Advisory for Safe Social Media Account Administration

As Bhutan is currently under lockdown, all citizens are heavily reliant on information and news from government and media social accounts/pages on Facebook, Twitter and other platforms. In the past cybercriminals have hacked into the social accounts of many Bhutanese individuals, businesses and organizers such as Voice of Bhutan, Actor Tshering Gyeltshen and more recently Yee Getaway, to name a few. Cybercriminals are increasingly targeting pages with a large number of followers to gain access and extort money from the owners, send malicious links to its followers or spread fake news and unwanted information on the compromised pages. In...

Advisory on risk of Shortened URLs

Uniform Resource Locator (URL) shortening is a technique used to generate a shorter hyperlink that is more user-friendly, while directing users to the original webpage. An example:  You could take a long link such as https://www.moic.gov.bt/dangers-of-short-links-2487975 and use a shortening service to make it into a nice short link that looks like https://bit.ly.com/g234. Shortened URLs, such as those from bit.ly or tinyurl. make it easy to type in a web address quickly, but difficult to determine where the web browser will actually direct you. Risk :  Clicking on dubious shortened links that redirect users to illegitimate websites may allow...

Zoom video conferencing advisory

In the wake of the COVID-19 pandemic, students and organizations are using Zoom applications for teleconferencing and remote learning. Cybercriminals are taking advantage of this situation to get access to sensitive information and even disrupting the sessions. Risk :  Insecure usage of the platform may allow cybercriminals to access sensitive information such as meeting details and conversations. Unpatched Zoom application bug lets attackers steal your windows password. Reports of VTC (video-teleconferencing) hijacking (also called “Zoom-bombing”) are emerging in the US. They have received multiple reports of conferences being disrupted by unsuitable content and/or hate images and threatening language. Recommendation...

Corona Virus Phishing Scam

The Bhutan Computer Incident Response Team  recommends individuals to remain vigilant for scams related to Coronavirus (COVID-19). The recent post circulating on WhatsApp regarding “Free Internet Recharge from World Health Organization ” is FAKE and is a phishing scam targeted at stealing personal information. Phishing attacks featuring official look-alike logos and disclaimers typically include a ‘call to action’ to trick us into giving out our most sensitive personal information – passwords, bank details,etc. In the wake of Coronavirus pandemic, scammers have taken advantage of the situation, sharing phishing links using WHO logos. BtCIRT encourages individuals to remain vigilant and...

Cetori Virus Ransomware

The BtCIRT has recently been alerted of a new ransomeware attack known as the Cetori Virus Ransomware. The team would like system administrators and users in general to be informed and protect yourself from this attack: Description: The Cetori is a virus based on the code of STOP ransomware. It drops an executable file on the system to trigger a sophisticated infection process. Once the ransomware is running on the system it becomes able to pass through several attack stages. Such kind of malware primarily aims to find valuable personal files stored on the infected PCs and encrypt them...