Top Stories of the Week: 11/30/24-12/6/24
Learn more about the Chinese infiltration of US telecoms, the associated fallout, other emerging threats targeting organizations globally, and the role of gen AI in those threats.
Chinese Telecom Espionage Began With ‘Much Broader’ Aims, Officials Say
Salt Typhoon, a Chinese hacking group, infiltrated U.S. telecom networks, targeting systems like wiretap surveillance under CALEA. Using sophisticated tactics, they accessed networks of 80 providers globally, including U.S. giants, and compromised data of 150 high-value targets. Investigations revealed the hackers exploited Cisco router flaws and dark web credentials to penetrate systems. CISA recommends stronger Cisco passwords, disabling Telnet, isolating management networks, and logging blocked traffic. The group’s activities highlight vulnerabilities in outdated systems like CALEA, last reviewed in 2005, and raise concerns about securing telecom infrastructure. Experts note the scope of these intrusions remains unclear, and full eviction of the hackers hasn’t been confirmed, underscoring long-term cybersecurity challenges for telecom operators and law enforcement.
Novel Phishing Campaign Uses Corrupted Word Documents To Evade Security
A phishing campaign abuses Microsoft Word’s file recovery feature by sending corrupted Word attachments that bypass security detection. These emails, often disguised as payroll or HR communications about benefits, contain QR codes leading to phishing sites that mimic Microsoft login pages to steal credentials. The corrupted files, recoverable in Word, evade antivirus tools due to the lack of malicious code. Researchers found most of these documents undetected by VirusTotal scans. To stay safe, avoid opening email attachments from unknown senders and confirm suspicious messages with IT administrators before interacting.
New Rockstar 2FA Phishing Service Targets Microsoft 365 Accounts
by Bill Toulas
The 'Rockstar 2FA' phishing-as-a-service platform enables large-scale adversary-in-the-middle (AiTM) attacks to bypass MFA and steal Microsoft 365 credentials by intercepting session cookies, according to a recent report. Emerging from earlier kits like DadSec and Phoenix, Rockstar 2FA has gained popularity since August 2024, offering features such as randomized detection-evading links, automated branding, and integration with legitimate services. Priced at $200 for two weeks, it has supported over 5,000 phishing domains, spreading malicious emails disguised as IT notices or payroll alerts using evasion tactics like QR codes and link shorteners. A Cloudflare Turnstile filters bots, redirecting invalid visitors to decoy pages. This platform’s rise highlights ongoing risks from accessible and sophisticated phishing tools despite law enforcement crackdowns.
Trojan-As-A-Service Hits Euro Banks, Crypto Exchanges
The DroidBot Android RAT targets banks and cryptocurrency platforms, using spyware features like keylogging, SMS interception, and dual-channel communication for data theft. Active since mid-2024, it operates as a malware-as-a-service, utilized by 17 affiliate groups in 77 attacks across Europe, with potential expansion into Latin America. Developed by Turkish speakers, its evolution includes obfuscation, root checks, and multi-stage unpacking, signaling ongoing enhancement. DroidBot hides in malicious apps, exploiting accessibility services for remote control. Researchers warn its as-a-service model could escalate attack scalability and complexity, reshaping the threat landscape.
FBI Warns GenAI Is Boosting Financial Fraud
by James Coker
The FBI warns of criminals using generative AI for large-scale financial fraud, making schemes more convincing. AI tools improve phishing messages, create fake social media profiles, and produce realistic images for scams. Deepfake technology clones voices and videos, enabling ransom demands or bypassing bank verification. Defenses include secret verification words, spotting image flaws, safeguarding personal content, and verifying calls independently. Avoid sharing sensitive data or sending money to strangers.
