A massive cybercrime URL shortening service known as "Prolific Puma" has been uncovered by security researchers at Infoblox. The service has been used to deliver phishing attacks, scams, and malware for at least four years, and has registered thousands of domains in the U.S. top-level domain (usTLD) to facilitate its activities.
Prolific Puma works by shortening malicious URLs into shorter, more memorable links that are easier to click on. These shortened links are then distributed via email, social media, and other channels to unsuspecting victims. When a victim clicks on a shortened link, they are redirected to the malicious website.
Security researchers were able to track Prolific Puma's activity by analyzing DNS data. DNS is a system that translates domain names into IP addresses, which are the numerical addresses of websites and other devices on the internet. By analyzing DNS data, researchers were able to identify the thousands of domains that Prolific Puma was using to deliver its malicious links.
Prolific Puma's use of the usTLD is particularly noteworthy. The usTLD is one of the most trusted TLDs in the world, and many people do not suspect that a link with a usTLD domain could be malicious. This makes Prolific Puma's shortened links particularly effective at deceiving victims.
The discovery of Prolific Puma is a reminder of the importance of being vigilant when clicking on links, even if they come from seemingly trusted sources. It is also a reminder that cybercriminals are constantly developing new and sophisticated ways to attack their victims.
Here are some tips for staying safe from Prolific Puma and other malicious URL shortening services:
The security researchers who discovered Prolific Puma have contacted the United States Computer Emergency Readiness Team (US-CERT) and the Department of Homeland Security (DHS) about the service. Both agencies are working to take down Prolific Puma's infrastructure and prevent it from being used to launch further attacks.
Prolific Puma is not the first malicious URL-shortening service to be discovered. In recent years, there have been a number of other high-profile cases of cybercriminals using URL shortening services to deliver malware and phishing attacks.
The discovery of Prolific Puma is a reminder that URL shortening services can be abused for malicious purposes. Users should be cautious when clicking on shortened links, and should take steps to protect themselves from malware and phishing attacks.
The advisory came on August 1 from DHS' Federal Emergency Alert Agency (FEMA). Cybersecurity experts Ken Pyle found out about the vulnerabilities.
FEMA said the EAS national test in 2021 was very similar to regular monthly tests typically originated by state authorities.
During the test, radios and televisions across the country interrupted normal programming to play the EAS test message in English or Spanish.
"The EAS national test in 2021 was very similar to regular monthly tests typically originated by state authorities. During the test, radios and televisions across the country interrupted normal programming to play the EAS test message in English or Spanish," reports FEMA.
EAS is a U.S. national public warning system that allows state authorities to send out information in less than 10 minutes if there's an emergency. These warnings can interrupt TV and radio to show emergency alert information.
Information about the bugs has not been disclosed to prevent threat actors from exploiting them, but we can expect the details publicly soon as a proof-of-concept at the DEF CON conference going to take place in Las Vegas next week.
Basically, the flaws are public knowledge and will be shown to a large audience in the following weeks.
To control the vulnerability, users are advised to update the EAS devices to the latest software versions, use a firewall to secure them, and keep an eye on audit and review logs for signs of any suspicious access (unauthorised).
"The testing process is designed to evaluate the effectiveness of the IPAWS Open Platform for Emergency Networks and assess the operational readiness of the infrastructure for distribution of a national message and determine whether technological improvements are needed," reports FEMA.