Tag Archive for: Domains

.ZIP domains, AI lies, and did social media inflame a riot? • Graham Cluley

/in


Smashing Security podcast #324: .ZIP domains, AI lies, and did social media inflame a riot?

ChatGPT hallucinations cause turbulence in court, a riot in Wales may have been ignited on social media, and do you think .MOV is a good top-level domain for “a website that moves you”?

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley.

Plus don’t miss our featured interview with David Ahn of Centripetal.

Hosts:

Graham Cluley – @gcluley
Carole Theriault – @caroletheriault

Guest:

Mark Stockley – @markstockley

Episode links:

Sponsored by:

  • Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
  • Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Zero Trust for Okta. Watch a demo today!
  • Centripetal – Centripetal’s CleanINTERNET defends your assets from cyber threats by leveraging dynamic threat intelligence on a mass scale.

Support the show:

You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

Follow us:

Follow the show on Twitter at @SmashinSecurity, or on Mastodon, on the Smashing Security subreddit, or visit our website for more episodes.

Thanks:

Theme tune: “Vinyl Memories” by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.

Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon’s Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy.
Follow him on Twitter at @gcluley, on Mastodon at @[email protected], or drop him an…

Source…

42,000 phishing domains discovered masquerading as popular brands

/in


Security researchers at Cyjax have uncovered a highly sophisticated and large scale phishing campaign in which the threat actors used as many as 42,000 phishing domains to distribute malware and gain ad revenue.

Campaign Details

Cyjax researchers noted that the threat actors have links to China and have been active since 2017. So far, the attackers, identified as the Fangxiao group, have spoofed over 400 brands from the banking, retail, travel, transport, pharmaceutical, energy, and finance sectors.

The group operates an extensive network comprising 42,000 domains used for impersonating famous brands. Their latest campaign aims to generate revenue from users who pay for traffic. At least 24,000 survey/landing domains have been used by the attackers to promote this scam since March 2022.

How does the Attack Works?

Fangxiao lures unsuspecting users to the malicious domains through WhatsApp messaging, informing them that they have won a prize. The users are redirected to fake dating sites, Amazon via affiliate links, adware, and giveaway sites. These sites appear convincing enough to the user. This brand impersonation campaign spoofs well-reputed names like McDonald’s, Unilever, Emirates, Knorr, and Coca-Cola.

Once visitors access the spoofed version of authentic brand sites, they are redirected to ad sites created by Fangxiao to generate money through fake surveys, promising the victim to win a prize upon completing it. Sometimes, the attacker may force Triada malware to be downloaded on the device when the victim clicks the Complete Registration button.

42,000 phishing domains discovered masquerading as popular brands
  1. Brand Protection is Essential for Cybersecurity
  2. Microsoft, PayPal & Facebook most targeted brands in phishing scams
  3. 240 top Microsoft Azure-hosted subdomains hacked to spread malware
  4. Hundreds of counterfeit branded shoe stores hacked with web skimmer

“As victims are invested in the scam, keen to get their ‘reward,’ and the site tells them to download the app, this has likely resulted in a significant number of infections,” Cyjax’s report (PDF) read.

Domain Analysis

The group uses 42,000 domains registered in 2019 through GoDaddy, Namecheap, and Wix….

Source…

Google blocks 30+ malicious domains used by hack-for-hire groups

/in


Google LLC’s Threat Analysis Group said today it has blocked more than 30 malicious domains linked to hack-for-hire groups from Russia, India and the United Arab Emirates.

The hack-for-hire firms have been actively targeting Gmail and Amazon Web Services Inc. accounts, among others, to carry out corporate espionage attacks against companies, human rights activists and journalists. The groups are said to take advantage of known security flaws when undertaking campaigns opportunistically.

Unlike commercial surveillance vendors who generally sell a capability to hack accounts to an end user to operate, hack-for-hire groups conduct the attacks themselves. Some hack-for-hire groups openly advertise their products and services to anyone willing to pay, while others work more discreetly, selling to a limited audience.

In one example, the researchers observed Indian hack-for-hire groups working with third-party private investigative services to provide data exfiltrated from a successful operation. The breadth of targets in hack-for-hire campaigns is said to stand in contrast to government-backed operations, which often have a more precise delineation of a mission and marks.

As a result of the research, all identified websites being used by the hack-for-hire groups have been added to Google’s Safe Browsing feature to protect users from further harm. The researchers also encourage users to enable Advance Protection and Google Account Level Enhance Safe Browsing to ensure that all devices are updated.

Google’s CyberCrime Investigation Group also shared the relevant details and indicators with law enforcement.

“We applaud Google’s Threat Analysis Group for taking action on these malicious domains used by hacker-for-hire groups,” Sean McNee, chief technology officer at cyber threat intelligence company DomainTools LLC, told SiliconANGLE. “These domains are a part of a larger concerted effort by APTs or other well-funded adversaries to achieve their desired outcomes via outsourced malicious activity.”

McNee explained that because hiding domain registration and infrastructure creation is becoming easier, network defenders need to move faster and be more nimble to track…

Source…

Govt. Agencies Seize Domains Used for Selling Credentials

/in


Cybercrime
,
Cybercrime as-a-service
,
Fraud Management & Cybercrime

DOJ: Now-Shuttered Site Sold Data Obtained from 10,000 data breaches

Prajeet Nair (@prajeetspeaks) •
June 4, 2022    

Govt. Agencies Seize Domains Used for Selling Credentials

The U.S. Department of Justice and the FBI announced that it has seized three domains after an international investigation that found these domains selling stolen personal information and providing access to conduct distributed denial-of-service attack on victim networks.

See Also: OnDemand | Understanding Human Behavior: Tackling Retail’s ATO & Fraud Prevention Challenge

The three seized internet domain names include weleakinfo.to and two related domain names, ipstress.in and ovh-booter.com.

“Today, the FBI and the Department stopped two distressingly common threats: websites trafficking in stolen personal information and sites which attack and disrupt legitimate internet businesses,” says Matthew M. Graves, U.S. Attorney for the District of Columbia. “Cybercrime often crosses national borders. Using strong working relationships with our international law enforcement partners, we will address crimes like these that threaten privacy, security, and commerce around the globe.”

WeLeakInfo.to Website

The site operated as a database and search engine, with the stolen data indexed so that users could search the files and information “illegally obtained in over 10,000 data breaches containing seven billion indexed records – including, for example, names, email addresses, usernames, phone numbers, and passwords for online accounts,” the DOJ…

Source…