Police bust reveals sophisticated phishing-as-a-service platform
Police from numerous countries have arrested 37 people and seized websites all related to the use of a Phishing-as-a-Service technology called LabHost that offered phishing pages that target banks and other businesses located mostly in Canada, the U.S., and the U.K. According to Trend Micro, LabHost, is designed to replicate “banks, government entities, and other major organizations, deceiving users into entering their credentials and two-factor authentication (2FA) codes.” Victims are driven there through phishing campaigns, and the ease of use of LabHost and its integrated and automated campaign management tool named LabRat lowers the barrier to entry for people looking for an easy way to get into the phishing business.
Students turn to cyberfraud to boost their incomes
One development from the LabHost story is the discovery by police in the UK of the number of university students who have turned to cyberfraud using platforms like LabHost to make some easy money, largely by selling the personal data that their phishing campaigns produce. Metropolitan Police Detective Inspector Oliver Richter speaking to The Guardian, said, “five years ago a cyber fraudster would need technical skills, like being able to code.” He added that many of the phishing-as-a-service users are younger, they’re at university, and very likely to go on to perfectly legitimate careers. “They see this, because it is so easy to do, as something that is anonymous.”
DuneQuixote campaign aims at Middle Eastern entities using CR4T malware
Researchers at Kaspersky are warning of a new malware campaign they discovered in February that targets government entities in the Middle East. Named by Kaspersky as DuneQuixote, it uses droppers along with tampered installer files for a legitimate tool named “Total Commander,” which deliver malicious code intended to download a backdoor named CR4T. The researchers add that “the group behind the campaign took steps to prevent collection and analysis of its implants and implemented practical and well-designed evasion methods both in network communications and in the malware code.”
Overlooked Windows Fibers offer handy route for malicious payload deployment
Independent security researcher Daniel Jary described Windows Fibers as “an alternative to the standard “threads” that Windows uses to execute code from the OS or an application.” They were developed “at a time when CPUs had fewer cores available to them and could accommodate only so many threads,” he added. More powerful processors have made Fibers redundant, but as he demonstrated through two proof-of-concept attacks in a session at Black Hat Asia on Thursday, they now represent “a largely undocumented code-execution pathway that is therefore largely overlooked by endpoint detection and response (EDR) platforms.
Huge thanks to this week’s episode sponsor, Conveyor
Ready to give the market leading AI for security questionnaires a spin? Try a free proof of concept at www.conveyor.com.
Don’t forget to mention this podcast for 5 free questionnaire credits when you purchase a Pro plan.
Michigan healthcare organization suffers data breach
Cherry Street Services, also known as Cherry Health suffered an attack on December 21, 2023, and initially notified patients in January, with an update in February. This week, the organization confirmed that this had been a ransomware incident and revealed that approximately 184,000 individuals were affected. The compromised information includes standard PII as well as information on health insurance, treatments, prescriptions, patient IDs, and financial account information.
Crude cheap ransomware tools proliferate on the dark web
In a story somewhat related to the LabHost issue, researchers at the intelligence unit at the cybersecurity firm Sophos have announced the increased presence of “cheap ransomware being sold for one-time use on dark web forums, allowing inexperienced freelancers to get into cybercrime.” They add these tools “differ from ransomware-as-a-service models because there are no affiliates involved who expect a cut of the profits.” The researchers add that low-skilled criminals use such tools at their own risk since they may also be defective or backdoored as part of a scam.
UN agency suffers ransomware attack
The United Nations Development Program, which works on poverty and inequality projects in 170 countries, has stated that the attack involved the theft of “personally identifiable information of some past and current personnel and procurement information relating to some suppliers and other contractors.” According to The Record, “when asked whether UNDP would pay a ransom, the spokesperson said they do not engage with threat actors and that “no ransom has or will be paid.” The targeted server was located in UN City in Copenhagen.
New Cadence supercomputers speed up creation of chips and software
San Jose-based Cadence Design Systems announced on Wednesday the latest version of its supercomputer based around a custom computing chip that is designed to speed up the creation of other computing chips and the software that will run on them. With customers including Nvidia and Apple, Cadence says the year-long design process required for current chips is essentially too long. Therefore, its two upgraded systems, Palladium Z3 and Protium X3, create a virtual version of a chip that can start writing software while waiting for the physical chip to come back from the factory.
(Reuters)