Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Social Engineering Attack. Show all posts
User Security
Bribery Cyber Fraud Cypto Exchange Social Engineering Attack User Security

Coinbase Offers $20m Bounty to Take Down Perpetrators Behind Social Engineering Attack

 

Coinbase, a renowned cryptocurrency exchange, is offering a $20 million prize to anyone who can assist identify and bring down the culprits of a recent cyber-attack, rather than fulfilling their ransom demands. 

On May 15, Coinbase said that attackers bribed and recruited a group of rogue offshore support agents to steal client data and carry out social engineering attacks. The attackers intended to exploit the stolen data to imitate Coinbase and trick users into turning up their cryptocurrency holdings.

The US crypto firm was asked to pay a $20 million ransom to end the scam. However, Coinbase has openly refused to pay the ransom. Instead, it is collaborating with law enforcement and security sector experts to track down the stolen assets and hold those behind the scheme accountable. 

Coinbase introduced the 'Bounty' program, which includes the $20 million reward fund. The funds will be awarded to anyone who can offer information that leads to the arrest and conviction of the culprits responsible for the attack. 

Establishing safety protocols

Coinbase acted quickly against the insider offenders, firing them and reporting them to US and international law authorities. The crypto exchange will compensate consumers who were duped into sending funds to the perpetrators as a result of social engineering work. 

Furthermore, the crypto exchange suggested that it was putting in place additional measures, such as requesting extra ID checks for substantial withdrawals from flagged accounts and showing mandatory scam-awareness messages. 

The company is also expanding its support operations by establishing a new help hub in the United States and tightening security controls and monitoring across all sites. It is also strengthening its defences by investing more in insider threat detection and automated response, as well as replicating similar security risks to discover potential flaws. 

Coinbase is also working with law enforcement and the private sector to identify the attackers' addresses, allowing authorities to track down and perhaps recover the stolen assets. Finally, Coinbase wants to file criminal charges against those who carried out the cyberattack.
Read more »
Social Engineering Attack
Cyber Fraud HP Threat Research Malicious PDF Attachment Microsoft QR code scan scam campaigns Social Engineering Attack

Cyber Scammers now Experimenting With QR Codes


Microsoft started limiting macros in Office files by default in February 2022, making it more difficult for attackers to execute malicious code. According to data gathered by the HP Threat Research team, attackers have been changing their methods since Q2 2022 in an effort to identify new ways to hack devices and steal data. 

The Rise of QR Scan Scams 

The research findings were based on data collected from millions of endpoints using HP Wolf Security: 

Since October 2022, HP has witnessed QR code “scan scam” campaigns almost daily. These frauds persuade users to scan QR codes with their mobile devices while connected to their PCs, potentially exploiting the lack of phishing protection and detection on such devices. Users can access fraudulent websites that request credit and debit card information by scanning QR codes. Examples from Q4 include phishing attempts that pose as parcel delivery services seeking money. 

38% Rise in Malicious PDF Attachment: 

The recent assaults avoid web gateway scanners by using embedded images that link to malicious ZIP files that are encrypted. The PDF instructions fool the user into providing a password to unpack a ZIP file, allowing QakBot or IcedID malware to gain access to systems unauthorization and serve as beachheads for ransomware. 

42% of Malware was Delivered Inside Archives Files Like ZIP, RAR, and IMG: 

Archives have gained a whooping 20% rise in popularity since Q1 2022, as threat actors use scripts to execute their payloads. In contrast, 38% of malware is distributed via Office documents like Microsoft Word, Excel, and PowerPoint. 

Alex Holland, Senior Malware Analyst at HP Wolf Security threat research team said, “We have seen malware distributors like Emotet try to work around Office’s stricter macro policy with complex social engineering tactics, which we believe are proving less effective. But when one door closes, another opens – as shown by the rise in scan scams, malvertising, archives, and PDF malware.” 

“Users should look out for emails and websites that ask to scan QR codes and give up sensitive data, and PDF files linking to password-protected archives,” added Holland. 

Threat Actors Still Rely on Social Engineering 

HP researchers also discovered eight malware families imitated in 24 popular software projects in Q4's malvertising efforts, as compared to just two such operations in Q3's. The attacks rely on people clicking on search engine adverts that take them to malicious websites that resemble legitimate websites nearly identity. 

Dr. Ian Pratt, Global Head of Security for Personal Systems, HP says “While techniques evolve, threat actors still rely on social engineering to target users at the endpoint.” 

“Organizations should deploy strong isolation to contain the most common attack vectors like email, web browsing and downloads. Combine this with credential protection solutions that warn or prevent users from entering sensitive details onto suspicious sites to greatly reduce the attack surface and improve an organization’s security posture,” concludes Pratt.  

Read more »
Twitter Data Breach
API API Attack API security Data Breach Hacking PII Social Engineering Attack Twitter Data Breach

Twitter Data Breach Indicates How APIs Are a Goldmine for PII and Social Engineering


A Twitter API vulnerability that was detected in June 2021, and was later patched, has apparently been haunting the organization yet again. 

In December 2022, a hacker claimed to have access to the personal data of 400 million Twitter users for sale on the dark web markets. And only yesterday, the attacker published the account details and email addresses of 235 million users. 

The breached data revealed by the hacker includes account names, handle creation data, follower count, and email addresses of victims. Moreover, the threat actors can as well design social engineering campaigns to dupe people into providing them their personal data. 

Twitter: A Social Engineering Goldmine 

Social media giants provide threat actors with a gold mine of user data and personal information that they can utilize in order to perform social engineering scams. 

Getting a hold of just a user name, email address, and contextual information of a user’s profile, available to the public, a hacker may conduct reconnaissance on their targeted user and create phishing and scam campaigns that are specifically designed to dupe them into providing personal information. 

In this case, while the exposed information was limited to users’ information available publicly, the immense volume of accounts exposed in a single location (Twitter) has in fact provided a “goldmine of information” to the threat actors. 

The Link Between Social Engineering and API Attacks 

Unsecured APIs allow cybercriminals direct access to users’ Personally Identifiable Information (PII), such as username and password, which is captured when the user connects to any third-party service API. API attack thus provides threat actors with a window to collect large amounts of personal information for scams. 

An instance of this happened just a month ago when a threat actor leveraged an API flaw to gather the data of 80,000 executives throughout the private sector and sell it on the dark web. The threat actor had applied successfully to the FBI's InfraGard intelligence sharing service. 

The data collected during the incident included usernames, email addresses, Social Security numbers, and dates of birth of victims. This highly valuable information was utilized by the threat actors for developing social engineering dupes and spear phishing attacks. 

How to Protect APIs and PII? 

One of the main challenges faced while combating API breaches is how modern enterprises need to detect and secure a large number of APIs. A single vulnerability can put user data at risk of exfiltration, therefore there is little room for error. 

“Protecting organizations from API attacks requires consistent, diligent oversight of vendor management, and specifically ensuring that every API is fit for use […] It’s a lot for organizations to manage, but the risk is too great not to,” says Chris Bowen, CISO at ClearDATA.  “In healthcare, for example, where patient data is at stake, every API should address several components like identity management, access management, authentication, authorization, data transport, exchange security, and trusted connectivity.”

It has also been advised to the security team to not rely solely on simple authentication options like username and password in order to secure their APIs. 

“In today’s environment, basic usernames and passwords are no longer enough […] It’s now vital to use standards such as two-factor authentication (2FA) and/or secure authentication with OAuth,” says Will Au, senior director for DevOps, operations, and site reliability at Jitterbit. 

Moreover, measures such as utilizing a Web Application Firewall (WAF), and monitoring API traffic in real time can aid in detecting malicious activities, ultimately minimizing the risk of compromise.  

Read more »
XenForo
Social Engineering Attack XenForo

Social Engineering forum hacked, data shared online






A website that deals with topics of social engineering has been hacked about two week ago, and tens of thousands of data have been leaked and sold online. 

The owner of the SocialEngineered.net shared a post in which he admitted that the website had been breached via a security flaw in the  MyBB software.

The hacked database contains personal information of more than  55,121 users which includes their usernames, passwords, email addresses, IP addresses, and private messages.

The database is available on multiple number of websites from where hackers could get access to them. 

However, there is no clarity how much data the hackers were able to retrieve, but it appears that they got hold on more than this data. 

One of the rival forum informed that the leak also includes  the website source code, data, and activity.

SocialEngineered website moved to another platform XenForo forum to avoid a similar incident in the future. 


The company advised its users to immediately change the login passwords. 

Read more »
Spear Phishing attacks
Banking Trojans malware Social Engineering Attack Spear Phishing attacks

The Dyre Wolf of cyber street is after your money


The Dyre malware affecting the corporate banking sector has successfully stolen upwards of million dollars from unsuspecting companies since its inception in mid-2014, according to IBM's Security Intelligence report.

In a span of seven months the global infection rate has shot up from 500 to more than 4000 with North America being the most affected region.

While such a threat is not new to the banking sector what sets Dyre apart is its wealth of features that combines Spear phishing, malware (initial infection via Upatre), social engineering, complex process injections, the Deep Web and even Distributed Denial of Service (DDoS) alongside the constant updates that makes its detection tough.

The malware works in multiple steps.

Spear phishing: An organization  is as strong as its weakest link. Dyre uses this adage to the full as it targets employees of an organization with mails that contains the malware delivered in a zip file. Unsuspecting employees might download the zip file having a scr or an exe file which is actually the  malware known as Upatre (pronounced like “up a tree”), which begins the initial infection of the target machine.

First Stage Malware: Upatre then establishes contact with the Control and Command servers and downloads and installs Dyre to the system and deletes itself.

Second Stage Malware: Dyre establishes persistence in the system and connects to nodes at Invisible Internet Project that would enable it to communicate information without revealing destination or content.It also sends emails to victim's contact list aiming to increase its list of potential victims.It then hooks to the victim's browsers to intercept log in credentials by routing them to fake pages when the victim tries to visit web sites of the targeted bank.

Advanced Social Engineering: Social engineering is the alarming aspect of Dyre Wolf campaign. In addition to providing fake pages to extract log in data from individuals, it can at times display a message to the consumer asking them to call the bank at a specified number. Dyre wolf operators at the other end of the line act professionally and extract information under the guise of verification. This is done to circumvent bank's two stage authentication processes.

Wire Transfer and DDoS: After obtaining credentials, they log into the accounts and request for wire transfer of large sums. The money is moved from account to account quickly to make tracing and reversal impossible. Following this the affected consumer faces DDoS from the bank pages which hinders detection and investigation.

Dyre is operated by a highly organized and well funded group of cyber criminals in Eastern Europe.

The only way to prevent this seems to be to avoid the first infection of the system arising from a vulnerable employee. Employees need to be trained well on regarding such malwares, spear-phishing campaigns. Other preventive measures include stripping executables from email attachments, preventing installation from temp folders, using updated anti-virus, two factor authentications etc.
Read more »
Syrian Electronic Army
Featured Social Engineering Attack Syrian Electronic Army

Syrian Electronic Army hacks Forbes website and twitter accounts

Forbes, american business magazine, is appeared to be the latest victim of the Syrian Electronic Army.  The group has managed to post articles entitled "hacked by syrian electronic army".

The group is experts in phishing attack -targeting employees of the organization with a fake emails.  We believe hackers used the same method for compromising Forbes' employees also.

It appears they have gained admin access to the wordpress panel that allowed them to post stories.

The group appears to have compromised one twitter account of forbes (@forbestech) and two twitter accounts(@thealexknapp, @samsharf) belong to their employees.  At the time of writing, Samantha sharf account still shows the hackers tweet.

The hackers said the reason for hacking forbes is because the publication posted  many articles against syrian electronic army, with muchnhate for syria.

Read more »
Spear Phishing attacks
Breaking News Data Breach Social Engineering Attack Spear Phishing attacks

Target data breach started with a Spear phishing attack targeting HVAC firm

A latest information on Target data breach published by security blogger Brian Krebs shows the power of Social Engineering attacks. 

It appears everything began from a spear phishing attack in which employees of HVAC company Fazio Mechanical Services targeted with an email containing a piece of malware.

Sources have told Krebs that the malware used in the attack is Citadel- a notorious banking trojan capable of stealing login credentials and other information.  However, Krebs isn't able to confirm the information.

The reason why the company didn't get chance to identify the malware is because it is using a free version of Malwarebytes Anti-malware to protect is internal systems.

Malwarebytes is one of good tool capable of scanning and removing threats from infected machines.  However, unlike the Pro version(just $25), it doesn't offer any real-time protection.

Furthermore, the free version is meant for individuals not for companies, also the license for free version prohibits corporate use. 
Read more »
Social Engineering Attack
Breaking News Hacking News Social Engineering Attack

Hacker manipulates Paypal and Godaddy to extort a twitter account worth $50,000


We aware that one of the powerful attack method in the hacking world is Social Engineering.  Here is a story how social engineering attack helped a hacker to extort a twitter account worth $50,000.

Naoki Hiroshima, an app developer, registered his one letter handle @N in 2007.  He says since he registered the account, he faced several troubles.  One letter twitter handles are rare, worth a lot of money.  

He says that even he got an offer up to $50,000 for his twitter handle.  However, he declined to sell it.  But, not all attempts to obtain the account have been friendly.  Hackers have often attempted to steal his account by sending phishing emails.

But this time, Naoki got bad luck.  A Hacker managed to compromise his website with social engineering attack.  The main target of the hacker is the twitter handle.  He threatens Naoki that he will never his domain, if he fails to hand over his twitter handle.  So, Naoki finally agreed to give the twitter handle to the hacker.

After get access to the @N, hacker explained how he was able to compromise his website and provided few security tips to prevent himself from being victim in future.

Manipulated employees at Paypal and Godaddy:
The attack started from Paypal.  The hacker called up Paypal and social engineered an employee into handing over the last four digits of Naoki's card.

He then called up Godaddy and said he lost his card data but he remembers the last four number.  Godaddy let the attacker to guess the first two digits of the card.  He successfully guessed the digits and has been given access to the account.

Naoki was using email ID hosted in his website for the Twitter account.  The attacker attempted to reset the twitter password.  Meanwhile, Naoki realized the attack and immediately changed the email id of Twitter to gmail.  So, the attacker was not able to get access to twitter account. 

He also attempt to trick the Twitter into handing over the account but Twitter asked the attacker to give more info.  So, he dropped the plan and blackmailed the Naoki to give his handle.

As the domain's registrant details have been changed and Godaddy is not helping Naoki, he finally agreed to exchange the twitter handle for his godaddy account.

Naoki said that he is disappointed with the Godaddy & paypal and he is planning to leave them as soon as possible.

"Stupid companies may give out your personal information (like part of your credit card number) to the wrong person. Some of those companies are still employing the unacceptable practice of verifying you with the last some digits of your credit card. " Naoki said in his blog.

Currently, the attacker has control of the twitter handle @N.  Naoki is using N_is_Stolen for his account.
Read more »
Subscribe to: Posts (Atom)