fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Hackers Now Abuse BaseCamp For Free Malware Hosting

Hackers Now Abuse BaseCamp For Free Malware Hosting

Phishing campaigns have started to use Basecamp as part of malicious phishing campaigns that distribute malware or steal your login credentials.

Basecamp is a web-based project management solution that allows people to collaborate, chat with each other, create documents, and share files.

When creating documents, they can be formatted with HTML links, images, and stylized text. Basecamp also allows users to upload any file to a project, including file formats that are usually considered unsafe such as executables, JavaScript files, etc.

Files and docs in a Basecamp project
Files and docs in a Basecamp project

To publicly share uploaded files, users can create a public link that allows people outside the organization to preview the file and download it.

Generate a public link for an uploaded file
Generate a public link for an uploaded file

Also Read: 5 Assessment Tools To Find The Right Professional Fit

When users click on this link [example shared file], they will be brought to a page that previews the file and includes another link to download the file to your computer.

As Basecamp offers a free license, users get free hosting that they can use to distribute any type of file they want.

Basecamp used to distribute malware executables

Security researchers MalwareHunterTeam and James have found that threat actors are distributing BazarLoader executables using public Basecamp download links.

BazarLoader is a stealthy backdoor Trojan from the TrickBot gang used against high-value targets to compromise their networks. Once installed, BazarLoader will deploy Cobalt Strike beacons that allow threat actors to access the network and ultimately deploy the Ryuk ransomware.

By abusing safe services such as Basecamp to host malicious files and phishing pages, users can be lulled into a false sense of trust and open files that they normally would not.

Furthermore, by using Basecamp URLs, threat actors can create carefully constructed and targeted campaigns to infiltrate a network as users may feel that the file is from their Basecamp project.

Due to this, it is always essential for everyone to treat all shared links or downloads as suspicious, regardless of where they originate.

Basecamp abused in phishing campaigns

This week security researcher Will Thomas discovered that threat actors are also abusing Basecamp as part of phishing campaigns.

Also Read: Best Privacy Certification: 3 Simple Steps On How To Achieve

In a report by cybersecurity firm Cyjax, Thomas explains that phishing campaigns are now abusing Basecamp to host intermediary pages that redirect users to phishing landing pages.

As Basecamp is considered a trusted service, it allows threat actors to create pages that bypass security solutions that it as safe traffic.

“This technique is effective because Basecamp and Google Cloud hosting are often used for business operations and are regarded as safe by default by most detection systems. Cloud platforms also preserve the anonymity of their users and can be set up in no time at all. They are difficult for human SOC analysts to recognise as a threat because the traffic to and from these services appears legitimate,” Thomas explains in his report.

For example, Thomas discovered a recent Phishing campaign that used a shared Basecamp document to redirect to a phishing Office 365 credential phishing page.

Phishing intermediary page hosted on Basecamp
Phishing intermediary page hosted on Basecamp

In addition to security solutions seeing the referer as “safe” traffic, the advantage of using Basecamp for intermediary pages is that they can be edited as needed.

Suppose a phishing landing page is taken down. In that case, the threat actors can simply log into Basecamp and modify their intermediary page to redirect to a different page to steal login credentials.

This ability allows threat actors to keep a campaign alive even when their phishing pages are removed.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us