Tag Archive for: Devious

Hacking humans: Devious tricks attackers use to infiltrate via employees

/in


When we hear the word “hacking” we typically imagine a hooded bad guy coding in a dark room, using cyber skills to breach technical systems and networks.

But what if we told you that 80-95% of all computer attacks begin with the hacking of a human being? That’s right, hacking human beings (a.k.a. social engineering) is usually “phase one” of any cyberattack. This doesn’t require so many technical skills but rather a clever understanding of how human nature responds to phishing lures.

What is Social Engineering? 

Social engineering is a technique used by threat actors to trick online users into revealing sensitive information (such as passwords) or convince them to perform an action (such as clicking a link) that ends up compromising an identity, a system or network.

While email phishing is probably the most popular form of social engineering, other forms are also on the rise such as smishing (SMS text phishing), quishing (QR code phishing), BEC (business email compromise), and vishing (voice phishing).

How Do Social Engineering Attacks Work?

Regardless of medium or method (email, voice, text) social engineering attacks are typically executed using the following steps:

1. Conducting Reconnaissance

Just like an investigator that surveys, monitors or observes a potential target — who they meet, where they spend time, where they live, etc., attackers too will often do background research on their targets.

This includes combing through social media profiles (checking their social media interactions, mentions and connections), learning about their colleagues, friends and family members; obtaining their contact information and finally using tools like open source intelligence (OSINT) to uncover vulnerable and exploitable assets that they can target or operationalize. 

2. Designing a Pretext

Just like in the old movie “The Talented Mr. Ripley” where a con-artist crafts a fake story to convince everyone that he’s the son of a shipping tycoon, attackers too will create situations or stories to dupe their targets. It can be anything from a discount code to an investment opportunity, from a “verify your email” notification to a notification highlighting…

Source…

Clicking these texts allows devious malware to take over your phone

/in


Text messages have not gone out of fashion. While platforms like WhatsApp and Telegram have exploded in use, 2.1 trillion text messages were still sent in 2020. Facebook Messenger is also a popular choice, and the company recently introduced end-to-end encryption.

Unfortunately, text messages are also popular with cybercriminals. Constantly developed to infect as many devices as possible, malware hiding in texts is an ever-growing concern.

While they come in different forms, an old trick has been re-engineered to cause financial havoc. Read on to see how malicious text messages can install money-grabbing malware.

Here’s the backstory

Medusa malware made its first appearance in July 2020, sparking concern with its ability to infect devices rapidly. The malware is also known as Tanglebot and is spread through text messages containing malicious links. If the malware infects your device, crooks can steal data and even take over your phone. 

ThreatFabric researchers noticed a development change in the current version, making Medusa even more dangerous. In addition to the regular reading of text messages and accessing your contacts, it can now steal your money too. It’s a dangerous banking trojan that you need to keep off your gadget.

This particular scam combines SMS (short message service or text messages) and phishing and is known as smishing. These attacks attempt to gain your trust by imitating brands and companies you know or support.

The malware performs fraudulent actions either through a keylogger or by taking control of your device’s clipboard. And it isn’t easy to spot. Built into the malware’s code are instructions for evading antivirus detection and preventing the installation of apps that will detect it.

According to ThreatFabric, here’s how the scheme works: you receive a message via text that contains malicious links. Scammers pretend to have information on a delivery or an app that needs an immediate update. But the link leads to a malicious download that will infect your device with malware.

Once…

Source…

Smashing Security podcast #249: Devious licks, Netflix, and sensitive hackers

/in



All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by …

Source…

Hackers Use Old But Devious Method To Steal User Data From Browsers

/in


Everyone has heard about computer viruses and malware. But most of the users don’t understand what they are and how they work. However, this doesn’t mean that hackers do not try to improve their techniques and get from your computers as much as possible. In this regard, Microsoft was talking about a new malware threat recently. The SolarMarker is a new kind of malware. But it uses an old but devious method to implant its code onto victims’ computers.

Hackers in Windows 10

The method Microsoft security experts were talking about is “SEO poisoning.” As the Redmond-based company explains, it involves “stuffing” thousands of PDF documents with SEO keywords and links which start a cascade of redirections that eventually leads the unsuspecting user to malware. “The attack works by using PDF documents designed to rank on search results,” Microsoft Security Intelligence explained on Twitter in recent days. “To achieve this, attackers padded these documents with >10 pages of keywords on a wide range of topics, from ‘insurance form’ and ‘acceptance of contract’ to ‘how to join in SQL’ and ‘math answers.’”

The attackers have been previously using Google sites to host those infected PDF files. But now, the hackers began using Amazon Web Services and Strikingly for this goal.

How Does SolarMarker Steal User Data?

Below, you can find eSentire’s explanation of how the process works.

Business professionals are “being lured to hacker-controlled websites, hosted on Google Sites, and inadvertently installing a known, emerging Remote Access Trojan (RAT) … The attack starts with the potential victim performing a search for business forms such as invoices, questionnaires, and receipts.” The campaign, eSentire continues, lays out traps using Google search redirection, and once the RAT has been activated on a victim’s computer, “the threat actors can send commands and upload additional malware to the infected system,” including ransomware.

As said, the malware we are talking about is known as SolarMarker. In fact, it is a backdoor malware that can steal data and credentials from browsers. The first recommendation to protect your data is to make sure you’re…

Source…