Tag Archive for: Trap’

The black hat hacker trap: Why unethical hacking lures young people

/in


Check out all the on-demand sessions from the Intelligent Security Summit here.

Hackers are often thought of as individuals who sow chaos for the organizations they target. However, some hackers put their abilities to good use to become ethical hackers, making up for the damage caused. Despite there being huge growth in ethical hacking and prosperous career opportunities in this area, black hat hacking continues to attract young people due to their fascination with risky online behavior and tech savviness.  

In 2017 the UK National Crime Agency commissioned a report that found the average age of a hacker was 17. Today, this is still true — consider recent incidents, such as when a 17-year-old led the charge on the Uber and Rockstar attacks.

What separates black hat hackers from white hat hackers is intent. Black hat hackers use their technical capabilities to maliciously compromise businesses’ data, while white hat hackers support organizations in finding weak points in their systems. But, at the end of the day, both use the same methods.

>>Don’t miss our special issue: The CIO agenda: The 2023 roadmap for IT leaders.<<

Event

Intelligent Security Summit On-Demand

Learn the critical role of AI & ML in cybersecurity and industry specific case studies. Watch on-demand sessions today.


Watch Here

Even though there is a thin line between what ethical and unethical hackers do, young people can easily become more interested in attacking organizations due to peer pressure, or to seek social acceptance. This leaves many considering the attraction of unethical hacking and what organizations and communities can do to put young people’s talents to good use.

A slippery slope into a life of cybercrime

The love for coding and hacking often has humble beginnings. Starting out, young people may innocently taunt friends and siblings by hacking into their personal computers. Once hooked, young people begin to unearth more and more forums that outline organizations’ weak points and access tools, making hacking…

Source…

Got this Flubot malware warning on your Android phone? Beware, it’s a trap

/in


The infamous Flubot malware is back and hackers have found new ways to infect Android phones with the virus. Cybercriminals are sending messages warning users that their phone has been infected with the dangerous malware or suffered a data breach. These messages are fake. The users are then asked to click on a link to take action against the virus, but it is actually meant to install the malware on their devices.

Earlier the Flubot malware used to send text messages to users with a link to listen to their voicemail. The message has now been changing frequently to confuse people and trick them into allowing the malware to enter their device.

Also Read: Trojan malware attack: How fraudsters pose as Tax Dept to siphon off your money

A month ago, cyber security firm Trend Micro tricked users by offering fake voicemail applications. The text messages they would send contained a link that took users to a website that looked like it was run by a telecom operator. But they were actually allowing the malware to infect their phones.

Now, Computer Emergency Response Team of New Zealand (CERT NZ) has discovered that the hackers are changing text messages duping users into installing Flubot. The messages sent to Android phone users have been changing rapidly, from package delivery alerts, to warnings that Flubot has infected their devices.

The latest update by CERT NZ shows the messages claiming that photos of the recipient have been uploaded and they can be views by clicking on the attached link.

Source…

Researchers demonstrate how malware can detect its environment using the trap bit

/in


Recently, security researchers demonstrated how the use of the trap bit in x86 processors could inform running malware if it is running in a virtual environment or not. What is the purpose of the trap bit, how can it benefit malware, and what does this mean for future CPU hardware and virtualisation?

In the x86 CPU architecture, the trap bit is a special flag in the EFLAG register that raises an interrupt after completing a single instruction once the flag is set. For example, a piece of machine code would first set the trap flag, execute an instruction, and this would then trigger the CPU to execute a special interrupt that runs a subroutine.

While there is no specific purpose for the trap flag, it is convenient for debugging as it allows for code to be executed step-by-step. Furthermore, the interrupt allows for viewing the CPU contents, including registers, program counter, and stack pointer.

Recently, researchers from Palo Alto Networks demonstrated how the trap bit in x86 processors could be abused by malware to determine if the malware is being executed on a real computer or in a virtual machine. The cause of the exploit lies in how virtual machines emulate the behaviour of the trap flag. If a piece of malware sets the trap flag after executing certain special instructions such as RDTSC and CPUID, the CPU should return to the malware code with the trap bit cleared. While this is the case in real hardware, virtual machines may not catch this and return to the code with the trap bit still set.

The calling of a special instruction sees the CPU handle the interrupt, but if the trap bit is enabled on a basic instruction such as NOP, the malware can use its interrupt handler to detect this. Thus, if the malware interrupt handler is fired with the trap bit set, it knows it is running on a virtual machine. If no exception is thrown, then the malware knows that it is running on a real system.

One practical use of virtualisation is to test unknown code and applications to see how they behave. For example, an individual could find a USB flash drive lying around with no idea what is inside. While one could risk…

Source…

Twitter transgression proves why its flawed 2FA system is such a privacy trap

/in
Cartoon image of a sperm whale being held aloft by balloons,

Enlarge (credit: Twitter)

If ever there was a surefire way to sour users against a two-factor authentication system that was already highly flawed, Twitter has found it. On Tuesday, the social media site said that it used phone numbers and email addresses provided for 2FA protection to tailor ads to users.

Twitter requires users to provide a valid phone number to be eligible for 2FA protection. A working cell phone number is mandatory even when users’ 2FA protection is based solely on security keys or authenticator apps, which don’t rely on phone numbers to work. Deleting a phone number from a user’s Twitter settings immediately withdraws account from Twitter 2FA, as I confirmed just prior to publishing this post.

Security and privacy advocates have long grumbled about this requirement, which isn’t a condition of using 2FA protection from Google, Github, and other top-ranked sites. On Tuesday, Twitter gave critics a new reason to complain. The site said it may have inadvertently used email addresses and phone numbers provided for 2FA and other security purposes to match users to marketing lists provided by advertisers. Twitter didn’t say if the number of users affected by the blunder affected was in the hundreds or the millions or how long the improper targeting lasted.

Read 9 remaining paragraphs | Comments

Biz & IT – Ars Technica