company logo

Product

Our Product

We are Reshaping the way Developers find and fix vulnerabilities before they get exploited.

Solutions

By Industry

BFSI

Healthcare

Education

IT & Telecom

Government

By Role

CISO/CTO

DevOps Engineer

Resources

Resource Library

Get actionable insight straight from our threat Intel lab to keep you informed about the ever-changing Threat landscape.

Subscribe to Our Weekly Threat Digest

Company

Contact Us

Have queries, feedback or prospects? Get in touch and we shall be with you shortly.

loading..
loading..
loading..
Loading...

Bitcoin

Zero Day

Cryptocurrency

loading..
loading..
loading..

CAS driven Bitcoin ATMs are still vulnerable to cyber exploitation

Hackers have stolen cryptocurrencies surreptitiously exploiting zero day vulnerabilities in Crypto Application Server driven Bitcoin ATMs...

21-Aug-2022
3 min read

Related Articles

loading..

Raspberry Pi

Spoofing

A new $700 software called GEOBOX turns Raspberry Pi devices into powerful fraud...

A new breed of cybercrime software has emerged – GEOBOX. This software, sold on the Telegram messaging platform for a subscription fee, transforms a Raspberry Pi – a credit card-sized computer – into a potent and anonymous cyberattack tool. ### What is GEOBOX? GEOBOX is a cybercrime toolset designed to empower cybercriminals to leverage the processing power of a Raspberry Pi for malicious purposes. Raspberry Pis are popular for single-board computer enthusiasts due to their affordability and versatility. However, in the wrong hands, they can be harnessed for nefarious activities. GEOBOX equips the Raspberry Pi with the capability to spoof its location and mask its IP address, making it extremely challenging for cybersecurity professionals and law enforcement agencies to track down the perpetrators behind cyberattacks. This anonymity empowers cybercriminals to operate with a heightened sense of impunity, emboldening them to launch more frequent and audacious attacks. ### How Does GEOBOX Work? The specifics of GEOBOX's inner workings remain shrouded in secrecy, as the software is distributed exclusively through private channels on Telegram. However, based on available information, it is understood that GEOBOX functions by exploiting vulnerabilities in internet protocols and network configurations. By manipulating these weaknesses, GEOBOX enables cybercriminals to disrupt and manipulate online traffic, potentially rerouting it to fraudulent websites or harvesting sensitive data from unsuspecting users. ### GEOBOX Threat Landscape The emergence of GEOBOX presents a significant concern for cybersecurity professionals. The widespread availability and affordability of Raspberry Pi devices, coupled with GEOBOX's ease of use, lowers the barrier to entry for aspiring cybercriminals. Even individuals with limited technical expertise can potentially wreak havoc online with the aid of GEOBOX. Furthermore, GEOBOX's anonymity features make it an attractive proposition for seasoned cybercriminals seeking to evade detection. The ability to mask their location and IP address significantly complicates efforts to trace cyberattacks back to their source, potentially allowing attackers to operate with a sense of virtual invisibility. The potential repercussions of GEOBOX extend far beyond mere inconvenience. Financial fraud, identity theft, and the disruption of critical infrastructure are all potential consequences of GEOBOX falling into the wrong hands. ### Mitigating GEOBOX Threat Fortunately, there are steps that organizations and individuals can take to mitigate the threat posed by GEOBOX. Here are some essential cybersecurity practices: - **Maintaining vigilance:** Staying informed about the latest cyber threats and vulnerabilities is paramount. Security professionals should closely monitor threat intelligence feeds and advisories to remain abreast of emerging threats like GEOBOX. - **Patching vulnerabilities:** Promptly applying security patches to operating systems, software, and firmware is crucial in eliminating potential entry points for cyberattacks. Cybercriminals frequently target unpatched systems to exploit known vulnerabilities. - **Network segmentation:** Implementing network segmentation strategies can significantly limit the potential damage caused by a cyberattack. By compartmentalizing a network into distinct segments, a breach in one segment can be contained, preventing it from spreading throughout the entire network. - **Employing robust security solutions:** Utilizing multi-layered security solutions that encompass firewalls, intrusion detection/prevention systems (IDS/IPS), and endpoint protection software can significantly bolster an organization's cybersecurity posture. These solutions can help to detect and thwart cyberattacks before they can inflict significant damage. - **Raising awareness:** Educating employees and users about cybersecurity best practices is essential in defending against social engineering attacks and phishing scams, which are frequently used by cybercriminals to gain access to sensitive information or systems.

loading..   29-Mar-2024
loading..   3 min read
loading..

FlightNight

GoStealer

India targeted in a cyberespionage campaign involving phishing emails & Slack to...

Beginning March 7th, 2024, an alarming report details a recent cyber espionage campaign targeting delicate sectors of the Indian economy, specifically its defense and energy industries. This large-scale attack, dubbed Operation FlightNight, highlights the evolving tactics employed by malicious actors to infiltrate critical infrastructure and compromise sensitive information. Discovered by EclecticIQ analysts this intrusion leverages a modified version of the [HackBrowserData](https://github.com/moonD4rk/HackBrowserData) information stealer delivered via phishing emails. ### **Attack Methodology** The [campaign](https://blog.eclecticiq.com/operation-flightnight-indian-government-entities-and-energy-sector-targeted-by-cyber-espionage-campaign) relied on a combination of phishing emails and malware to achieve its objectives. Phishing emails, meticulously crafted to appear legitimate, were likely sent to unsuspecting employees within the targeted organizations. These emails may have posed as official communications from trusted sources or presented enticing offers. Once a recipient clicked on a malicious link or attachment within the email, malware would be deployed on their device. ![b34b3986-3854-4ab4-a553-1d3be9eedfa2.png](https://sb-cms.s3.ap-south-1.amazonaws.com/b34b3986_3854_4ab4_a553_1d3be9eedfa2_a8727acebd.png) ***Attack Chain*** Utilizing a decoy PDF disguised as an Indian Air Force invitation, the attackers employed ISO files containing malware executables. While it shares similarities with a Go-based stealer called GoStealer. This similarity lies in the infection sequence. Upon execution, the malware, disguised as harmless PDF icons, activated hidden payloads, exfiltrating data to Slack channels under the attackers' control. Both campaigns employ social engineering tactics to lure victims. Operation FlightNight uses phishing emails likely disguised as legitimate communications, while [GoStealer](https://xelemental.github.io/Golang-based-credential-stealer-targets-Indian-Airforce-Officials/) utilizes procurement-themed lures such as "SU-30 Aircraft Procurement.iso". Once a victim clicks on the malicious link or attachment, a decoy file is displayed to distract them, while the malware operates in the background, stealing information of interest. In Operation FlightNight's case, the stolen information is exfiltrated through Slack channels. ### **Targets and Data Exfiltration:** Government agencies overseeing electronic communications, IT governance, and national defense, alongside private energy companies, were targeted. The stolen data, including financial documents and employee details, was exfiltrated to Slack channels, totaling 8.81 GB, raising concerns of potential infrastructure breaches. ### **HackBrowserData: The Malware Behind the Attack** The malware, leveraging in Operation FlightNight has been identified as a modified version of modified versions of open-source known information stealer called HackBrowserData as already mentioned, exploited vulnerabilities in web browsers to steal credentials and data. This malware is specifically designed to target web browsing data, potentially including login credentials, browsing history, and other sensitive information stored within web browsers. Code similarities between the original tool and the modified variant indicate a sophisticated level of customization for covert operations. ### Slack: A Clandestine Exfiltration Channel A particularly concerning aspect of this operation is the involvement of Slack communication platforms for exfiltrating stolen data. The attackers chose slack, a popular collaboration tool widely used in legitimate business settings, likely to mask their malicious activity. By blending their traffic with regular communication within the targeted organizations, the attackers aimed to evade detection. ### **Detection and Mitigation Strategies:** Organizations can disable web browser features like password caching and auto-completion, implement two-factor authentication, and monitor for ISO mounting events and LNK file executions. Behavioral anomaly detection and network traffic monitoring can aid in identifying and mitigating similar threats. ### **Open-Source Offensive Tools** The attackers' utilization of open-source tools underscores the evolving landscape of cyber threats. By modifying existing tools and leveraging platforms like Slack for data exfiltration, as already mentioned the attackers reduce detection risks while maximizing operational efficiency. ### **Infrastructure Analysis** Analysis of the attackers' infrastructure, including Slack channels and authentication tokens, provides insights into their operational tactics. Tools like SlackPirate enable researchers to gather valuable intelligence on threat actors' communication channels and tactics. ### Stolen Data and Potential Consequences The stolen data in this cyber espionage campaign could encompass a wide range of sensitive information, including: Financial documents Personal details of employees Critical details about drilling activities in oil and gas This information could be exploited for various malicious purposes, such as: Financial gain through fraud or identity theft Disruption of critical operations within the defense and energy sectors Espionage and intelligence gathering

loading..   28-Mar-2024
loading..   4 min read
loading..

Outage

Panera Bread outage disrupts ordering, rewards, and internal systems. Cause unkn...

Panera Bread, the popular US food chain, has been struggling with a significant, nationwide IT outage since Saturday. Initial reports pointed to disruptions within point-of-sale (POS) systems, customer service channels, online ordering platforms, and even internal employee systems. Panera Bread has acknowledged the outage but the cause remains unconfirmed, fueling speculation of a potential cyberattack. ## Impact on Panera Bread Operations The severity of this outage is significant. While Panera Bread locations have remained open physically, the outage has rendered them "cash-only." This causes substantial inconvenience for customers. Further, loyalty program members are unable to redeem rewards points due to system inaccessibility. Employee scheduling and crucial internal management systems are also offline, creating additional challenges for the company's operations. Panera Bread's website and mobile app have been unavailable since the outage began, adding to the disruption. ## Official Response and Speculation Panera Bread has issued brief statements on social media expressing apologies and promising to work towards a solution. However, the lack of a detailed explanation regarding the root cause is concerning. The company's customer service phone lines are also down. The timing of the outage, occurring over a weekend when IT staffing might be reduced, raises the possibility of a cyberattack. Hackers often target organizations during off-hours to maximize the impact of their attacks.

loading..   27-Mar-2024
loading..   2 min read