Blog & News Social Engineering

The latest evolution of URL-less phishing attacks through rendezvous algorithms

Written by Enrico Frumento, CEFRIEL

The traditional concept of phishing that most people have, even among the IT Security workers, is an email with some deceptive text or in general a hook, which contains an URL, where the innocent user is driven to. Wherever the text is (into the email body or into an attachment), the threat model is the same: there is a component of the email (i.e., the body or the attachment) that leads to a malicious URL.
Most of the defence anti-phishing instruments are built around this paradigm. The systems that inspects the body of the emails or, the URL filtering instruments integrated into the email clients, are deeply tied to this model of phishing...

Read more

 

Privacy issues in social media

Written by Davide Andreoletti, SUPSI

In this post we discuss some of the main privacy issues that characterize the use of social media. Since the topic is really broad, the aim is just to give an overview of the possible risks and make the reader aware of the fact that privacy and social network usability are two conflicting objectives. A distinctive trait of the last decade is represented by the advent and widespread diffusion of social media platforms, being Facebook, Twitter and Instagram some of the most successful examples. The benefits that such platforms bring to the Internet community are countless, ranging from business-oriented ones (e.g., targeted advertisements) to the social-related ones...

Read more

 

Laocoonte and Social Engineering

Written by Enrico Frumento, CEFRIEL

Laocoonte was an Apollo trojan priest who, during the siege of Achaeans, tried to dissuade his fellow citizens from trusting the wooden horse left by its enemies. At the wish of the goddess Athena, who had already established the outcome of the war with the victory of the Achaeans, two sea snake attacked him and his two sons in order not to compromise the divine design.
This figure is strongly connected to the Social Engineering and security in general, because of the connections to the Achaeans story, through the concept of Trojans malware...

Read more

 

CopyPhish: a recent case of a successful contextualized phishing attack which resulted in stealing the entire IP of a SME and damaged also their reputation

Written by Enrico Frumento, CEFRIEL

This recent attack dates back to end of July, beginning of August and involves some interesting issues about tangible and intangible stolen assets of an SME.
The affected company produces Copyfish, an quite good OCR recognition browser extension (apparently installed 37.000 times). Ironically, due to their  name (the hashtag CopyPhish was immediately used on the social media), they fallen in a well contextualized phishing attack (as well explained by themselves)...

Read more

 

Domino effect and darkhotel APTs

Written by Enrico Frumento, CEFRIEL


One of the most interesting aspects of the Hacking Team exploit is not only the impact on the enterprise itself both in terms of tangible and intangible assets (which a lot of studies started to investigate, but not many), but also the impact on other enterprises in a domino effect, due to the tangible assets stolen to hackin team (their hack tools, their 0days exploits and so on) and used against others.

A situation under this point of view very similar to the NSA exploit ad tool leackage. Interestingly, the intent of the Hacking Team hacker was to spread the stolen asset and their intellectual property worldwide, only to increase their defeat and thus at the end, to more heavily affect the impact on their intangible assets...

Read more

 

Adwind: a remote access Trojan delivered via Spam Campaign

Written by Alan Ferrari, SUPSI and Enrico Frumento, CEFRIEL

Nowadays, cybercriminals are becoming dramatically more adept, innovative, and stealthy (only 117.649 variants of this specific attack have been seen). The new trends have moved to novel techniques that come with limitless attack vectors, support for cross platforms and low detection rates (source: TrendMicro).
Recently that Adwind, (a java-based notorious cross-platform Remote Access Trojan), has re-emerged and is used to target enterprises in the aerospace industry, mostly located in Switzerland, Austria, Ukraine, and the US...

Read more

 

WP29’s new opinion on data processing at work

Written by Yung Shin Van Der Sype, KU LEUVEN

Earlier this week the Article 29 Working Party (WP29) released an opinion on data processing at work. This opinion complements the previous publications of the WP29 on data processing in the employment context (i.e. Opinion 8/2001 on the processing of personal data in the employment context, WP 48 and the Working Document on the surveillance of electronic communication in the workplace WP 55)...

Read more

 

Another day, another ransomware: NotPetya

Written by Federico Valentini, CEFRIEL

Another day, another ransomware.
This new strain is called Petya, or Petrwap, or NotPetya and according with multiple sources, Ukraine is the most targeted country followed by Russia. What we saw in the early hours of propagation were so many technical analyses, many of which turned out to be wrong or inaccurate.
At the time of writing, I can say that this is not the usual ransomware campaign we are used to see because right now it’s clearer that NotPetya is definitely not designed to make money, but rather to cause damage, spreading fast and globally, camouflaging to look like the original Petya ransomware...

Read more

Suicides and the Internet: a controversial relation

Written by Davide Andreoletti, SUPSI

In this post we discuss some of the relations between the use of Internet and the plaguing phenomenon of suicides.
The number of people committing suicides is alarming, with countries that reach up to 80 suicides over 100000 citizens per year. Recently, several cases of suicide teenagers come under the spotlight of the media due to a possible link with an online game, called The Blue Whale, diffused on the Russian Social Network VKontakte...

Read more

 

Phishing as a service

Written by Davide Andreoletti, SUPSI

In this post we describe the emerging model of Phishing as a Service (PHaaS).
The increasing complexity and widespread diffusion of IT systems made necessary a radical shift of paradigm from standalone solutions to the more flexible and cost-effective service-based ones. This is the case, for example, of remarkable cloud-based solutions offering Storage as a Service (e.g., Dropbox)...

Read more

 




This project has received funding from the European Union’s Horizon 2020 Research and Innovation programme, under grant agreement No. 653618