News

CyberBakery Chronicles

Edwin Kwan Gurvinder Pal Singh, The CyberChef

Edwin Kwan, Gurvinder Pal Singh, The CyberChef

4 min read
CyberBakery Chronicles

Your Weekly Cybersecurity Update (26 July 2024)

  • Crucial Seizure: Australian Police Intercept 318 Million Phishing Texts
  • Protect Your Company: Beware of Fake CrowdStrike Fixes
  • Google U-Turns on Third-Party Cookie Phaseout
  • North Korean Hacker Poses as IT Worker in Attempted Cyberattack
  • KnowBe4 Hires Fake North Korean IT Worker, Catches New Employee Planting Malware
  • Phish-Friendly Domain Registry “.top” Put on Notice

Crucial Seizure: Australian Police Intercept 318 Million Phishing Texts

Australian police seized a large number of devices and thousands of SIM cards during raids in multiple states to combat SMS phishing attacks. In New South Wales, 26 devices capable of sending large volumes of text messages were found, and three were uncovered in Victoria. The seized SIM boxes had been used to send over 318 million messages, scamming victims out of millions of dollars. Six arrests were made, and charges have been laid. The investigation was conducted by NSW Police and the AFP-led Joint Policing Cybercrime Coordination Centre. Detective Superintendent Tim Stainton highlighted the potential for the SIM boxes to distribute between four and six million fraudulent messages every day if not disrupted through police action.

Protect Your Company: Beware of Fake CrowdStrike Fixes

Threat actors are seizing the opportunity presented by the extensive business disruption resulting from the glitchy update from CrowdStrike on Friday last week. They are specifically targeting companies by using data deletion tools and remote access methods. Meanwhile, as businesses are urgently seeking assistance to rectify the impact on their Windows systems, researchers and government agencies have detected a surge in phishing emails attempting to capitalise on the situation. This will continue for the coming days and weeks. The U.K. National Cyber Security Center (NCSC) has issued a warning regarding a rise in phishing messages that are exploiting the outage. AnyRun, an automated malware analysis platform, has also detected a surge in attempts to impersonate CrowdStrike, which could result in phishing attacks.

In a major policy reversal, Google has abandoned its plans to phase out third-party tracking cookies in its Chrome web browser.

The tech giant, which has faced intense scrutiny and regulatory pressure over its Privacy Sandbox initiative, will instead introduce a new system that gives users more control over their data.

The decision comes after years of delays and industry backlash. While Apple and Mozilla have already blocked third-party cookies, Google's dominance in the browser market made its implementation more complex.

Privacy advocates and competitors have raised concerns about Google's proposed alternatives, arguing that they could still allow for extensive user tracking. Apple, for instance, has criticized Google's Topics API, claiming it could be used to create detailed user profiles.

The UK's Competition and Markets Authority (CMA) is closely monitoring Google's new approach and will assess its impact on user privacy and competition in the digital advertising market.

This latest development marks another chapter in the ongoing battle between tech companies, regulators, and privacy advocates over the future of online advertising and user data.

North Korean Hacker Poses as IT Worker in Attempted Cyberattack

A security firm, KnowBe4, has foiled an attempt by a North Korean hacker to infiltrate its systems by posing as a legitimate software engineer. The company successfully identified and contained the threat before any damage was done.

The attacker believed to be affiliated with North Korea, submitted a fabricated resume and underwent a seemingly standard hiring process, including background checks and reference verification. However, upon receiving their work computer, the "employee" immediately attempted to download malware. KnowBe4's security team detected the suspicious activity and launched an investigation.

The investigation revealed that the applicant's photo was a deepfake generated from stock photography. Additionally, the attacker used social engineering tactics to explain away the suspicious activity, claiming to troubleshoot internet speed issues.

This incident highlights the evolving tactics of nation-state attackers and the importance of robust security measures for businesses. KnowBe4 recommends several preventative steps, including:

  • Enhanced vetting procedures: This could involve verifying physical location, scrutinizing resume inconsistencies, and conducting video interviews.
  • Improved background checks: Don't rely solely on email references and ensure thorough name verification.
  • Continuous security monitoring: Monitor for suspicious activity and unauthorized access attempts.
  • Employee security awareness training: Educate employees on social engineering tactics used by attackers.

The KnowBe4 case demonstrates the critical need for collaboration between HR, IT, and security teams to defend against sophisticated cyberattacks.

KnowBe4 Hires Fake North Korean IT Worker, Catches New Employee Planting Malware

Florida based leading security awareness training firm, KnowBe4, revealed that a North Korean operative successfully deceived the company's hiring background checks. The imposter, posing as a software engineer, brazenly attempted to plant malware on a company workstation within the first 25 minutes of employment.

It is crucial to be aware of the recent incident reported by KnowBe4 regarding a North Korean operative posing as a software engineer successfully infiltrating their hiring process and attempting to plant malware on a company workstation. This highlights the increasing sophistication of cyber threats and the importance of stringent security measures. It's a clear reminder of the need for robust background checks and ongoing security awareness training to protect against such malicious activities.

Phish-Friendly Domain Registry “.top” Put on Notice

The Chinese company operating the ".top" domain faces the risk of losing its license to sell domains if it fails to implement systems for managing phishing reports and suspending abusive domains by mid-August 2024. This warning follows findings that ".top" was the second most common domain suffix used for phishing websites in the past year, trailing only behind ".com" domains.

ICANN's letter to the .top domain registry highlighted the lack of a proper process for addressing reports of phishing attacks involving .top domains. Despite the warning, the registry, operated by Jiangsu Bangning Science & Technology Co. Ltd, has not responded to requests for comment. Based on a recent phishing report, .top domains were prominently used in phishing activities, with over 117,000 identified as phishing sites in the past year. This underscores the urgent need for the registry to take action in combating abuse within its domain space.

Read more