Social Engineering

Social engineering is a manipulation technique that exploits human error to gain private information, access, or valuables. In cybercrime, these “human hacking” scams tend to lure unsuspecting users into exposing data, spreading malware infections, or giving access to restricted systems. Attacks can happen online, in-person, and via other interactions.

Scams based on social engineering are built around how people think and act. As such, social engineering attacks are especially useful for manipulating a user’s behavior. Once an attacker understands what motivates a user’s actions, they can deceive and manipulate the user effectively.

How Does Social Engineering Work?

  1. information on you or a larger group you are a part of.
  2. Infiltrate by establishing a relationship or initiating an interaction, started by building trust.
  3. Exploit the victim once trust and a weakness are established to advance the attack.
  4. Disengage once the user has taken the desired action.
  • Fear
  • Excitement
  • Curiosity
  • Anger
  • Guilt
  • Sadness

These Emotions very useful for social Engineering attacks..

Types of Social Engineering

Phishing attacks

  1. Spam phishing, or mass phishing, is a widespread attack aimed at many users. 
  2. Spear phishing and by extension, whaling , use personalized info to target particular users.

Scareware Attacks

Scareware is a form of malware used to frighten you into taking an action. This deceptive malware uses alarming warnings that report fake malware infections or claim one of your accounts has been compromised.

What is a DDoS attack?

A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.

 A DDoS attack is like an unexpected traffic jam clogging up the highway, preventing regular traffic from arriving at its destination.

How does a DDoS attack work?

DDoS attacks are carried out with networks of Internet-connected machines.

These networks consist of computers and other devices (such as IoT devices)which have been infected with malware, allowing them to be controlled remotely by an attacker. These individual devices are referred to as bots (or zombies), and a group of bots is called a botnet.

RED HAT HACKER ??

A red hat hacker is a hacker who takes aggressive steps to stop black hat hackers. While red hat hackers are not inherently evil, they do everything they can to stop the bad guys, including taking matters into their own hands. They go to the lengths of launching full-scale attacks to take down cybercriminals’ or cyber attackers’ servers and destroy their resources.

Red hat hackers are often dubbed the Robin Hoods of the virtual world. Like the heroic outlaw, they are not opposed to stealing back what the cybercriminals or cyber attackers stole from their victims. And like Robin Hood and his Merry Men, they won’t keep the stolen goods for themselves. Instead, they will give them back to their owners

Tools and Tactics Red Hat Hackers Use

Vulnerability exploits

Botnets for DDoS attacks

Malware

Hackers basically used kali linux and social Engineering…

Google Drive Now Accounts for 50% of Malicious Document Downloads

A report has provided a glimpse of how widely Google Drive is exploited by attackers to spread malware. The report states that, in 2021, around 50% of malicious office documents were delivered using Google Drive.

  • Until 2020, Microsoft OneDrive was the major source of malicious office documents, with a 34% share of all malicious document downloads.
  • However, that changed in 2021 with Google Drive taking over OneDrive. Microsoft OneDrive has the second-highest share at 19%.
  • Sharepoint is in the third position from where 15% of victims downloaded malicious office documents. This was followed by Gmail and Box at 4% and 3%, respectively, while the rest apps combinedly stood at 9%.

How to used google drive by cybercriminals

  • Cybercriminals create free accounts on cloud apps hosting services, upload malicious files and share them publicly or with selected individuals. 
  • Then, they wait until some unsuspecting users open up the file and infect their device with enclosed malware.

Europe’s biggest car dealer hit with ransomware attack

>The company — which has about 3,000 employees — generated $3.29 billion in sales in 2020 thanks to a variety of automobile-related businesses. It was ranked as a number 1 car dealership in Europe based on revenue and the total number of vehicles for sale. 

The FBI alert explains how the ransomware corrupts systems and backups before directing victims to a link to the group's "sales department" that can be accessed through a TOR browser. The link brings victims to a live chat with the people behind the attack, but the FBI noted that some victims have even been called by the attackers demanding ransoms.

“We live at a time when every government, every business, every person must focus on the threat of ransomware and take action to mitigate the risk of becoming a victim,” said CISA Director Jen Easterly. 

Millions of Android Users Targeted by Dark Herring

A fraudulent subscription campaign, called Dark Herring, has targeted over 100 million Android users around the world

Diving into Dark Herring

The Dark Herring campaign caused losses worth hundreds of millions of dollars by abusing millions of devices via their 470 Google Play Store apps.
  1. The apps subscribe users to premium services that charge $15 per month via Direct Carrier Billing (DCB).
  2. The operators of the Dark Herring campaign cashed out the subscriptions while users remained unaware of the infection and the fraudulent charges for a long time, sometimes several months.

Millions at risk

The fraudulent apps have been installed by 105 million users in 70 countries. 

Modus operandi

The attackers have used a sophisticated infrastructure  that received communications from all the users of 470 applications

  1. The installed app does not come with any malicious code. It uses a hard-coded encrypted string that leads the users to a first-stage URL hosted on Amazon’s CloudFront.
  2. The response from the server includes links to other JavaScript files hosted on AWS instances. These files are downloaded onto the compromised device

CONCLUSION :-

The Dark Herring campaign has been ongoing for almost two years and has targeted millions of users already. This indicates that sometimes downloading apps from genuine stores does not guarantee the safety of users. But, one must be watchful of activities occurring in their banking accounts.

Bank executives mostly concerned about cybercrime

In the survey, which collected responses from 279 executives from financial institutions across the nation, bankers ranked cybersecurity threats (26% of respondents) and recruiting/retaining employees (21% of respondents) as their top issues in 2022.

The results of this survey, with respondents representing diverse bank asset sizes, also provide new insight into how institutions plan to approach pressing issues like compilance, customer expectations and technological innovation. For instance, to enhance customer experience and expand market share, banks plan to prioritize digital tools, especially account opening (51% of respondents), customer relationship management (43% of respondents) and digital lending (36% of respondents).

Notably, bank leaders also expect open banking to grow in significance, particularly for digital transformation.

Finland warns of Facebook accounts hijacked via Messenger phishing

Finland’s National Cyber Security Centre (NCSC-FI) warns of an ongoing phishing campaign attempting to hijack Facebook accounts by impersonating victims’ friends in Facebook Messenger chats.

In the alert, the NCSC-FI says that all Facebook users who received messages from online acquaintances asking for their phone numbers and a verification number delivered via SMS are the targets of this ongoing scam.

If they provide the information they’re asked for, the attackers will take control of their accounts by changing the password and associated email address.

  1. They first send a message from the previously compromised friend’s account via Facebook Messenger.
  2. They ask for the target’s phone number, saying they want to help with registering for an online contest promising prizes of thousands of euros.
  3. The next stage involves asking for a code sent via SMS allegedly sent by the contest’s organizers to confirm the entry.
  4. If the SMS confirmation code is shared with the scammers, they will use it together with the phone number to access and hijack the victim’s Facebook account.
  5. Next, they will change the account password and email address and start forwarding similar scams to the victims’ friends.

2FA App Loaded with Banking Trojan Infests 10K Victims via Google Play

The Vultur trojan steals bank credentials but asks for permissions to do far more damage down the line.

After remaining available for more than two weeks, a malicious two-factor authentication (2FA) application has been removed from Google Play — but not before it was downloaded more than 10,000 times. The app, which is fully functional as a 2FA authenticator, comes loaded with the Vultur stealer malware that targets and swoops down on financial data.

Users with the malicious application, straightforwardly called “2FA Authenticator,” are advised by researchers at Pradeo to delete it from their device immediately since they still remain at risk — both from banking-login theft and other attacks made possible by the app’s extensive overpermissions.

The scam 2FA authenticator also asks for device permissions beyond what was disclosed in the Google Play profile, the Pradeo team said.

Design a site like this with WordPress.com
Get started