Apple gave cybercriminals hell in 2022.

May 18 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that gives cybercriminals anxiety #WearItGreenDay

Today’s hottest cyber security stories:

  • Apple gave cybercriminals hell in 2022
  • State-backed SideWinder hacking group caught with pants down
  • Vulnerability discovered in popular Belkin Wemo smart-plugs

HOW DO YOU LIKE THEM APPLES?

Hi folks, today we’re celebrating Apple. Perhaps you’ve heard of them. Specifically, we’re celebrating the fantastic job they’ve been doing fighting cybercrime. The California-based tech giant just announced its cybersecurity stats for 2022 and dammit we’re impressed.

Here’s some of what the guys at Apple had to say on the matter. And remember, they’re American, so they’re certainly not afraid to toot their own horns. Though, in this case, we think they’ve earned the right.

“In 2022, Apple protected users from nearly 57,000 untrustworthy apps from illegitimate storefronts,” the company emphasised. “These unauthorised marketplaces distribute harmful software that can imitate popular apps or alter them without the consent of their developers.”

It also touted its App Review process, stating: “Over 153,000 app submissions rejected from the App Store last year were found to be spam, copycats, or misleading, and nearly 29,000 submissions were rejected for containing hidden or undocumented features.”

“Upward of 400,000 app submissions were rejected for privacy violations.” Geez!

See below for a full rundown of what was announced.

What did you do in 2022? Here’s what Apple managed lol:

  • Deactivated 282 MILLION ???? bogus customer accounts
  • Thwarted 198 MILLION ???????????? fraudulent new accounts
  • Stopped over $2 billion in fraudulent transactions
  • Rejected 1.7 million app submissions for privacy/security violations
  • Terminated 428k developer account creations
  • Blocked 105k fake developer account creations
  • Blocked 57k untrustworthy apps from illegitimate storefronts
  • Reviewed 6.1 app submissions, leading to rejections for spam, copycats, misleading info, hidden features, and privacy violations
  • Blocked 147m fraudulent ratings reviews
  • Intercepted 3.9m attempts to install/launch illicitly distributed apps
  • Blocked 3.9m stolen credit cards
  • Banned 714k accounts for fraud
  • Blocked $2.09 BILLION in fraudulent transactions on the App Store

Not bad, ey?

THE SIDEWINDER LEAKS TONIGHT.., REM, anyone?

Some super sneaky cybersecurity researchers have stumbled upon a hidden treasure trove of attack infrastructure used by none other than the infamous state-sponsored troublemakers known as SideWinder. 

They’ve been busy striking entities in none other than the exotic lands of Pakistan and China. Who would’ve thought?

Picture this: a secret network of 55 domains and IP addresses just waiting to wreak havoc, according to the cyber wizards at Group-IB and Bridewell:

“The identified phishing domains mimic various organisations in the news, government, telecommunications, and financial sectors,” researchers Nikita Rostovtsev, Joshua Penny, and Yashraj Solanki said.

SideWinder has been pulling off these shenanigans since 2012. And how do they do it, you ask? Well, they’re spear-phishing specialists. They use this fancy trick as their secret weapon to weasel their way into targeted environments. Sneaky bastards, aren’t they?

The group’s targets are believed to be connected to Indian espionage interests. On some James Bond sh*t.

And they don’t just limit themselves to one country. Nope! They’ve got a whole buffet of nations on their menu. We’re talking about Pakistan, China, Sri Lanka, Afghanistan, Bangladesh, Myanmar, the Philippines, Qatar, and even Singapore. It’s like a world tour of digital mischief!

Still, nice to see them embarrassed by this latest leak. Probably not great for a cyber-espionage group to have its previously undocumented attack infrastructure posted all over the web, is it?

So, suck on that, SideWinder!

FINDING WEMO

Guess what? The second generation version of Belkin’s Wemo Mini Smart Plug has been found to contain a buffer overflow vulnerability that could be weaponized by a threat actor to inject arbitrary commands remotely.

It turns out that some clever folks at Sternum, an Israeli IoT security company, decided to take a closer look at this fancy smart plug.

They discovered a vulnerability called a buffer overflow. Now, this vulnerability could potentially be weaponized by some mischievous threat actor out there to inject all sorts of commands remotely. Yikes!

This vulnerability even has its very own special identifier called CVE-2023-27217. Sternum reported their findings to Belkin on January 9, 2023.

How can the vulnerability be exploited?

How it works is basically the plug has a feature to rename the plug. What you can rename it to is limited to 30 characters but that rule is only enforced by the app. As a result, you can circumvent the character limit by using a Python module named pyWeMo.

This causes a buffer overflow condition, which can then be reliably exploited to crash the device or, alternatively, trick the code into running malicious commands and take over control.

So, there you have it, folks. Belkin’s supposedly smart plug has a not-so-smart vulnerability lurking within its shiny exterior.

Will they fix it? Computer says no. Belkin said it won’t bother patching it because it’s nearing EoL (end of life). Euphanasia job. How sad.

So long and thanks for reading all the phish!

Recent articles