Displaying items by tag: Phishing

Phishing, regular and spear, is a very common method of compromising accounts and gaining access to a network. In many incidents, the initial compromise can be traced back to a compromised account via some sort of phishing message. This happens despite the many hours and dollars spent towards educating users about the dangers of trusting messages sent to them.

We have another Web3 article today. This one covers a new NFT marketplace compromise though the use of phishing emails that tricked users into singing over their digital assets to an, as of yet, unknown attacker.

Most attacks, be they real or from a penetration test, begin with an attempt to compromise a single system, or user. The compromise of a device or user account gives the attacker a small foothold in an environment that they can use to pivot to other areas and begin their complete takeover of the targeted organization. Defenders use many techniques to try to prevent this including complex passwords, complex usernames and, of course multi-factor authentication (MFA). MFA, when done properly, reduces the risk of credential compromise from phishing and spearphshing significantly.

Researchers at Morphisec have detailed a new delivery type for AsyncRAT (Remote Access Trojan) used in part of a phishing campaign that has been running since at least September 2021. The phishing part of the campaign is routine, an email with an HTML attachment. The attachment looks like a receipt. When opened, the victim is directed to a webpage that asked them to save a file (an ISO file). On the surface it looks like it would be a regular file download that will go through common security channels. However, things turn out not to be what they expected (read that in Morgan Freeman’s voice).

On March 2 2015 CVE-2015-1187 was released. This alert indicated that a simple cross-site request forgery allowed someone (the “bad” guys) to hijack DNS settings on a wide range of routers. By doing this they were able to point people to their own DNS server and in turn direct them to malicious sites. These sites could be anything they wanted them to be from phishing sites to sites with malware intended to compromise the target system. The exploit is a pretty smart one especially when you take into account the fact that the bad guys do not need to remotely manage the target router to get this going.

The company Appriver warned users of Dropbox service to increase caution, as false messages that ask users to change the password they use when signing up for service appeared once again. Fraudulent email messages are composed so that at first glance they look like they were really sent from Dropbox Team.

Security is a huge issue and has always been one ever since the first person decided they wanted to protect what they owned. Through the centuries the art of security has evolved and a multitude of inventions have blossomed on the scene to help us keep our property safe and secure. Once the data age started we had new concerns and our fertile minds came up with new and more creative ways to protect our new digital property. These two separate (yet dependent) fields are broken down into physical and digital security. The problem is that neither of these are effective unless we apply human security. This is the practice of securing people (humans) against being the largest security hole in any network or location.

Although many would say there are far more fake accounts, Facebook has admitted that in the past year about 76 million "fake" profiles have been opened on their service that has just over a billion users. These fall under the double accounts, wrongly classified and unwanted accounts and those where users deliberately identify themselves with a false name. In total, therefore, according to Facebook the fake accounts amount to 7% of the total number of users.

It seems that LinkedIn cannot catch a break. After a rather large data breach that resulted in the theft of a large number of user account information (including unsalted passwords protected by an outdated encryption scheme) there is now a new phishing email making the rounds that is aimed specifically at LinkedIn users.  Although phishing emails that target users of social networks are nothing new this one is the first that we have seen that targets LinkedIn users and also appears to be sent directly to LinkedIn user email addresses.