๐Ÿšจ New Threat Alert! Introducing the Wiki-Slack Attack ๐Ÿ“ข

Oct 31 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that treats cybercriminals like hot tubs treat Chandler Bing ๐Ÿ’€๐Ÿ’€๐Ÿ’€

Todayโ€™s hottest cybersecurity news stories:

  • ๐Ÿ‘จโ€๐Ÿ’ป Slack attack! Cybercriminals use modified Wikipedia pages to attack ๐Ÿ‘Š

  • ๐Ÿ“š You lie very well: Toronto public library falls victim to cyber-crime ๐Ÿ‘พ

  • ๐Ÿ“ข How to get ahead in malvertising: Dynamic Search Ads get got ๐Ÿ™ˆ

Donโ€™t Slack on cyber-attacks! ๐Ÿ˜ฌ

๐Ÿ”’ Stay Secure with eSentire: ๐Ÿšจ New Threat Alert! Introducing the Wiki-Slack Attack ๐Ÿ“ข

Security experts at eSentire have uncovered a sneaky new method that cyber attackers are using to lead business professionals to dangerous websites. ๐Ÿฆ ๐Ÿ–ฅ๏ธ

๐Ÿ‘พ The Wiki-Slack Attack:

This crafty technique leverages modified Wikipedia pages and exploits a formatting glitch in Slack, a popular collaboration tool.

๐Ÿคจ How It Works:

To execute the attack, the bad actors select a Wikipedia article relevant to their target, add a legitimate footnote to the end of the first paragraph, and then share the article on Slack. ๐Ÿ˜ˆ

๐Ÿ”— The Deceptive Link:

While the footnote is harmless, Slack's rendering of the page creates an invisible link that entices users to click it. ๐Ÿ˜ฎ Once clicked, it directs them to a harmful website housing browser-based malware. ๐Ÿฆ 

๐Ÿ’ป The Technical Details:

This attack relies on specific conditions in the first 100 words of the article, including a top-level domain in the second paragraph. Slack's formatting hiccup generates the deceptive link.

๐Ÿ“ˆ A Numbers Game:

Attackers must modify multiple Wikipedia pages and register domains to improve their chances of infecting a desired target. ๐Ÿ“Š

๐Ÿ“š Why Wikipedia?:

Using Wikipedia pages, which are more trusted than Medium blogs, increases the chances of success. ๐Ÿ˜‡

๐Ÿ›ก๏ธ Stay Protected:

To defend against such attacks, organisations are urged to raise awareness about browser-based threats, implement endpoint monitoring, and embed cyber resilience into their operations. eSentire has reported the issue to Slack for resolution. ๐Ÿฆธโ€โ™‚๏ธ๐Ÿฆธโ€โ™€๏ธ

Be cautious when copying and pasting Wikipedia content in Slack, and remember to stay cyber safe ๐Ÿ’ช๐Ÿ’ป๐Ÿ”

Cybersecurity is more important than ever, and your Mac or PC are no exception. Over time, your Mac or PC can accumulate junk files, malware, and other threats that can slow it down and make it vulnerable to attack.

That's where MacPaw comes in. MacPaw offers a suite of easy-to-use apps that can help you clean, optimize, and secure your Mac. With MacPaw, you can:

  • Remove junk files and malware to free up space and improve performance

  • Protect your privacy by erasing sensitive data

  • Optimize your startup settings to speed up boot times

  • Manage your extensions and apps to keep your Mac or PC running smoothly

Since 2008 MacPaw is trusted by over 30 million users worldwide, and it's the perfect solution for keeping your Mac or PC safe and secure.

Hackers: HELLO, Iโ€™M IN THE LIBRARY! ๐Ÿงฑ๐Ÿ“ž

๐Ÿ” Toronto Public Library Hit by Cyberattack ๐Ÿ“š

๐ŸŒ Canada's largest public library system, the Toronto Public Library, is grappling with a disruptive cyberattack that has impacted its website, member services, and access to digital collections.

๐Ÿ“ˆ Library's Scale:

Serving over 1.2 million members across 100 branches with more than 12 million items, the library reported technical difficulties affecting online services, in-branch WiFi, and printing.

๐Ÿ›ก๏ธ Cybersecurity Incident:

By Sunday, the organisation confirmed the presence of a cybersecurity incident, replacing its website with a temporary statement page. Key services like "your account," map passes, and digital collections are currently unavailable.

๐Ÿ”’ Data Security:

There's no evidence, as of now, that personal information of staff or customers has been compromised. The library has proactively prepared for cybersecurity issues and is taking measures to mitigate potential impacts.

๐Ÿ‘ฉโ€๐Ÿ’ป Recovery Efforts:

Cybersecurity experts have been engaged to resolve the issue, but full system restoration may take several days.

โ“ Attack Details:

It remains unclear whether it's a ransomware incident, and no hacking group has claimed responsibility. The organisation has not disclosed plans for paying a ransom.

๐ŸŒ† City's Cyber Challenges:

Toronto has faced previous cybersecurity incidents, including a data breach, a ransomware attack on its public transportation system, and most recently, data theft from suspected Russia-based ransomware hackers.

๐ŸŒŽ Nationwide Trend:

Cyberattacks have also plagued other prominent institutions in Canada, highlighting the need for increased vigilance against such threats.

Stay tuned for updates on the Toronto Public Library's recovery efforts! ๐Ÿ“ข๐Ÿ”’๐Ÿ“š

๐ŸŽฃ Catch of the Day!! ๐ŸŒŠ๐ŸŸ๐Ÿฆž

๐Ÿƒย The Motley Fool: โ€œFool me once, shame on โ€” shame on you. Fool me โ€” you can't get fooled again.โ€ Good olโ€™ George Dubya ๐Ÿ˜‚ Let us tell whoโ€™s not fooling around though; thatโ€™s the Crรผe ๐Ÿ‘€ at Motley Fool. Youโ€™d be a fool (alright, enough already! ๐Ÿ™ˆ) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ๐Ÿ› Kidding aside, if you check out their website theyโ€™ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ๐Ÿค‘ย (LINK)


๐Ÿšตย Wander: Find your happy place. Cue Happy Gilmore flashback ๐ŸŒ๏ธโ›ณ๐ŸŒˆ๐Ÿ•Š๏ธ Mmmm Happy Placeโ€ฆ ๐Ÿ˜‡ So, weโ€™ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, itโ€™s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ๐Ÿž๏ธ๐Ÿ˜ย (LINK)


๐ŸŒŠย Digital Ocean: If you build it they will come. Nope, weโ€™re not talking about a baseball field for ghosts โšพ๐Ÿ‘ป๐Ÿฟ (Great movie, to be fair ๐Ÿ™ˆ). This is the Digital Ocean whoโ€™ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website youโ€™ll find yourself catching the buzz even if you canโ€™t code (guilty ๐Ÿ˜‘). But if you can and youโ€™re looking for somewhere to test things out or launch something new or simply enhance what youโ€™ve got, weโ€™d recommend checking out their services foโ€™ sho ๐Ÿ˜‰ And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ๐ŸŒฟย (LINK)

Scottish accent: Thatโ€™s Dynamical, that is ๐Ÿ˜‚ #AllyMccoist

๐Ÿšซ Unintentional Malvertising: A Unique Incident Unveiled ๐Ÿคฏ

In the world of malvertising, where threats often stem from malicious intent, a peculiar incident has emerged. This time, malvertising unfolded entirely by accident. ๐Ÿคทโ€โ™‚๏ธ

๐ŸŒ The Culprits:

Combining a compromised website and Google Dynamic Search Ads led to this unusual situation. A popular Python developer program unwittingly got involved.

๐Ÿ“ข From the Site Owner's Viewpoint:

For a wedding planning business, some website pages were tainted with malware, spamming malicious content. An overlay surfaced, promoting software serial keys, including Pycharm for developers.

๐ŸŒŸ Dynamic Search Ads Twist:

Google's Dynamic Search Ads (DSA) automatically create ads based on website content. While convenient for advertisers, it can be exploited. In our case, a search for 'pycharm' revealed an ad with a misleading title and wedding-related keywords.

๐Ÿ’ป The Twist:

Google Ads generated this ad from the compromised page, making the website owner an unwitting intermediary. Their own ad led to malware.

๐Ÿ›ก๏ธ The Malware Maze:

People clicking the misleading ad were directed to a compromised page with a link to download a serial key. Installing it unleashed a flood of malware, rendering the computer unusable. ๐Ÿ˜ฑ

๐Ÿคจ The Motive:

The criminal likely sought to monetize software loads for commissions, despite it being a blatant attack.

๐Ÿ“š A Different Breed:

This incident stands out as atypical malvertising. The website owner may not have been aware of the situation, and the ad quality was hard to spot as it was paid for by a legitimate business.

โš ๏ธ Stay Safe:

For your online safety, practise cautious browsing, and avoid downloading cracked software. Always ensure it's clean before running it.

๐Ÿ“ฃ Action Taken:

Malwarebytes detected the malicious payloads, and the compromised wedding planning business has been alerted to the situation.

Stay vigilant online, and beware of unintentional cyber twists! ๐Ÿ•ต๏ธโ€โ™‚๏ธ๐Ÿ’ป๐Ÿฆ 

๐Ÿ—ž๏ธ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.

  • Libby Copa:ย The Rebel Newsletter helps writers strengthen their writing and creative practice, navigate the publishing world, and turn their art into an act of rebellion.

  • Techspresso:ย Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)

Let us know what you think!

So long and thanks for reading all the phish!

Recent articles