the Confederation.

Recommendations:

  • Never divulge personal data such as passwords or credit card details on a website that you accessed by clicking on a link in an email or text message.
  • Bear in mind that email sender IDs can easily be spoofed.
  • Be sceptical if you receive emails that require action on your part and that carry a threat of consequences (loss of money, criminal charges or criminal proceedings, blocking of an account or card, missed chance, misfortune) if you do not do what is required.
  • Be particularly sceptical of emails that put you under time pressure.

Last modification 21.02.2023

Top of page

https://www.ncsc.admin.ch/content/ncsc/en/home/aktuell/im-fokus/2023/wochenrueckblick_7.html