Tag Archive for: revealed

Warning Issued For iPhone Users As iMessage 0-Click Attack Revealed

/in


Researchers at the Russian cybersecurity giant Kaspersky have issued a warning concerning what they say is an ongoing attack campaign exploiting a zero-click, zero-day iMessage vulnerability. This previously unknown vulnerability enables code-execution, including, the researchers say, “additional exploits for privilege escalation.”

Operation Triangulation Attacks Ongoing

The campaign, which Kaspersky has named Operation Triangulation, requires no user interaction. As such, this falls into the most critical of attack methodologies. Just the act of sending the malicious iMessage, which includes an attachment containing the exploit, triggers the vulnerability.

Rather disconcertingly, Kaspersky researchers say they have traced the earliest example of the attack back to 2019. As of yesterday, they also confirm that attacks are still ongoing.

Discovery Of The Zero-Click Attack

The security researchers became aware of the suspicious activity while monitoring the corporate network “dedicated for mobile devices using the Kaspersky Unified Monitoring and Analysis Platform (KUMA).” This activity was originating from a number of iPhones.

The traces of compromise were confirmed after researchers created offline backups of the iPhones in question and inspected them with a mobile verification toolkit. This found that the final payload was downloaded from a “fully-featured” advanced persistent threat (APT) platform. It has yet to be confirmed, however, the precise nature of that payload.

We understand that it runs using root privileges and drops a set of commands that can be used to collect both system and user information. Posting on Twitter, Kaspersky founder Eugene Kaspersky said that the attack “transmits private information to remote servers: microphone recordings, photos from instant messengers, geolocation and data about a number of other activities.”

Russia Suggests Attacks Involve iPhone Backdoor For NSA Spies

While there is no firm evidence currently as to who is the target of this campaign, the Russian FSB security service has already claimed that thousands of…

Source…

Unclear data patterns? New risks from the MuddyWater hackers revealed

/in


Photo: Pexels

MuddyWater hackers, a group associated with Iran’s Ministry of Intelligence and Security (MOIS), have been using compromised corporate email accounts to deliver phishing messages to their targets. MuddyWater attacks are characterized by the use of a slowly evolving PowerShell-based first stage backdoor.

Looking into the issues surrounding these attacks for Digital Journal is Joe Gallop, Cyber Threat Intelligence Manager at Cofense.

Gallop begins by looking at the attack vector and the implications: “Spear-phishing continues to be the intrusion vector of choice for many advanced threat groups, and although users may often not see themselves as important targets, they can easily become a stepping stone toward the real target.”

Spear-phishing is an email or electronic communications scam targeted towards a specific individual, organisation or business. It is a targeted attempt to steal sensitive information such as account credentials or financial information from a specific victim.

Gallop continues with the attack operandi: “Advanced persistent threat actors are definitely persistent in more ways than one, and will often expend significant effort in open-source research to identify an important target’s social and professional network.”

Furthermore, finds Gallop: “If they can compromise just one email account belonging to someone in that network, they are able to abuse established trust by sending phishing emails from that account to the final target or to other “stepping stones,” as reportedly done in the MuddyWater campaign against Egyptian hosting companies.”

There are some worrying patterns with the attack approach, says Gallop: “The use of HTML attachments (as seen in this campaign) is not new, but Cofense Intelligence has observed some notable spikes in HTML attachment phishing recently. The use of HTML smuggling legitimate HTML5 and JavaScript capabilities in an HTML attachment to deliver embedded malicious content is done after the file has been opened on the target computer, rather than beforehand, by operators of Qakbot malware, which is our “phishing malware family to watch” for this quarter. HTML attachments are used to harvest…

Source…

Medibank data breach deepens as staff information hack revealed

/in


The theft was part of the same hack that acquired data on all 9.7 million current and former customers, including sensitive health information on about 500,000 policyholders.

The email Medibank sent to employees on Monday evening said hackers had accessed data on about 900 current and former employees – including their names, email addresses, mobile phone numbers and work device information – and posted it on the dark web on November 9.

“Our security team have advised that the information above may be used for increased spam such as spear-phishing and social engineering,” Medibank said in the email.

Spear-phishing is targeted to a specific person or group of people purporting to be from a trusted sender. Social engineering is the art of manipulating people, so they provide confidential information such as passwords.

Loading

The Medibank cyberattack was triggered when hackers gained access to the company’s internal systems by stealing the login credentials of an employee or contractor.

“While security experts have told us that the security risk is low, the information could be used for increased spam such as spear-phishing,” a Medibank spokeswoman said.

“A hacker will not be able to use the information to access people’s phone data or remotely hack into their phone. We’ve also taken steps through our telecommunications provider to block porting of phone numbers for Medibank devices.”

Porting refers to transferring a mobile phone number to another telco provider.

The company told employees to be extra vigilant when using their mobile phones and follow extra precautions such as being alert for any phishing scams via phone or email, to verify any communications received to ensure they are legitimate, and to not open suspicious texts and emails.

It also asked employees to use “strong” passwords and activate multi-factor authentications on any online accounts “where available”.

Multi-factor authentication is a security measure that requires two or more proofs of identity to grant you access. Typically this involves sending a code to a separate device such as a mobile phone and would prevent hackers gaining access with just login credentials.

Loading

“Please note, IT…

Source…

'Dog act' Medibank hack details revealed

/in



Medibank’s hackers are threatening to release stolen personal health information, and Cyber Security Minister Clare O’Neil says that’s a “dog act”.

Source…