Tag Archive for: Smishing

Uber hacked via basic smishing attack


A smishing attack on Thursday led to a wide range of Uber’s internal systems being breached by a seemingly unaffiliated teenage hacker, it has been claimed.

A report first emerged in The New York Times that the ride-sharing company had been hacked, with the threat actor themselves getting in touch with the publication to allege that he had gained access to internal systems such as Uber’s internal email, cloud storage systems and code repositories through a simple social engineering attack. In a text message sent to an Uber employee, the hacker impersonated an IT worker and convinced them that it was necessary to share an internal password.

As a variant of phishing in which SMS is used to mine targets for sensitive information, smishing is often combined with social engineering tricks for increased effectiveness. Victims may be more easily persuaded to hand over credentials to a supposedly trustworthy source if the attacker makes the situation seem urgent or seems to be suitably authoritative, both of which may have prompted the hacker to claim to be a key IT worker. Two-factor authentication (2FA) is a recommended measure to dull the impact of smishing attacks, and prevent compromised credentials from being used by hackers effectively.

Smishing and social engineering were recently used in sophisticated attacks on Twilio and Marriott. A report from September 2021 revealed that in the first six months of the year, smishing attacks surged 700% more than in the preceding six months.

The hacker claims to be just 18 years old, with self-taught skills in cyber security, and explained that he performed the breach because Uber’s security was especially weak. On Thursday, Uber confirmed that it was subject to a cyber attack through its official Twitter channel, and also stated that it is in dialogue with law enforcement. The company has not offered an in-depth description of the attack.

As part of the breach, the hacker gained administrator control of Uber’s HackerOne account, which it uses to pay white hat hackers bug bounties. The attacker proceeded to leave comments on all active bounty tickets reading “UBER HAS BEEN HACKED (domain admin, aws admin, vsphere admin, gsuite SA)…

Source…

Social Engineering News: SMiShing – Security Boulevard


SMiShing attacks continue to soar as more companies transition to a remote/hybrid workforce. According to a Pew Research Center survey, 59% of U.S. employees work from home all or most of the time. This transition means that employees are now more likely to use mobile devices such as a phone or tablet to access corporate information and accounts. Bad actors are taking notice and exploiting this reliance on mobile devices. They are using popular mobile messaging apps and digital channels that aid the productivity or remote workers such as Facebook Messenger, WhatsApp, LinkedIn, Zoom, Microsoft Teams, Google Meet, and Slack to facilitate attacks. As a result, SMiShing is a threat that companies can no longer ignore. 

What is SMiShing?

The word SMiShing comes from combining SMS (Short Message Service), the original technology which started mobile texting, with phishing. In either instance the goal of the bad actor is to steal personal or financial information.

Cybersecurity Live - Boston

The following social engineering news story shows how bad actors exploit messaging apps and digital channels

A sophisticated Teams attack. As reported on by VentureBeat, a bad actor posing as a CEO (Chief Executive Officer) known to be on a business trip to China, sent a WhatsApp message to several of the company’s employees asking them to join a Teams meeting. When the employees joined the Teams meeting, they thought they were seeing the CEO live on video. However, it was really a scraped video feed of the CEO from a past TV interview. To make the fraud more convincing, the bad actor added a fake background to make it appear that the CEO was really in China. Now for the twist, there was no audio feed for the Teams meeting. The “CEO” chatted that he was experiencing issues with the audio feed and told the employees, that “since I can’t make this work, send me the information on this SharePoint link.‘”

Social Engineering News SMiShing

Image: VentureBeat

Test, Educate and Protect with our Managed SMiShing Service

How can you protect your company from SMiShing attacks such as mentioned above? It’s important that your employees can identify an attack. At Social-Engineer, LLC our fully managed, enterprise scalable program measures and tracks…

Source…

This is how ‘smishing’ works, the fraud that uses SMS to infect mobile phones – CVBJ


12/01/2021

On at 19:01 CET

EP

Check Point Research has warned of the campaigns of ‘smishing‘, a series of cyberattacks that They use texting and social engineering to mislead users, infect their computers and steal sensitive data and money.

SMS from ‘phishing‘, that is, the text messages that simulate their sending from a known body or brand, include a supposed notification for the user, such as a complaint, and accompany it with a link for your follow-up.

By clicking on the link, the user is urged to download a malicious Android application, and to enter sensitive data, such as the bank card. Once installed, the ‘app’ steal all SMS from the infected device, allowing criminals to use the credit or debit card and access the SMS that are sent as part of the two-factor authentication.

The malicious application checks the command and control (C&C) server controlled by cybercriminals for new commands to be executed periodically. In addition, to maintain persistence, after sending the card information, the application can hide its icon, making it difficult to control and uninstall.

This methodology described by the Check Point researchers has been detected in the ‘smishing’ campaigns directed against Iranian citizens, who supplant the Government of the country, and which has led to the theft of billions of Iranian rials from victims, with estimated figures of between 1,000 and 2,000 dollars per user. In addition, third parties can access stolen data ‘online’ since it has not been protected.

The company indicates in a statement that cybercriminals are taking advantage of a technique known as ‘smishing’ botnets, in which compromised devices are used as ‘bots’ to spread SMS of ‘phishing’ similar to other potential victims.

Attackers use various Telegram channels to promote and sell their tools for between $ 50 and $ 150, providing a complete ‘Android campaign kit’, including the malicious app and underlying infrastructure, with a dashboard that can be easily managed by anyone via a simple Telegram bot interface.

The campaign takes advantage of social engineering and causes significant economic losses, despite the low…

Source…

Smishing – what is it? And why should it be a top priority for CISOs?


Anyone who uses a smartphone has likely been the target of at least one smishing attack.  Short for SMS phishing, smishing is an increasingly popular choice of attack vector, where the user is deceived into downloading virus or malware onto their mobile devices.   

Smishing as a form of attack is of particular concern as people are trusting and responsive to text messages rather than email. Only 1 in 4 emails are opened by consumers, whereas 82 percent of text messages are read within five minutes.  

Source…