Apr 01 2024
Sponsored by
Welcome to Gone Phishing, your daily cybersecurity newsletter thatโs sweeping the nation like a cyber Storm Nelson โ๏ธ
Todayโs hottest cybersecurity news stories:
๐ง PhaaS network Darcula Leverages RCS, iMessage to bypass security ๐ฌ
๐ Finland fingers infamous Chinese APT31 for parliament cyber attack ๐๏ธ
๐ DinodasRAT adapted for Linux, has been observed in several countries ๐
Heads up, everyone! A dangerous new threat is on the horizon, and it's targeting organisations worldwide with its devious phishing tactics. Introducing Darcula, a cunning Phishing-as-a-Service (PhaaS) platform that's causing havoc in over 100 countries. ๐ฑ๐
Darcula operates by utilising a vast network of more than 20,000 counterfeit domains to orchestrate large-scale phishing attacks. These attacks are not only sophisticated but also highly effective, thanks to Darcula's ability to leverage iMessage and RCS protocols, bypassing traditional SMS firewalls and targeting unsuspecting users worldwide. ๐ฒ๐ป
Offering support for about 200 templates impersonating legitimate brands, Darcula allows cybercriminals to set up phishing sites with ease, targeting sectors like postal services, financial institutions, and government bodies. With domains backed by reputable services like Cloudflare and Tencent, these phishing sites appear legitimate, making it harder for users to discern the deception. ๐ญ๐
But Darcula's cunning doesn't stop there. It's constantly evolving, with the ability to update phishing sites seamlessly and even cloak its presence with fake domain holding pages. This makes it incredibly challenging to detect and combat, leaving organisations vulnerable to exploitation. ๐ก๏ธ๐ต๏ธโโ๏ธ
What's more, Darcula's smishing messages are particularly insidious, exploiting vulnerabilities in iMessage and RCS to trick users into divulging sensitive information. By impersonating legitimate services like USPS and Apple support, these messages lure users into clicking malicious links, leading to potential identity theft and financial loss. ๐จ๐
Top Tips ๐ก๏ธ
Stay Vigilant: Be cautious of unexpected messages, especially those requesting personal or financial information.
Update Security Measures: Keep your devices and software up to date to mitigate potential vulnerabilities.
Educate Users: Train employees to recognize phishing attempts and report suspicious activity promptly.
Use Trusted Services: Opt for reputable VPNs and messaging platforms to minimise the risk of falling victim to phishing attacks.
Don't let Darcula sink its teeth into your organisation's security. Stay informed, stay vigilant, and together, we can combat this malicious threat! ๐๐ก๏ธ
As the movement towards cloud-first continues, how can teams ensure their cloud security and compliance programs are optimized? On April 10, join leaders from Vanta, CrowdStrike, and AWS as they discuss ways to leverage continuous compliance and security to proactively monitor cloud infrastructure.
The Police of Finland, in a groundbreaking announcement, has pointed fingers at a notorious Chinese nation-state actor, APT31, for orchestrating a brazen cyber attack targeting the country's esteemed Parliament back in 2020. ๐ฑ
According to authorities, the intrusion occurred between fall 2020 and early 2021, sparking a demanding and time-consuming criminal probe. The investigation, characterised by extensive analysis of a "complex criminal infrastructure," has now zeroed in on APT31's culpability in the audacious breach. ๐ป๐
APT31, known by aliases such as Altaire, Bronze Vinewood, and Judgement Panda, is a notorious Chinese state-backed group infamous for its cyber espionage exploits dating back to at least 2010. ๐ต๏ธโโ๏ธ๐
This revelation comes hot on the heels of the U.K. and the U.S. attributing a string of cyber espionage activities to APT31, implicating the group in a wide-ranging hacking spree targeting businesses, government officials, dissidents, and politicians. ๐ฎ๐ผ
Seven operatives associated with APT31 have been slapped with charges in the U.S., with two key figures โ Ni Gaobin and Zhao Guangzong โ facing sanctions alongside a shadowy entity named Wuhan XRZ, believed to be a front for nefarious cyber operations. ๐จ๐ฐ
China has vehemently denied these accusations, firing back at the Five Eyes alliance for what it perceives as spreading "disinformation" and engaging in cyberattacks against China. The diplomatic tensions surrounding cybersecurity issues continue to escalate, raising concerns about the future landscape of global cyber warfare. ๐๐
As the world watches with bated breath, one thing remains crystal clear: the battle for digital supremacy rages on, with each new revelation peeling back the layers of a complex and shadowy cyber landscape. Stay tuned for further updates as this gripping saga unfolds! ๐ฐ๐
๐ย The Motley Fool: โFool me once, shame on โ shame on you. Fool me โ you can't get fooled again.โ Good olโ George Dubya ๐ Let us tell whoโs not fooling around though; thatโs the Crรผe ๐ at Motley Fool. Youโd be a fool (alright, enough already! ๐) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ๐ Kidding aside, if you check out their website theyโve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ๐คย (LINK)
๐ตย Wander: Find your happy place. Cue Happy Gilmore flashback ๐๏ธโณ๐๐๏ธ Mmmm Happy Placeโฆ ๐ So, weโve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, itโs easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ๐๏ธ๐ย (LINK)
๐ย Digital Ocean: If you build it they will come. Nope, weโre not talking about a baseball field for ghosts โพ๐ป๐ฟ (Great movie, to be fair ๐). This is the Digital Ocean whoโve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website youโll find yourself catching the buzz even if you canโt code (guilty ๐). But if you can and youโre looking for somewhere to test things out or launch something new or simply enhance what youโve got, weโd recommend checking out their services foโ sho ๐ And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ๐ฟย (LINK)
Kaspersky researchers have uncovered a Linux variant of the notorious DinodasRAT, a multi-platform backdoor, actively targeting regions including China, Taiwan, Turkey, and Uzbekistan. This revelation sheds light on the evolving landscape of cyber threats, with malicious actors expanding their reach to Linux environments. ๐ง๐ป
DinodasRAT, also known as XDealer, is a sophisticated C++-based malware notorious for its ability to extract sensitive data from compromised systems. Its deployment has been linked to various threat actors with ties to China, underscoring the collaborative nature of cyber operations within certain circles. ๐ก๏ธ๐ค
The Linux version of DinodasRAT, identified as V10, was first discovered by Kaspersky in early October 2023. Unlike its predecessors, this variant is tailored to target Red Hat-based distributions and Ubuntu Linux. Upon infiltration, it establishes persistence using SystemV or SystemD startup scripts and communicates with remote servers to receive commands. ๐ผ๐
This backdoor is equipped with a wide range of capabilities, including file manipulation, process enumeration and termination, shell command execution, and the ability to download updated versions of itself. Moreover, it employs evasion techniques to avoid detection by security tools, highlighting its sophistication and adaptability. ๐ต๏ธโโ๏ธ๐
"DinodasRAT's primary objective is to establish and maintain control over Linux servers, facilitating data exfiltration and espionage," noted Kaspersky researchers. The discovery of this Linux variant underscores the need for enhanced cybersecurity measures to protect critical infrastructure and sensitive data from evolving threats. ๐
ย Thatโs all for today, folks! Stay safe out there ๐ก๏ธ๐ก๏ธ๐ก๏ธ
Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!
๐ก๏ธ Tl;dr sec: Join 30,000+ security professionals getting the best tools, blog posts, talks, and resources right in their inbox for free every Thursday ๐
๐ตย Crypto Pragmatist: Crypto made simple. Actionable alpha in 5 minutes, 3x a week. Join 47,000+ investors and insiders, for ๐
๐ย Bitcoin Breakdown: The best in Bitcoin, carefully curated by an alien from the future ๐พ
Let us know what you think!
So long and thanks for reading all the phish!