Here’s How Phishing Messages Break Through Email Filters

Read Time:5 Minute, 45 Second

The content of this post is solely the responsibility of the author.  LevelBlue does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Phishing is an email-borne malicious technique aimed at learning the sensitive credentials of users or spreading malware. This practice has been on the list of the top cyber threats to individuals and businesses for years. According to the latest Phishing Activity Trends Report by APWG, the total number of phishing attacks identified in Q1 2024 exceeded 963,000. The average wire transfer amount requested in business email compromise (BEC) attacks during this period reached $84,000, showing a 50% increase compared to the previous quarter.

With the staggering statistics in mind, this hoax is among the strongholds of the global cybercrime economy. It comes as no surprise that there are plenty of security companies whose area of expertise is isolated to anti-phishing services that prevent rogue emails from reaching their customers’ inboxes. Since orchestrating these campaigns is becoming more difficult for criminals, they are developing more sophisticated attack vectors that get around mainstream defenses.

Phishers Are Thinking Outside the Box

Malicious actors leverage a few effective evasion techniques to make sure their misleading messages arrive at their destination. Here are several real-world stratagems used to obfuscate bad intentions and circumvent automated protection tools.

Hybrid “Vishing” Attacks Gaining Momentum

Voice phishing, or vishing, has become an effective social engineering scam over the years. The fact that the manipulation takes place over the phone plays into the hands of fraudsters, as it slips below the radar of traditional security controls. The caveat comes down to high reliance on factors like cold calls that many people ignore, which reduces the success rate of such hoaxes.

In an attempt to close that gap, criminals came up with a multi-step scheme that combines vishing and misleading emails. The idea is to contact a would-be victim initially with an email lure that contains a phone number in it. These messages will typically convey urgency by stating that the recipient might be locked out of their bank account, or that a suspicious financial transaction has been made without their consent.

The user is instructed to call the number specified in the email to solve the problem. However, instead of providing assistance, the scammer on the other end will try to learn sensitive information. The original phishing email doesn’t contain any suspicious attachments or links, which makes it look normal when inspected by spam filters and antivirus protections.

In some scenarios, criminals collect information about the victim from social media and other publicly accessible sources to make sure that the bait message correlates with their interests and lifestyle. The use of reliable data broker removal services can minimize the risk of exposure to this shady open-source intelligence (OSINT).

Compromised SharePoint Accounts

Another method for phishing scams to slide unnoticed into users’ inboxes is to piggyback on previously hacked SharePoint accounts. Email filters trust the domains used by this cloud-based collaborative service from Microsoft. The messages ask the recipients to click on an embedded secondary URL that leads to a malicious OneNote document disguised as a OneDrive for Business sign-in page. The credentials entered in this fake login form automatically go to the fraudsters.

Elusive Emails Impersonating Major Banks

This is a long-running hoax in phishing operators’ repertoire. The spoof email pretends to come from a popular financial institution such as the Bank of America. It asks the recipient to update their email address and provides a link leading to a credential phishing page camouflaged as the bank’s official site. To feign legitimacy, the scam includes an extra page where the victim is supposed to enter their security challenge question.

While the message is sent from a “@yahoo.com” email address rather than the real domain of the mimicked bank, many anti-phishing tools cannot identify it as potentially malicious. One of the reasons is that this fraud zeroes in on only several people in an organization rather than maximizing its reach. Filtering technologies mainly inspect large volumes of similar emails and may ignore messages coming in small quantities.

Secondly, the email passes security checks because it’s sent from a personal Yahoo account. Traditional verification instruments such as the Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting & Conformance (DMARC) confirm that the message doesn’t spoof the domain it’s coming from.

Thirdly, the blocklists integrated in a Secure Email Gateway (SEG) or the VPN of the user’s choice might not include the replica of the bank’s page due to its recent registration. Furthermore, the domain uses a valid SSL certificate issued by a trusted authority such as COMODO. This combo of techniques, plus subtle elements of urgency and pressure imposed upon a recipient via social engineering, makes this ostensibly simple phishing wave highly effective.

ZIP Archive with a Catch

One of the clever tricks in the modern criminal’s handbook is to cloak a malicious email attachment within a dodgy ZIP archive. The structure of a benign ZIP file normally includes a single “End of Central Directory” (EOCD) value that denotes the final component of the archive composition. Attackers are increasingly leveraging ZIP archives that contain two EOCD entries rather than one, which means that the attachments contain an extra archive structure hidden in plain sight.

The decompression engines built into some SEGs will only identify and vet the harmless “decoy” element while failing to detect and inspect the malicious sub-hierarchy of the archive. As a result of the furtive file extraction, a strain of info-stealing malware infects the victim’s computer.

Skewing an Email’s HTML Code

Yet another mechanism for getting around SEGs is to reverse the text in the source code of a message and then render it forward in the email itself. This way, security filters may allow the message to get through because its raw HTML content doesn’t match any known phishing templates. Meanwhile, the email will be shown to the would-be victim in a perfectly readable form.

A particularly tricky strand of this ruse involves Cascading Style Sheets (CSS), a programming tool designed for adding style elements to HTML documents. Attackers mishandle it to combine Latin and Arabic scripts in an email’s code. Since these scripts flow in different directions (left-to-right vs right-to-left), this method facilitates text reversing.

Vigilance is Key

While email filters are indispensable for protecting inboxes, they aren’t foolproof. Phishing schemes are constantly evolving, and some shadowy messages will slip through. The onus is ultimately on you, the recipient, to avoid being fooled. You can significantly reduce the risks by understanding the common phishing attempts and treating any email with a healthy dose of skepticism.

Read More

DSA-5759-1 python3.11 – security update

Read Time:27 Second

Multiple security issues were discovered in Python, a high-level,
interactive, object-oriented language:

CVE-2024-0397

A race condition in the ssl module was found when accessing
CA certificates.

CVE-2024-4032

The ipaddress module contained incorrect information whether
some ipv4 and ipv6 address ranges are designated as globally
reachable or private.

CVE-2024-8088

Incorrect handling of path names in the zipfile module could
result in an infinite loop when processing a zip archive
(resulting in denial of service)

https://security-tracker.debian.org/tracker/DSA-5759-1

Read More

USN-6973-3: Linux kernel (AWS) vulnerabilities

Read Time:34 Second

It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel, leading to a null pointer dereference vulnerability. A
privileged local attacker could use this to possibly cause a denial of
service (system crash). (CVE-2024-24860)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– SuperH RISC architecture;
– MMC subsystem;
– Network drivers;
– SCSI drivers;
– GFS2 file system;
– IPv4 networking;
– IPv6 networking;
– HD-audio driver;
(CVE-2024-26830, CVE-2024-39484, CVE-2024-36901, CVE-2024-26929,
CVE-2024-26921, CVE-2021-46926, CVE-2023-52629, CVE-2023-52760)

Read More

The Hidden Risks of Internet of Bodies (IoB): Cybersecurity in Healthcare Devices

Read Time:6 Minute, 50 Second

The content of this post is solely the responsibility of the author.  LevelBlue does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

The Internet of Bodies, or IoB, represents a groundbreaking shift in the healthcare industry, connecting vital health management devices like pacemakers, insulin pumps, and health monitors to the Internet.

While these advancements come with many remarkable benefits, they also expose these essential devices to new cybersecurity vulnerabilities. To help prepare for this remarkable shift, this article addresses the potential risks of IoB devices, highlighting the important intersection and interplay of healthcare and cybersecurity.

An Introduction to the Internet of Bodies

The Internet of Bodies, also known as the IoB, represents a significant leap in healthcare technology as we know it. It integrates connected devices that monitor and interact with the human body.

Its relevance, however, is accentuated by its potential to revolutionize patient care, particularly through remote monitoring and timely medical interventions.

Examples of IoB devices include pacemakers that transmit heart activity data to healthcare providers, insulin pumps that adjust dosage based on real-time glucose levels, and smart health monitors that track vital signs and alert users and doctors to irregularities.

These innovations are important in managing chronic conditions, providing real-time data that enhances patient outcomes and reduces hospital readmissions.

The topic of IoB is particularly timely as advancements in technology and data analytics continue to evolve, promising to improve healthcare delivery and patient experiences significantly. However, it also highlights important issues related to data privacy and security, requiring careful consideration of regulatory and ethical standards to protect patient information.

The Benefits of Utilizing IoB Devices in Healthcare

Utilizing IoB devices in healthcare brings numerous benefits, foremost among them being improved patient monitoring and personalized treatment. These devices help facilitate continuous and personalized patient care.

Improved patient monitoring and personalized treatment are among the primary advantages of IoB devices. These technologies enable real-time tracking of vitals and health metrics so that healthcare providers can customize treatments based on up-to-date information.

For instance, smartwatches used by Kaiser Permanente allow heart attack patients to share their health data continuously, leading to better monitoring and higher completion rates of rehabilitation programs​​.

IoB devices also increase efficiency and accuracy in medical interventions. An example of this are digital pills equipped with sensors that provide precise medication management by transmitting data about ingestion to healthcare providers. These devices help reduce medication errors and improve adherence to prescribed treatment plans​​.

The enhanced data collection and analysis that comes as a result of IoB devices contribute to better health outcomes. The vast amounts of data generated help better understand health patterns and predict potential issues.

As an example, smart thermometers used in Shanghai’s Public Health Clinical Center during the COVID-19 pandemic allowed for efficient monitoring and quick intervention by analyzing temperature data trends.​​​​.

Potential Cybersecurity Vulnerabilities of The IoB

While offering numerous benefits, IoB devices also present the potential to have significant cybersecurity vulnerabilities. After all, these devices are susceptible to various cybersecurity threats that could have dire consequences for patient safety and privacy.

One major threat facing healthcare organizations of all sizes and their IoB devices is the hacking of medical devices. For example, devices can be accessed remotely by malicious actors who might alter their settings, potentially leading to fatal outcomes.

The potential exploitation of these vulnerabilities can occur in multiple ways. For instance, hackers could intercept and manipulate data transmitted by these devices, compromising the integrity of medical treatments and patient records.

As always, connectivity itself is the main culprit. To make things even worse, the main attack vector isn’t a WiFi-equipped X-ray machine or a pacemaker, but the infrastructure of the healthcare provider or manufacturer. If they have a digital asset management system or an internal communication app in place, hackers would target that instead as a means of directly accessing IoB device networks.

Denial-of-service or DoS attacks could disrupt the normal functioning of these devices, leading to treatment delays and jeopardizing patient health. The theft of sensitive health data could also result in detrimental privacy breaches and unauthorized access to personal information.

Addressing each of these respective challenges requires having strong cybersecurity measures in place. Device manufacturers and healthcare providers must prioritize security from the design phase through the entire product lifecycle.

On top of this, implementing stringent encryption protocols, regularly updating software, and conducting thorough security audits are essential steps in mitigating these risks and ensuring the safety of IoB devices and the sensitive data they handle.

The Impact of Attacks on Patient Safety and Privacy

Cyberattacks on IoB devices can have profound consequences for patient safety and privacy in your organization.

Compromised IoB devices can directly threaten patient health by altering the functions of essential medical devices. For instance, hacking into these devices can disrupt their operation, potentially leading to life-threatening situations like incorrect dosage delivery or heart rate irregularities.

The risks to personal health data are significant as well. IoB devices collect vast amounts of sensitive information, which, if breached, can lead to severe privacy violations. Stolen health data can be exploited for identity theft, insurance fraud, or unauthorized access to medical records.

The psychological impact on patients is also substantial, as they might lose trust in the healthcare system and experience increased anxiety and stress over their compromised data security.

Current IoB Security Measures and Their Limitations

Current security measures for IoB devices include encryption protocols, multi-factor authentication, and real-time threat detection. Each of these measures aims to protect the data transmitted between IoB devices and central systems, securing the integrity and confidentiality of sensitive health information.

However, these security protocols have limitations. Despite the implementation of encryption, many IoB devices still lack adequate protection due to weak authentication practices, unpatched vulnerabilities, and the absence of industry-wide security standards.

What’s more, many of these manufacturers, on both the software and the hardware side, don’t even follow security-by-design principles when launching products, which the end user isn’t even remotely aware of. These shortcomings can make IoB devices susceptible to cyberattacks, such as DoS attacks and data breaches.

For instance, weak default passwords and lack of multi-factor authentication can leave devices exposed to unauthorized access and exploitation.

Examples of security breaches illustrate these vulnerabilities. Notably, implantable cardiac devices from St. Jude Medical were found to have essential security flaws that could be exploited to drain the battery or administer incorrect shocks. Similarly, ransomware attacks on healthcare facilities have disrupted patient care, leading to delayed treatments and increased mortality rates.

While we clamor about HIPAA and health data privacy in general, the dream of hosting IoB-harnessed data on local devices is still far-fetched. The average tech-conscious user would love to download their own vitals for the data, store them in Sharepoint or Google Drive as a backup, and have them on a local server.

But, what even the savviest users don’t realize is that the average user cannot ensure HIPAA-like data protections are in place.

Strategies for Enhancing IoB Cybersecurity

To help improve IoB cybersecurity across the board, manufacturers must adopt stringent encryption standards and secure authentication methods. Keeping devices secure involves performing regular software updates and conducting thorough security testing in routine intervals.

Healthcare providers should perform routine security assessments of IoB devices and ensure their staff is trained in cybersecurity best practices. Meanwhile, patients can help contribute by using strong, unique passwords where applicable and keeping their IoB devices updated with the latest firmware.

Keeping Your IoB Devices Safe and Protected

The integration of IoB devices in healthcare holds immense potential for improving patient care through advanced monitoring capabilities and more personalized treatment options. However, this progress brings with it significant cybersecurity challenges that organizations must address.

Maintaining the security of these devices requires a coordinated effort from manufacturers, healthcare providers, and patients alike. As we continue to embrace the future of IoB, maintaining a strong focus on cybersecurity will be essential to realizing its full potential while protecting those who rely on these life-enhancing technologies.

Read More