Thursday, September 23, 2021

Colombian Real Estate Agency Leak Exposes Records Of Over 100,000 Buyers.

 


More than one terabyte of data containing 5.5 million files has been left exposed, leaking personal information of over 100,000 customers of a Colombian real estate firm, according to cybersecurity company WizCase.

The breach was discovered by Ata Hakçıl and his team in a database owned by Coninsa Ramon H, a company that specializes in architecture, engineering, construction, and real estate services. "There was no need for a password or login credentials to see this information, and the data was not encrypted,"

The data exposure is the result of a misconfigured Amazon Web Services (AWS) Simple Storage Service (S3) bucket, causing sensitive information such as clients' names, photos, and addresses to be disclosed. The details stored in the bucket range from invoices and income documents to quotes and account statements dating between 2014 and 2021. The complete list of information contained in the documents is as follows -

  • Full names
  • Phone numbers
  • Email addresses
  • Residential addresses
  • Amounts paid for estates, and
  • Asset values

In addition, the bucket is also said to contain a database backup that includes additional information such as profile pictures, usernames, and hashed passwords. Troublingly, the researchers said they also found malicious, backdoor code in the bucket that could be exploited to gain persistent access to the website and redirect unsuspecting visitors to fraudulent pages.

It's not immediately clear if these files were put to use by bad actors in any campaign. Coninsa Ramon H did not respond to inquiries from The Hacker News sent via email regarding the vulnerability.

"Based on viewing a sample of the documents, […] the misconfiguration revealed $140 to $200 billion in transactions, or an annual transaction history of at least $46 billion," the researchers said. "For perspective, that's roughly 14% of Colombia's total economy."

The highly confidential nature of the data contained within the database makes it highly susceptible to exploitation by cybercriminals to mount phishing attacks and conduct a variety of fraud or scam activities, including tricking users into making additional payments and worse, reveal more personally identifiable information by tampering with the website's backend infrastructure.

 

 

 

at No comments:

Microsoft Warns Of A Wide-Scale Phishing-As-A-Service Operation.


 

Microsoft has opened the lid on a large-scale phishing-as-a-service (PHaaS) operation that's involved in selling phishing kits and email templates as well as providing hosting and automated services at a low cost, thus enabling cyber actors to purchase phishing campaigns and deploy them with minimal efforts.

"With over 100 available phishing templates that mimic known brands and services, the BulletProofLink operation is responsible for many of the phishing campaigns that impact enterprises today," Microsoft 365 Defender Threat Intelligence Team said in a Tuesday report.

"BulletProofLink (also referred to as BulletProftLink or Anthrax by its operators in various websites, ads, and other promotional materials) is used by multiple attacker groups in either one-off or monthly subscription-based business models, creating a steady revenue stream for its operators."

The tech giant said it uncovered the operation during its investigation of a credential phishing campaign that used the BulletProofLink phishing kit on either on attacker-controlled sites or sites provided by BulletProofLink as part of their service. The existence of the operation was first made public by OSINT Fans in October 2020.


 

 

Phishing-as-a-service differs from traditional phishing kits in that unlike the latter, which are sold as one-time payments to gain access to packaged files containing ready-to-use email phishing templates, they are subscription-based and follow a software-as-a-service model, while also expanding on the capabilities to include built-in site hosting, email delivery, and credential theft.

Believed to have been active since at least 2018, BulletProofLink is known to operate an online portal to advertise their toolset for as much as $800 a month and allow cybercrime gangs to register and pay for the service. Customers can also avail of a 10% discount should they opt to subscribe to their newsletter, not to mention pay anywhere between $80 to $100 for credential phishing templates that allow them to siphon login information entered by unsuspected victims upon clicking a malicious URL in the email message.

Troublingly, the stolen credentials are not only sent to the attackers but also to the BulletProofLink operators using a technique called "double theft" in a modus operandi that mirrors the double extortion attacks employed by ransomware gangs.

"With phishing kits, it is trivial for operators to include a secondary location for credentials to be sent to and hope that the purchaser of the phish kit does not alter the code to remove it," the researchers said. "This is true for the BulletProofLink phishing kit, and in cases where the attackers using the service received credentials and logs at the end of a week instead of conducting campaigns themselves, the PhaaS operator maintained control of all credentials they resell."

 

at No comments:

Wednesday, September 15, 2021

Worm, Virus & Trojan Horse.

 



Some of the skills that hackers have are programming and computer networking skills. They often use these skills to gain access to systems. The objective of targeting an organization would be to steal sensitive data, disrupt business operations or physically damage computer controlled equipment. Trojans, viruses, and worms can be used to achieve the above-stated objectives.

In this article, we will introduce you to some of the ways that hackers can use Trojans, viruses, and worms to compromise a computer system. We will also look at the countermeasures that can be used to protect against such activities.

What Is A Trojan Horse?

A Trojan horse is a program that allows the attack to control the user’s computer from a remote location. The program is usually disguised as something that is useful to the user. Once the user has installed the program, it has the ability to install malicious payloads, create backdoors, install other unwanted applications that can be used to compromise the user’s computer, etc.

The list below shows some of the activities that the attacker can perform using a Trojan horse.

  • Use the user’s computer as part of the Botnet when performing distributed denial of service attacks.
  • Damage the user’s computer (crashing, blue screen of death, etc.)
  • Stealing sensitive data such as stored passwords, credit card information, etc.
  • Modifying files on the user’s computer
  • Electronic money theft by performing unauthorized money transfer transactions
  • Log all the keys that a user presses on the keyboard and sending the data to the attacker. This method is used to harvest user ids, passwords, and other sensitive data.
  • Viewing the users’ screenshot
  • Downloading browsing history data

What Is A Worm?

 

A worm is a malicious computer program that replicates itself usually over a computer network. An attacker may use a worm to accomplish the following tasks;

  • Install backdoors on the victim’s computers. The created backdoor may be used to create zombie computers that are used to send spam emails, perform distributed denial of service attacks, etc. the backdoors can also be exploited by other malware.
  • Worms may also slowdown the network by consuming the bandwidth as they replicate.
  • Install harmful payload code carried within the worm.

What Is A Virus?


 

  • A virus is a computer program that attaches itself to legitimate programs and files without the user’s consent. Viruses can consume computer resources such as memory and CPU time. The attacked programs and files are said to be “infected”. A computer virus may be used to;
  • Access private data such as user id and passwords
  • Display annoying messages to the user
  • Corrupt data in your computer
  • Log the user’s keystrokes

Computer viruses have been known to employ social engineering techniques. These techniques involve deceiving the users to open the files which appear to be normal files such as Word or Excel documents. Once the file is opened, the virus code is executed and does what it’s intended to do.

Trojans, Viruses, And Worms Counter Measures.


 

  • To protect against such attacks, an organization can use the following methods.
  • A policy that prohibits users from downloading unnecessary files from the Internet such as spam email attachments, games, programs that claim to speed up downloads, etc.
  • Anti-virus software must be installed on all user computers. The anti-virus software should be updated frequently, and scans must be performed at specified time intervals.
  • Scan external storage devices on an isolated machine especially those that originate from outside the organization.
  • Regular backups of critical data must be made and stored on preferably read-only media such as CDs and DVDs.
  • Worms exploit vulnerabilities in the operating systems. Downloading operating system updates can help reduce the infection and replication of worms.
  • Worms can also be avoided by scanning, all email attachments before downloading them.

 

at No comments:
Subscribe to: Posts (Atom)

The Benefits Of Blockchain In The Travel Industry.

  Blockchain technology advocates say it’s poised to disrupt numerous industries, ranging from finance to supply chain tracking and real e...