Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label 2024. Show all posts
WhatsApp accounts blocked
2024 Cyber Fraud cybercrime awareness cybercrime crackdown digital arrest fraud digital scams India human trafficking scams online financial scams WhatsApp accounts blocked

India Blocks 17,000 WhatsApp Accounts to Combat Digital Arrest Fraud

 

In a decisive move against rising cyber fraud, the Ministry of Home Affairs (MHA) has blocked over 17,000 WhatsApp accounts allegedly involved in digital arrest scams. Sources revealed that many of these accounts were traced to countries such as Cambodia, Myanmar, Laos, and Thailand, where they were reportedly used for fraudulent activities.

This crackdown was spearheaded by the Home Ministry's cybercrime coordination centre, acting on complaints submitted by victims through online platforms. The Ministry reviewed these complaints, identified suspicious accounts, and instructed WhatsApp to take action.

The action follows an investigative report by India Today, which uncovered operations of fraudulent call centres based in Cambodia, Myanmar, and Laos. These call centres, often located in Chinese-owned casinos in Cambodia, are linked to large-scale cyber fraud. Investigations also revealed a disturbing connection to human trafficking, where Indian citizens are lured to Cambodia with job promises and then coerced into executing online scams.

"Digital arrest" scams involve fraudsters impersonating law enforcement officials, such as CBI agents, income tax officers, or customs agents, to extort money. Victims are intimidated with false accusations of illegal activities and pressured to transfer large sums of money.

Prime Minister Narendra Modi recently issued a public warning, urging citizens to stay vigilant and report such incidents to the cyber helpline.

Home Ministry cyber wing sources estimate that scammers have been siphoning off approximately ₹6 crore daily through these frauds. Between January and October this year, digital arrest scams accounted for ₹2,140 crore in losses, with 92,334 cases reported during the period.
Read more »
Threat Detection
2024 Authentication Cyber Fraud CyberCrime Cybersecurity Mamba 2FA MFA phishing phishing-as-a-service SEKOIA Telegram Threat Detection

Mamba 2FA Emerges as a New Threat in Phishing Landscape

 

In the ever-changing landscape of phishing attacks, a new threat has emerged: Mamba 2FA. Discovered in late May 2024 by the Threat Detection & Research (TDR) team at Sekoia, this adversary-in-the-middle (AiTM) phishing kit specifically targets multi-factor authentication (MFA) systems. Mamba 2FA has rapidly gained popularity in the phishing-as-a-service (PhaaS) market, facilitating attackers in circumventing non-phishing-resistant MFA methods such as one-time passwords and app notifications.

Initially detected during a phishing campaign that imitated Microsoft 365 login pages, Mamba 2FA functions by relaying MFA credentials through phishing sites, utilizing the Socket.IO JavaScript library to communicate with a backend server. According to Sekoia's report, “At first, these characteristics appeared similar to the Tycoon 2FA phishing-as-a-service platform, but a closer examination revealed that the campaign utilized a previously unknown AiTM phishing kit tracked by Sekoia as Mamba 2FA.” 

The infrastructure of Mamba 2FA has been observed targeting Entra ID, third-party single sign-on providers, and consumer Microsoft accounts, with stolen credentials transmitted directly to attackers via Telegram for near-instant access to compromised accounts.

A notable feature of Mamba 2FA is its capacity to adapt to its targets dynamically. For instance, in cases involving enterprise accounts, the phishing page can mirror an organization’s specific branding, including logos and background images, enhancing the believability of the attack. The report noted, “For enterprise accounts, it dynamically reflects the organization’s custom login page branding.”

Mamba 2FA goes beyond simple MFA interception, handling various MFA methods and updating the phishing page based on user interactions. This flexibility makes it an appealing tool for cybercriminals aiming to exploit even the most advanced MFA implementations.

Available on Telegram for $250 per month, Mamba 2FA is accessible to a broad range of attackers. Users can generate phishing links and HTML attachments on demand, with the infrastructure shared among multiple users. Since its active promotion began in March 2024, the kit's ongoing development highlights a persistent threat in the cybersecurity landscape.

Research from Sekoia underscores the kit’s rapid evolution: “The phishing kit and its associated infrastructure have undergone several significant updates.” With its relay servers hosted on commercial proxy services, Mamba 2FA effectively conceals its true infrastructure, thereby minimizing the likelihood of detection.

Read more »
Subscribe to: Posts (Atom)