Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Remote Access Software. Show all posts
Remote Access Software
Amsterdam cybercrime investigation bank helpdesk fraud Cyber Fraud cybercriminal arrests email database discovery online banking theft phishing email scam Remote Access Software

Sophisticated Dutch Bank Helpdesk Scam Unveils Database with Over 7 Million Email Addresses

 

In January, authorities in Amsterdam made six arrests as part of a significant cybercrime inquiry, leading to the unearthing of a database containing 7.3 million email addresses, with around 5 million linked to Dutch residents. The investigation initially targeted a bank helpdesk scam, wherein the perpetrators operated with a high level of professionalism akin to a call center.

Investigators stumbled upon the email lists on a laptop belonging to one of the suspects. They caution the public about the broader risks associated with phishing emails, as this extensive list has been circulated within the cybercriminal community for potential reuse in various fraudulent activities.

The case unfolded when approximately 30 individuals fell victim to a scheme where impostors, posing as bank representatives, deceived them into believing they were corresponding with other legitimate organizations. After victims responded to these emails, they were subsequently contacted by individuals masquerading as bank employees. These perpetrators employed psychological tactics, including feigning concern over the victims' involvement in a scam, to gain their trust.

Victims were then coerced into installing a remote access software called 'Anydesk,' which allowed the criminals to manipulate their computers from afar, ultimately siphoning off substantial sums of money through online banking. In some instances, the perpetrators even went as far as visiting victims in person to collect debit cards and valuables.

Following the arrests on January 24, which occurred in Amsterdam, Almere, and Heemskerk, authorities seized laptops, mobile phones, and debit cards. One suspect was subsequently released. Notably, one of the confiscated laptops contained the aforementioned email database.

Despite the apprehension of the suspects, authorities emphasize that the danger persists, as such lists continue to be traded and utilized by cybercriminals. They urge individuals to verify if their email addresses have been compromised and to exercise caution when encountering suspicious communications.

To combat such threats, the police have launched websites where individuals can ascertain if their email addresses have been compromised and verify the legitimacy of links received through various channels. Additionally, they advise individuals to hang up on anyone claiming to represent a bank and to independently verify such claims by contacting the bank's official customer service line.

Furthermore, the public is urged never to allow anyone to collect their debit cards or install programs on their computers. It's essential to educate vulnerable individuals, such as the elderly, about these fraudulent practices to prevent further victimization.
Read more »
Remote Access Software
cyber attack Cyber Attacks Cyber Hacking Cybersecurity Breach data security Remote Access Software

Security Breach at AnyDesk: Production Servers Hacked, Password Reset

 

AnyDesk, a widely used remote desktop application, is currently grappling with a significant security breach that has raised alarm among its user base. The company recently disclosed that malicious actors successfully infiltrated its production servers, gaining unauthorized access to sensitive information and triggering a large-scale password reset for its users. 

AnyDesk functions as a remote desktop solution, allowing users to access and control their computers from anywhere in the world. Renowned for its user-friendly interface, high performance, and cross-platform compatibility, AnyDesk has become a popular choice for both personal and professional remote connectivity. 

However, the recent security incident sheds light on the inherent vulnerabilities in remote desktop software, particularly in ensuring robust security measures. Despite encryption and authentication protocols in place, hackers often exploit weaknesses in these systems to gain unauthorized access. The breach of AnyDesk's production servers indicates a potential lapse in the platform's security infrastructure. 

The extensive user base of AnyDesk, consisting of millions relying on the platform for remote work and other activities, makes it an attractive target for cybercriminals. The breach not only allowed unauthorized access to user accounts but also led to a mass password reset, creating additional challenges for users and emphasizing the significant impact of such security compromises. 

In response to the breach, AnyDesk promptly acknowledged the incident and urged users to reset their passwords immediately. The company is actively investigating the extent of the compromise and is committed to enhancing its security measures to prevent future breaches. AnyDesk reassures its users that measures are being taken to safeguard the integrity of the platform. 

The forced password reset has left AnyDesk users facing potential disruptions to their remote work and personal activities. As a precautionary measure, users are advised to regularly update their passwords, enable two-factor authentication where available, and remain vigilant for any suspicious activities on their accounts. 

The AnyDesk security breach underscores the ongoing challenges faced by remote desktop software providers in maintaining the security of user data. In an era where remote connectivity has become the norm, ensuring the safety of personal and professional information must be a top priority. Users are encouraged to adopt best cybersecurity practices, stay informed about security updates, and take proactive measures to enhance their overall online security.
Read more »
ToolKit
DNS Flaw malware Remote Access Software Sensitive data ToolKit

Decoy Dog Malware Toolkit: A New Cybersecurity Threat

 

A new cybersecurity threat has been discovered that could potentially put millions of people at risk. According to a report from Bleeping Computer, researchers have found a new malware toolkit called 'Decoy Dog' after analyzing 70 billion DNS queries. The malware toolkit was discovered by a team of researchers who were looking for new ways to protect against cyber attacks.

The Decoy Dog malware toolkit is an advanced cyber attack tool that allows hackers to access and control computer systems remotely. It is a modular tool that can be customized to fit the specific needs of an attacker. The malware is also capable of evading traditional security measures such as firewalls and antivirus software.

The researchers found that the Decoy Dog malware toolkit is being distributed through various channels such as email, social media, and file-sharing sites. Once the malware is installed on a victim's computer, it can be used to steal sensitive information such as login credentials, financial data, and personal information.

One of the ways that the Decoy Dog malware toolkit is able to evade detection is through the use of a tool called Pupy. Pupy is a remote access tool that is used to control compromised systems. It is designed to be stealthy and can operate undetected by antivirus software.

The researchers warn that the Decoy Dog malware toolkit is a serious threat and that users should take steps to protect themselves. They recommend that users keep their software up-to-date and avoid opening suspicious emails or downloading files from untrusted sources. They also suggest that users should use reputable antivirus software and regularly scan their systems for malware.

The Decoy Dog malware toolset poses a significant risk to cybersecurity, to sum up. It is an effective weapon for cybercriminals due to its modular design and capacity to bypass conventional security measures. Users must be on the lookout for these hazards online and take precautions to safeguard themselves.

Read more »
VNC
Cyber Security MFA New Tactic Remote Access Software Research VNC

Devious Phishing Tactic Circumvents MFA Using Remote Access Software

 

As per a new phishing technique,adversaries can defeat multi-factor authentication (MFA) by having victims connect to their accounts directly on attacker-controlled servers using the VNC screen sharing system.

Bypassing multi-factor authentication (MFA) configured on the intended victim's email accounts is one of the most difficult barriers to successful phishing attempts. Even if threat actors can persuade users to input their credentials on a phishing site, if the account is protected by MFA, completely breaching the account requires the victim's one-time passcode. 

Phishing kits have been upgraded to employ reverse proxies or other means to obtain MFA codes from unwitting victims to get access to a target's MFA-protected accounts. Companies, on the other hand, are becoming aware of this technique and have begun implementing security measures that prevent logins or cancel accounts when reverse proxies are found. VNC is here to help. 

Mr.d0x, a security researcher, attempted to create a phishing attack on the client's employees to get corporate account credentials while conducting a penetration test for a customer. Mr.d0x put up a phishing assault utilising the Evilginx2 attack framework, which operates as a reverse proxy to steal credentials and MFA codes because all of the accounts were configured with MFA. 

The researcher discovered that when reverse proxies or man-in-the-middle (MiTM) attacks were detected, Google blocked logins. According to Mr.d0x, this was a new security feature installed by Google in 2019 precisely to avoid these types of attacks. 

Websites like LinkedIn, according to the researcher, identify man-in-the-middle (MiTM) assaults and delete accounts following successful logins. To get around this, Mr.d0x devised a cunning new phishing technique that employs the noVNC remote access software and browsers in kiosk mode to display email login prompts that are hosted on the attacker's server but shown in the victim's browser. 

VNC is a remote access software that allows users to connect to and control the desktop of a logged-in user. Most people use dedicated VNC clients to connect to a VNC server, which opens the remote desktop in a similar way to Windows Remote Desktop. 

An application called noVNC, on the other hand, allows users to connect to a VNC server directly from within a browser by merely clicking a link, which is where the researcher's new phishing method comes into play. 

A new report by Mr.d0x on his new phishing technique explained, "So how do we use noVNC to steal credentials & bypass 2FA? Setup a server with noVNC, run Firefox (or any other browser) in kiosk mode and head to the website you’d like the user to authenticate to (e.g. accounts.google.com)."   

"Send the link to the target user and when the user clicks the URL they’ll be accessing the VNC session without realizing. And because you’ve already set up Firefox in kiosk mode all the user will see is a web page, as expected." 

A threat actor can use this configuration to send targeted spear-phishing emails with links that launch the target's browser and log into the attacker's remote VNC server. These links are highly customisable, allowing the attacker to make links that do not appear to be suspicious VNC login URLs.  

Since the attacker's VNC server is set up to run a browser in kiosk mode, which displays the browser in full-screen mode, when the victim clicks on a link, they will be taken to a login screen for the targeted email provider, where they can log in as usual. 

However, because the attacker's VNC server is displaying the login prompt, all login attempts will be made directly on the remote server. Once a user logs into the account, an attacker can utilise a variety of tools to obtain passwords and security tokens, according to Mr.d0x. 

Even more dangerous, since the user enters the one-time passcode directly on the attacker's server, authorising the device for future login attempts, this technique bypasses MFA. If the attack was limited to a few people, merely entering into their email account using the attacker's VNC session would grant the device permission to connect to the account in the future. Because VNC allows many individuals to monitor the same session, an attacker might disconnect the victim's connection after the account was logged in and reconnect later to gain access to the account and all of its email. 

While this attack is yet to be observed in the open, the researcher told BleepingComputer that he believes it will be used in the future. Every phishing advice remains the same when it comes to safeguarding from these types of attacks: do not click on URLs from unknown senders, scan embedded links for strange domains, and take all email as suspect, especially when it asks you to log in to your account.
Read more »
Subscribe to: Posts (Atom)