Quishing – QR Code Phishing Attacks to Steal Credential

Quishing – QR Code Phishing Attacks to Steal Credential

Aug 29, 2024 | 0 comments

Cybersecurity researchers are highlighting a new QR code phishing campaign, also known as “quishing,” which exploits Microsoft Sway’s infrastructure to host fraudulent pages. This case underscores the ongoing misuse of legitimate cloud services for malicious intent.

What is QR Code?

A QR (Quick Response) code is an image that can hold up to 7,089 numbers or 4,296 characters. Originally, QR codes were used as simple tags for tracking physical objects. In the 1990s, the Japanese car industry started using them to keep tabs on vehicles and parts during manufacturing. As technology advanced, QR codes became more versatile, allowing them to send information directly to smartphones when scanned.

What is QR Code Phishing (Quishing)?

A QR (Quick Response) code is an image that can hold up to 7,089 numbers Today, many tools are effective at spotting and blocking harmful links that might lead to phishing sites or malware. However, most of these tools can’t yet detect malicious QR codes, which has led cybercriminals to increasingly use them in their schemes. QR code phishing, or “quishing,” operates similarly to other phishing methods. It’s a social engineering tactic aimed at tricking people into revealing personal information, such as login credentials or financial details. Just like other phishing attacks, its main goal is to deceive individuals into providing sensitive information, including Social Security numbers, bank login details, or email passwords or 4,296 characters.

Originally, QR codes were used as simple tags for tracking physical objects. In the 1990s, the Japanese car industry started using them to keep tabs on vehicles and parts during manufacturing. As technology advanced, QR codes became more versatile, allowing them to send information directly to smartphones when scanned.

In a clever twist, attackers have now begun crafting QR codes using Unicode text characters instead of images,” SlashNext CTO J. Stephen Kowski said. “This new technique, which we’re calling ‘Unicode QR Code Phishing,’ presents a significant challenge to conventional security measures.” What makes the attack particularly dangerous is the fact that it entirely bypasses detections designed to scan for suspicious images, given they are composed entirely of text characters. 

Significant QR code vulnerabilities

  • In China, there were caught scammers who placed fake parking tickets with QR codes for convenient payment with the help of cell phones on parked cars.
  • In the Netherlands, fraudsters used a legitimate feature of a mobile banking app to scam bank customers with QR codes.
  • In Germany, fake emails containing QR codes lured eBanking customers to malicious websites under the pretext of reviewing privacy policy updates for their accounts.
  • In Texas, criminals pasted stickers with malicious QR codes to the city parking meters. This way, they tricked residents into entering credit card details into a fake phishing site.
  • Microsoft Sway, The cybersecurity firm said it observed a 2,000-fold increase in traffic to unique Microsoft Sway phishing pages starting July 2024 with the ultimate goal of stealing users’ Microsoft 365 credentials. This is achieved by serving bogus QR codes hosted on Sway that, when scanned, redirect the users to phishing websites.

How the Quishing (QR Phishing) Attack Works?

  • Creating Malicious Content: Attackers use Microsoft Sway, a legitimate web-based presentation tool, to create and host phishing pages. Sway allows users to design and share content easily, which can be exploited to create convincing fake webpages that mimic real services.

  • Generating QR Codes: Once the malicious content is hosted on Sway, attackers generate QR codes that link to these phishing pages. Since Sway is a reputable service, the URLs generated might appear more trustworthy compared to other, less known domains.

  • Distributing QR Codes: The attackers distribute these QR codes through various methods such as emails, social media, or physical printouts. Victims who scan the QR codes are redirected to the fake Sway pages that are designed to steal their personal information.

  • Harvesting Data: When victims interact with the fake pages and enter their sensitive information, such as login credentials or financial details, the attackers capture and exploit this data.

Why This Method is Effective?

  • Legitimacy of the Platform: Microsoft Sway is a well-known and trusted platform, so URLs from it are less likely to raise suspicion.
  • Ease of Use: Creating and publishing content on Sway is straightforward, making it accessible for attackers to set up phishing pages without needing deep technical expertise.
  • Deceptive Appearance: The phishing pages can be designed to closely mimic real websites, increasing the likelihood that users will fall for the scam.

QR Code Attacks Have Become a Significant Cybersecurity Concern.

  • The Fake Wi-Fi Network Scam: Cybercriminals place QR codes in public places, like cafes or airports, claiming to offer free Wi-Fi. Scanning the QR code connects users to a fake network, which can intercept sensitive information or redirect them to phishing sites.
  • Malicious Payment QR Codes: Attackers create QR codes that look like legitimate payment requests. When scanned, these codes redirect users to fake payment pages or apps that steal financial information or install malware.
  • Phishing for Personal Data: Fraudulent QR codes can direct users to fake login pages that mimic well-known services. The aim is to trick users into entering their credentials, which are then harvested by attackers.
  • Malware Distribution: QR codes can link to download sites for malicious software. When users scan the code and download the app or file, they inadvertently install malware that can compromise their devices and personal information.
  • Ransomware Attacks: Some QR codes are designed to lead to ransomware download sites. Once downloaded and executed, the ransomware encrypts the victim’s files and demands payment for the decryption key.
  • Credential Harvesting: Attackers use QR codes to direct victims to fake authentication pages for popular services. These pages collect login credentials, which can then be used to gain unauthorized access to accounts.
  • Social Engineering Scams: QR codes are sometimes used in social engineering scams where the code leads to a page that pretends to be an urgent message from a trusted entity, convincing victims to provide personal information or download harmful files.

How to Defend Against This Type of Attack?

  • Verify the Source: Be cautious of QR codes from unknown or untrusted sources. If you receive a QR code unexpectedly, verify its authenticity before scanning.

  • Inspect URLs Carefully: When redirected by a QR code, scrutinize the URL before entering any information. QR will often provide a preview of the link the code is pointing to. You should only be visiting trusted web pages with URLs they recognize. Alternatively, they could use their managed device to manually type in the desired destination URL instead of using the QR code as a navigation method. 
  • Use Trusted Apps: Some security apps can scan QR codes and check URLs for safety before you open them. These apps can help identify potential threats.

  • Enable Security Features: Use web browsers or security tools that provide real-time phishing protection and block known malicious sites. Some security solutions also offer QR code scanning capabilities to check for potential threats.

  • Educate Yourself and Others: Awareness is crucial. Understanding the risks associated with QR codes and phishing can help you recognize and avoid these threats.

  • Be Cautious with QR Codes: Always be cautious when scanning QR codes, especially those received via unsolicited or suspicious channels. Verify the source and ensure you trust the origin of the QR code.
  • Report Suspicious Activity: If you encounter a QR code or a site that seems suspicious, report it to the relevant platform or service provider. For example, Microsoft has mechanisms to report misuse of their services.
  • Malicious QR codes may have poor image quality or look blurry when embedded in an email. This could be an initial sign that the QR code is not legitimate. 
  • Never give out personal information unless you’ve confirmed the legitimacy of a QR code with the organization in question. 

By Ahmed Azeem
Res Opera DigiSolutions

I write about how to make your Internet browsing comfortable, Data Secure, and safe. The modern digital world is worth being a part of, and I want to show you how to do it properly.

Most Common User Threats and Vulnerabilities

Most Common User Threats and Vulnerabilities

Aug 28, 2024 | 0 comments

There are many ways that attackers can uncover vulnerabilities and exploit systems. Cyber threats can be classified into different categories. This allows organizations to assess the likelihood of a threat occurring and understand the monetary impact of a threat so that they can prioritize their security efforts. 

No Awareness of Security

Users must be aware of and understand an organization’s sensitive data, security policies and procedures, technologies, and countermeasures that are implemented in order to protect information and information systems.

Poorly Enforced Security Policies

All users must be aware of and understand an organization’s security policies, as well as the consequences of non-compliance.

Data Theft

Data stolen by users can pose a significant financial threat to organizations, both in terms of the resulting damage to their reputation and the legal liability associated with the disclosure of sensitive information.

Unauthorized Downloads and Media

Many network and device infections and attacks can be traced back to users who have downloaded unauthorized emails, photos, music, games, apps, or videos to their computers, networks, or storage devices. The use of unauthorized media such as external hard disks and USB drives also poses a threat.

Unauthorized VPNs

VPNs can hide the theft of unauthorized information because the encryption normally used to protect confidentiality can stop a network administrator from tracking data transmission (unless they have permission to do so).

Unauthorized Websites

Accessing unauthorized websites can pose a risk to a user’s data and devices, as well as the organization itself. Often, these websites prompt users to download scripts or plugins that contain malicious code or adware. Some of these sites can even take over user devices like cameras and applications.

Destruction of Systems, Applications or Data

The accidental or deliberate destruction or sabotage of systems, applications, and data poses a serious risk to all organizations. Activists, disgruntled employees, or industry competitors may attempt to delete data and destroy or misconfigure devices to make organizational data and information systems unavailable.

Always keep in mind that there are no technical solutions, controls, or countermeasures that will make information systems any more secure than the behaviors and processes of the people who use these systems.

Threats to Devices

Laptops, PC, Mac

  • Any devices left powered on and unattended pose the risk of someone gaining unauthorized access to network resources.
  • Downloading files, photos, music, or videos from unreliable sources could lead to the execution of malicious code on devices.
  • Cybercriminals often exploit security vulnerabilities within software installed on an organization’s devices to launch an attack.
  • An organization’s information security teams must try to keep up to date with the daily discovery of new viruses, worms, and other malware that pose a threat to their devices.

USB, Memory Stick

  • Users who insert unauthorized USB drives, CDs, or DVDs run the risk of introducing malware, or compromising data stored on their device.
  • Policies are in place to protect an organization’s IT infrastructure. A user can face serious consequences for purposefully violating such policies.
  • Using outdated hardware or software makes an organization’s systems and data more vulnerable to attack.

Threats to LAN

The local area network (LAN) is a collection of devices, typically in the same geographic area, connected by cables (wired) or airwaves (wireless).

Because users can access an organization’s systems, applications, and data from the LAN domain, it is critical that it has strong security and stringent access controls.

Threats to Cloud

The private cloud domain includes any private servers, resources, and IT infrastructure available to members of a single organization via the internet. While many organizations feel that their data is safer in a private cloud, this domain still poses significant security threats, including:

  • Unauthorized network probing and port scanning
  • Unauthorized access to resources
  • Router, firewall or network device operating system or software vulnerabilities
  • Router, firewall or network device configuration errors
  • Remote users accessing an organization’s infrastructure and downloading sensitive data

Threat Intelligence and Research Sources

The United States Computer Emergency Readiness Team (US-CERT) and the U.S. Department of Homeland Security sponsor a database of common vulnerabilities and exposures (CVE). These CVEs have been widely adopted as a way to describe and reference known vulnerabilities.

Each CVE entry contains a standard identifier number, a brief description of the security vulnerability, and any important references to related vulnerability reports. The CVE list is maintained by a not-for-profit, the MITRE Corporation, on its public website.

The Dark Web

This refers to encrypted web content that is not indexed by conventional search engines and requires specific software, authorization, or configurations to access. Expert researchers monitor the dark web for new threat intelligence.

Indicator of Compromise (IOC)

IOCs such as malware signatures or malicious domain names provide evidence of security breaches and details about them.

Automated Indicator Sharing (AIS)

Automated Indicator Sharing (AIS), a Cybersecurity and Infrastructure Security Agency (CISA) capability, enables the real-time exchange of cybersecurity threat indicators using a standardized and structured language.  Structured Threat Information Expression (STIX) and Trusted Automated Exchange of Intelligence Information (TAXII) are standards used in AIS.

Follow Knocktotalk Blog & Social Media to stay up to date with Technology.

Written By – Ahmed Azeem  (CEO and Founder: Res Opera DigiSolutions)

Windows 11 Cumulative update released with fixes, new features

Windows 11 Cumulative update released with fixes, new features

Aug 14, 2024 | 0 comments

Microsoft has released a new update for Windows 11 23H2 called KB5041585. This update, part of August 2024’s Patch Tuesday, includes improvements like the ability to drag apps directly from the Start menu to the taskbar.

Since this update includes important security fixes, it’s required to install.

To get the update, go to Start > Settings > Windows Update and click ‘Check for Updates’. You can also download it manually from the Microsoft Update Catalog.

If you don’t check for updates manually, Windows will automatically download and install the update when your computer isn’t in use.

Microsoft is also alerting users that Windows 11 22H2 will stop receiving support on October 8, 2024. To keep getting security updates, you should upgrade to Windows 11 23H2 before that date.

If you don’t check for updates manually, Windows will automatically download and install the update when your computer isn’t in use.

Microsoft is also alerting users that Windows 11 22H2 will stop receiving support on October 8, 2024. To keep getting security updates, you should upgrade to Windows 11 23H2 before that date.

What's new in the Windows 11 KB5041585 update

Installing the KB5041585 update will change the build number for Windows 11 22H2 to 22621.4037 and for Windows 11 23H2 to 22631.4037.

The KB5041585 update includes several improvements, such as a new feature that lets you duplicate a tab in File Explorer by right-clicking it.

Here’s the full list of changes. Keep in mind that some of these improvements and fixes will be rolled out gradually:

[Lock screen]

This update fixes the security issue CVE-2024-38143. As a result, the “Use my Windows user account” checkbox is no longer available on the lock screen for connecting to Wi-Fi.

[File Explorer]

Here are the issues and changes addressed by the update:

  • Right-Click Tabs: You can now right-click a tab to choose to duplicate it.
  • Memory Leak: Interacting with archive folders may cause a memory leak.
  • File Explorer Not Responding: File Explorer may stop responding while browsing.
  • Search from Home: You might not get any results when searching from Home for the first time.
  • Address Bar Dropdown: The address bar dropdown menu might appear unexpectedly.
  • Save Dialog Error: Saving a file to Gallery through the Save dialog now saves it to the Pictures library instead due to an error.
  • Search Box Issue: The search box may not show the correct folder name when in Gallery.
  • Blank Area in File Explorer: A blank area might appear at the top of File Explorer.
  • Mouse Buttons: The back and forward mouse buttons may not work when hovering over the Recommended Files section of Home.
  • Image Flashing: Images might flash when viewed in the Gallery.

[FIX: BitLocker (known issue)]

To unlock your drive, go to Settings > Privacy & Security > Device encryption. Windows might ask you to enter the recovery key from your Microsoft account.

[Desktop Icons]

The spacing between items might become very wide.

[Start Menu Pinned Apps]

You can now drag apps from the Pinned section of the Start menu and pin them directly to the taskbar.

[Taskbar & End Task]

When the taskbar has keyboard focus (using WIN + T), you can press a letter to jump to the app whose name starts with that letter. Pressing the letter multiple times will cycle through apps that start with the same letter. This only works if there are multiple pinned or open apps with names starting with that letter.

For an uncombined taskbar, pressing a letter will take you to the window whose name starts with that letter. Additionally, pressing Home and End will move the keyboard focus to the first and last items on the taskbar.

The End task option no longer shows a “not responding” dialog before stopping a task. This option can be enabled by going to Settings > System > For Developers and turning on End task.

[Notification for Windows Share in China]

For Nearby Sharing to work, both Wi-Fi and Bluetooth need to be turned on. If they’re off when you enable Nearby Sharing, Windows will prompt you to turn them on.

[Secure Boot Advanced Targeting (SBAT) and Linux Extensible Firmware Interface (EFI)]

[NetJoinLegacyAccountReuse]

This update removes this registry key.

Article Reference

You can find the full changelog for the KB5041585 update on Microsoft’s support website.

Follow Knocktotalk Blog & Social Media to stay up to dated with Technology.

Global SMS Stealer Campaign Targets Android Devices Across 100+ Countries

Global SMS Stealer Campaign Targets Android Devices Across 100+ Countries

Jul 31, 2024 | 0 comments

A massive campaign targeting android device globally utilizes thousands of Telegram bots to infect devices with SMS-Stealing malware and steal One-Time Passwords (OTPs).

Zimperium Researchers discovered the operation and stated in their blog regarding the issue: “Android-targeted SMS stealer campaign that our zLabs team discovered and has tracked since February 2022. Since then, zLabs researchers have identified over 107,000 malware samples. Throughout this period, zLabs researchers have witnessed firsthand how the attacker has evolved the malware to stay current and effective. This highlights both the longevity and sophistication of the malware and the attackers behind the campaign.”

TELEGRAM BOTS

  • The SMS stealer is distributed Telegram bots that automate communications with the victim.
  • At first, victims are led to page imitating Google Play, showing enlarged download counts to create a false sense of trust.
  • On Telegram, the bots promise to provide the user a pirated application for the Android platform, asking for their phone number before they share the APK file.
  • The Telegram bot uses that number to generate a new APK, making personalized tracking or future attacks possible.

Source: Zimperium.com

Most of the victims of this campaign are based in India and Russia, while Brazil, Mexico, and the United States also have significant victim counts.

Source: knocktotalk.com

Zimperium Researchers uncovered a crucial link that highlights the financial motive behind this large-scale malware campaign. They discovered a connection between a website, fastsms.su, and one of the malware samples from this campaign. Fastsms.su allows visitors to purchase access to “virtual” phone numbers in foreign countries, which they can use for anonymization and to authenticate to online platforms and services.

Source: knocktotalk.com

Zimperium also discovered that the malware transmitting SMS messages from the infected device to a specific API endpoint on this domain. The malware actively searches for incoming messages originating from a global cloud email and office suite provider. This focus on messages from this service suggests a particular interest in intercepting one-time passwords (OTPs).

Source: zimperium.com

The Scale of the Campaign

The scale of this malware campaign is deeply shocking. Let’s take a look at some of the numbers zLabs researchers uncovered to truly understand the scale of this campaign:

  • Over 107,000 Unique Malware Applications
  • Over 95% of Malware Samples are Unknown or Unavailable
  • Over 60 Top-tier Global Brand Services Targeted
  • 113 Countries
  • 13 Command and Control (C&C) Servers
  • Extensive Telegram Bot Network

To avoid phone number abuse, avoid downloading APK files from outside Google Play, do not grant risky permissions to apps with distinct functionality, and ensure Play Protect is active on your device.

Stay alert and proactive in safeguarding your devices to reduce the risk of falling victim to such campaigns.  

FOLLOW KNOCKTOTALK TO STAY UP TO DATE WITH THE CYBER UPDATED AND SOLUTIONS.

Apple iOS 18.1 Beta: A New Era with Apple Intelligence

Apple iOS 18.1 Beta: A New Era with Apple Intelligence

Jul 30, 2024 | 0 comments

Apple has released the iOS 18.1 Beta to developers, giving them early access to test the new AI-powered features of Apple Intelligence before they are made available in public previews.

Unveiled at Apple’s 2024 Worldwide Developers Conference, Apple Intelligence marks a significant step in the company’s AI strategy for future devices.

Apple Intelligence Features:

Following features includes Apple Intelligence shared in their website:

WRITING TOOLS

This new AI feature can proofread your text, offer different rewrites, and summarize it for you.

NEW SIRI

Siri will get additional features, including hundreds of new actions that can be taken on your behalf. Equipped with awareness of your personal context, the ability to act in and across apps, and product knowledge about your devices’ features and settings, Siri will be able to assist you like never before.

Reduce Interruptions

A new Focus feature that only displays notifications that are considered urgent, such as receiving a text about an emergency or other required, but not necessarily, planned activity.

Transcriptions

The ability to record, transcribe, and summarize audio.

NEW PHOTOS

Enhanced search for photos and videos and the ability to create a photo story based on an inputted description.

NEW MAIL

Apple Intelligence can also summarize emails for you and create AI-generated replies that even answer questions in an email.

Apple Intelligence Compatible Devices

Apple Intelligence is compatible with these devices coming in beta this fall while some features, additional languages will be coming over the next year:

iPhone 15 Pro Max A17 Pro
iPhone 15 Pro A17 Pro
iPad Pro M1 and Later
iPad Air M1 and Later
MacBook Air M1 and Later
MacBook Pro M1 and Later
iMac M1 and Later
Mac Mini M1 and Later
Mac Studio M1 Max and Later
Mac Pro M2 Ultra

ChatGPT Integrated

With ChatGPT now integrated with Siri and Writing Tools, you can get help right where you’re working, without switching apps. Siri can use ChatGPT to answer questions about your photos or documents, and Writing Tools’ Compose feature helps you create and illustrate content from scratch.

Discover an even more capable, integrated, personal Siri

  • Siri even more deeply integrated into the system experience with a glowing light that wraps around the edge of your screen.
  • With a double tap on the bottom of your iPhone or iPad screen, you can type to Siri from anywhere in the system when you don’t want to speak out loud.
  • Tap into Siri, you can ask questions when you’re learning how to do something new on your iPhone, iPad, and Mac, and Siri can give you step-by-step directions in a flash.
  • Siri communicating even more natural with better language understanding and voice. Siri knows what you’re talking about.
  • Apple Intelligence empowers Siri with onscreen awareness, so it can understand and take action with things on your screen.

To use the iOS 18.1 Beta and Apple Intelligence, you need an active paid developer account and must sign up for the AI feature in your iOS settings.

Follow Knocktotalk Blog & Social Media to stay up to dated with Technology.

Share
Share