Sep 07 2023
Welcome to Gone Phishing, your daily cybersecurity newsletter that gives cyber criminals all the time, patience, and respect that Joe Jonas and Sophie gave their marriage π. They split up. Presumably itβs of consequence because itβs trending on Twitter π€·
Todayβs hottest cybersecurity news stories:
πͺ Introducing the W3LL store, your one-stop shop for all things phishing π
β‘ SEL's power management products now feature 9 glaring vulnerabilities π¬
π» GhostSec hacktivists leak source code of alleged Iranian surveillance tool π΅πΎ
A clandestine "phishing empire" has emerged, orchestrating cyberattacks on Microsoft 365 business email accounts for the past six years. Dubbed the "W3LL Store," this underground market caters to a community of over 500 cyber threat actors. π±
The heart of the operation is the "W3LL Panel," a custom phishing kit designed to bypass Multi-Factor Authentication (MFA) along with 16 other specialised tools for Business Email Compromise (BEC) attacks. π¨
π― Targets
More than 56,000 corporate Microsoft 365 accounts were in the crosshairs, with 8,000 already compromised. The attacks hit the US, UK, Australia, Germany, Canada, France, the Netherlands, Switzerland, and Italy, netting $500,000 in ill-gotten gains. ππ°
π’ Sectors
Industries infiltrated include manufacturing, IT, consulting, financial services, healthcare, and legal services. The W3LL Panel operated close to 850 unique phishing websites during the same timeframe. ππ»
π« W3LL's Arsenal
It's an all-in-one phishing instrument offering custom tools, mailing lists, and access to compromised servers, reflecting the trend of Phishing-as-a-Service (PhaaS) platforms. The kit's core component is an adversary-in-the-middle (AiTM) phishing tool, capable of bypassing MFA. πΌπ
π€ Anti-Bot Measures
The panel boasts anti-bot functionality to outsmart automated web scanners, ensuring longer-lasting phishing campaigns.
π§ The Process
The attacker uses tools like LOMPAT to validate email addresses and then sends phishing messages. Victims who click are funnelled through an anti-bot script to a phishing landing page. Credentials are harvested, granting access to the Microsoft 365 account.
π Innovation
The W3LL Store is a game-changer, offering an entire BEC killchain toolkit for cybercriminals of all technical levels. The rising demand for phishing tools fuels competition among developers, driving innovation.
π¨ Microsoft Alert
This revelation follows Microsoft's warning about AiTM techniques employed through PhaaS platforms. These techniques allow access to privileged systems without re-authentication.
Stay vigilant, stay safe! π»π
I came across ZZZ money club during the crypto market bull run when everyoneβs a winner, even during the bear market this discord group has been amazing at giving information on projects and ways to make passive income in various ways.
The group is very active and everyone in this private discord group is very chatty and helpful.
Its run by Yourfriendandy and Decadeinvestor, you can find them here on YouTube, both top guys with great content.
If you are interested in joining the group you can through the link below.
Gif by usfigureskating on Giphy
Schweitzer Engineering Laboratories (SEL) has been hit with a series of security flaws, with the most serious allowing remote code execution (RCE) on an engineering workstation, according to Nozomi Networks. π±
π The Issues
These vulnerabilities, tracked as CVE-2023-34392 and CVE-2023-31168 through CVE-2023-31175, impact SEL-5030 acSELeratorQuickSet and SEL-5037 GridConfigurator, crucial for device configuration and monitoring.
β οΈ Risk Levels
The flaws range in severity from 4.8 to 8.8 (CVSS scores). CVE-2023-31171 can be exploited via a phishing email to execute code on the workstation, potentially leading to administrative access when chained with CVE-2023-31175. CVE-2023-34392 could enable attackers to send hidden commands through a watering hole attack.
π₯ Previous Vulnerabilities
This follows 19 earlier SEL Real Time Automation Controller (RTAC) suite vulnerabilities, allowing unauthorised access, manipulation, and code execution.
π National Initiative
Meanwhile, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) is collaborating with MITRE to enhance cyber attack emulation tools, focusing on operational technology (OT) networks.
Stay vigilant in the face of evolving cyber threats! ππ»
Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!
βοΈ ViaTravelers: Get exclusive travel tips, news, and insider deals right in your inbox.
πΒ Leadership in Tech: A weekly newsletter for CTOs, engineering managers and senior engineers to become better leaders.
π§ Β Big Brain: Trending AI news, jobs and tools delivered in 3 minutes per day.
Let us know what you think!
Gif by colonyusa on Giphy
GhostSec, a hacktivist group, is unveiling the source code of alleged surveillance software used by Iran. The code comes from the Iranian FANAP group, which initially provided tech to financial and IT services but expanded into a comprehensive surveillance system for the Iranian government, similar to Pegasus spyware.
π¦ What's Been Disclosed?
GhostSec has released portions of the code, including facial recognition and privacy-invading features like video surveillance and car tracking systems. Notably, they claim this software was deployed across Iran's Pasargad Bank.
π€ Why Did GhostSec Do It?
GhostSec, known for its human rights advocacy, aims to protect privacy and expose surveillance. They accessed the source code via FANAP infrastructure, then compromised a server to reveal the code.
π£οΈ FANAP's Response:
FANAP denied the leak, stating it only recognizes faces with consent. GhostSec contends they found extensive components, exposing the software's true capabilities.
This disclosure raises concerns about surveillance and privacy. Stay tuned for updates on this developing story. ππ΅οΈββοΈ
So long and thanks for reading all the phish!