Saturday 3rd August 2024
Aidan Dickenson
Sales pressure weighing you down? I help you beat rejection and stress so you can sell with confidence and live a balanced life.
Good morning everyone, happy Saturday, thank you for joining me for the latest installment of Cyber Daily. Today, we're looking in to the latest global stories from the exploitation of Cloudflare's free service for malware distribution to the UK’s NCA shutting down a prolific call-spoofing operation, and the newly discovered DNS vulnerability that's putting over a million domains at risk.
Cybercriminals Exploit TryCloudflare for Malware Delivery
Cybersecurity firms are raising alarms over a surge in the misuse of Cloudflare's 'TryCloudflare' free service to deliver malware. eSentire and Proofpoint have documented cyber attackers using TryCloudflare to set up one-time tunnels, relaying traffic from attacker-controlled servers to local machines through Cloudflare's infrastructure. This method has been observed delivering a variety of malware, including AsyncRAT, GuLoader, and Venom RAT.
The attack typically starts with a phishing email containing a ZIP file. This file includes a URL shortcut that directs the recipient to a Windows shortcut hosted on a TryCloudflare-proxied WebDAV server. The shortcut then executes batch scripts that download and run additional malicious payloads, displaying a decoy PDF to maintain the ruse.
Proofpoint notes that phishing emails are written in multiple languages and cover diverse themes like invoices and tax documents, targeting organisations worldwide. This campaign, financially motivated, leverages Cloudflare tunnels to create temporary, scalable infrastructure, making it harder for defenders to track and block.
The ongoing exploitation of TryCloudflare has prompted calls for Cloudflare to enhance its anti-abuse policies to prevent cybercriminals from using its services to mask malicious activities.
UK's NCA Shuts Down Russian Coms, Arrests Fraud Ring Members
The UK's National Crime Agency (NCA) has dismantled Russian Coms, a notorious call-spoofing service that defrauded hundreds of thousands of victims globally. This operation has led to the arrest of at least four suspects, all British nationals, believed to be key players in the fraudulent scheme that spanned over 100 countries.
In March, the NCA arrested two men in London suspected of developing and administering the platform. A third man, accused of being an affiliate and courier, was arrested in April. This week, an alleged scammer using the service was apprehended in Potters Bar, England.
领英推荐
Russian Coms, active since 2021, enabled criminals to spoof caller IDs of banks and other institutions, deceiving victims into transferring money and divulging personal information. Users of the service paid up to £1,400 ($1,800) for a six-month contract, receiving a specially configured smartphone or web app to carry out their scams.
The service facilitated over 1.3 million calls to 500,000 UK phone numbers, with average losses per victim exceeding £9,400 ($12,000). The NCA is now focusing on tracking down additional users worldwide in a concerted law enforcement effort.
Sitting Ducks Attack Exposes Over a Million Domains to Hijacking
Researchers from Eclypsium and Infoblox have discovered a critical vulnerability in the DNS system, dubbed the Sitting Ducks attack, that jeopardises over a million domains daily. This technique, exploited by more than a dozen Russian-linked cybercriminal groups, allows attackers to hijack domains without accessing the domain owner’s accounts, facilitating activities like malware distribution, phishing, and data theft.
The Sitting Ducks attack involves taking control of a registered domain at an authoritative DNS service or web hosting provider. Despite being detailed as early as 2016 by researcher Matt Bryant, it remains largely unknown and unaddressed. The attack exploits incorrect configurations at domain registrars and DNS providers, which are preventable issues.
Key aspects of the attack include:
Researchers urge domain holders to:
For DNS service providers, recommendations include:
Collaboration between domain holders, registrars, DNS providers, and the cybersecurity community is crucial to mitigating this widespread and stealthy threat.
Specialist in Cutting Taxes by 30-46% per year for Those Paying $500K+ Annually
7 个月Powerful insights into cybercrime tactics. Time to defend proactively? Aidan Dickenson
Senior Security Program Manager | Leading Cybersecurity Initiatives | Driving Strategic Security Solutions | Cybersecurity Excellence | Cloud Security
7 个月Exciting update! The latest edition of Cyber Daily is packed with valuable insights. Aidan Dickenson