Tag Archive for: Technical

Are Technical Support Scams Getting More Advanced?


Technical support scams (TSS) are responsible for a growing amount of financial losses year after year. Nevertheless, while the victims are losing more money than ever, the number of interactions between criminals and victims is decreasing. Why? Because the scammers are getting better at what they do. In this paper, I demonstrate through examples how the TSS practices have become more advanced recently.

This article is available in a more reader-friendly format to download from here.

Abstract

First, the criminals improved their existing methodologies. Second, they introduced new practices to make the TSS schemes more lucrative. One of these improvements is the transition to robocalls, which enables TSS call centres to engage more people than ever. This shift to the auto-dialler approach allows call centres to find people more susceptible to TSS. The second significant change affects the management of online advertisements. The magnitude of TSS advertising campaigns assumes large-scale infrastructures, software logic and automation capable of delivering the pop-up ads more effectively. Also, TSSs borrow practices like code obfuscation and context-aware evasion practices from the malware world to improve their advertisements further. Other additions to the TSS industry include specialisation and the division of labour. TSS operations were found to divide their business up into advertising and call centre divisions. This segregation of duties allows the entities to optimise their core business processes. For example, call centres now employ English tutors to improve their staff members’ communication and English-language skills. In conclusion, my discoveries demonstrate how TSSs can trick more money out of the victims than before. Also, the number of interactions between scammers and their victims is shrinking because TSSs can engage the more gullible.

Introduction

Social engineering, scams, and fraud are well-known criminal activities that eventually found their way into cyberspace. These crimes are not only responsible for direct financial losses but also foster fear and distrust within internet users. In other words, netizens are less likely to trust individuals, businesses,…

Source…

Technical Analysis of DanaBot Obfuscation Techniques


Key Points

DanaBot is a malware-as-a-service platform discovered in 2018 that is designed to steal sensitive information that may be used for wire fraud, conduct cryptocurrency theft, or perform espionage related activities

The malware is heavily obfuscated which makes it very difficult and time consuming to reverse engineer and analyze
Zscaler ThreatLabz has reverse engineered the various obfuscation techniques used by DanaBot and developed a set of tools using IDA Python scripts to assist with binary analysis

DanaBot, first discovered in 2018, is a malware-as-a-service platform that threat actors use to steal usernames, passwords, session cookies, account numbers, and other personally identifiable information (PII). The threat actors may use this stolen information to commit banking fraud, steal cryptocurrency, or sell access to other threat actors.

While DanaBot isn’t as prominent as it once was, the malware is still a formidable and active threat. Recently, version 2646 of the malware was spotted in the wild and also a researcher tweeted screenshots of Danabot’s advertisement website shown in Figure 1.

Figure 1: DanaBot’s advertisement website

Unfortunately, the DanBot developers have done a very good job of obfuscating the malware code. Therefore, it is very difficult and time consuming process to to reverse engineer and analyze. This is a companion blog post to a set of IDA Python scripts that Zscaler ThreatLabz is releasing on our Github page. The goal of the scripts is to help peel away some of the layers of DanaBot’s obfuscations and inspire additional research into not only the obfuscation techniques, but the malware itself.

Technical Analysis

The following sections summarize the numerous techniques that the DanaBot developers have implemented to obfuscate the malware binary code.

Junk Byte Jumps

One of the first anti-analysis techniques that DanaBot employs is a “junk byte jump” instruction. This is an anti-disassembly technique where a jump instruction will always jump over a junk byte. The junk byte is skipped during normal program execution, but causes IDA Pro to display an incorrect disassembly. An example of this technique is shown in Figure…

Source…

Grid Cards – MFA without the technical overhead


This is part four of our MFA blog series for Cybersecurity Awareness Month. You can read up on blog one here, blog two here, and blog three here.

We already know the importance of multi-factor authentication (MFA) to secure access to resources for users in a world where passwords are the single largest attack vector. In a recent study, it was found that 81% of hacking-related breaches leveraged either stolen and/or weak passwords.

When thinking about MFA, many people automatically think about using mobile push notifications, SMS one time passcodes (OTP), and other mobile-centric authentication methods. But what about when frontline or field employees need access to critical resources and systems and don’t have access to a mobile device or where mobile devices are not allowed due to the sensitive nature of the data being accessed? Here are some scenarios where the use of mobile devices is not feasible:

  • Outsourced call centers with employees accessing systems connecting to sensitive data within your organization like customer PII.
  • Part-time customer service employees that handle critical customer data in order to provide a user with effective customer support.
  • Military field personnel that cannot use electronic forms of authentication due to the possibility of transmission interception.
  • Mobile emergency workers in emergency situations and it is not convenient or possible to carry mobile devices.

How do you enable MFA for these employees?

One way is the use of Physical keys like FIDO keys. But these can prove to be too expensive and inefficient to support. Keys can be lost or damaged and have to be replaced. When employees quit or new employees join, they need to be wiped and reconfigured.

What are Grid cards and how do they work?

Grid cards are an easy to use and cost effective way to provide MFA for users that cannot use mobile devices to log in to the required systems and applications. The Entrust Grid Card is a paper-based card that can be printed from a PDF file and contains a grid of rows and columns that consist of numbers and characters. As part of the MFA process, users are presented with a coordinate challenge and must respond with the information in the corresponding…

Source…

MAG Aerospace Wins $258M Army Program Executive Office Intelligence, Electronic Warfare and Sensors (PEO IEW&S) Project Manager Electronic Warfare & Cyber (PM EW&C) Systems Engineering Technical Assistance Contract. – goskagit.com



MAG Aerospace Wins $258M Army Program Executive Office Intelligence, Electronic Warfare and Sensors (PEO IEW&S) Project Manager Electronic Warfare & Cyber (PM EW&C) Systems Engineering Technical Assistance Contract.  goskagit.com

Source…