Saturday 3rd August 2024

Saturday 3rd August 2024

Good morning everyone, happy Saturday, thank you for joining me for the latest installment of Cyber Daily. Today, we're looking in to the latest global stories from the exploitation of Cloudflare's free service for malware distribution to the UK’s NCA shutting down a prolific call-spoofing operation, and the newly discovered DNS vulnerability that's putting over a million domains at risk.

Cybercriminals Exploit TryCloudflare for Malware Delivery


Cybersecurity firms are raising alarms over a surge in the misuse of Cloudflare's 'TryCloudflare' free service to deliver malware. eSentire and Proofpoint have documented cyber attackers using TryCloudflare to set up one-time tunnels, relaying traffic from attacker-controlled servers to local machines through Cloudflare's infrastructure. This method has been observed delivering a variety of malware, including AsyncRAT, GuLoader, and Venom RAT.

The attack typically starts with a phishing email containing a ZIP file. This file includes a URL shortcut that directs the recipient to a Windows shortcut hosted on a TryCloudflare-proxied WebDAV server. The shortcut then executes batch scripts that download and run additional malicious payloads, displaying a decoy PDF to maintain the ruse.

Proofpoint notes that phishing emails are written in multiple languages and cover diverse themes like invoices and tax documents, targeting organisations worldwide. This campaign, financially motivated, leverages Cloudflare tunnels to create temporary, scalable infrastructure, making it harder for defenders to track and block.

The ongoing exploitation of TryCloudflare has prompted calls for Cloudflare to enhance its anti-abuse policies to prevent cybercriminals from using its services to mask malicious activities.


UK's NCA Shuts Down Russian Coms, Arrests Fraud Ring Members


The UK's National Crime Agency (NCA) has dismantled Russian Coms, a notorious call-spoofing service that defrauded hundreds of thousands of victims globally. This operation has led to the arrest of at least four suspects, all British nationals, believed to be key players in the fraudulent scheme that spanned over 100 countries.

In March, the NCA arrested two men in London suspected of developing and administering the platform. A third man, accused of being an affiliate and courier, was arrested in April. This week, an alleged scammer using the service was apprehended in Potters Bar, England.

Russian Coms, active since 2021, enabled criminals to spoof caller IDs of banks and other institutions, deceiving victims into transferring money and divulging personal information. Users of the service paid up to £1,400 ($1,800) for a six-month contract, receiving a specially configured smartphone or web app to carry out their scams.

The service facilitated over 1.3 million calls to 500,000 UK phone numbers, with average losses per victim exceeding £9,400 ($12,000). The NCA is now focusing on tracking down additional users worldwide in a concerted law enforcement effort.

Sitting Ducks Attack Exposes Over a Million Domains to Hijacking


Researchers from Eclypsium and Infoblox have discovered a critical vulnerability in the DNS system, dubbed the Sitting Ducks attack, that jeopardises over a million domains daily. This technique, exploited by more than a dozen Russian-linked cybercriminal groups, allows attackers to hijack domains without accessing the domain owner’s accounts, facilitating activities like malware distribution, phishing, and data theft.

The Sitting Ducks attack involves taking control of a registered domain at an authoritative DNS service or web hosting provider. Despite being detailed as early as 2016 by researcher Matt Bryant, it remains largely unknown and unaddressed. The attack exploits incorrect configurations at domain registrars and DNS providers, which are preventable issues.

Key aspects of the attack include:

  • Lame delegations where authoritative DNS servers lack information to resolve queries.
  • Exploitable authoritative DNS providers that attackers can claim without needing domain registrar account access.
  • Variants that do not require attackers to register their own domains.

Researchers urge domain holders to:

  • Ensure their authoritative DNS provider is the same as their domain registrar.
  • Verify that domains and subdomains do not delegate to invalid service providers.
  • Check with DNS providers about specific mitigations against this attack.

For DNS service providers, recommendations include:

  • Issuing random name server hosts that require registrar changes for domain claims.
  • Ensuring new name server hosts do not match previous assignments.
  • Prohibiting modifications to name server hosts after assignment.

Collaboration between domain holders, registrars, DNS providers, and the cybersecurity community is crucial to mitigating this widespread and stealthy threat.



Kc Chohan

Specialist in Cutting Taxes by 30-46% per year for Those Paying $500K+ Annually

7 个月

Powerful insights into cybercrime tactics. Time to defend proactively? Aidan Dickenson

Marcel Velica

Senior Security Program Manager | Leading Cybersecurity Initiatives | Driving Strategic Security Solutions | Cybersecurity Excellence | Cloud Security

7 个月

Exciting update! The latest edition of Cyber Daily is packed with valuable insights. Aidan Dickenson

要查看或添加评论,请登录

Aidan Dickenson的更多文章

  • Monday 10th March 2025

    Monday 10th March 2025

    Good morning everyone and a very happy Monday to you all. Today's edition is looking in to: ESP32 chips used in…

  • Sunday 9th March 2025

    Sunday 9th March 2025

    Good morning. If your internet has been acting up, it might not just be your router—a massive IoT botnet is wreaking…

  • Saturday 8th March 2025

    Saturday 8th March 2025

    Good morning! It's finally the weekend, however Today’s news proves that hackers are getting way too creative. From…

  • Friday 7th March 2025

    Friday 7th March 2025

    Good morning everyone and a very happy Friday to you all. Apologies for my tardiness in launching today's edition.

  • Thursday 6th March 2025

    Thursday 6th March 2025

    Good morning everyone and thank you for joining me for the latest instalment of Cyber Daily. If you’ve ever dreamed of…

    1 条评论
  • Wednesday 5th March 2025

    Wednesday 5th March 2025

    Good morning and happy Hump Day! Today's edition is focusing on Google who have just rolled out new AI-powered fraud…

  • Tuesday 4th March 2025

    Tuesday 4th March 2025

    Good morning, thank you for joining me for the latest instalment of Cyber Daily. In a world where cybercriminals can’t…

  • Monday 3rd March 2025

    Monday 3rd March 2025

    Good morning everyone, I hope you all had a great weekend, thank you for joining me for the latest instalment of Cyber…

    2 条评论
  • Saturday 1st March 2025

    Saturday 1st March 2025

    Good morning everyone, happy Saturday. It's finally Spring! If you’ve ever rolled your eyes at CAPTCHAs, imagine…

  • Friday 28th February 2025

    Friday 28th February 2025

    Good morning everyone and a very happy Friday to you all. Cybercriminals are getting bolder, state-sponsored hackers…

社区洞察

其他会员也浏览了