Jun 29 2023
Welcome to Gone Phishing, your daily cybersecurity newsletter that’s keeping things hot like the Texas heatwave and boy we have we got some hot stories for you today.
Today’s hottest cyber security stories:
Who’s piloting your drone? 👀 I drone know 😬
Whose Team are you on?! Microsoft Teams vuln to hacks 😱
Phish sticks. I mean stats. Phishing statistics 2019-2023 👍
Greetings, tech enthusiasts! Today, we bring you groundbreaking news from the world of unmanned aerial vehicles (UAVs). Hold on tight as we delve into the fascinating realm of drone security and how it's evolving.
Securing the Skies: A Challenge for Drone Manufacturers
Picture this: drones soaring through the skies, capturing stunning aerial shots or delivering packages with utmost precision. But what if these airborne marvels fall into the wrong hands? Recent research conducted by IOActive, a prominent cybersecurity firm, has uncovered a potential vulnerability that could be exploited to compromise the functionality and safety of drones.
Electromagnetic Fault Injection (EMFI): Breaking the Barrier
IOActive's team of experts embarked on a mission to assess the current security posture of unmanned aerial vehicles. During their investigation, they honed in on a popular quadcopter drone known as the Mavic Pro, manufactured by DJI.
Equipped with advanced security features such as signed and encrypted firmware, Trusted Execution Environment (TEE), and Secure Boot, this drone seemed like an impregnable fortress. But was it?
The researchers uncovered a technique called Electromagnetic Fault Injection (EMFI), capable of bypassing the robust security measures put in place. By strategically injecting a specific EM glitch during a firmware update, threat actors could potentially achieve arbitrary code execution on the drone's main processor. 📡
The Consequences of Breach: From Code Execution to Sensitive Data Leakage
Once the attacker gains code execution on the drone's main processor, they can infiltrate the Android OS responsible for the core functionalities of the drone.
This intrusion opens the floodgates, granting the attacker full control over the device, access to sensitive content, and even the possibility of extracting encryption keys.
The Future of Drone Security: A Collaborative Endeavor
Join us as we embark on an exciting journey toward a more secure drone ecosystem. As researchers, manufacturers, and enthusiasts work together, we can pave the way for a future where drones remain a symbol of innovation and inspiration while soaring through the heavens, protected from the shadows that lurk in the digital realm.
Here’s a critical revelation that could impact the security of one of the most widely used communication platforms in the corporate world: Microsoft Teams. Brace yourselves as we dive into the depths of this vulnerability and its potential consequences.
Malware in the Inbox: a Troubling Discovery
Security researchers have recently unearthed a bug that poses a serious threat to organisations relying on Microsoft Teams for their internal communications. This flaw stems from Microsoft's default configuration, which allows external users to contact employees within an organisation.
Exploiting Vulnerabilities: The Malware Delivery Attack
With a crafty social engineering pretext to lure unsuspecting targets, attackers can take advantage of this vulnerability to deliver malware directly into employees' Microsoft Teams inboxes.
The chances of success for such a malicious attack are significantly high, amplifying the need for immediate attention and action.
Bypassing Security Controls: Unmasking the Threat
To understand the gravity of this vulnerability, it is crucial to recognize the permissive security controls many organisations have in place. These controls allow external users, including those from different Microsoft 365 (M365) tenants, to initiate conversations with employees.
However, it is precisely this openness that can lead to the exploitation of the vulnerability. By skillfully manipulating the internal and external recipient IDs in the POST request, attackers can easily exploit this vulnerability.
Quickfire round to round off today’s newsletter:
The UK has the highest phishing targeting rate in Europe, followed by Spain, France, and Italy.
Phishing attacks are widespread and evolving, with targeted attacks (spear phishing) posing a significant threat to businesses.
Phishing attacks hit an all-time high in 2022, with over 4.7 million attacks, showing consistent annual growth of 150% since 2019.
Loaders remain the most common phishing tool, followed by keyloggers and information stealers.
Spear phishing emails make up around 76% of all phishing attempts, often used for intelligence gathering purposes.
Human error plays a significant role in data breaches, emphasising the need for awareness training.
Attackers utilise trusted domains like Amazon AWS, Sharepoint, and Google, while also capitalising on current events such as COVID-19.
AI tools like ChatGPT can be leveraged by scammers to create fake login pages or malicious code.
Credentials targeted in phishing attacks have expanded beyond financial industries to include streaming services, gaming accounts, subscription platforms, reward programs, and more.
Smaller organisations and industries like mining, agriculture, forestry, and fishing are more likely to receive malicious emails.
Stay safe; it’s a jungle out there!
So long and thanks for reading all the phish!