Bugs in the biometric protections on Android phones and iPhones allow the limit on the number of tries to unlock the devices with a fingerprint can be bypassed, allowing automated brute-force attacks. Read More
Related Posts
UNC3944 Hackers Acquire Corporate Logins Using SMS Phishing And Support Desk Calls
UNC3944 Hackers Acquire Corporate Logins Using SMS Phishing And Support Desk Calls
A financially driven threat group, UNC3944 has frequently employed phone-based social engineering and SMS phishing attacks to gain credentials and escalate access to target organizations.
The hacking group has been observed to target a wide range of businesses, including hospitality, retail, media and entertainment, financial services, and telecommunication and business process outsourcer (BPO) firms.
According to Mandiant, due to the group’s geographic diversity, it has shown a larger concentration on stealing huge amounts of confidential data for extortion and they appear to be familiar with Western commercial practices.
Additionally, UNC3944 has routinely used freely accessible tools, legal software, and malware that can be purchased on darknet forums.
Tactics, Techniques, And Procedures (TTPs)
To gain initial access to its victims, UNC3944 mainly depends on social engineering. They routinely call victim help desks and use SMS phishing operations to change passwords or get multifactor bypass codes.
Particularly, to avoid detection by security monitoring technologies, threat actors employed commercial, residential proxy services to reach their victims from the same neighborhood.
“The threat actors operate with an extremely high operational tempo, accessing critical systems and exfiltrating large volumes of data over a few days,” according to the information shared with Cyber Security News.
Focusing on password managers or privileged access management systems accomplishes privilege escalation.
Threat actors tend to target business-critical virtual machines and other systems, particularly when delivering ransomware, perhaps to do as much damage to the victim as possible.
Document
FREE Demo
Deploy Advanced AI-Powered Email Security Solution
Protect your Business Email from threats like tracking, blocking, modifying, phishing, account takeover, business email compromise, malware, and ransomware with Trustifi’s AI-powered email security solution.
Further, they utilize aggressive communication techniques to interact with victims, including posting threatening notes in text files on computers, sending emails and SMS messages to executives, and hacking into the channels that victims use to respond to issues.
Researchers mention that “threat actors will continue to improve their tradecraft over time and may leverage underground communities for support to increase the efficacy of their operations.”
“They may use other ransomware brands and/or incorporate additional monetization strategies to maximize their profits in the future”.
Recommendation
Enforce Microsoft Authenticator with number matching and delete SMS as an MFA verification option.
Ensure the security of MFA and SSPR registration by forcing users to authenticate from a trusted network location and/or by guaranteeing device compliance.
Create a Conditional Access Policy that restricts external access to Microsoft Azure and Microsoft 365 administration features by requiring users to authenticate from a trusted network location and/or ensure device compliance.
Keep informed about the latest Cyber Security News by following us on Google News, Linkedin, Twitter, and Facebook.
The post UNC3944 Hackers Acquire Corporate Logins Using SMS Phishing And Support Desk Calls appeared first on Cyber Security News.
Cyber Security News
![Reptar: New Intel CPU Vulnerability Impacts Multi-Tenant Virtualized Environments](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhLdIN1LC4oqYA9osX7NuUY_cTNx0nSjhu6f1m7BdHOsPjXFEZ32ttHBm_YeZfd24gNTn2iGRGyavmRURVN5y1GcI3KBClNVrP1J8T-w75mK2tpn24u4Ihf_GBtmvw8gJJiZwdP3ed5bv-0kr1521zbORDtzoQvwioywWkFTB-1eXK2-C_sso7EZGz6sJOB/s72-c/intel.jpg)
Reptar: New Intel CPU Vulnerability Impacts Multi-Tenant Virtualized Environments
Reptar: New Intel CPU Vulnerability Impacts Multi-Tenant Virtualized Environments
Intel has released fixes to close out a high-severity flaw codenamed Reptar that impacts its desktop, mobile, and server CPUs.
Tracked as CVE-2023-23583 (CVSS score: 8.8), the issue has the potential to "allow escalation of privilege and/or information disclosure and/or denial of service via local access."
Successful exploitation of the vulnerability could also permit a bypass of the CPU’s Read More
The Hacker News | #1 Trusted Cybersecurity News Site
Managing supply chain risk in cloud-enabled products
Managing supply chain risk in cloud-enabled products
NCSC Technical Director Ian Levy explains why new guidance on cloud-enabled products (including AV) requires a nuanced approach. Read More