Discovered by CloudSEK, the malicious campaign relies on open source Android malware
Related Posts
New SnailLoad Side-Channel Attack Let Hackers Monitor Your Web Activity
New SnailLoad Side-Channel Attack Let Hackers Monitor Your Web Activity
Hackers often monitor web activities to gather several types of confidential data.
By tracking your online activities, hackers can tailor phishing schemes and social engineering attacks, which will increase their chances of success.
The following cybersecurity researchers from Graz University of Technology discovered SnailLoad, a novel side-channel attack that exploits network latency to infer user activities without requiring JavaScript, code execution, or user interaction:-
Stefan Gast
Roland Czerny
Jonas Juffinger
Fabian Rauscher
Simone Franza
Daniel Gruss
Among other things, it detects which videos are watched or the websites are visited on a victim’s machine by measuring variations in latency from an attacker-controlled server.
During testing, SnailLoad showed 98% accuracy in identifying the YouTube videos and 62.8% accuracy in recognizing top 100 websites consequently expanding previous man-in-the-middle attacks to remote environments.
Join our free webinar to learn about combating slow DDoS attacks, a major threat today.
SnailLoad Side-Channel Attack
SnailLoad is different from previous attacks that require a person-in-the-middle scenario. It operates passively from any internet server and requires minimal network activity.
By taking advantage of timing differences due to bufferbloat in the victim’s last-mile connection, SnailLoad can determine the sites visited by users with an accuracy of up to 98% for YouTube videos and 62.8% for top 100 websites over several internet technologies.
This technique can extend numerous network side-channel attacks to remote non-PITM scenarios, which pose fresh security issues.
Here below, we have mentioned the attack setup of SnailLoad:-
Victim-server communication occurs over varying network speeds.
The server has a high-speed connection, and the victim’s last mile is slower.
Attacker’s packets experience delays when the victim’s last mile is congested.
The attacker exploits packet delay patterns to infer the victim’s web activity.
SnailLoad varies in its effectiveness depending on network conditions and sampling rates. It can detect the download of files with a size above 512KB through any internet connection.
In video fingerprinting experiments conducted on ten home connections, a range of F1 scores between 37% and 98% was achieved, with fiber-based connections producing different results due to differences in bandwidths and shared infrastructures.
Website fingerprinting produced a macro-average F1 score of 62.8% for an open-world scenario, with performance that varied according to site attributes.
Moreover, SnailLoad is capable of finding out other user interactions like video calls consequently making it a possible tool for non-PITM network activity inference attacks.
SnailLoad proved to be 37-98% accurate in video fingerprinting during experiments on diverse internet connections, while its accuracy in website fingerprinting was 62.8%.
This indicates that multiple former network side channel attacks previously that were limited to man-in-the-middle settings could potentially be converted into remote, non-intrusive environments.
“Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!”- Free Demo
The post New SnailLoad Side-Channel Attack Let Hackers Monitor Your Web Activity appeared first on Cyber Security News.
Rapid7 Says ROI for Ransomware Remains High; Zero-Day Usage Expands
Rapid7 Says ROI for Ransomware Remains High; Zero-Day Usage Expands
A new report from Rapid7 says a ransomware gang like Cl0p would easily be able to afford a bevy of zero-day exploits for vulnerable enterprise software.
The post Rapid7 Says ROI for Ransomware Remains High; Zero-Day Usage Expands appeared first on SecurityWeek.
SecurityWeek RSS Feed
![Google’s New Tracking Protection in Chrome Blocks Third-Party Cookies](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEizdiIX8zNSCiCFr_1cW7w0d_rNhiVcSplDTuNRcdypPGGQwQSLUVhObgKdZ8UOZJEWCk1-mQbuJBDBaNtm9PrziwbSvphezB-brvmVSguzoaaHtfqVJbi3fcDAgmoId-y-oyLN1_itwk6EMSR-D76Gw8sGGQS5qq-mUyfFATTTrFq-gcDPWKT7sGCG-HvQ/s72-c/google.jpg)
Google’s New Tracking Protection in Chrome Blocks Third-Party Cookies
Google’s New Tracking Protection in Chrome Blocks Third-Party Cookies
Google on Thursday announced that it will start testing a new feature called "Tracking Protection" starting January 4, 2024, to 1% of Chrome users as part of its efforts to deprecate third-party cookies in the web browser.
The setting is designed to limit "cross-site tracking by restricting website access to third-party cookies by default," Anthony Chavez, vice president of Privacy Read More
The Hacker News | #1 Trusted Cybersecurity News Site