Tag Archives: Phishing

Posted on Author Atlantic Computer Services Categories Blog

Large Scale Okta Phishing Campaign Targets Many Organizations

According to ongoing research by Group-IB, a massive phishing campaign is currently underway.

This is a campaign that has impacted no less than 130 organizations across a broad range of industries. These include but are not limited to professional recruiting firms and companies connected to finance and technology.

Some of the companies targeted include giants in their respective fields such as:

  • TTEC
  • Best Buy
  • HubSpot
  • Evernote
  • Riot Games
  • AT&T
  • Epic Games
  • Microsoft
  • Twitter
  • Slack
  • Verizon Wireless
  • MetroPCS
  • Twilio
  • MailChimp
  • Klaviyo
  • And T-Mobile

This comes with an unsuccessful attempt to breach Cloudflare’s network as well.

The phishing campaign utilizes a kit that has been code-named ‘Oktapus,’ and has been underway since at least March of this year (2022).  As the Group-IB report indicates, it has many tentacles indeed.  So far, the group behind the campaign has been able to steal nearly ten thousand login credentials and use these to gain access to targeted networks.

The attack begins simply enough, as many such attacks do.  The target receives an SMS message with a link to a web page.  This page appears to be legitimate.  It is a precise copy of a corporate webpage, utilizing all the right branding and logo images.

Invariably, users are presented with a login box and are promoted to enter their account credentials and two-factor authentication codes if applicable.  Doing so hands that information over to the hackers controlling the site, giving them another login to abuse.

Okta is a perfectly legitimate and in fact, widely respected Identity-as-a-service (IDaaS) platform that allows users to employ a single login to access all software assets in their company.  Unfortunately, hackers have discovered a means of abusing that to steal customer data, which is then used to conduct additional attacks, targeting firms in the supply chain of the initially targeted company.

Even if your company isn’t connected to any of the industries the hackers have targeted thus far, be sure your IT staff is aware of this threat.

0
Posted on Author Atlantic Computer Services Categories Blog

Twilio Data Breach Happened Via Employee Smishing

Twilio is the Cloud Communications Company. They are the latest to fall victim to a data breach.

The company recently disclosed that some of its customer data was accessed by unknown attackers who gained access to the system by stealing employee login credentials via an SMS phishing attack, known as ‘Smishing,’ for short.

The company’s disclosure reads in part as follows:

“On August 4, 2022, Twilio became aware of unauthorized access to information related to a limited number of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials.

The attackers then used the stolen credentials to gain access to some of our internal systems, where they were able to access certain customer data.”

The smishing attack succeeded because the attackers were able to convince company employees that the SMS messages they were receiving were coming from the company’s own IT department.  The messages contained URLs containing the keywords “Twilio,” “SSO” and “Okta” which are commonly used by the company.

Unfortunately, if an employee tapped these links, they would not be taken to company resources but rather to a page that had been cloned to appear as a legitimate company sign in page.

Here, they received a message that their password had expired, and the employee was asked to enter their information as part of the process of changing it.

Naturally, this action did not change the employee’s password, but it did hand it over to the hackers waiting on the other end.

Per a Twilio spokesman, the attackers were only able to access data belonging to a limited number of customers, and the company is currently in the process of reaching out to those who were impacted.

If you have a Twilio account and are not contacted, your data and your account should be fine.  If you are contacted, Twilio will provide you with additional information at that time.

0
Posted on Author Atlantic Computer Services Categories Blog

OpenSea Warns Users Of Phishing Attacks From Data Breach

Are you a fan of NFTs?  If so, you’ve probably heard of OpenSea, which is the largest marketplace for non-fungible tokens.

If you have an account there, be aware that recently the company disclosed that their network had been breached and they issued a warning to their clients urging them to be on the lookout for possible phishing emails.

Cory Hardman is OpenSea’s head of security. According to Hardman, an employee of Customer.io, which is the company’s email delivery vendor, downloaded a file containing email addresses that belong to OpenSea users and newsletter subscribers. The precise number of email addresses the attacker made off with was not disclosed.

Mr. Hardman said:

“If you have shared your email with OpenSea in the past, you should assume you were impacted. We are working with Customer.io in their ongoing investigation, and we have reported this incident to law enforcement.”

This is not the first time OpenSea users have been targeted.  Last year, threat actors impersonating fake support staff successfully absconded with roughly two million dollars (USD) worth of NFTs. Last September (2021) the company addressed a security flaw that allowed attackers to empty an OpenSea user’s cryptocurrency wallets by luring them to click on maliciously crafted NFT artwork.

Although the industry is still in its formative stages, it has grown at a blistering pace. OpenSea is the largest marketplace in the NFT industry. They boast more than 600,000 users and total transactions that surpass $20 billion (USD) which make it a prime target for hackers.

Sadly, this will almost certainly not be the last time OpenSea and other NFT markets find themselves in the crosshairs.

If you have an account there, be on high alert.  Odds are good that the attacker will try to put your email address to malicious use.

0
Posted on Author Atlantic Computer Services Categories Blog

Hackers Are Stealing Facebook Accounts With Malicious Messenger Bots

Researchers at Trustwave have shed light on a recently discovered phishing campaign revolving around Facebook Messenger bots.

If you don’t spend much time on social media, chatbots are programs designed to impersonate live people and are usually relegated the task of answering simple questions as a form of triage customer support.

If the bot can’t answer the question, then a handoff escalation is made to a human customer support person.

That’s how it’s supposed to work, anyway.  This newly discovered campaign abuses chatbots.

Here’s how they’re structuring the campaign:

The first step is to send an email out to an individual concerning their Facebook page, generally claiming that the page has violated some portion of Facebook’s Community Standards and giving the email recipient 48 hours to appeal the decision or risk their page being deleted.

Naturally, this is mortifying to most people, who will rush to resolve the issue.

That’s exactly what the phishers are counting on.  By “helpfully” providing a link or button embedded in the email which connects them to a chatbot, but one that the scammers control.

By all appearances, the email recipient is connected to a member of Facebook’s customer support team.  It is in fact a chatbot controlled by the scammers.

The fake customer support person will basically regurgitate the information contained in the email and then will send the victim a message containing an “Appeal Now” button.

Clicking this button takes the victim to a website disguised as the “Facebook Support Inbox.” At this point, only an observant potential victim will see through the ruse as the inbox domain is in no way associated with Facebook. Others may easily miss it.

If the victim doesn’t see through the ruse, he or she will be asked to input a variety of information on a form.  When this form is submitted, a pop-up box appears asking the user to re-enter their Facebook password, and that’s the hook.

Everything up to this point has been bait designed to get the potential victim to give up their password.

Even if you’re not personally on Facebook, make sure everyone you know who is knows about this scam.  If we can help even one person avoid being taken in, that’s a victory.

0
Posted on Author Atlantic Computer Services Categories Blog

The Windows 11 Apps That Use Your Microphone And Camera

Are you a member of the Windows 11 Insiders group?  If so, then you already know that you get a sneak peek at all the cool new features the engineers at Microsoft are building into the new Operating System.

If you’re not yet a member of that group, then this announcement might entice you to join.

In a June Windows 11 Preview Build, the company added a new privacy feature that keeps track of apps that have access to your microphone, camera, location, and the like.

To view your installed apps and which ones have access to what, activate your Windows 11 Settings app and look under Privacy & Security.  There, you’ll see a section labeled “App Permissions” as a “Recent Activity” dropdown menu.

You’ll see a complete listing of apps stacked against every tracked category of information, putting it all right at your fingertips.

This is the latest of the new security features that the new OS will sport.  In addition to this, the company is also planning to make improvements to Microsoft Defender that will make it better at blocking phishing and malware attacks against users.

On top of that, Microsoft is currently developing a Personal Data Encryption feature that will protect users’ files when they’re not logged in by blocking access to that data until the user authenticates via Windows Hello.

Finally, the company is flirting with the notion of enabling both Credential Guard and Local Security Authority by default. Although, they have not made a firm commitment to either of those at the time this article was written.

These feature additions stand to make Windows 11 the most secure OS that Microsoft has ever offered.  We’re looking forward to seeing how Windows 11 is accepted by the broader public.

0
1 2 3 4 13