SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
Malware
#
VPNs
#
Phishing

Australian investors lose AUD $945 million to cyber scams

Today
Author image
By Moritz Florian, Editor & AI Engineer

Research from Infoblox Threat Intel has highlighted the methods used by cybercriminal groups behind major investment scams targeting Australian consumers.

According to Infoblox, Australian consumers have lost AUD $945 million to investment scams in 2024. Many of these victims are attempting to build financial security but end up targeted and exploited by sophisticated threat actors.

The report identifies two primary groups, dubbed Reckless Rabbit and Ruthless Rabbit, as being active in the region. Both use registered domain generation algorithms (RDGAs) to operate large-scale scam campaigns and impersonate well-known names to build credibility with potential victims.

Reckless Rabbit is characterised by its use of Facebook advertisements to promote false investment platforms. The group relies on fake celebrity endorsements and thousands of domain names to avoid detection by law enforcement and cybersecurity professionals.

The group's tactic involves using Facebook ads to attract victims. These ads frequently showcase fabricated celebrity endorsements, which make the scams appear legitimate to unsuspecting users. Reckless Rabbit also manipulates the Domain Name System (DNS) by configuring wildcard responses, meaning any subdomain request yields a response, thus making it challenging for security experts to identify active scam domains.

Global reach is another strategy employed by Reckless Rabbit. The actor tailors content to different countries in order to maximise plausibility and increase the likelihood that users will engage with the fraudulent schemes.

Ruthless Rabbit, the second group identified by Infoblox, operates globally and deploys its own cloaking service. This service performs validation checks to filter non-target traffic, thereby making the detection of their scams more difficult for cybersecurity systems.

Ruthless Rabbit's campaigns often involve imitating legitimate news websites and well-known brands such as WhatsApp or Meta. This impersonation, combined with changing dynamic URL paths on scam landing pages, complicates both tracking and mitigation efforts by cybersecurity teams.

Infoblox noted: "The success of these investment scams hinges on two key elements: chaos and trust. In chaotic times, individuals are more likely to seek quick financial gains. Cybercriminals exploit this chaos by creating a sense of urgency and tap into consumers fear of missing out on a good and easy investment opportunity. At the same time, they leverage trust by using familiar and accepted sources, such as celebrity endorsements and well-known news sites, to make their scams appear legitimate."

The report notes that DNS exploitation is central to the effectiveness of these campaigns. The scale and sophistication of the attacks, which rely on domain generation and management, present significant challenges to traditional security measures but also create opportunities for defenders using DNS-based detection and correlation tools.

Infoblox Threat Intel researchers utilise automated detection systems to analyse DNS data, allowing them to link large numbers of malicious domains used in the scams, according to the report.

The research further advises individuals and organisations to remain vigilant. According to the report's recommendations: "Users should exercise extreme caution when asked to invest in any project or company. Double-check any domain with a major search engine to ensure it is not a spoofed or fake site. Any media claiming sponsorship of the platform by major sports figures or celebrities should be treated with caution and users should consider that those claims could have been produced using AI."

The report also addresses organisational preparedness by noting: "Organisations that use Protective DNS services with strong threat intelligence behind it can protect all of their users from these scams by preventing access to fake media and platforms."

RDGAs, a major tool used by the identified threat actors, are described in the report as "a sophisticated evolution of traditional domain generation algorithms (DGAs) used by cybercriminals to generate large numbers of domain names for malicious activities. These algorithms are utilised in malware, phishing, spam, scams, gambling, traffic distribution systems (TDSs), VPNs, and advertising. They not only allow threat actors to continuously create new domains, but by being registered, they make it difficult for security systems to block them all and so it requires advanced detection methods to stay ahead of these evolving threats."

Infoblox Threat Intel refers to actors leveraging RDGAs as "rabbits" due to their ability to algorithmically create and register numerous domains. The report clarifies, "This means that actors in this category algorithmically create and then register domains. They differ from traditional DGAs in that all of the domains are registered. These malicious domains may be used for a wide range of purposes including malware, phishing, scams, and spam."

The research underlines the increased risk of investment fraud in Australia and the complexity of the cybercriminal infrastructure driving these scams.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Varonis unveils AI Shield to defend sensitive data in real time
APAC CIOs face cyber threats despite rising security spend
Experts urge strong identity measures as password risks grow
Waratek names Rimini Street exclusive Pinnacle Partner globally
Barracuda: One in five firms faces monthly email account attacks
Top stories
Arctic Wolf doubles warranty to USD $3 million with new AI engine
Arctic Wolf & Anthropic to develop autonomous AI cyber SOCs
Arctic Wolf launches Cipher, AI-powered security assistant beta
BeyondTrust unveils free assessment to expose hidden identity risks
World Password Day reminds us: It’s time to rethink access security