fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Google Forms And Telegram Abused To Collect Phished Credentials

Google Forms And Telegram Abused To Collect Phished Credentials

Security researchers note an increase in alternative methods to steal data from phishing attacks, as scammers obtain the stolen info through Google Forms or private Telegram bots.

Email remains the preferred method to exfiltrate stolen info but these channels foreshadow a new trend in the evolution of phishing kits.

Remote data exfiltration trends

Analyzing phishing kits over the past year, researchers at cybersecurity company Group-IB noticed that more of these tools allow collecting stolen user data using Google Forms and Telegram.

These are regarded as alternative methods for obtaining compromised data and account for close to 6% of what Group-IB analysts found, a share that is likely to increase in the short term.https://www.ad-sandbox.com/static/html/sandbox.html

Storing the info in a local file in the phishing resource is also part of the alternative exfiltration methods and accounts for the highest percentage of all.

The use of Telegram is not new as operators turned to the service due to it being anonymous and easy to use. The notorious phishing kit 16Shop had this option back in 2019.

scam-as-a-service operation used by at least 40 cybercriminal gangs to impersonate popular classifieds, also relied on Telegram bots to provide fraudulent web pages.

Sending stolen data collected from a phishing site to Google Form is done through a POST request to an online form whose link is embedded in the phishing kit.

Compared to email, which can be blocked or hijacked and the logs lost, this is a safer method to exfiltrate the information, Group–IB told BleepingComputer.

Also Read: 4 Considerations In The PDPA Singapore Checklist: The Specifics

Devs double-crossing buyers

Another trend the researchers observed was that the authors of phishing kits were double-dipping to increase their profits by adding code that copies the stream of stolen data to their network host.

Group-IB explained that one way is by configuring the “send” function to deliver the information to the email provided by the buyer of the phishing kit as well as a “token” variable associated with a hidden email address.

The POST request from scripts responsible for sending out the data also initializes the “token” variable. Decoding the data from “token” shows that the developer associated two email addresses for its value.

Group-IB researchers also saw phishing kit developers hide web shells in the code, giving them remote access to the resource.

As far as the lures go, the company identified more than 260 unique brands, most of them being for online services (30.7% – online tools to view documents, online shopping, streaming services, and more), email clients (22.8%), and financial organizations (20%), which are typical targets.

Users of Microsoft, PayPal, Google, and Yahoo products were the top targets, the researchers say.

Yaroslav Kargalev, Deputy Director of Group-IB’s incident response team (CERT-GIB) says that scammers today use automation to replace blocked phishing pages quicker.

Also Read: The 3 Main Benefits Of PDPA For Your Business

A direct consequence of this is spreading “more complex social engineering used in large-scale attacks,” Kargalev says, which requires blocking the attacker’s entire infrastructure than just the phishing websites.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us