It’s been more than a decade since Netflix launched its
on-demand online streaming service, drastically changing the way we consume
media. In 2019, streaming accounts for an astonishing 58 percent of all
internet traffic, with Netflix alone claiming a 15 percent share of that use.
But as streaming has become more common, so has the exploitation of streaming
technologies. Some consumers stream illegally to cut costs, perceiving it to be
a victimless crime. But as the saying goes: there’s no such thing as a free
lunch. Streaming is no exception.
Jailbreak!
By downloading illegal streaming apps from third-party
sources (i.e. outside of the Apple® App Store or Google™ Play), users may think
they’re capitalizing on a clever loophole to access free services. However,
according to a startling study conducted by Digital Citizens, 44 percent of
households using pirated streaming services experienced a cybersecurity breach
of one or more of their devices. That means if you use any type of
illegal streaming device or app, you are six times more likely to fall victim
to a cybersecurity attack than households using legal streaming services. Since
a reported 12 million homes—in North America alone) are actively using pirated
streams, that means illegal streaming may have led to up to 5 million
potentially undetected breaches.
Why are illegal streams so attractive to cybercriminals?
Because you’re probably streaming using devices and applications that are
connected to your home network. Unfortunately, the firewall on the average home
router does not provide adequate security against attacks. Any malware
introduced by the streaming software is likely able to get through
successfully. If you’re using a Window® computer or device, that means the
malware can infiltrate not the device you’re actively using, but also any other
Windows devices using the same internet connection. By spreading itself across
multiple devices, malware makes its own removal that much more difficult. Pair
these details with the fact that illegal streaming users are less likely to
report a malicious app, illegal streams provide a haven for cybercriminals in
which they can easily attack users, infect their machines, steal their data,
and hold their files for ransom.
Cybersecurity breaches caused by illegal streaming can
manifest in many ways. For example, a popular illegal movie and live sports
streaming app was observed scraping the connected WiFi name and password, as
well as other sensitive information, according to ThreatPost.
How You Can Stream Safer
Ultimately, nobody can guarantee the security of an illegal
stream. The truth is that legal streaming is the only safer streaming. That
doesn’t mean you have to go through the giants, like Netflix or Hulu. Users can
now access many low-cost, legal streaming options—including a few that are
ad-supported and are actually free. So why put yourself and your family
at risk for the sake of an illegal stream?
If you’re worried that someone with access to your WiFi
network may be streaming illegally, thereby putting you and your devices in
danger, make sure all of your devices are using up-to-date antivirus software
to help stop cyberattacks and prevent malware infections. More importantly,
talk with your family and friends about the real cost of “free” streaming.
They’ll be more cautious once they fully understand the risks.
Tuesday, June 25, 2019
Phishing Attacks Go Mobile
Taking advantage
of the inherent trust in mobile content, the bad guys are using a mixture of phishing text messages and look-alike sites to trick
users into giving up credentials.
You get a text from “Microsoft” stating your Office 365 password has expired with a link to reset your password. You click the link and are taken to an Office 365 password reset page. Thinking nothing of it, you provide your credentials and “reset” your password. One problem – it’s all been a scam.
This is the latest technique used by cybercriminals to harvest online credentials, according to data from security firm Lookout. Because so many users utilize mobile devices for work, it’s the perfect medium to get direct access to a user without needing to fend against the traditional defenses organizations put up in front of web and email content.
According to Verizon, 51% of sophisticated threat actors are now including mobile devices in their list of target devices. And, because the credentials being sought are work-related, the mobile device attack path spells trouble for organizations.
Without an ability to properly protect corporate accounts via devices out of their control, organizations need to look to heightening the employee sense of security when interacting with anything on the Internet (regardless of device).
Without changing the way employees think about the complete sense of trust they have in the mobile device experience, organizations put themselves at risk of the repercussions of credential harvesting, which include ransomware attacks, data breaches, and fraud.
You get a text from “Microsoft” stating your Office 365 password has expired with a link to reset your password. You click the link and are taken to an Office 365 password reset page. Thinking nothing of it, you provide your credentials and “reset” your password. One problem – it’s all been a scam.
This is the latest technique used by cybercriminals to harvest online credentials, according to data from security firm Lookout. Because so many users utilize mobile devices for work, it’s the perfect medium to get direct access to a user without needing to fend against the traditional defenses organizations put up in front of web and email content.
According to Verizon, 51% of sophisticated threat actors are now including mobile devices in their list of target devices. And, because the credentials being sought are work-related, the mobile device attack path spells trouble for organizations.
Without an ability to properly protect corporate accounts via devices out of their control, organizations need to look to heightening the employee sense of security when interacting with anything on the Internet (regardless of device).
Without changing the way employees think about the complete sense of trust they have in the mobile device experience, organizations put themselves at risk of the repercussions of credential harvesting, which include ransomware attacks, data breaches, and fraud.
Thursday, June 20, 2019
Social Engineering Vocabulary
Here is the basic
vocabulary that everyone should become familiar with. I know it's a long list,
but the threat is as real as it's ever been as the bad guys rely on a variety of techniques. Even though filters do a pretty good job, there will always be
some that slip through. So it is crucial to always be alert. If in doubt, don't
open. If the request in the email seems out of the ordinary it's always best to
call the person directly if possible.
I'm always available to call/text or talk to in person if you are suspicious of a particular email.
Phishing
I'm always available to call/text or talk to in person if you are suspicious of a particular email.
Click on image to view larger
Phishing
An umbrella term for any fraudulent
attempt to get information by acting like a trusted person or organization in
any electronic communications medium, usually email.
Smishing
When the attempt happens via text message, it’s called smishing. Smishing can be effective because some users are more trusting on SMS compared to email.
Smishing
When the attempt happens via text message, it’s called smishing. Smishing can be effective because some users are more trusting on SMS compared to email.
Vishing
Vishing is when an attacker uses a phone call to trick victims into giving up sensitive information such as passwords. Perpetrators of this crime typically use Voice over Internet Protocol (VoIP) calls and misrepresent themselves as employees of a bank or other organization.
Vishing is when an attacker uses a phone call to trick victims into giving up sensitive information such as passwords. Perpetrators of this crime typically use Voice over Internet Protocol (VoIP) calls and misrepresent themselves as employees of a bank or other organization.
Bulk
Phishing
This basic attack spams large numbers of people with generic messages that link to a large number of different fraudulent URLs in the hope of tricking a small percentage of the recipients into giving up sensitive information. If some of the URLs are shut down, others still remain.
This basic attack spams large numbers of people with generic messages that link to a large number of different fraudulent URLs in the hope of tricking a small percentage of the recipients into giving up sensitive information. If some of the URLs are shut down, others still remain.
Spear
Phishing
Rather than spamming large numbers of generic messages, spear phishing campaigns send small numbers of customized messages containing recognizable or relevant content to a small number of people. It requires some knowledge of the target for customization. The most obvious version of this is to send emails to people in a company, and make the email appear as if it came from another person in the same company. The more specific and targeted the attack, the more effective it can be.
Rather than spamming large numbers of generic messages, spear phishing campaigns send small numbers of customized messages containing recognizable or relevant content to a small number of people. It requires some knowledge of the target for customization. The most obvious version of this is to send emails to people in a company, and make the email appear as if it came from another person in the same company. The more specific and targeted the attack, the more effective it can be.
Snowshoe
Attack
Sitting somewhere between generic bulk and specific spear attacks is the snowshoe attack, whereby small, semitargeted emails are sent in batches small enough to fall below the threshold that triggers spam filters, but large enough to enable mass emailing. Snowshoe attacks use a large number of sender IP addresses, with a low number of emails per IP address. The term snowshoe refers to a spamming technique, regardless of whether it’s a phishing attack or just unwanted advertising.
Sitting somewhere between generic bulk and specific spear attacks is the snowshoe attack, whereby small, semitargeted emails are sent in batches small enough to fall below the threshold that triggers spam filters, but large enough to enable mass emailing. Snowshoe attacks use a large number of sender IP addresses, with a low number of emails per IP address. The term snowshoe refers to a spamming technique, regardless of whether it’s a phishing attack or just unwanted advertising.
Hailstorm
Attack
Instead of flying under the radar to avoid triggering spam filters, hailstorm attacks try to beat spam filters to the punch, launching a large number of emails at once to catch spam filters off guard — essentially finishing the sending before the filters have time to respond.
Instead of flying under the radar to avoid triggering spam filters, hailstorm attacks try to beat spam filters to the punch, launching a large number of emails at once to catch spam filters off guard — essentially finishing the sending before the filters have time to respond.
Clone
Phishing
With this technique, a legitimate email — from, say, a financial institution or government entity — is copied almost verbatim, complete with graphics, but usually with the links changed to malicious URLs.
With this technique, a legitimate email — from, say, a financial institution or government entity — is copied almost verbatim, complete with graphics, but usually with the links changed to malicious URLs.
Whaling
Whaling attacks target top employees, such as CEOs, CFOs or CIOs. This kind of attack can be appealing to cybercriminals because more information is publicly available about these high-profile targets, and they tend to have more access to sensitive information at a company.
Whaling attacks target top employees, such as CEOs, CFOs or CIOs. This kind of attack can be appealing to cybercriminals because more information is publicly available about these high-profile targets, and they tend to have more access to sensitive information at a company.
Tabnabbing
The simple idea behind tabnabbing is that by spoofing and directing users to fake sites, they’ll enter usernames and passwords, which can then be used by the perpetrators to log into the real sites. It’s called tabnabbing because it exploits the tendency of users to have many tabs open. By opening a new tab on a malicious site that displays only a username and password form, the user may assume that one of their legitimate tabs simply timed out, and may enter the credentials to log back in.
The simple idea behind tabnabbing is that by spoofing and directing users to fake sites, they’ll enter usernames and passwords, which can then be used by the perpetrators to log into the real sites. It’s called tabnabbing because it exploits the tendency of users to have many tabs open. By opening a new tab on a malicious site that displays only a username and password form, the user may assume that one of their legitimate tabs simply timed out, and may enter the credentials to log back in.
In-Session
Phishing
As stated above, users tend to have multiple tabs open while using their browsers. Pop-up messages appear, and could theoretically come from any of the open tabs. Cybercriminals can in some instances use this confluence of circumstances to launch a pop-up from one tab that appears to be from another. For example, let’s say a user has a dozen tabs open — one is a gaming site, another is a bank website. Malicious code on the gaming site could detect the banking site and launch a pop-up that spoofs the banking site, asking for, among other things, login credentials. This attack could work in a less targeted way even without knowledge of the specific site in the other tab. A generic pop-up could trick enough users to be worthwhile to malicious actors.
As stated above, users tend to have multiple tabs open while using their browsers. Pop-up messages appear, and could theoretically come from any of the open tabs. Cybercriminals can in some instances use this confluence of circumstances to launch a pop-up from one tab that appears to be from another. For example, let’s say a user has a dozen tabs open — one is a gaming site, another is a bank website. Malicious code on the gaming site could detect the banking site and launch a pop-up that spoofs the banking site, asking for, among other things, login credentials. This attack could work in a less targeted way even without knowledge of the specific site in the other tab. A generic pop-up could trick enough users to be worthwhile to malicious actors.
Reverse
Tabnabbing
Similar to tabnabbing, reverse tabnabbing is where a legitimate page open in a tab is replaced with a fraudulent version in the same tab. That fake page times out, requiring the username and password, which is then stolen.
Similar to tabnabbing, reverse tabnabbing is where a legitimate page open in a tab is replaced with a fraudulent version in the same tab. That fake page times out, requiring the username and password, which is then stolen.
Email
Spoofing
This practice involves forging an email header to make an email appear to come from a legitimate or friendly source. This technique may also be used to evade spam filters or as part of an identity theft scheme.
This practice involves forging an email header to make an email appear to come from a legitimate or friendly source. This technique may also be used to evade spam filters or as part of an identity theft scheme.
Website
Forgery
Website forgery involves either a fake, but legitimate looking, website, or a fraudulent replica of a legitimate site to trick users into giving up sensitive information.
Website forgery involves either a fake, but legitimate looking, website, or a fraudulent replica of a legitimate site to trick users into giving up sensitive information.
Link
Manipulation
This is an umbrella term that covers any attempt to hide URLs or trick users into falsely believing that a fraudulent URL is legitimate.
This is an umbrella term that covers any attempt to hide URLs or trick users into falsely believing that a fraudulent URL is legitimate.
Link
Hiding
Users can’t detect a suspicious URL if they can’t see it. That’s why phishers often hide URLs by sending HTML emails, where the URL is activated by the hyperlink (hyperlinks with the right words link to the wrong websites). Malicious URLs can also be hidden using URL shorteners or PDF files.
Users can’t detect a suspicious URL if they can’t see it. That’s why phishers often hide URLs by sending HTML emails, where the URL is activated by the hyperlink (hyperlinks with the right words link to the wrong websites). Malicious URLs can also be hidden using URL shorteners or PDF files.
Typosquatting
Cybercriminals have long registered URLs that are similar to popular URLs owned by major brands in the hopes that someone will misspell the desired URL and land on theirs. Labels associated with this simple idea include URL hijacking, fake URLs, cybersquatting and brandjacking. URLs with subtle typos are also used in phishing attacks because victims may not notice the misspelling and click with confidence.
Cybercriminals have long registered URLs that are similar to popular URLs owned by major brands in the hopes that someone will misspell the desired URL and land on theirs. Labels associated with this simple idea include URL hijacking, fake URLs, cybersquatting and brandjacking. URLs with subtle typos are also used in phishing attacks because victims may not notice the misspelling and click with confidence.
Homograph
Attack
Domain names can use multiple alphabets. Some letters in different alphabets look identical. A homograph attack is one that exploits this fact to create a fraudulent URL that looks perfectly legitimate. For example, by using a lowercase Cyrillic letter “A” instead of a lowercase “A” from the English alphabet, a URL appears as if it’s all English, but is viewed by the domain name system as a different URL. Financial institutions with the letter “A” in their names, such as Bank of America or PayPal, are frequent subjects of homograph attacks.
Domain names can use multiple alphabets. Some letters in different alphabets look identical. A homograph attack is one that exploits this fact to create a fraudulent URL that looks perfectly legitimate. For example, by using a lowercase Cyrillic letter “A” instead of a lowercase “A” from the English alphabet, a URL appears as if it’s all English, but is viewed by the domain name system as a different URL. Financial institutions with the letter “A” in their names, such as Bank of America or PayPal, are frequent subjects of homograph attacks.
Wednesday, June 12, 2019
New Security Warning Issued For Google's 1.5 Billion Gmail And Calendar Users
For those that use Gmail for personal email.
Google’s Gmail email service is used by upwards of 1.5 billion people. The Google Calendar app, meanwhile, has been downloaded more than a billion times from the Play Store. Security researchers have this week warned that threat actors are exploiting the popularity of both in order to target users with a credential-stealing attack. Here’s what you need to know.
In what the researchers refer to as a “sophisticated scam,” users of the Gmail service are being targeted primarily through the use of malicious and unsolicited Google Calendar notifications. Anyone can schedule a meeting with you, that’s how the calendar application is designed to work. Gmail, which receives the notification of the invitation, is equally designed to tightly integrate with the calendaring functionality.
The researchers have noticed attackers throughout the last month using this technique to effectively spam users with phishing links to credential stealing sites. By populating the location and topic fields to announce a fake online poll or questionnaire with a financial incentive to participate, the threat actors encourage the victim to follow the malicious link where bank account or credit card details can be collected. By exploiting such a “non-traditional attack vector,” the criminals can get around the fact that people are increasingly aware of common methods to encourage link-clicking.
If turning off the automatic adding of events to your calendar is impractical, and it’s likely to be just that for many who rely on this type of scheduling, then Boris Cipot, a senior security engineer at Synopsys, has some general mitigation advice. “Question every email and in this case invitation you receive,” he says, “if it feels weird, wrong or unusual then ask the person who sent this invite if they really sent it.”
Google’s Gmail email service is used by upwards of 1.5 billion people. The Google Calendar app, meanwhile, has been downloaded more than a billion times from the Play Store. Security researchers have this week warned that threat actors are exploiting the popularity of both in order to target users with a credential-stealing attack. Here’s what you need to know.
What does this attack involve?
Security researchers working at Kaspersky
have revealed how threat actors are using the tight, and automatic, integration
between different Google services in order to target users with malicious
exploits.In what the researchers refer to as a “sophisticated scam,” users of the Gmail service are being targeted primarily through the use of malicious and unsolicited Google Calendar notifications. Anyone can schedule a meeting with you, that’s how the calendar application is designed to work. Gmail, which receives the notification of the invitation, is equally designed to tightly integrate with the calendaring functionality.
When a calendar invitation is sent to a user,
a pop-up notification appears on their smartphone. The threat actors craft
their invitations to include a malicious link, leveraging the trust that user
familiarity with calendar notifications brings with it.
The researchers have noticed attackers throughout the last month using this technique to effectively spam users with phishing links to credential stealing sites. By populating the location and topic fields to announce a fake online poll or questionnaire with a financial incentive to participate, the threat actors encourage the victim to follow the malicious link where bank account or credit card details can be collected. By exploiting such a “non-traditional attack vector,” the criminals can get around the fact that people are increasingly aware of common methods to encourage link-clicking.
How can you best mitigate the risk?
Kaspersky advises users to turn off the
automatic adding of calendar invitations by going to the “Event Setting” menu
in Google Calendar and disabling the “automatically add invitations” option by
enabling the “only show invitations to which I’ve responded” one instead.
Furthermore, it is advised that “Show declined events” in the View Options
section is also left unchecked.
If turning off the automatic adding of events to your calendar is impractical, and it’s likely to be just that for many who rely on this type of scheduling, then Boris Cipot, a senior security engineer at Synopsys, has some general mitigation advice. “Question every email and in this case invitation you receive,” he says, “if it feels weird, wrong or unusual then ask the person who sent this invite if they really sent it.”
Monday, June 3, 2019
Impersonation Phishing Attacks Up 67% in Last 12 Months
Social engineering attacks using impersonation tactics increased by 67%
over the past twelve months, according to Mimecast’s annual State of Email
Security report. Mimecast surveyed more than a thousand organizations around
the world and found that 94% of them had been targeted by phishing attacks in
the past year. More than half of the organizations said these attacks were
increasing, and 41% observed a rise in internal malicious emails due to
compromised accounts.
The spike in impersonation attacks is the report’s most striking finding. These attacks can be highly targeted, as in the case of business email compromise scams. They can also use the branding of well-known companies and services to increase the efficiency of widespread phishing campaigns. Of the organizations who were affected by impersonation attacks, 73% experienced losses of customers, money, or data.
Mimecast’s press release states that “social engineering attacks are a rising concern for organizations because they’re often one of the most difficult to control.” As security technologies get better at blocking automated phishing campaigns and off-the-shelf malware, attackers are increasingly relying on social engineering to make their attacks more effective.
The spike in impersonation attacks is the report’s most striking finding. These attacks can be highly targeted, as in the case of business email compromise scams. They can also use the branding of well-known companies and services to increase the efficiency of widespread phishing campaigns. Of the organizations who were affected by impersonation attacks, 73% experienced losses of customers, money, or data.
Mimecast’s press release states that “social engineering attacks are a rising concern for organizations because they’re often one of the most difficult to control.” As security technologies get better at blocking automated phishing campaigns and off-the-shelf malware, attackers are increasingly relying on social engineering to make their attacks more effective.
"Delete" Notification as Office 365 Phishbait
Attackers are posing as Office
365 support in phishing emails that warn users about
an “unusual volume of file deletion” on their accounts, BleepingComputer has
found. The emails claim that a medium-severity alert was triggered by fifteen
file deletions within five minutes. If victims click on the link to view the
alert’s details, they’ll be taken to a spoofed Microsoft login page. The
attackers will then collect their credentials before forwarding them to the
legitimate Microsoft login portal.
A notable feature of this
campaign is that the phishing pages are hosted on Microsoft’s Azure cloud
services, so the URLs end with “windows.net.” As a result, even users who know
that they should inspect the top-level and second-level domains of the URL
could still fall for the scam. Azure-hosted sites are also secured with
Microsoft SSL certificates, increasing the appearance of authenticity.
Researchers
have discovered hundreds of phishing sites hosted on Azure and other cloud
services in the past month. While Microsoft takes these sites down as quickly
as it can, the sheer volume of malicious domains means that attackers usually
have several days to carry out their attacks. Additionally, when their sites
are shut down, they can easily set up more.
Subscribe to:
Posts (Atom)