How To Hack An Apple Iphone With A Phishing Kit



Similar documents
White paper. Phishing, Vishing and Smishing: Old Threats Present New Risks

WEB ATTACKS AND COUNTERMEASURES

Spear Phishing Attacks Why They are Successful and How to Stop Them

SECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal

OCT Training & Technology Solutions Training@qc.cuny.edu (718)

THE PERFECT STORM WEATHERING CYBER THREATS IN THE HEALTHCARE INDUSTRY

Malware & Botnets. Botnets

The Cost of Phishing. Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Course Content: Session 1. Ethics & Hacking

Information Security Field Guide to Identifying Phishing and Scams

Evaluating DMARC Effectiveness for the Financial Services Industry

WHITEPAPER. V12 Group West Front Street, Suite 410 Red Bank, NJ

Bad Ads Trend Alert: Shining a Light on Tech Support Advertising Scams. May TrustInAds.org. Keeping people safe from bad online ads

How To Protect Your Online Banking From Fraud

3 day Workshop on Cyber Security & Ethical Hacking

SPEAR PHISHING UNDERSTANDING THE THREAT

TYPES, PREVALENCE, AND PREVENTION OF CYBERCRIME. Haya Fetais & Mohammed Shabana. Saint Leo University COM- 510

Phishing Activity Trends Report for the Month of December, 2007

TELECOM FRAUD CALL SCENARIOS

Managing Web Security in an Increasingly Challenging Threat Landscape


Phishing Past, Present and Future

Malicious Mitigation Strategy Guide

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

DDoS Attacks: The Latest Threat to Availability. Dr. Bill Highleyman Managing Editor Availability Digest

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security

Almost 400 million people 1 fall victim to cybercrime every year.

EVILSEED: A Guided Approach to Finding Malicious Web Pages

Fostering Incident Response and Digital Forensics Research

Do you need to... Do you need to...

Phishing Scams Security Update Best Practices for General User

SPEAR-PHISHING ATTACKS

Promoting Network Security (A Service Provider Perspective)

Marble & MobileIron Mobile App Risk Mitigation

Threat Spotlight: Angler Lurking in the Domain Shadows

HACKER INTELLIGENCE INITIATIVE. The Secret Behind CryptoWall s Success

SEC-GDL-005-Anatomy of a Phishing

Enterprise Apps: Bypassing the Gatekeeper

A Small Business Approach to Big Business Cyber Security. Brent Bettis, CISSP 23 September, 2014

Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking

Knowing Your Enemy How Your Business is Attacked. Andrew Rogoyski June 2014

How to Spot and Combat a Phishing Attack Webinar

WHITE PAPER. The Cost of Phishing: Understanding the True Cost Dynamics Behind Phishing Attacks

NATIONAL CYBER SECURITY AWARENESS MONTH

DDoS Attacks Can Take Down Your Online Services

National Cyber Crime Unit

Today s New Breed of -based Cyber Attacks and What it Takes to Defend Against Them

Utilizing Pervasive Application Monitoring and File Origin Tracking in IT Security

Why a Network-based Security Solution is Better than Using Point Solutions Architectures

How To Prevent Hacker Attacks With Network Behavior Analysis

WRITTEN TESTIMONY OF

Dissecting the Recent Cyber Security Breaches. Yu Cai School of Technology Michigan Technological University

Surviving the Era of Hack Attacks Cyber Security on a Global Scale

Internet Safety and Security: Strategies for Building an Internet Safety Wall

Threats and Attacks. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1

ISO27032 Guidelines for Cyber Security

Christos Douligeris cdoulig at unipi dot gr. Department of Informatics University of Piraeus

Anti-Phishing Best Practices for ISPs and Mailbox Providers

isheriff CLOUD SECURITY

FKCC AUP/LOCAL AUTHORITY

When Reputation is Not Enough: Barracuda Spam Firewall Predictive Sender Profiling. White Paper

VIDEO Intypedia013en LESSON 13: DNS SECURITY. AUTHOR: Javier Osuna García-Malo de Molina. GMV Head of Security and Process Consulting Division

THE SECURITY EXECUTIVE S GUIDE TO A SECURE INBOX. How to create a thriving business through trust

Foundations of Computer Security

Anthony Minnaar Dept of Criminology & Security Science School of Criminal Justice College of Law University of South Africa

10 Quick Tips to Mobile Security

Enterprise-Grade Security from the Cloud

SITUATION REPORT 1/ (5) INFORMATION SECURITY REVIEW 1/2007

QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY

Phishing The latest tactics and potential business impacts

SPAM, VIRUSES AND PHISHING, OH MY! Michael Starks, CISSP, CISA ISSA Fellow 10/08/2015

Transcription:

Analysis Report Besmellah Apple phishing kit

Introducing the campaign In the recent past, Apple customers have been amongst the favourite targets of cyber attacks, especially in the form of phishing. Cybercriminals are generally after personal and sensible data, including bank account details. Last month only, the so called "Celebrity gate", also named "Fappening" has drawn significant media attention, as the privacy of dozen international celebrities, and Apple clients, has been violated and hundreds of personal, sometimes intimate, pictures have been made public. Media have been very quick in putting Apple under the spotlight, blaming their supposed vulnerabilities, specifically those in their "find my iphone" feature According to the company though, accidents were the result of specific attacks, targeting their customers and aimed at stealing their personal and account details. Apple has been increasingly targeted by criminals, and the recent appearance of specific, pre-packaged "phishing kits" widely available on the internet makes companies surely not limited to Apple only - and their clients significantly more exposed to malicious activities. Within this context, a new specific kit called Besmellah has been identified, the malicious end-to-end process analysed and the identity of the responsible revealed. The attack was successfully carried by a young attacker, which was interested in bank accounts and credit card details of Apple customers. Threat Analysis The analysis of the threat shown that the attack takes place in a three-way process. As per the common features of the Besmellah kit, the attack starts with a fraudulent email, sent to the recipient from an apparently legitimate support account address (support@apple.com). In the body of the email the attacker refer to a non-specified technical issue, and recommend the recipient to follow a link in order to validate the account and avoid its closure. In these cases the use of the Spoofing technique on the sender email tends to be successful as recipients are more inclined to lower the guard and trust the link. In addition, it is worth mentioning the use of the popular service of URL abbreviation called Bitly, to allow the malicious link to by-pass anti-phishing tool and hide the real final address of the sender. Following the link, the victim is readdressed to a web page where it is asked to insert their account credentials. The form and web page resemble in a great deal of details the licit ones, although the domain used to host the web page is clearly not legitimate. In this specific case the website used to host the pages was that of an Indian professional, previously hacked through the exploitation of CMS known vulnerabilities of WorldPress, and used to install the kit. Once credentials are submitted an email is forwarded to the attacker. This email contains customers IP address along with date and time of the submission. As second step, the victim is asked to fill a second form and provide other key information linked to their accounts, such as name, address, phone number, driving license and credit card details (number, expiry date, CVV). As in step one, as soon as the info are submitted, the attacker receives an email with all these details plus the geo-localized IP address of the victim. 2

Third and last step, the victim is redirected to the legitimate domain, in this case Apple s itunesconnect. apple.com One of the aspects that make the Besmellah kit very effective is the use of a blacklist of IP addresses of the most popular search engines and Spider-bot, aiming at tracing and tracking phishing threats. Identification of the attacker The process to identify the attackers started from the analysis of the hacked website. Within its architecture the presence of a zip archive has been detected the archive hosted the fully functioning kit used for the operation: 3

The analysis of the source code revealed the email address the attacker was using to receive the account and victim s personal info: Performing a Facebook search of the email address, the association to a specific account has been identified: 4

The analysis of the profile linked to the account allowed to discover pictures and attacker s personal information: male, Tunisian origins, young and very interested and active in spamming and hacking activities. In addition, the intentions of the attacker were clear given he is part of several organizations known for their spamming activities: these groups share information as well as strategies to obtain sensitive information and launch cyber attacks. Conclusion The analysis of this operation once again showed how dangerous phishing activities can be. These threats are on the rise and pose a significant risk to individuals are organizations alike. The availability in the internet of easy-to-use, pre-packaged tools such as the Besmellah represent a very dangerous incentive for young, maybe less experienced attackers, to commit unlawful and dangerous activities. To contrast these malicious activities, companies need to define and implement stricter risk management policies as well as adopt specific tools to prevent attacks, defend both their critical digital infrastructure and their customer base. 5

About Tiger Security Tiger Security is a leading company specialized in innovative Cyber Intelligence and Information Security solutions. Our client base include Public Sector (Governments, Military forces) and Corporates across the world. In addition, our cutting hedge services and products are used by several European Research Institutes across continents and represent the state of the art for Cyber Security, open-source-based solutions. Tiger Security value proposition fits the wider organisations risk management frameworks, in a context of increased relevance of Cyber Intelligence and Information Security solutions owing to heightened concerns for more complex, innovative and disruptive threats actions posed by criminal individuals and organisations. Tiger Security s mission is to discover, monitor and track digital threats using a non conventional, innovative and preventive approach, which result in a very significant improvement of our clients risk profile. 6

Tiger Security Srl Piazza Monterosa 33 05018 Orvieto (TR) ITALY web: www.tigersecurity.pro twitter: @tigersecurity 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information