Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Social Engineering. Show all posts
Social Engineering
Cyber Attacks Extortion FBI Luna Moth Ransomware attack Social Engineering

FBI Warns of Luna Moth Ransomware Attacks Targeting U.S. Law Firms

 

The FBI said that over the last two years, an extortion group known as the Silent Ransom Group has targeted U.S. law firms through callback phishing and social engineering tactics. 

This threat outfit, also known as Luna Moth, Chatty Spider, and UNC3753, has been active since 2022. It was also responsible for BazarCall campaigns, which provided initial access to corporate networks for Ryuk and Conti ransomware assaults. Following Conti's shutdown in March 2022, the threat actors broke away from the cybercrime syndicate and created their own operation known as the Silent Ransom Group.

In recent attacks, SRG mimics the targets' IT help via email, bogus websites, and phone conversations, gaining access to their networks via social engineering tactics. This extortion group does not encrypt victims' systems and is infamous for demanding ransoms in order to keep sensitive information stolen from hacked devices from being leaked online. 

"SRG will then direct the employee to join a remote access session, either through an email sent to them, or navigating to a web page. Once the employee grants access to their device, they are told that work needs to be done overnight," the FBI stated in a private industry notification.

"Once in the victim's device, a typical SRG attack involves minimal privilege escalation and quickly pivots to data exfiltration conducted through 'WinSCP' (Windows Secure Copy) or a hidden or renamed version of 'Rclone.'” 

After acquiring the victims' data, they use ransom emails to blackmail them, threatening to sell or publish the information. They frequently call employees of breached organisations and force them into ransom negotiations. While they have a dedicated website for disclosing their victims' data, the FBI claims the extortion ring does not always followup on its data leak promises. 

To guard against these attacks, the FBI recommends adopting strong passwords, activating two-factor authentication for all employees, performing regular data backups, and teaching personnel on recognising phishing efforts.

The FBI's warning follows a recent EclecticIQ report detailing SRG attacks targeting legal and financial institutions in the United States, with attackers observed registering domains to "impersonate IT helpdesk or support portals for major U.S. law firms and financial services firms, using typosquatted patterns.”

A recent EclecticIQ report about SRG attacks against American legal and financial institutions revealed that the attackers were registering domains to "impersonate IT helpdesk or support portals for major U.S. law firms and financial services firms, using typosquatted patterns." The FBI issued the warning in response to this information. 

Malicious emails with fake helpdesk numbers are being sent to victims, prompting them to call in order to fix a variety of non-existent issues. On the other hand, Luna Moth operators would try to deceive employees of targeted firms into installing remote monitoring & management (RMM) software via phoney IT help desk websites by posing as IT staff.

Once the RMM tool is installed and started, the threat actors have direct keyboard access, allowing them to search for valuable documents on compromised devices and shared drivers, which will then be exfiltrated via Rclone (cloud syncing) or WinSCP (SFTP). According to EclecticIQ, the Silent Ransom Group sends ransom demands ranging from one to eight million USD, depending on the size of the hacked company.
Read more »
User Privacy
Cyber Fraud IT Help Desk Marks & Spencer Social Engineering User Privacy

M&S Hackers Conned IT Help Desk Workers Into Accessing Firm Systems

 

Hackers who attacked Marks & Spencer and the Co-op duped IT professionals into giving them access to their companies' networks, according to a report.

The "social engineering" attack on the Co-op allowed fraudsters to reset an employee's password before infiltrating the network, and a similar method was employed against M&S, insiders told BleepingComputer. 

Hundreds of agency workers at Marks & Spencer were advised not to come to work as the retailer grappled with the aftermath of a hack that cost the business £650 million in a matter of days. 

The disruption started in April when click-and-collect orders and contactless payments were impacted. Stuart Machin, the CEO of M&S, confirmed the issue in a message to customers, stating that the retailer would be making "minor, temporary changes" to in-store operations while it dealt with the ongoing "cyber incident.” 

In order to counter the "social engineering" tactic employed by the hackers from the Scattered Spider network against the UK supermarkets, the National Cyber Security Centre (NCSC) has released new guidelines. 

“Criminal activity online — including, but not limited to, ransomware and data extortion — is rampant. Attacks like this are becoming more and more common. And all organisations, of all sizes, need to be prepared,” noted Jonathon Ellison, NCSC’s national resilience director, and Ollie Whitehouse, its chief technology officer, in a blog post. 

They have recommended firms to "review help desk password reset processes" and pay special attention to "admin" accounts, which typically have more access to a company's network. 

The Scattered Spider network is a group of young guys from the UK and the United States who gained popularity in September 2023 when they broke into and locked up the networks of casino companies Caesars Entertainment and MGM Resorts International, demanding large ransoms. 

Caesars paid approximately $15 million to rebuild its network. It specialises in "breaking down the front door" of networks before passing control to a "ransomware" group, which cripples the network and extorts its owner, according to the Times. 

Tyler Buchanan, a Scottish man accused of being a key member of the organisation, was extradited to the United States from Spain last month after being charged with attempting to hack into hundreds of companies, Bloomberg News reported, citing a US Justice Department official.

At the time of the assault, M&S stated that it is "working extremely hard to restart online and app shopping" and apologies for the inconvenience to customers. It has already been unable to process click and collect orders in stores due to the "cyber incident".
Read more »
Social Engineering
Bots Gaming GitHub malware Redox Stealer Social Engineering

GitHub Scam: Fake Game Mods Steal User Credentials and Data


An advanced malware campaign exploiting GitHub repositories masked as game mods (and cracked software) has been found, revealing a risky blend of automated credential harvesting and social engineering tactics. 

While going through articles on social engineering, cybersecurity expert Tim found “a relatively new scam scheme” that shocked him. “People create thousands of GitHub repositories with all sorts of things - from Roblox and Fortnite mods to "cracked" FL Studio and Photoshop,” says Tim. 

About Redox stealer

Experts have found more than 1,100 dangerous repositories spreading versions of Redox stealer, a python-based malware built to extract important data, browser cookies, gaming platform credentials, and cryptocurrency wallet keys.

When we download and run this software, the data collected from our systems is sent to some Discord server, according to Tim, where “hundreds of people crawl through the data searching for crypto wallet private keys, bank accounts and social media credentials, and even Steam and Riot Games accounts.” 

Redox Stealer Details

Redox runs via a multi-stage data harvesting process that starts with system surveillance. Talking about the technical architecture of the redox stealer, cybersecurity news portal GB Hackers says, “Initial execution triggers a globalInfo() function that collects the victim’s IP address, geolocation via the geolocation-db.com API, and Windows username using os.getenv(‘USERNAME’).”

Issues with Mitigation and GitHub’s Response

Even with GitHub’s malware detection systems, repositories stay functional because:

  1. Activities look real: Accounts with star counts and realistic commit histories escape heuristic analysis. 
  2. Encrypted Payloads: RAR passwords like “cheats4u” stop static code analysis. 
  3. Slow Takedowns: Threat actors rebuild banned repositories via automated topic permutations. 

According to GB Hackers, “The researcher’s spreadsheet of confirmed malicious repos has not yet triggered bulk takedowns, highlighting gaps in proactive monitoring.” 

Conclusion

The GitHub campaign has exposed a significant rise in exploitation of open-source forums for large-scale social engineering. “It's been a long journey and it's barely over - but I think it's more than enough to summarise and discuss the problem,” says Tim. He finds it shocking how easily the information can be accessed online for free “without Tor, without invite, without anyone's approval.”

The information is cleverly disguised as something such as “telegram bot” that sends us offers (scams) or other lucrative baits. 

Read more »
tailgating
baiting Cyber Attacks Cybersecurity awareness hacking tactics phishing pretexting quid pro quo Social Engineering tailgating

Understanding Social Engineering: Methods and Tactics Used by Cybercriminals

 

Social engineering is a term often mentioned alongside phishing. While phishing typically involves digital methods like fraudulent emails or messages aimed at stealing personal data, social engineering is a broader concept. It refers to techniques used by malicious actors to manipulate individuals into revealing sensitive information or granting access that can be exploited for harmful purposes.

This manipulation can take various forms, including pretexting, baiting, tailgating, or quid pro quo. The primary goal is to persuade the target to comply with the attacker’s demands — whether it involves sharing confidential details or providing unauthorized physical access to a secured area.

  • Pretexting
Pretexting involves creating a fabricated story, or "pretext," to deceive the victim into divulging personal or organizational information, downloading malware, or transferring money. This tactic often targets emotions or trust, making it a common method for attackers.

  • Baiting
In baiting attacks, the attacker tempts the victim with enticing offers or items. These may include physical objects, such as malware-infected USB drives left in public spaces, or digital schemes, like deceptive advertisements leading to malicious websites or applications.

  • Tailgating
Known as piggybacking, tailgating is a physical breach of security where an attacker gains access to a restricted area by following an authorized individual. For instance, an attacker might persuade an employee to hold the door open or slip in unnoticed, enabling access to confidential documents or computer systems for further exploitation.

  • Quid Pro Quo
This method involves the attacker offering a seemingly valuable service in exchange for sensitive information or access. A common example is a scammer posing as IT support to resolve a technical issue, then requesting login credentials or remote access. Similarly, attackers may impersonate bank representatives, asking for account details to "verify" suspicious activity.

By understanding these techniques, individuals and organizations can better prepare to recognize and counter social engineering attempts. As cybersecurity threats evolve, awareness remains a crucial defense.
Read more »
White House
CISA Cyber Security data security Google Mandiant Mandiant Threat Intelligence ransomware attacks Social Engineering White House

Rising Ransomware Attacks Highlight Persistent Cybersecurity Challenges

 


Despite global law enforcement efforts and heightened attention from the White House, ransomware incidents continue to rise unabated, according to a new report from cybersecurity firm Mandiant. Researchers at the Google-owned company identified 50 new ransomware variants in 2023, with about a third branching off existing malware. This underscores the pervasive nature of the problem and the challenges in curbing cyber extortion. 

In 2023 alone, cybercriminals amassed over $1 billion from victim ransom payments, highlighting the lucrative nature of these attacks. The healthcare sector has been particularly hard-hit, with hospitals experiencing significant disruptions. The report noted that Ascension, one of the nation's largest healthcare systems with 140 hospitals across 19 states, was recently impacted by the Black Basta ransomware variant. The ongoing outage is raising concerns about patient safety and the potential risk to lives. Mandiant's findings align with a recent White House report on national cybersecurity, which also noted an increase in ransomware attacks. 

However, one significant issue is that reporting ransomware incidents is largely voluntary. This means assessments of ransomware prevalence often rely on data from cybersecurity companies, whose understanding is based on their customer base and the cybercriminal communities they monitor. To address this, the Cybersecurity and Infrastructure Security Agency (CISA) is finalizing a mandate requiring critical infrastructure owners and operators to report ransomware payments within 24 hours. This mandate aims to provide a more comprehensive view of ransomware activity and enhance response efforts. 

Mandiant's assessment highlights a 75% year-over-year increase in posts on data leak sites, which extortionists use to pressure companies into paying ransoms. The firm noted that 2023 saw the highest number of data-leak site posts since tracking began in 2020. Additionally, there was a 20% increase in the number of investigations led by Mandiant, indicating a significant rise in ransomware activities. The most prolific ransomware variants observed were ALPHV and LOCKBIT, each accounting for 17% of all activity. The surge in ransomware attacks in 2023 followed a slight dip in extortion activities in the previous year. Mandiant researchers suggested that the dip in 2022 might have been an anomaly caused by external factors such as the Russian invasion of Ukraine or the leaked Conti chats, which may have temporarily disrupted cybercriminal operations. 

As law enforcement agencies continue to conduct global operations against ransomware gangs, the evolving tactics and persistent nature of these cybercriminals highlight the need for continuous vigilance and enhanced cybersecurity measures. The collaboration between government agencies, cybersecurity firms, and critical infrastructure operators is crucial in building a robust defense against the relentless threat of ransomware.
Read more »
Social Engineering
CISO Cyber Security Healthcare Healthcare Industry healthcare sectors patient data protection Social Engineering

Strengthening Healthcare Cybersecurity: A Collaborative Imperative

 

In recent years, cyberattacks have surged, putting every segment of the nation's healthcare system—from hospitals and physician practices to payment processing companies and biomedical facilities—under stress. These attacks disrupt patient care and cost the industry billions. Erik Decker, Vice President and Chief Information Security Officer (CISO) at Intermountain Health, emphasized the need for an "adversarial mindset" to counter these sophisticated threats during a recent U.S. News and World Report virtual event. 

Decker, who also chairs the Joint Cybersecurity Working Group of the Healthcare Sector Coordinating Council, highlighted that cybercriminals aim to maximize profits swiftly, targeting vulnerable points within the healthcare sector. Marc Maiffret, Chief Technology Officer of BeyondTrust, explained that attackers typically infiltrate through three primary avenues: social engineering, misconfigured devices, and risky third-party connections. Social engineering often involves phishing emails or impersonation calls to service desks, where attackers request the enrollment of new devices using compromised credentials. 

Misconfigured devices exposed to the internet also provide easy entry points for attackers. The third method involves exploiting unattended remote access systems. Once inside, cybercriminals often target active directory and administrator workstations to gain critical credentials. To bolster defenses, Decker highlighted that the Department of Health and Human Services offers resources and voluntary cybersecurity performance goals developed with the HSCC’s Joint Cybersecurity Working Group. 

Zeynalov described Cleveland Clinic's approach of understanding the business thoroughly and aligning cybersecurity measures with healthcare needs. His team visited various locations to map the patient journey from admission to discharge, ensuring that protections are seamless and do not hinder patient care. Incident response planning is crucial. Maiffret advised against overly imaginative scenarios, favoring practical preparedness. Decker recommended establishing clear command structures and regularly simulating attack responses to build effective "muscle memory." “Your event that happens will never happen according to the way you planned it. 

For smaller, financially constrained hospitals, Zeynalov advocated for shared defense strategies. The Biden Administration’s 2025 fiscal year budget proposal allocates $1.3 billion through HHS to support cybersecurity adoption in under-resourced hospitals, reminiscent of the electronic medical records stimulus from the American Recovery and Reinvestment Act. 

Ultimately, the panelists emphasized a collaborative defense approach to withstand sophisticated cyber threats. By pooling resources and strategies, the healthcare sector can enhance its resilience against the ever-evolving landscape of cybercrime. This shared defense strategy is crucial, as Decker concluded, “We cannot do this stuff individually, trying to stop the types of organizations that are coming after us.” By uniting efforts, the healthcare industry can better protect itself and ensure the safety and trust of its patients.
Read more »
Social Engineering
APT42 Backdoor Google malware Social Engineering

Backdoor Malware: Iranian Hackers Disguised as Journalists

Backdoor Malware: Iranian Hackers Disguised as Journalists

Crafting convincing personas

APT42, an Iranian state-backed threat actor, uses social engineering attacks, including posing as journalists, to access corporate networks and cloud environments in Western and Middle Eastern targets.

Mandiant initially discovered APT42 in September 2022, reporting that the threat actors had been active since 2015, carrying out at least 30 activities across 14 countries.

The espionage squad, suspected to be linked to Iran's Islamic Revolutionary Guard Corps Intelligence Organization (IRGC-IO), has been seen targeting non-governmental groups, media outlets, educational institutions, activists, and legal services.

According to Google threat analysts who have been monitoring APT42's operations, the hackers employ infected emails to infect their targets with two custom backdoors, "Nicecurl" and "Tamecat," which allow for command execution and data exfiltration.

A closer look at APT42’s social engineering tactics

APT42 assaults use social engineering and spear-phishing to infect targets' devices with tailored backdoors, allowing threat actors to obtain initial access to the organization's networks.

The attack begins with emails from online personas posing as journalists, NGO representatives, or event organizers, sent from domains that "typosquat" (have identical URLs) with actual organizations.

APT42 impersonates media organizations such as the Washington Post, The Economist, The Jerusalem Post (IL), Khaleej Times (UAE), and Azadliq (Azerbaijan), with Mandiant claiming that the attacks frequently employ typo-squatted names such as "washinqtonpost[.]press".

Luring victims with tempting bait

After exchanging enough information to establish confidence with the victim, the attackers transmit a link to a document connected to a conference or a news item, depending on the lure theme.

APT42 assaults use social engineering and spear-phishing to infect targets' devices with tailored backdoors, allowing threat actors to obtain initial access to the organization's networks.

The attack begins with emails from online personas posing as journalists, NGO representatives, or event organizers, sent from domains that "typosquat" (have identical URLs) with actual organizations.

The imitation game

APT42 impersonates media organizations such as the Washington Post, The Economist, The Jerusalem Post (IL), Khaleej Times (UAE), and Azadliq (Azerbaijan), with Mandiant claiming that the attacks frequently employ typo-squatted names such as "washinqtonpost[.]press".

After exchanging enough information to establish confidence with the victim, the attackers transmit a link to a document connected to a conference or a news item, depending on the lure theme.

Nicecurl, Tamecat: Custom backdoor

APT42 employs two proprietary backdoors, Nicecurl and Tamecat, each designed for a specific function during cyberespionage activities.

Nicecurl is a VBScript-based backdoor that can run commands, download and execute other payloads, and extract data from the compromised host.

Tamecat is a more advanced PowerShell backdoor that can run arbitrary PS code or C# scripts, providing APT42 with significant operational flexibility for data theft and substantial system modification.

Tamecat, unlike Nicecurl, obfuscates its C2 connection with base64, allows for dynamic configuration updates, and examines the infected environment before execution to avoid detection by AV products and other active security mechanisms.

Exfiltration via Legitimate Channels

Both backdoors are sent by phishing emails containing malicious documents, which frequently require macro rights to run. However, if APT42 has established trust with the victim, this requirement becomes less of an impediment because the victim is more inclined to actively disable security features.

Volexity studied similar, if not identical, malware in February, linking the attacks to Iranian threat actors.

The full list of Indicators of Compromise (IoCs) for the recent APT42 campaign, as well as YARA rules for detecting the NICECURL and TAMECAT malware, are available at the end of Google's report.

Read more »
Social Engineering
Job Offer malware python Remote Access Trojan Social Engineering

North Korean Scammers Lure Developers with Fake Job Offers




A new cyber scam, dubbed "Dev Popper," is preying on software developers through fake job interviews. This elaborate ruse, masquerading as genuine employment opportunities, aims to infiltrate the victim's computer with a harmful Python backdoor, posing serious cyber threats.


How The Scam Operates?

In the multi-stage infection process employed by the "Dev Popper" cyber scam, the attackers orchestrate a sophisticated chain of events to deceive their targets gradually. It commences with the perpetrators posing as prospective employers, initiating contact with unsuspecting developers under the guise of offering job positions. As the sham interview progresses, candidates are coerced into executing seemingly innocuous tasks, such as downloading and executing code from a GitHub repository, all purportedly part of the standard coding assessment. However, unbeknownst to the victim, the innocuous-seeming code harbours hidden threats. These tasks, disguised as routine coding tests, are actually devised to exploit the developer's trust and gain unauthorised access to their system.


The Complex Attack Chain

Once the developer executes the provided code, a concealed JavaScript file springs into action. This file, leveraging commands, fetches another file from an external server. Within this file is a malicious Python script, ingeniously disguised as a legitimate component of the interview process. Once activated, the Python script surreptitiously collects vital system information and relays it back to the attackers. This multi-faceted approach, blending social engineering with technical deception, underscores the sophistication and danger posed by modern cyber threats.


Capabilities of the Python Backdoor

The Python backdoor, functioning as a Remote Access Trojan (RAT), boasts an array of intrusive capabilities. These include establishing persistent connections for continuous control, stealing files, executing commands remotely, and even secretly monitoring user activity by logging keystrokes and clipboard data.


The Rising Threat 

While the orchestrators behind "Dev Popper" remain elusive, the proliferation of fake job offers as a means for malware distribution is a growing concern. Exploiting the developer's reliance on job applications, this deceitful tactic once again forces us to realise the need for heightened vigilance among unsuspecting individuals.


How To Protect Yourself?

To mitigate the risk of falling victim to such cyber threats, it is imperative for developers and individuals to exercise caution and maintain awareness. When encountering job offers or unfamiliar requests for software-related tasks, verifying the legitimacy of the source and adopting a sceptical stance are crucial measures. 


Read more »
Social Engineering
AI Cyber Attacks Hackers Intelligence Social Engineering

Where Hackers Find Your Weak Spots: A Closer Look


Social engineering is one of the most common attack vectors used by cyber criminals to enter companies. These manipulative attacks often occur in four stages: 

  1. Info stealing from targets
  2. Building relationships with target and earning trust
  3. Exploitation: Convincing the target to take an action
  4. Execution: Collected info is used to launch attack 

Five Intelligence Sources

So, how do attackers collect information about their targets? Cybercriminals can employ five types of intelligence to obtain and analyze information about their targets. They are:

1. OSINT (open-source intelligence)

OSINT is a hacking technique used to gather and evaluate publicly available information about organizations and their employees. 

OSINT technologies can help threat actors learn about their target's IT and security infrastructure, exploitable assets including open ports and email addresses, IP addresses, vulnerabilities in websites, servers, and IoT (Internet of Things) devices, leaked or stolen passwords, and more. Attackers use this information to conduct social engineering assaults.

2. Social media intelligence (SOCMINT)

Although SOCMINT is a subset of OSINT, it is worth mentioning. Most people freely provide personal and professional information about themselves on major social networking sites, including their headshot, interests and hobbies, family, friends, and connections, where they live and work, current job positions, and a variety of other characteristics. 

Attackers can use SOCINT software like Social Analyzer, Whatsmyname, and NameCheckup.com to filter social media activity and information about individuals to create tailored social engineering frauds. 

3. ADINT (Advertising Intelligence)

Assume you download a free chess app for your phone. A tiny section of the app displays location-based adverts from sponsors and event organizers, informing users about local players, events, and chess meetups. 

When this ad is displayed, the app sends certain information about the user to the advertising exchange service, such as IP addresses, the operating system in use (iOS or Android), the name of the mobile phone carrier, the user's screen resolution, GPS coordinates, etc. 

Ad exchanges typically keep and process this information to serve appropriate adverts depending on user interests, behavior, and geography. Ad exchanges also sell this vital information. 

4. DARKINT (Dark Web Intelligence)

The Dark Web is a billion-dollar illegal marketplace that trades corporate espionage services, DIY ransomware kits, drugs and weapons, human trafficking, and so on. The Dark Web sells billions of stolen records, including personally identifiable information, healthcare records, financial and transaction data, corporate data, and compromised credentials. 

Threat actors can buy off-the-shelf data and use it for social engineering campaigns. They can even hire professionals to socially engineer people on their behalf or identify hidden vulnerabilities in target businesses. In addition, there are hidden internet forums and instant messaging services (such as Telegram) where people can learn more about possible targets. 

5. AI-INT (artificial intelligence)

In addition to the five basic disciplines, some analysts refer to AI as the sixth intelligence discipline. With recent breakthroughs in generative AI technologies, such as Google Gemini and ChatGPT, it's easy to envisage fraudsters using AI tools to collect, ingest, process, and filter information about their targets. 

Threat researchers have already reported the appearance of dangerous AI-based tools on Dark Web forums such as FraudGPT and WormGPT. Such technologies can greatly reduce social engineers' research time while also providing actionable information to help them carry out social engineering projects. 

What Can Businesses Do to Prevent Social Engineering Attacks?

All social engineering assaults are rooted in information and its negligent treatment. Businesses and employees who can limit their information exposure will significantly lessen their vulnerability to social engineering attacks. Here's how.

Monthly training: Use phishing simulators and classroom training to teach employees not to disclose sensitive or personal information about themselves, their families, coworkers, or the organization.

Draft AI-use policies: Make it plain to employees what constitutes acceptable and unacceptable online activity. For example, it is unacceptable to prompt ChatGPT with a line of code or private data, as well as to respond to strange or questionable queries without sufficient verification.

Utilize the same tools that hackers use: Use the same intelligence sources mentioned above to proactively determine how much information about your firm, its people, and its infrastructure is available online. Create a continuous procedure to decrease this exposure.

Good cybersecurity hygiene begins with addressing the fundamental issues. Social engineering and poor decision-making are to blame for 80% to 90% of all cyberattacks. Organizations must prioritize two objectives: limiting information exposure and managing human behavior through training exercises and education. Organizations can dramatically lower their threat exposure and its possible downstream impact by focusing on these two areas.

Read more »
Technology
AI Cybersecurity Data Breaches Deepfake Technology Digital Security Frank Abagnale online accounts passkey authentication Phishing Scams Social Engineering Technology

Expert Urges iPhone and Android Users to Brace for 'AI Tsunami' Threat to Bank Accounts

 

In an interview with Techopedia, Frank Abagnale, a renowned figure in the field of security, provided invaluable advice for individuals navigating the complexities of cybersecurity in today's digital landscape. Abagnale, whose life inspired the Steven Spielberg film "Catch Me If You Can," emphasized the escalating threat posed by cybercrime, projected to reach a staggering $10.5 trillion by 2025, according to Cybersecurity Ventures.

Addressing the perpetual intersection of technology and crime, Abagnale remarked, "Technology breeds crime. It always has and always will." He highlighted the impending challenges brought forth by artificial intelligence (AI), particularly its potential to fuel a surge in various forms of cybercrimes and scams. Abagnale cautioned against the rising threat of deepfake technology, which enables the fabrication of convincing multimedia content, complicating efforts to discern authenticity online.

Deepfakes, generated by AI algorithms, can produce deceptive images, videos, and audio mimicking real individuals, often exploited by cybercriminals to orchestrate elaborate scams and extortion schemes. Abagnale stressed the indispensability of education in combating social engineering tactics, emphasizing the importance of empowering individuals to recognize and thwart manipulative schemes.

One prevalent form of cybercrime discussed was phishing, a deceitful practice wherein attackers manipulate individuals into divulging sensitive information, such as banking details or passwords. Phishing attempts typically manifest through unsolicited emails or text messages, characterized by suspicious links, urgent appeals, and grammatical errors.

To fortify defenses against social engineering and hacking attempts, Abagnale endorsed the adoption of passkey technology, heralding it as a pivotal advancement poised to supplant conventional username-password authentication methods. Passkeys, embedded digital credentials associated with user accounts and applications, streamline authentication processes, mitigating vulnerabilities associated with passwords.

Abagnale underscored the ubiquity of passkey technology across various devices, envisioning its eventual displacement of traditional login mechanisms. This transition, he asserted, is long overdue and represents a crucial stride towards enhancing digital security.

Additionally, Techopedia shared practical recommendations for safeguarding online accounts, advocating for regular review and pruning of unused or obsolete accounts. They also recommended utilizing tools like "Have I Been Pwned" to assess potential data breaches and adopting a cautious approach towards hyperlinks, assuming every link to be potentially malicious until verified.

Moreover, users are advised to exercise vigilance in verifying the authenticity of sender identities and message content before responding or taking any action, mitigating the risk of falling victim to cyber threats.
Read more »
Vulnerabilities and Exploits
AI technology phishing Social Engineering Tesla Vulnerabilities and Exploits

Thinking of Stealing a Tesla? Just Use Flipper Zero

Thinking of Stealing a Tesla? Just Use Flipper Zero

Researchers have found a new way of hijacking WiFi networks at Tesla charging stations for stealing vehicles- a design flaw that only needs an affordable, off-the-shelf tool.

Experts find an easy way to steal a Tesla

As Mysk Inc. cybersecurity experts Tommy Mysk and Talal Haj Bakry have shown in a recent YouTube video hackers only require a simple $169 hacking tool known as Flipper Zero, a Raspberry Pi, or just a laptop to pull the hack off. 

This means that with a leaked email and a password, the owner could lose their Tesla car. The rise of AI technologies has increased phishing and social engineering attacks. As a responsible company, you must factor in such threats in your threat models. 

And it's not just Tesla. You'll be surprised to know cybersecurity experts have always cautioned about the use of keyless entry in the car industry, which often leaves modern cars at risk of being hacked.

Hash Tag Foolery

The problem isn't hacking- like breaking into software, it's a social engineering attack that tricks a car owner into handing over their information. Using a Flipper, the experts create a WiFi network called "Tesla Guest," the same name Tesla uses for its guest networks at service centers. After this, Mysk created a fake website resembling Tesla's login page. 

After this, it's a cakewalk. In this case, hackers broadcast networks around a charging station, where a bored driver might be looking to connect over WiFi. The owner (here, the victim) connects to the WiFi and fills in their username and password on the fake Tesla website. 

The hacker uses the provided login credentials and gains access to the real Tesla app, which prompts a two-factor authentication code. The victim puts the code into the fake site, and hackers get access to their account. 

Once you've trespassed into the Tesla app, you can create a "phone key" to unlock and control the car via Bluetooth using a smartphone. Congratulations, the car is yours!

Mysk has demonstrated the attack in a YouTube video

Tesla can fix the flaw easily but chooses not to

Mysk says that Tesla doesn't alert the owner if a new key is created, so the victim doesn't know they've been breached. And the bad guy doesn't have to steal the car right away, because the app shows the location of the car. 

The Tesla owner can charge the car and take it somewhere else, the thief just has to trace the location and steal it, without needing a physical card. Yes, it's that easy. 

Mysk tested the design flaw on his own Tesla and discovered he could easily create new phone keys without having access to the original key card. But Tesla has mentioned that's not possible in its owner manual

Tesla evades allegation

When Mysk informed Tesla about his findings, the company said it was all by design and "intended behaviour," underplaying the flaw. 

Mysk doesn't agree, stressing the design to pair a phone key is only made super easy at the cost of risking security. He argues that Tesla can easily fix this vulnerability by alerting users whenever a new phone key is created. 

But without any efforts from Tesla, the car owners might as well be sitting ducks. 

A sophisticated computer/machine doesn't always mean it's secure, the extra complex layers make us more vulnerable. Two decades back, all you needed to steal a car was getting a driver's key or hot-wiring the vehicle. But if your car key is a bundle of ones and zeroes, you must rethink the car's safety.


Read more »
Social Engineering
Caesars data breach cybersecurity insurance Data Breach identity theft protection MGM hack Ransomware attack Social Engineering

Major Caesars Data Breach: 41,000+ Individuals' Information Compromised

 

Casino powerhouse Caesars disclosed a significant data breach in September, preceding a similar incident at MGM later that month. The breach impacted over 41,000 patrons, primarily from the state of Maine, with cybercriminal group Scattered Spider identified as the perpetrators.

Caesars clarified that the breach primarily targeted its loyalty program, compromising personal information like names, driver's licenses, and ID card details of customers in Maine. 

Fortunately, no financial data was compromised. To mitigate the impact, Caesars is offering affected individuals complimentary two-year cybersecurity and identity fraud insurance. The exact tally of victims is still being determined, as per a filing with the Maine Attorney General's office. 

Caesars also mentioned in a letter to affected residents that efforts were made to delete the stolen data, although this outcome can't be guaranteed. Speculation suggests Caesars may have paid a reduced ransom amount of $15 million, down from an initial demand of $30 million.

Notably, it's been revealed that Caesars paid the ransom just days before Scattered Spider targeted MGM. This underscores the widely held belief that yielding to ransom demands only emboldens cybercriminals to strike again.

Caesars detailed the breach's origin, stating it was a result of a social engineering attack on an outsourced IT support vendor, leading to unauthorized network access on August 18, 2023, and data exfiltration from around August 23, 2023.

In response, Caesars is equipping affected Mainers with two years of identity theft protection through IDX, a third-party provider. This includes credit and dark web monitoring, as well as coverage of up to $1 million in case of identity theft.

While Caesars and MGM are prominent targets of Scattered Spider, cybersecurity firm Mandiant, a subsidiary of Google, has indicated that the group's recent ransomware campaign may have affected numerous industries beyond hospitality and entertainment, potentially numbering in the hundreds. This sequence of events serves as a stark reminder that capitulating to cybercriminal demands doesn't lead to a favourable outcome.
Read more »
threat report
Cyber Security Insider Threat Social Engineering Threat Landscape threat report

Report: Insider Cybersecurity Threats have Increased 40% Over the Past Four Years

 

A recent study disclosed that over the past four years, the average cost of an insider cybersecurity attack has increased dramatically by 40%. In addition, the average annual cost of these cyberthreats has increased over the past 12 months, reaching $16.2 million per incident. 

The highest costs arise after the attack has taken place, thus businesses globally should prepare their prospective responses now in order to incur the least amount of financial loss.

The new research states that "insider" attacks can be either malicious (espionage, IP threat, sabotage, or fraud) or non-malicious (when an insider is careless, mistaken, or outsmarted). The study titled '2023 Cost of Insider Risks Global' was released by the data privacy-focused Ponemon research centre and funded by insider cybersecurity company DTEX Systems. 

It reveals that insider risks are increasing, and not simply in terms of how much each attack costs. In 2023, there were a total of 7,343 insider incidents, up from just 6,803 the year before. 

The majority of the incidents (75%), frequently attributable to mistaken insiders (55%), were traced back to non-malicious insiders. The two expenses with the highest average costs per incident are containment and cleanup, which total respectively $179,209 and $125.221. A response's price increases with duration.

Why cyber budgets aren't spent wisely?

Insider threats are increasing. Or, to put it another way, the call is coming from inside the house. Businesses, meanwhile, have not made the necessary adjustments to their budgets. For controlling insider risk specifically, 88% of them still only allocate 10% or less of their IT security budget... in which external threats get 91.8% of budgetary resources. 

However, social engineering, which uses insiders as a target to phish or otherwise trick personnel into disclosing private information regarding their own firm, is still a major threat. Phishing assaults cost businesses nearly$6.9 billion in 2021, and the FBI recently identified phishing as the most frequent type of cyberattack. 

“This highlights a widespread misunderstanding of the types of insider risks and the failure to proactively protect customer data and IP [intellectual property],” Rajan Koo, chief technology officer of DTEX Systems, stated in a press release.
Read more »
User Privacy
Cyber Attacks cyber threat Data Safety Online Threat Social Engineering User Privacy

Quid Pro Quo Attacks: Cyber Threat to Watch Out For

 

A threatening message appears out of nowhere. You owe money, or a loved one is in jeopardy, according to the sender's unknown claims. They threaten consequences unless you cough up the cash or disclose personal information.

To say the least, it's unsettling. These "quid pro quo" attacks appear to be on the rise as well. But what is a quid pro quo attack, and how can you avoid one? 

Explaining the Quid Pro Quo attack 

The Latin phrase "quid pro quo" alludes to a value exchange--receiving something in exchange for something else. A quid pro quo strategy has several forms in the context of attacks or scams:

Extortion: It occurs when an attacker gains access to or claims to have sensitive personal data such as images, messages, or browser history. They threaten to make the information public unless the victim pays a ransom. 

Social Engineering: The attacker creates a pressing situation, such as an emergency or a time-sensitive bill. They trick the victim into giving money or disclosing personal information immediately.

Bribery/presents: The hacker promises the victim money, presents, exclusive opportunities, or other incentives in exchange for sensitive data, obscene photos/videos, meetings, and so on. 

How quid pro quo attacks target victims 

There are several possible settings for quid pro quo attacks. In exchange for the user's login and password, attackers may impersonate someone from an internal or external IT department and promise to deliver a free virus scan to make the user's device operate more efficiently. An attacker could acquire access to the company's network and install malware even with this minimal information. 

The attackers can also target home-based employees who receive a call from a specific credit union advertising a low-interest credit card or refinance rate for XYZ firm. To claim the offer, the employee simply needs to enter their social security number, employee ID number, and birthday to validate their credit score. 

Most quid pro quo plans involve the attacker providing enough information to make the offer sound reasonable (and most people are looking for a good bargain), so the user delivers the information without considering the potential liabilities.

People impersonating government authorities (such as the Internal Revenue Service, Department of Motor Vehicles, or Social Security Administration) can also be employed in quid pro quo attacks. They may offer to settle a disagreement in exchange for the user's social security number or other personally identifiable information, allowing the perpetrator to steal the victim's identity.

Prevention tips

There are a lot of shady folks on the internet these days. Knowing how to defend yourself against quid pro quo attacks is therefore critical. 

First and foremost, vigilance is essential. Be careful of any random emails, calls, DMs, or other communications that make big offers or threats. Examine for telltale symptoms of a fraud, such as urgency, ambiguous details, spelling and grammar errors, and so on. 

Consider whether a trustworthy business or individual would contact out in this manner. The IRS will not reach out to you cold and demand quick payment, and Nigerian princes will not suddenly offer you money. It all comes down to weighing the likelihood of the situation. 

Speaking about calls, refrain from providing personal information to telemarketers. Your name and information will be known by official organisations like your bank. They won't randomly phone and ask you to confirm something. Hanging up and making a second call on a business line is considerably safer. 

The same is true for attachments and links. Move forward with great caution. Phishers are cunning; they make bogus emails that seem authentic. Therefore, before clicking a link, hover over it to see what the actual URL is. Verify if they correspond to the actual site. And be careful not to download malware by opening attachments from unknown senders. 

And, of course, never give money, gift cards, or sensitive information to strangers online for any reason. Legitimate help organisations will not cold mail you in this manner. Donate only to verified groups through the official website.

Last but not least, maintain your antivirus, firewalls, and devices up to date. This closes security weaknesses that hackers exploit. It's best to automate software updates wherever feasible so you don't have to think about it.
Read more »
Social Engineering
Click Bait Cyber Attacks Cyber Hacking CyberCriminal Email Scams Password Social Engineering

Guarding Your Finances: The Art of Phishing Attacks and Social Engineering

 


Malware, hacking techniques, botnets, and other types of technologies are becoming increasingly sophisticated as cyber crimes become more sophisticated. Nevertheless, online criminality exploits tactics that have been refined over decades by criminals long before the internet existed. 

A cybercriminal knows how to control a human tendency for trust as well as trickery, coercion, and the movement of humans to use their faith in them to achieve their criminal goals. "Social engineering" is a term referring to a method of gaining confidence online that is most often used in confidence scams.   

Cybercriminals can glean a nuanced understanding of users by exploiting social media sites, professional profiles, blogs, websites, or local news reports. Using data harvested from these sources over weeks or months will allow them to gain a nuanced understanding of users and even their families. 

It is a collective term for a range of scams or scams that rely on social engineering to seek money directly from a victim or to gain confidential information to enable the perpetrator to commit further crimes after the victim has fallen victim to the scam. The preferred channel for contact is now social media. However, if you want to make contact by phone or in person, it is not uncommon to do that too. 

An individual who uses social engineering to gain access to a company's computer system or information about a client, or to compromise an organization's data, is known as a social engineer. If a malicious individual attempt to pose as a new employee, technician, or researcher, it may appear unassuming and respectable, with credentials that may support the claim that he or she is a new employee, technician, or researcher.

It is still a possibility that a hacker could obtain enough information by asking questions to gain entry into an organization's network. The attacker may also contact a second source within the same organization if he or she cannot gather enough information from one source and then rely on the information gathered from the first source to build credibility in the eyes of the authorities in the organization. 

Phishing scams are responsible for the loss of tens of millions of dollars each year, and the number is increasing every year, according to the authorities. A phishing scheme differs largely from scams in the form of the now-famous "Hi Mum" scheme in the sense that no overt request is made to send money to an account as the tactic. 

To effectively persuade people to provide any personal information to the scammers, they use subterfuges, doctored websites, and carefully calibrated software scripts to get them to divulge personal information. It is a technique that has become popular as a "social engineering" technique in the cybersecurity community as this technique is based on people's typical emotions and behaviours.

Scams may appear in the form of e-mails or text messages claiming to be from an official company or organization, such as the Australian Taxation Office or Netflix, that appear to be from the real thing. Upon receiving a warning message from the company, victims will be directed to a page that resembles the one used by the company and will be asked to fix a problem with their account or to confirm their contact details as soon as possible. 

A phishing kit, which contains HTML assets and scripts that you will need to create a fake website, is available for as little as $10, but scammers will probably pay anywhere from $100 to $1,000 for one. Using this information, the scammer can access bank accounts to transfer money to themselves at any time at his convenience. Phishing has evolved into an underground industry inside Australia's cybersecurity sector, according to Craig McDonald, founder of Australian cybersecurity company MailGuard. 

Many people don't realize the fact that they have made personal information available to swindlers through the use of social engineering because they do not monitor the amount of information that they disclose. There are usually privacy controls on social media sites and forums, for instance, which may be able to help users restrict how much information about them and their lives is visible publicly to others. The problem is that a large number of users consistently ignore these filters and allow any information they post to remain visible to the public.   

Some cyber criminals spend as much time as they can on building their personas as they do building their websites. They may be able to anticipate a person’s reaction to a certain situation with a good understanding of how they would react, which would in turn allow them to act and respond in a way that establishes trust once they reach out to them - as a fellow alumnus, a school parent, or an avid sports enthusiast, to name just a few examples. 

There are many ways that scams can be perpetrated. Gifts and charitable contributions are often requested during the holidays since it is the season for giving. In some cases, criminals may send emails that contain malicious links that permit them to access a person's device, account, or data as well as their personal information. The release of a device or the release of information stolen may be subject to ransom demands.   

Social Engineering: How to Spot It   


A Message of Urgency or Threat  


In case users receive an email, text message, direct message, or any other sort of message that seems overly exciting or aggressive then it is something to be cautious about. These scare tactics are used by scammers to force users into taking action without first thinking through what is being done to them. 

Click Bait for Winning Prizes 


There is a multitude of stories that scammers will tell to pry your personal information from users. Some scammers use bogus prizes and sweepstakes to win money from unsuspecting people. To make the payments out of the winnings, scammers are given users' bank information or sometimes even their tax ID number. 

Users are never going to receive the winnings they are claiming. The scammer is interested in this information so that they can hack users' accounts and steal their identities in a wide variety of ways.  

The Message Appears to be Strange in Some Way. 


A scammer will often pose as a person user knows to get your money. It can be anyone, including friends, family members, coworkers, bosses, vendors, or clients when users are working, or any other person for that matter. The message users receive when they do does seem a bit odd at first, but users will soon get used to it.  

How Can You Prevent Being Phished in The Future? 


When phishing victims become the victim of a scam, there can be difficulties in obtaining recourse. While Australians lost an unprecedented $3.1 billion through scams last year, the big banks only compensated about $21 million in compensation to their customers, even though the banks have each developed their policies for dealing with cybercrime. 

Australian Financial Complaints Authority (AFCA) is a consumer complaints body that is responsible for investigating complaints from the general public about banks. The federal government has provided some indication that it will be reforming Australian online banking law shortly, even if consumer groups maintain that the laws are not robust enough to protect victims of scams. Deputy Treasurer Stephen Jones stated several steps are being taken by the government to impose strict new codes of conduct on the industry.
Read more »
User Privacy
Cyber Security Password Crackdown Social Engineering Threat Landscape User Privacy

Human Error: A Helping Hand for Cyber Criminals

 

The use of passwords, a fundamentally faulty strategy that was developed many years ago, has been the primary method for securing an organisation's internal systems and its customers' accounts for far too long. Despite efforts to provide better, more secure authentication mechanisms, the majority still place the onus on the user.

This includes keeping track of your password, avoiding dangerous phishing sites, not unintentionally disclosing your login information to attackers during a social engineering attack, and resisting the urge to open a malicious push message during a "prompt bombing" attack. 

People are more aware of these issues today. However, as human beings often have a tendency to be trusting and make mistakes, crooks find it quite simple to prey on naïve consumers. 

In the contemporary era of zero trust, authentication is necessary. Nevertheless, no matter how much education we provide, assuming that individuals will approach authentication with a zero trust perspective will never be successful. Attackers simply have the advantage even though our staff and consumers are wary and watchful. 

One-time passwords, magic links, and push notifications are just a few examples of the first-generation multi-factor authentication (MFA) that attackers can now easily get around. Attackers can launch adversary-in-the-middle (AiTM) assaults by using freely available phishing kits and phishing-as-a-service capabilities. Additionally, they have methods for creating phishing emails that are very convincing, including the use of ChatGPT and other AI-powered tools that eliminate red flags like spelling and grammar errors or URLs with weird formatting. 

In 2022, attackers employed stolen credentials as the first attack vector in more than 75% of all cyberattacks, according to Crowdstrike's most recent research, which serves as a reminder of the severity of the issue.

The vast majority of data breaches and successful ransomware attacks start with compromised credentials, according to a decade's worth of study from the Verizon Data Breach Investigation Report. As reported by Verizon, major attacks employing a mobile or IoT device increased by 22% between 2021 and 2022, which isn't assisted by remote and hybrid working.

The problem is made worse by the fact that businesses also need to take into account the contractors and employees who make up their extended supply chain in addition to their employees and customers. Criminals can enter the ecosystem if users' identities are compromised anywhere in it.
Read more »
Subscribe to: Posts (Atom)