Ukraine head of cybersecurity Victor Zhora says the world needs “efficient legal instruments to confront cyber terrorism.” Read More
Related Posts
Android & iOS Users Targeted with New Phishing Attack Using PWAs & WebAPKs
Android & iOS Users Targeted with New Phishing Attack Using PWAs & WebAPKs
A novel type of phishing attack has been discovered, targeting both Android and iOS users. This attack combines traditional social engineering techniques with the use of Progressive Web Applications (PWAs) and WebAPKs, making it a significant threat to mobile users.
The attack was first identified in November 2023, and since then, multiple cases have been reported, primarily targeting clients of Czech banks. However, cases have also been observed in Hungary and Georgia, indicating a broader reach.
The attackers use various delivery mechanisms, including automated voice calls, SMS messages, and social media malvertising. The malicious ads, often featuring the bank’s official mascot and logos, entice victims to visit a phishing link, which leads to a convincing fake Google Play page.
Free Webinar on Detecting & Blocking Supply Chain Attack -> Book your Spot
The page checks for the usage of a mobile client via the User-Agent HTTP header, and if the victim is on a mobile device, the “Install” button prompts the victim for installation via a pop-up.
The phishing application is installed as a PWA or WebAPK, which allows it to run on multiple platforms and devices. PWAs are essentially websites bundled into a standalone application, with the ability to be launched from the menu bar or home screen.
WebAPKs, on the other hand, are an upgraded version of PWAs, generated by the Chrome browser as a native Android application.
The installed phishing app is nearly indistinguishable from the real banking app, with the same logo and design. Once opened, the app leads to a phishing login page, where victims are prompted to submit their internet banking credentials. The entered information is sent to the attackers’ Command and Control (C&C) servers.
The C&C infrastructure used by the attackers is quite sophisticated, with two distinct groups operating the phishing campaigns. One group uses a Telegram bot to log all entered information into a Telegram group chat via the official Telegram API, while the other uses a traditional C&C server with an administrative panel.
The attackers have been able to evade detection by using multiple domains and preparing new malicious campaigns. According to ESET researchers, some of the C&C servers have been deactivated, and the affected banks have been notified.
To protect yourself from this type of phishing attack, it is essential to be cautious when installing new apps, especially those that ask for sensitive information. Always verify the authenticity of the app and the website from which it is downloaded. Additionally, keep your device and browser up to date with the latest security patches.
This new type of phishing attack poses a significant threat to Android and iOSAndroid and iOS users. By combining traditional social engineering techniques with the use of PWAs and WebAPKs, attackers have created.
Are you from SOC and DFIR Teams? Analyse Malware Incidents & get live Access with ANY.RUN -> Get 14 Days Free Acces
The post Android & iOS Users Targeted with New Phishing Attack Using PWAs & WebAPKs appeared first on Cyber Security News.
KmsdBot Malware Gets an Upgrade: Now Targets IoT Devices with Enhanced Capabilities
KmsdBot Malware Gets an Upgrade: Now Targets IoT Devices with Enhanced Capabilities
An updated version of a botnet malware called KmsdBot is now targeting Internet of Things (IoT) devices, simultaneously branching out its capabilities and the attack surface.
"The binary now includes support for Telnet scanning and support for more CPU architectures," Akamai security researcher Larry W. Cashdollar said in an analysis published this month.
<!–adsense–>
The latest iteration, Read More
The Hacker News | #1 Trusted Cybersecurity News Site
Microsoft Customers Facing 600M+ Cyber Attacks Every Day
Microsoft Customers Facing 600M+ Cyber Attacks Every Day
Cybersecurity analysts at Microsoft recently discovered that their customers face more than 600 million cyber-attacks every day.
The current cyber threat landscape is increasingly complex and dynamic. It is marked by a surge in “state-sponsored” and “hacktivist” attacks.
Not only that, but the rise of ransomware attacks continues to pose significant risks to “critical infrastructure.”
Major Attacks and Victims
Microsoft reports over 600 million daily cybersecurity incidents targeting its customers. These attacks range from “ransomware” and “phishing” to “identity attacks.”
The latest Microsoft Digital Defense Report highlights an alarming trend like “nation-state actors increasingly collaborating with cybercriminals,” “sharing sophisticated tools” and “techniques.”
Notable instances are:-
Russian threat actors outsourcing cyberespionage operations.
Iranian actors deploying ransomware for influence operations.
North Korean groups developing custom malware like FakePenny.
Geopolitical hotspots like “Ukraine,” “Israel,” and “Taiwan” face concentrated cyber threats.
The report also notes a surge in election-related homoglyph domains—spoofed links used for “phishing” and “malware distribution” with over “10,000 such domains under monitoring.”‘
Russian,’ ‘Iranian,’ and ‘Chinese’ actors are actively attempting to influence the U.S. election via cyber operations.
To combat these threats, Microsoft highlights the need for robust security measures and a commitment to cybersecurity fundamentals across all levels (from individual users to corporate executives and government leaders).
The alarming trend shows that “ransomware attacks increased 2.75x year-over-year,” notably achieving a “threefold decrease” in successful encryption stages.
While the “tech support scams” skyrocketed by “400% from 7,000 daily incidents in 2023 to 100,000 in 2024.”
The primary attack vectors remain “social engineering techniques,” specifically via “email phishing,” “SMS phishing,” and “voice phishing” alongside “identity compromise” and “exploitation of vulnerabilities in public-facing applications” and “unpatched operating systems.”
Free Webinar on How to Protect Small Businesses Against Advanced Cyberthreats -> Watch Here
A critical challenge is the rapid turnover of malicious infrastructure with 70% being active for less than two hours before disappearing which makes the traditional detection methods “less effective.”
Threat actors (mostly Chinese) are now leveraging “AI capabilities” to focus on “AI-generated imagery” and Russia-affiliated actors utilizing “audio-focused AI” across various platforms.
Microsoft alone faces over 600 million daily attacks which shows the urgent need for “robust cybersecurity measures” through their “Secure Future Initiative,” which combines “AI-powered defense mechanisms with traditional security protocols.
The current international cybersecurity norms lack significant enforcement mechanisms.
This clearly shows the critical need for enhanced public-private sector collaboration to establish both stronger defensive capabilities for malicious cyber activities.
How to Choose an ultimate Managed SIEM solution for Your Security Team -> Download Free Guide (PDF)
The post Microsoft Customers Facing 600M+ Cyber Attacks Every Day appeared first on Cyber Security News.