Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label SMS. Show all posts
Toll Payment
Cyber Fraud Cybersecurity CyberThreat E-ZPass FasTrak Road Toll Scam Alert SMiShing SMS Toll Payment

Smishing Triad Broadens Fraud Campaign to Include Toll Payment Services

 


Tolling agencies throughout the United States are battling an escalating cybersecurity threat that is causing deceptive text message scams, which are often called smishing, to escalate. As a result of these fraudulent campaigns, unsuspecting motorists are lured into clicking harmful links and sending unauthorized payments by impersonating legitimate toll payment notification emails. 

The main issue is that the tolling infrastructure does not contain system intrusions or data breaches, contrary to common misconceptions. As a result, bad actors are exploiting widely recognized tolling practices as a means of deceiving individuals into engaging with malicious content, which is in direct contravention of public trust. 

A critical line of defense against these fraudulent activities, which toll operators are strengthening their collaboration with cybersecurity experts and law enforcement agencies, remains public awareness. Communication professionals within these organizations play a crucial role in proactively informing and educating their consumers regarding these fraudulent activities. It is imperative that outreach and messaging are clear and consistent so that individuals can recognize legitimate correspondence and avoid falling victim to sophisticated digital deception. 

To combat this growing threat, we need not only technological measures but also a comprehensive communication strategy centred on transparency, vigilance and trust. As part of the increasing prevalence of digital fraud, deceptive text messages alleging that toll charges have not been paid are becoming increasingly prevalent. 

There is a tactic in practice known as "smishing," a combination of short message service (SMS) and email fraud, which involves the use of text messaging platforms to deceive users into disclosing sensitive personal or financial information, or unintentionally install malicious software, which is referred to as smishing. While this fraudulent premise may seem straightforward, the impact it has is tremendous. As well as suffering direct financial losses, victims may also compromise the security of their devices, allowing them to be vulnerable to identity theft and data breaches. 

A Chinese cybercrime syndicate known as Smishing is responsible for an increase in toll-related scams, a trend which is associated with a marked increase in smishing attacks. A group called Triath has begun launching highly coordinated fraud campaigns that target consumers in the United States and the United Kingdom, with indications that the fraud might expand globally in the coming months. The deceptive messages are often misconstrued as legitimate toll service notifications, citing recognizable platforms such as FasTrak, E-ZPass, and I-Pass as a means of convincing the reader that the message is legitimate. 

There is a strong correlation between these operations and the group's previous international fraud patterns, which suggests that the group is seeking to exploit tolling systems across various regions as a larger strategic initiative. By exploiting an E-ZPass account credential harvesting scheme, cybercriminals are targeting an increasing number of E-ZPass users across multiple states. Scammers are sending fraudulent text messages posing as official tolling authorities to alert victims to the fact that there is an outstanding toll balance on their accounts. 

It is common for these messages to contain false claims that the account has expired or is delinquent, prompting the user to make an urgent payment to avoid penalties. As for the requests, typically they range between $3.95 and $12.55 — sums that are low enough to avoid raising suspicions, but high enough to be exploited at scale. 

By utilizing a minimal financial impact, it is more likely that the recipient will comply since such minor charges may not be scrutinized by the recipient. When an attacker entices their users to click embedded links, they redirect them to counterfeit portals that steal sensitive information like logins or payment information, which in turn compromises the users' data under the guise of a routine toll notification, which can then compromise their personal information. 

The most insidious part of these campaigns is the sophisticated spoofing of Sender IDs, which makes it seem as if the messages are from official sources, making them seem particularly dangerous. There are various instant messaging platforms available today that offer relatively limited spam protection, compared to email-based phishing, which is increasingly mitigated by advanced filtering technologies. These platforms, such as SMS, iMessage, and similar services, offer comparatively limited spam protection, compared to email-based phishing. 

The perception of urgency embedded in the communication often provokes immediate action as well, since they are highly trusted by their users. Those scams that combine technical evasion with psychological manipulation are highly effective, outperforming the effectiveness of traditional phishing vectors such as email and search engine manipulation in terms of success rates. 

With the widespread adoption of cashless tolling systems and the increasing use of mobile devices for routine transactions, there is a ripe environment for the exploitation of these devices. These evolving digital habits are exploited by fraudsters by impersonating legitimate agencies and utilizing the appearance of urgency to induce immediate action, often uncritical, from the target group. 

According to the Federal Bureau of Investigation's Internet Crime Complaint Center, over 60,000 reports involving such scams were received during 2024, indicating the alarming nature of the problem. There is a trend among text-based fraud that includes toll-related schemes, but it is also a common occurrence. 

Text-based fraud can be based on overdue phone bills, shipping notifications, or even fake cybersecurity alerts. Attacks like these are often carried out by increasingly organized international criminal networks by using automated systems able to target thousands of individuals at the same time. The federal and state governments, along with the transportation agencies, have responded to the situation by issuing public advisories to raise awareness and encourage vigilance. Although specific actors have not yet been officially identified, it has become increasingly apparent that cybercrime syndicates are engaged in these toll-related smishing campaigns due to their scope and precision. 

Recent developments in emerging intelligence have revealed several important developments, including: 

In a recent report, it has been reported that criminal groups based in China are selling ready-made pre-compiled phishing kits, making it easier for fraudsters to impersonate toll agencies with the highest degree of accuracy and with the least amount of technical knowledge. 

The attackers registered thousands of fake domain names that appear to be legitimate toll websites and made them appear as if they were legitimate toll websites from multiple states, including Massachusetts, Florida, and Texas. 

Fraudsters are actively exploiting the names of well-known toll systems to mislead the public into believing that they are dealing with a genuine problem and coerce them into clicking malicious links or disclosing personal information. 

“The rise of these sophisticated road toll scams is catching many people off guard, highlighting the evolving nature of cybercrime. What we're seeing is a well-organized and potentially lucrative operation,” 
— Gene Kingsley, Special VP, Board of Directors, InfraGard National Members Alliance; Chairman, American Security and Resilience Foundation 

A more effective way of deterring crime is to raise public awareness about it through the following methods: 

This level of sophistication emphasizes the pivotal role public education plays as the first line of defence against such threats. The aim is to raise individuals' awareness about these types of tactics, to enable them to recognize and report suspicious messages. 

As a precautionary measure against the potential risks, the Federal Bureau of Investigation (FBI) recommends the following protective measures: 

Do not respond to unsolicited text messages seeking personal and financial information. 

Do not click on links that appear in unexpected messages, as these may lead to fake websites that are designed to steal users' personal information. The toll agency can be contacted directly through official channels to verify the message. 

The FBI Internet Crime Complaint Center can be contacted at www.ic3.gov, where users can report fraud along with the sender's name and suspicious links. Once they report the scam, delete any fraudulent messages to prevent unintentional interaction with the sender. 

To disrupt these fraudulent operations and protect their digital identity, consumers must follow these steps and remain sceptical when it comes to unsolicited communications.
Read more »
Tax
Android Apple ID Cybercrime Cyberattacks CyberThreat Data iOS Lucid Mobile Security Phishing URL phishing-as-a-service SMS Tax

Lucid Faces Increasing Risks from Phishing-as-a-Service

 


Phishing-as-a-service (PaaS) platforms like Lucid have emerged as significant cyber threats because they are highly sophisticated, have been used in large-scale phishing campaigns in 88 countries, and have been compromised by 169 entities. As part of this platform, sophisticated social engineering tactics are employed to deliver misleading messages to recipients, utilising iMessage (iOS) and RCS (Android) so that they are duped into divulging sensitive data. 

In general, telecom providers can minimize SMS-based phishing, or smishing, by scanning and blocking suspicious messages before they reach their intended recipients. However, with the development of internet-based messaging services such as iMessage (iOS) and RCS (Android), phishing prevention has become increasingly challenging. There is an end-to-end encryption process used on these platforms, unlike traditional cellular networks, that prevents service providers from being able to detect or filter malicious content. 

Using this encryption, the Lucid PhaaS platform has been delivering phishing links directly to victims, evading detection and allowing for a significant increase in attack effectiveness. To trick victims into clicking fraudulent links, Lucid orchestrates phishing campaigns designed to mimic urgent messages from trusted organizations such as postal services, tax agencies, and financial institutions. As a result, the victims are tricked into clicking fraudulent links, which redirect them to carefully crafted fake websites impersonating genuine platforms, causing them to be deceived. 

Through Lucid, phishing links are distributed throughout the world that direct victims to a fraudulent landing page that mimics official government agencies and well-known private companies. A deceptive site impersonating several entities, for example, USPS, DHL, Royal Mail, FedEx, Revolut, Amazon, American Express, HSBC, E-ZPass, SunPass, and Transport for London, creates a false appearance of legitimacy as a result. 

It is the primary objective of phishing websites to obtain sensitive personal and financial information, such as full names, email addresses, residential addresses, and credit card information, by using phishing websites. This scam is made more effective by the fact that Lucid’s platform offers a built-in tool for validating credit cards, which allows cybercriminals to test stolen credit card information in real-time, thereby enhancing the effectiveness of the scam. 

By offering an automated and highly sophisticated phishing infrastructure that has been designed to reduce the barrier to entry for cybercriminals, Lucid drastically lowers the barrier to entry for cybercriminals. Valid payment information can either be sold on underground markets or used directly to make fraudulent transactions. Through the use of its streamlined services, attackers have access to scalable and reliable platforms for conducting large-scale phishing campaigns, which makes fraudulent activities easier and more efficient. 

With the combination of highly convincing templates, resilient infrastructure, and automated tools, malicious actors have a higher chance of succeeding. It is therefore recommended that users take precautionary measures when receiving messages asking them to click on embedded links or provide personal information to mitigate risks. 

Rather than engaging with unsolicited requests, individuals are advised to check the official website of their service provider and verify if they have any pending alerts, invoices, or account notifications through legitimate channels to avoid engaging with such unsolicited requests. Cybercriminals have become more adept at sending hundreds of thousands of phishing messages in the past year by utilizing iPhone device farms and emulating iPhone devices on Windows systems. These factors have contributed to the scale and efficiency of these operations. 

As Lucid's operators take advantage of these adaptive techniques to bypass security filters relating to authentication, they are able to originate targeted phone numbers from data breaches and cybercrime forums, thus further increasing the reach of these scams. 

A method of establishing two-way communication with an attacker via iMessage can be accomplished using temporary Apple IDs with falsified display names in combination with a method called "please reply with Y". In doing so, attackers circumvent Apple's link-clicking constraints by creating fake Apple IDs.

It has been found that the attackers are exploiting inconsistencies in carrier sender verification and rotating sending domains and phone numbers to evade detection by the carrier. 

Furthermore, Lucid's platform provides automated tools for creating customized phishing sites that are designed with advanced evasion mechanisms, such as IP blocking, user-agent filtering, and single-use cookie-limited URLs, in addition to facilitating large-scale phishing attacks. 

It also provides real-time monitoring of victim interaction via a dedicated panel that is constructed on a PHP framework called Webman, which allows attackers to track user activity and extract information that is submitted, including credit card numbers, that are then verified further before the attacker can exploit them. 

There are several sophisticated tactics Lucid’s operators utilize to enhance the success of these attacks, including highly customizable phishing templates that mimic the branding and design of the companies they are targeting. They also have geotargeting capabilities, so attacks can be tailored based on where the recipient is located for increased credibility. The links used in phishing attempts can not be analyzed by cybersecurity experts if they expire after an attack because they expire. 

Using automated mobile farms that can execute large-scale phishing campaigns with minimal human intervention, Lucid can bypass conventional security measures without any human intervention, which makes Lucid an ever-present threat to individuals and organizations worldwide. As phishing techniques evolve, Lucid's capabilities demonstrate how sophisticated cybercrime is becoming, presenting a significant challenge to cybersecurity professionals worldwide. 

It has been since mid-2023 that Lucid was controlled by the Xin Xin Group, a Chinese cybercriminal organization that operates it through subscription-based models. Using the model, threat actors can subscribe to an extensive collection of phishing tools that includes over 1,000 phishing domains, customized phishing websites that are dynamically generated, as well as spamming utilities of professional quality.

This platform is not only able to automate many aspects of cyberattacks, but it is also a powerful tool in the hands of malicious actors, since it greatly increases both the efficiency and scalability of their attacks. 

To spread fraudulent messages to unsuspecting recipients, the Xin Xin Group utilizes various smishing services to disseminate them as genuine messages. In many cases, these messages refer to unpaid tolls, shipping charges, or tax declarations, creating an urgent sense of urgency for users to respond. In light of this, the sheer volume of messages that are sent makes these campaigns very effective, since they help to significantly increase the odds that the victims will be taken in by the scam, due to the sheer volume of messages sent out. 

The Lucid strategy, in contrast to targeted phishing operations that focus on a particular individual, aims to gather large amounts of data, so that large databases of phone numbers can be created and then exploited in large numbers at a later date. By using this approach, it is evident that Chinese-speaking cybercriminals have become an increasingly significant force within the global underground economy, reinforcing their influence within the phishing ecosystem as a whole. 

As a result of the research conducted by Prodaft, the PhaaS platform Lucid has been linked to Darcula v3, suggesting a complex network of cybercriminal activities that are linked to Lucid. The fact that these two platforms are possibly affiliated indicates that there is a very high degree of coordination and resource sharing within the underground cybercrime ecosystem, thereby intensifying the threat to the public. 

There is no question, that the rapid development of these platforms has been accompanied by wide-ranging threats exploiting security vulnerabilities, bypassing traditional defences, and deceiving even the most circumspect users, underscoring the urgent need for proactive cybersecurity strategies and enhanced threat intelligence strategies on a global scale to mitigate these risks. Despite Lucid and similar Phishing-as-a-Service platforms continuing to evolve, they demonstrate how sophisticated cyber threats have become. 

To combat cybercrime, one must be vigilant, take proactive measures, and work together as a global community to combat this rapid proliferation of illicit networks. Having strong detection capabilities within organizations is necessary, while individuals must remain cautious of unsolicited emails as well as verify information from official sources directly as they see fit. To prevent falling victim to these increasingly deceptive attacks that are evolving rapidly, one must stay informed, cautious, and security-conscious.
Read more »
SMS
CyberCrime Cyberhackers Cybersecurity CyberThreat Digital Evidence Judicial Response Privacy SMS

Forensic Analysis in the eXp Realty Case: Privacy and Evidence Integrity

 


In a recent video hearing for the case Acevedo v. eXp, related to a sexual assault claim, a judge deliberated on whether to grant a protective order that would prevent a forensic examination of eXp founder and chairman Glenn Sanford's cell phone during the discovery process.

The plaintiff argued that Sanford’s right to privacy does not override their request for electronically stored information (ESI) to review metadata. Courtrooms increasingly rely on text message screenshots as evidence, but the authenticity of these screenshots is frequently called into question. In a prior case, Sanford provided screenshots of text messages, but these alone failed to meet evidentiary standards for authenticity.

The Role of Forensic Analysis

Sanford submitted screenshots of text message conversations in court, which the plaintiffs argued were insufficient for evidentiary purposes. According to RisMedia, the self-collection method allegedly used by Sanford was inadequate. The US District Court for the Southern District of New York, under Judge Judith Rosenberg, issued a protective order requiring Sanford to collaborate with a digital evidence expert. This ensures that the extraction and verification of text messages from the physical device adhere to strict privacy safeguards.

Forensic analysis plays a pivotal role in ensuring the authenticity of digital evidence. The process retrieves all available data without bias, including potentially deleted content, to present a complete and credible picture of the evidence while respecting privacy concerns.

Advanced Technology in Digital Forensics

Forensic investigations rely on cutting-edge tools like Cellebrite and Magnet Forensics GrayKey to extract comprehensive data from mobile devices. This process, known as forensic acquisition, systematically retrieves all available data fields without prefiltering, ensuring that no evidence is overlooked.

The complexity of mobile data storage presents challenges, making exhaustive and unbiased data collection essential to meet evidentiary standards. Forensic analysis goes beyond recovering visible messages by retrieving associated metadata, deleted communications, and other artifacts to provide a complete picture of the evidence.

Privacy vs. Evidentiary Needs

While forensic investigations are invaluable for uncovering the truth, their intrusive nature raises significant privacy concerns. Judge Rosenberg's protective order aims to strike a balance between maintaining the integrity of the forensic process and safeguarding individual privacy. The order emphasizes responsible handling of sensitive data while ensuring that the evidence presented in court is credible.

Challenges with Traditional Evidence

Traditional SMS and MMS messages are logged by mobile carriers, generating call detail records (CDRs) that include timestamps, phone numbers, and network information. However, these records do not contain the content of the messages, which is typically deleted shortly after transmission. Internet-based messaging platforms like iMessage, WhatsApp, and Telegram bypass traditional cellular networks, leaving carriers unable to log these communications.

Forensic analysis of physical devices remains the most reliable way to retrieve complete messaging data, including metadata and deleted content, from these platforms. Such detailed analysis ensures that digital evidence can withstand rigorous scrutiny in court.

The Growing Importance of Digital Forensics

The eXp Realty case highlights the increasing reliance on advanced digital forensic methods to address the limitations of traditional evidence like screenshots. Comprehensive forensic investigations provide verifiable records, capturing nuanced details that enhance the reliability of evidence.

Courts are increasingly adopting protective orders to balance privacy with evidentiary needs, emphasizing the importance of accurate and trustworthy evidence. This case illustrates how digital forensic methods are evolving to meet the demands of modern legal disputes in an era dominated by technology.

Read more »
TRAI
Airtel Cyber Security Jio Mobile Network Network Security OTP SMS Telecommunication TRAI

India’s New SMS Traceability Rules to Combat Fraud Begin November 1, 2024

 

Beginning November 1, 2024, Indian telecom providers Airtel, Jio, and Vi will follow a new set of SMS traceability and monitoring guidelines mandated by the Telecom Regulatory Authority of India (TRAI). Aimed at combating cybercrime, these measures seek to enhance security by allowing users to block suspicious calls and messages effectively. By tracing SMS sources more accurately, telecom operators can swiftly identify and block fraudulent messages, improving the fight against scams and phishing attempts. 

Additionally, organizations sending promotional SMS, such as banks and e-commerce companies, must adhere to TRAI’s telemarketing standards, or risk their messages being blocked. This initiative aims to create a safer SMS ecosystem, giving users a clearer means to distinguish legitimate messages from scams. Yet, the vast volume of commercial messages sent in India—between 1.5 and 1.7 billion daily—makes it challenging to implement such a system seamlessly. With high-volume traffic, the infrastructure for monitoring requires robust capabilities to ensure message traceability without slowing down service for time-sensitive messages, especially for critical banking and transaction-related OTPs. Another layer of concern involves potential delays in urgent messages. 

These requirements could slow the delivery of essential communications, such as OTPs used in online banking. Telecoms are working to prevent this issue, as delays in these transactional messages could interrupt online financial processes. Balancing security and timely delivery is essential for TRAI and telecom providers, particularly for consumers who rely on timely OTPs and other immediate notifications. The Cellular Operators Association of India (COAI), which represents key telecom companies like Airtel, Jio, and Vodafone-Idea, has requested a two-month delay to facilitate a smoother transition. This extension would allow telecom operators additional time to set up necessary infrastructure and conduct thorough testing to avoid unintentional service disruptions. 

While TRAI maintains its commitment to the November deadline, telecom companies argue that extra preparation time could ensure reliable service delivery and a smoother rollout. Telecom providers have committed to ensuring user security remains intact while providing efficient service. TRAI’s objective is to foster a more secure digital communication environment where consumers feel protected against fraud and unauthorized data use. However, the effectiveness of these changes depends heavily on the ability of telecom companies to meet these new standards without compromising service quality. 

TRAI’s new SMS traceability requirements represent a meaningful step forward in enhancing consumer protection against digital scams. Despite logistical challenges, this initiative could make India’s messaging landscape safer, allowing consumers greater peace of mind. The success of this system depends on how effectively telecom providers can balance secure traceability with minimal disruption to essential services, paving the way for a digital space that prioritizes both security and efficiency.
Read more »
TRAI
Airtel Cyber Attacks CyberCrime Cyberfraud Cyberhackers Cyberspam CyberThreat DoT Malicious calls SMS Telecom TRAI

India Launches New Initiatives to Combat Spam and Cyber Fraud

 


There is a renewed effort underway in the fight against spam and unsolicited commercial communication as the Department of Telecom (DoT), the telecom regulator Trai, and private telecommunication companies are launching new programs to combat cyber fraud and phishing attacks that are on the rise. 

Several regulatory agencies have been working hard to crack down on spammers and block the numbers of individuals who are engaging in fraudulent activities as detected by Trai and the DoT. It has been reported that the Trai and DoT have been targeting spammers and blocking numbers that seem suspicious. 

Additionally, they have met with representatives from telecom companies to establish new rules regarding vigilance and curbing unwanted activities to control them more effectively. The company has developed an AI-driven tool that helps identify spam and sends an alert to customers if it detects it. A blockchain-based spam control system has been rolled out by Vodafone Idea as part of its SMS spam control program. 

As part of Bharti Airtel's campaign to handle the issue of spam for customers, the company launched India's first network-based, AI-powered spam detection solution on Wednesday. It has been a long time since they met with top representatives from telecom companies and asked them to be vigilant against these criminal activities as well as stipulating new rules to counter them in the future. 

A report issued by the Telecom Regulatory Authority of India and the Department of Telecommunications has indicated that over a crore fraudulent mobile connections have been disconnected, as well as 2.27 lakh handsets that are subject to financial fraud and cybercrime. According to Trai, mobile operators have been encouraged to disconnect telecom resources that are used for bulk spam calls and they have stated that such entities could be blacklisted for up to two years if they are not disconnected. 

Furthermore, telecom companies will be required to check all SMS transmissions containing non-whitelisted URLs, to reduce the misuse of SMS headers and templates and, as a result, ensuring that standard SMS protocols are followed. Trai has mandated as of November 1, all telecommunications operators shall ensure the traceability of messages from the point of origin to the point of destination. 

 According to Airtel CEO Gopal Vittal, spam has become a menace for its customers. It is believed that the entire industry needs to work together to resolve this problem comprehensively... (and) to shield our customers from the continuous onslaught of intrusive and unwanted communications. The Vodafone Idea announced that it will launch soon a URL whitelisting platform, stating, "Vi is participating actively on the topic along with the TRAI, COAI, and other relevant groups.". 

Airtel's data scientists are using a proprietary algorithm to identify and classify calls and SMSs as 'suspected SPAM' through the AI-powered solution developed in-house by Airtel's data scientists. A network powered by artificial intelligence analyzes, in real-time, several parameters including the usage patterns of the caller or sender, the frequency of calls and SMS, and the duration of the calls, among other factors. 

As a result of comparing the information you provide with this information with known spam patterns, the system can flag suspicious calls and SMSs. Further, Airtel has developed a system that notifies customers when malicious links are sent via SMS. To achieve this, Airtel has built a centralized database of blacklisted URLs, and every SMS is scanned in real-time by an AI algorithm to alert users in order not to click on those links accidentally.
Read more »
Yemeni
Cyberattacks Cyberhackers CyberThreat Cyebrcrime Military Phones Privacy. SMS Yemeni

Yemeni Hackers Unmasked Spying on Middle Eastern Military Phones

 


According to researchers at MIT, a Yemeni hacking group has been eavesdropping on the phone calls of military personnel in the Middle East, the latest example of mobile surveillance becoming prevalent in conflicts around the world as a result of the proliferation of mobile technologies. According to new research, American Shia Islamist allies of an organization that operates in Yemen have been using surveillance technology to target militaries in a range of countries throughout the Middle East since 2019. It has been discovered that a threat actor aligned with the Houthis has used malware known as GuardZoo to steal photos, documents, and other files from devices infected with the malware, researchers at Lookout reported in a report posted Tuesday. 

A majority of the roughly 450 victims, according to unprotected controller logs, were found in Yemen, Saudi Arabia, Egypt, and Oman. In contrast, a smaller number were found in the United Arab Emirates, Turkey, and Qatar, based on unsecured server logs. There was a civil war between Houthis and Arab soldiers in the city of Sanaa in 2014 when they took control. This led to a famine in the city. According to human rights groups, there have been a series of arbitrary arrests, torture, and enforced disappearances in Yemen since June 2019, following a controversial Saudi-led intervention there. 

According to Lookout, the campaign is believed to have started as early as October and has been attributed to a threat actor aligned with the Houthi militia, based on information such as the application lures, control-and-control server logs, targets, and the location of the attack infrastructure, and Lookout confirmed this. Lookout says its surveillance tool draws its name from a piece of source code that persists on an infected device for a long period. 

According to the report, the malware not only steals photos and documents from an infected device, but it can also "coordinate data files related to marked locations, routes, and tracks" and can identify the location, model number, cellular service provider, and configuration of a Wi-Fi enabled device. Developed by Symantec, the GuardZoo Java application is a modified version of a remote access trojan (RAT) called Dendroid RAT which was originally discovered in March 2014 by Broadcom-owned Symantec. Earlier in August, it had been revealed that there had been a leak of the entire source code for the crimeware solution. 

This piece of malware was first sold for a one-off price of $300, but the capabilities it offers go far beyond what is expected from commodity malware. It is equipped with phone numbers and call logs that can be deleted, web pages that can be accessed, audio and call recordings, SMS messages that can be accessed, and even HTTP flood attacks. The researchers from Lookout said in a report shared with us that the code base underwent many changes, new functionalities were added and unused functions were removed. They added that many changes had been made for the betterment of the code base. As Guardzoo says in a statement, the command and control (C2) backend is no longer based on Dendroid RAT's leaked PHP web panel but rather uses an ASP.NET-based backend created specially for C2. 

After embarking on a military campaign against the then government in 2014, the Houthi movement became internationally known when it caused that government's fall, and set off the post-war humanitarian crisis that followed. Iran backs this group, and they have been fighting against a Saudi-backed military force for years. The militant group recently carried out a series of crippling attacks against international ships transiting the Strait of Hormuz in retaliation for Israel's military operation in Gaza, which has put a strain on international shipping.   

There has been an increase in the use of cyber capabilities by the Houthis in recent years. Researchers from Recorded Future have observed hackers with likely ties to the Houthis carrying out digital espionage campaigns that were carried out using WhatsApp as a method of sending malicious lures to targeted individuals last year.   On Tuesday, Lookout's report revealed that an ongoing campaign not only relied on direct browser downloads but also utilized WhatsApp to infect its targets. Lookout’s senior security researcher, Alemdar Islamoglu, noted that the group behind this campaign, which had not been previously observed by their researchers, showed a particular interest in maps that could disclose the locations of military assets. 

The campaign predominantly employed military themes to attract victims. However, Lookout researchers also identified the use of religious themes and other motifs, including examples such as a religious-themed prayer app or various military-themed applications. Additionally, Recorded Future released a report on Tuesday concerning a group likely affiliated with pro-Houthi activities, which they have named OilAlpha. This group continues to target humanitarian organizations operating in Yemen, including CARE International and the Norwegian Refugee Council. The report noted that military emblems from various Middle Eastern countries, such as the Yemen Armed Forces and the Command and Staff College of the Saudi Armed Forces, were used as lures in military-themed applications. 

Recorded Future’s Insikt Group documented that OilAlpha is targeting humanitarian and human rights organizations in Yemen with malicious Android applications. The group's objective appears to be the theft of credentials and the collection of intelligence, potentially to influence the distribution of aid. The Insikt Group first detected this exploit in May, with CARE International and the Norwegian Refugee Council among the affected organizations.
Read more »
SMS
Cyber Frauds Cyber Security Cyberatttacks CyberCrime CyberThreat DoT Government Crackdown SMS

Fraudulent SMS Entities Blacklisted in Government Crackdown



An official release states that the government has blacklisted 'principal entities' behind SMS headers that have been sent over 10,000 fraudulent messages over the past three months as part of a crackdown on SMS scammers. As part of the Sanchar Saathi initiative, the Department of Telecom (DoT) and the Ministry of Home Affairs (MHA) have taken decisive steps to prevent potential SMS fraud, which was launched by the Department of Telecom (DoT). 

According to the Indian Cyber Crime Coordination Centre (I4C), eight SMS headers are being misused to send fraudulent messages for committing cybercrime. In the past three months, the Department of Transport has taken down more than 10,000 fraudulent messages sent using eight headers. These messages belong to eight different Principal Entities (PEs). 

There is a list of the 8 principal entities listed below, along with the 73 SMS headers they own and the 1522 SMS content templates associated with them. There is no longer any possibility of sending SMS via any telecom operator thanks to DoT's steps, which have prohibited the use of any of these Principal Entities, SMS Headers, or templates. 

According to the Indian Cyber Crime Coordination Center, which is under the Ministry of Human Resources, eight SMS headers were misused to send fraudulent communications to commit cybercrime. The term 'principal entity' is commonly used in telecom parlance to refer to business or legal entities that send out commercial messages via SMS to subscribers of mobile operators. Headers can be considered to be alphanumeric strings assigned to a 'principal entity' to send commercial communications. 

In addition, DoT has reiterated its commitment to safeguarding citizens against cybercrime by blacklisting these entities to prevent further victimization of citizens. According to the release, “Citizens can report suspected fraud communications at Chakshu facility on Sanchar Saathi to help DoT in preventing cybercrime and financial frauds from being perpetrated by telecom companies.” TRAI has mandated that only registered principal entities can send promotional and marketing messages to mobile consumers as per its mandate. 

Following the mandate, all commercial messaging (one-time passwords, promotional messages, account balance updates etc) was required to be moved onto the blockchain-based platform by telecom operators. In the country, the government does not permit telemarketing activities, so mobile numbers cannot be used. Upon the first complaint, consumers may be disqualified from their telephone connection if they use the connection to send promotional messages

Additionally, they may also be blacklisted for two years with their name and address being blacklisted. You can identify telemarketing calls by their prefixes: 180, 140, and 10-digit numbers cannot be used for telemarketing. You can report spam by dialing 1909, or by using the Do Not Disturb (DND) service.  

Read more »
VoIP
Cisco Data Breach Employee Data Information Security Multi-Factor Authentication (MFA) SMS Supply chain vulnerability third party VoIP

Cisco Duo raises awareness over a breach in third-party data security, revealing the exposure of SMS MFA logs.

 

In the ever-evolving landscape of cybersecurity, safeguarding sensitive information and ensuring secure access to corporate networks are paramount concerns for organizations worldwide. Recently, Cisco Duo, a leading provider of multi-factor authentication (MFA) and Single Sign-On services, found itself grappling with a significant breach that shed light on the evolving threats confronting modern enterprises. 

On April 1, 2024, Cisco Duo's security team sent out a warning to its extensive customer base regarding a cyberattack targeting their telephony provider, which handles the transmission of SMS and VoIP MFA messages. According to reports, threat actors leveraged employee credentials acquired through a sophisticated phishing attack to infiltrate the provider's systems. 

Following the breach, the attackers successfully obtained and extracted SMS and VoIP MFA message logs linked to specific Duo accounts, covering the timeframe from March 1, 2024, to March 31, 2024. The ramifications of this breach are deeply concerning. While the provider assured that the threat actors did not access the contents of the messages or utilize their access to send messages to customers, the stolen message logs contain data that could be exploited in targeted phishing campaigns. 

This poses a significant risk to affected organizations, potentially resulting in unauthorized access to sensitive information, including corporate credentials. In response to the breach, Cisco Duo swiftly mobilized, collaborating closely with the telephony provider to conduct a thorough investigation and implement additional security measures. The compromised credentials were promptly invalidated, and robust measures were instituted to fortify defenses and mitigate the risk of recurrence. 

Additionally, the provider furnished Cisco Duo with comprehensive access to all exposed message logs, enabling a meticulous analysis of the breach's scope and impact. Despite these proactive measures, Cisco Duo has urged affected customers to exercise heightened vigilance against potential SMS phishing or social engineering attacks leveraging the stolen information. Organizations are advised to promptly notify users whose phone numbers were contained in the compromised logs, educating them about the risks associated with social engineering tactics. 

Furthermore, Cisco has emphasized the importance of promptly reporting any suspicious activity and implementing proactive measures to mitigate potential threats. This incident serves as a stark reminder of the persistent and evolving threat landscape faced by organizations in today's digital age. As reliance on MFA and other security solutions intensifies, proactive monitoring, regular security assessments, and ongoing user education are indispensable components of an effective cybersecurity posture. 

Moreover, the Cisco Duo breach underscores the broader issue of supply chain vulnerabilities in cybersecurity. While organizations diligently fortify their internal defenses, they remain susceptible to breaches through third-party service providers. Hence, it is imperative for businesses to meticulously evaluate the security practices of their vendors and establish robust protocols for managing third-party risks. 

As the cybersecurity landscape continues to evolve, organizations must remain agile, adaptive, and proactive in their approach to cybersecurity. By prioritizing robust security measures, fostering a culture of cyber resilience, and fostering close collaboration with trusted partners, organizations can effectively mitigate risks and safeguard their digital assets in the face of evolving threats.
Read more »
Subscribe to: Posts (Atom)