Tag Archive for: Uncovers

‘Nasty stuff’: Research into Russian push-button cellphones uncovers legion of privacy and security issues

/in


Itel, DEXP, Irbis, and F+ mobile devices put under the microscope

Researchers discover numerous security and privacy issues after analysing Russian cellphones

Many push-button phones on sale in Russia contain backdoors or trojans, a security researcher claims.

According to Russian researcher ‘ValdikSS’, some cellphones are automatically sending SMS messages or transmitting online the fact that the device has been purchased and used, among other issues.

Get the message

As outlined in a technical blog post (Russian language), some models were found to contain a built-in trojan that sends paid SMS messages to short numbers, transmitting text that is downloaded from the server. Others were said to have a backdoor that forwards incoming SMS messages to an unknown server.

ValdikSS says he discovered the issue while considering swapping the USB modems he used to receive SMS messages for phones, as these were cheaper and are capable of taking up to four SIM cards each.

“The research begun due to unexpected behavior of the phone – it sent SMS by itself,” he tells The Daily Swig.

Russian push-button phonesOf the five Russian push-button phones tested, only one was said to be ‘clean’

He then tested a number of push-button models, including the Inoi 101, DEXP SD2810, Itel it2160, Irbis SF63, and F+ Flip 3.

And, he found, some of the phones were not only transmitting IMEI and IMSI numbers for the purposes of tracking sales, but also contained a trojan that sends SMS messages to paid short numbers, after downloading the text and number from a server via the internet.

Finally, a backdoor was found that intercepts incoming SMS messages and forwards them to the server, potentially allowing an attacker to use the phone’s number to register for services that require confirmation via SMS.

Read more of the latest mobile security news

“I was very confused when [a] DEXP SD2160 phone tried to send premium SMS to the number and with the body loaded from its server on the internet,” he says.

“The device, initially manufactured in 2019, was being sold by one of the largest electronic stores in June 2021, with lots of negative reviews in the same store’s website, and they didn’t recall it from sales.

“I’ve watched it to do all the nasty stuff in real time on my GSM…

Source…

Good guy hackers: St. Paul company uncovers companies’ cybersecurity weaknesses

/in


Their mission this night: uncover cyber and infrastructure security weaknesses at Intereum, an office furniture supply company. 

“We worked with this organization to do what we called penetration tests,” said Matt Quinn, Intereum’s vice president of integrated solutions. “They worked on trying to get through the perimeter, through the physical parts of the building … we also had them take some steps around cybersecurity, vulnerabilities.”

“Show you, yep, we were able to get through this door, we were able to bypass this censor,” Halbach said. “And at the end of the day we plugged into your network and took it over.” 

The idea is to beat cyberthieves at their own game before an actual ransomware attack or other threat. 

“Try to look at any available computers that they could get through,” Quinn explains. “Try to get on to our network, once they got into the building, as well as continue just to snoop around where our servers are, just to see if they could get access to our network.”

The team is made up of two parts: One company, RedTeam Security, zeros in on computer systems. Their partner, FoxPoint Security, accesses the building itself. 

“The more integration we have with our networks to our physical locations, the more ways there are to compromise it,” said Bryan Carver, a FoxPoint spokesperson. “If a building per se has a security network that locks the doors, or unlocks the doors, people, property, or operations could be held hostage.” 

“Because if you have the most secure computer network in all the world, but your door’s unlocked and anyone can walk in and steal your laptops, that’s a pretty big issue,” Halbach added. 

Within minutes, both teams are inside — although they’ve triggered an alarm system. 

They quickly locate Intereum’s servers. Equipped with USB drives loaded with a custom code to remotely control the company’s computers, RedTeam finds an unlocked laptop that allows them access. 

“We actually had an employee transition at the time, and that computer was left open and available that evening,” Quinn said. “And, of course, they got access to it, and that, of course, would be a…

Source…

WatchGuard uncovers top cyber threat trends of Q4 2020

/in


Fireless malware attacks and cryptominers are coming back in force, while ransomware attacks are on the decline.

This is according to WatchGuard Technologies’ new Internet Security Report for Q4 2020.

Among its most notable findings, the report reveals that fileless malware and cryptominer attack rates grew by nearly 900% and 25% respectively, while unique ransomware payloads plummeted by 48% in 2020 compared to 2019.

Additionally, the WatchGuard Threat Lab found that Q4 2020 brought a 41% increase in encrypted malware detections over the previous quarter and network attacks hit their highest levels since 2018.

WatchGuard’s report looked more closely at various trends and attack types, including fileless malware, cryptominers, ransomware, encrypted and evasive malware, botnet malware, supply chain attacks, trojan dupes and network attacks. 

Fileless malware

Fileless malware rates in 2020 increased by 888% over 2019.

According to WatchGuard, these threats can be particularly dangerous due to their ability to evade detection by traditional endpoint protection clients and because they can succeed without victims doing anything beyond clicking a malicious link or unknowingly visiting a compromised website.

Toolkits such as PowerSploit and CobaltStrike allow threat actors to easily inject malicious code into other running processes and remain operational even if the victims defences identify and remove the original script.

Deploying endpoint detection and response solutions alongside preventative anti-malware can help identify these threats.

Cryptominers

After virtually all cryptocurrency prices crashed in early 2018, cryptominer infections became far less prevalent and reached a low of 633 unique variant detections in 2019.

According to the researchers, attackers continued adding cryptominer modules to existing botnet infections and extract passive income from victims while abusing their networks for other cyber crime.

As a result, and with prices trending upward again in Q4 2020, the volume of cryptominer malware detections climbed more than 25% over 2019 levels to reach 850 unique variants last year.

Ransomware

For the second year in a row, the number of unique…

Source…

Cybereason Uncovers New Malware Arsenal Abusing Facebook and Dropbox in Middle East Espionage Campaign – Yahoo Finance

/in



Cybereason Uncovers New Malware Arsenal Abusing Facebook and Dropbox in Middle East Espionage Campaign  Yahoo Finance

Source…