Interpol shed light on social engineers
Under the auspices of Interpol, 76 countries participated in the operation under a code name First Light 2022. The aim was to target fraudsters who use social engineering techniques in their operations, such as various types of phishing. The operation was very successful, and the participating states managed to seize a total of over $ 50 million from the fraudsters and arrest thousands of them within two months.
For example, intelligence exchanged during the operation helped the Singapore police resolve a case where a juvenile victim was forced to send videos of her parents with false injuries and demanded a ransom of 1.5 million euros. A fraudster from China was also arrested in Papua New Guinea, who was linked to an extensive pyramid scheme. Ponzi scheme and deprived almost 24,000 victims of approximately 34 million euros.
Interpol also mapped current trends in social engineering that it encountered in the investigation. These include the rise of vishing fraud, where criminals impersonate bank clerks, frauds where an attacker impersonates an Interpol official, new ways of using social platforms for human trafficking, and new ways in which attackers launder the money raised from fraud.
Rapid7 has released a new version of Metasploit
A new version of the popular framework for penetration testing has been released – Metasploit 6.2.0. The updated version contains 138 new modules, dozens of new features and also fixes most known bugs. Users of the current version of Metasploit Framework can update it to the latest version using the msfupdate command. For example, the update will bring them the following new features:
- new plug-in for capturing login data
- new tool for running SMB v3 servers that can share a common directory (SMB v3 support has also been extended to all other modules)
- Meterpreter session network traffic logging (for example, for debugging purposes)
- and more
New privacy features in Windows 11
Users who are part of Windows Insiders can test upcoming features Windows 11 privacy system. The system will provide a clear list of all recent applications used sensitive information and connected devices. Users will be able to track which applications access location services, contacts, screenshots, or use a microphone or webcam.
The mentioned functionalities are another in a series of innovationsthat Microsoft is preparing for upcoming versions of Windows 11. In particular, they will help improve encryption, security, protection against cyber security threats, and block malicious applications and drivers.
Contactless attack on touch screens
As part of the Usenix Security Symposium, researchers presented an attack on smart devices called GhostTouch. This is the type of attack where a potential attacker can contactlessly operate capacitive touch screen from a distance of up to 40 millimeters. Using an electromagnetic interference (EMI) generator and an antenna that transmits it to the touch screen, the researchers were able to disrupt the measurement of capacitive touch screens and thus create arbitrary behavior and activities on them.
The potential attack scenario presented by the researchers took place in a public place (cafe, library, school), where the attacker placed the necessary equipment at the bottom of the table, and if the victim placed the device screen down, the attacker was able to screen the device after finding its model and brand. control. Although this is a theoretical scenario and is unlikely to be exploited, attackers can use GhostTouch to perform a number of malicious actions, such as initiating calls and downloading malware.
Network devices under attack from China
The US agencies CISA, NSA and FBI have released a report on the increasing number of attacks aimed at large telecommunications companies and Internet connection providers. The most common attack vectors are exploits for known vulnerabilities in routers, VPN hubs, and other network elements of companies Cisco, MikroTik, Zyxel and others. Other frequently infected devices are NAS applications. These seem to be a frequent target, as administrators may overlook the importance of the vulnerability management of these facilities.
The attackers allegedly are building an extensive infrastructure, thanks to which they are preparing the ground for another possible attack and the initial compromised devices indicate in many respects connections to servers with an IP address belonging to a Chinese ISP.
This infrastructure is also used to access servers and devices, which then serve as Command and Control domains, email servers and other services for attackers’ activities. The attackers are also adding publicly available tools and services to their toolset to make them less visible in network traffic and thus try to disguise their presence.
Users are encouraged to update their devices, block unnecessary ports or services, and replace unsupported devices.
MetaMask and Phantom warn of a bug that could jeopardize your crypto wallet
MetaMask and Phantom crypto-wallets, which are used to store both cryptocurrencies and NFT warn of vulnerabilitywhich allows access to accounts through the recovery phrase. This phrase serves, as a human readable form, to remember the wallet’s private key.
The vulnerability was found by Halborn’s blockchain security company and named “Demonic”. It was first seen in the fall of 2021 and was given the label CVE-2022–32969.
The attack works by using the BIP39 mnemonic as an input field, which allows you to save the phrase to your computer as plain text. The attacker with disk access then gains access to the wallet using this phrase.
—
This attack can be prevented by encrypting the disk and also by not clicking on the text display button during the import. MetaMask and Phantom have already fixed this bug in the patch. Migration of assets to a new account is also considered if you suspect that this vulnerability may have affected you.
Other interesting things
For fun
Your time has come, IE.
–
About the series
This series is published alternately with the help of staff National Security Team CSIRT.CZ operated by the association CZ.NOT and the security team CESNET-CERTS association CESNETsecurity team ALEF-CSIRT and security expert Jan Kopřiva. More about the series…
–
