Security Boulevard

OCTOBER 2, 2023

This blog examines the escalating phishing landscape, shortcomings of common anti-phishing approaches, and why implementing a Protective DNS service as part of a layered defense provides the most effective solution. This is where Protective DNS comes in.

DNS 64

DNS Phishing Social Engineering Engineering 64

Webroot

DECEMBER 22, 2020

While you probably already have some combination of security tools in place, such as endpoint protection, DNS or web filtering, etc., the 2020 Verizon Data Breach Investigations Report states that phishing and social engineering are still the primary tactics used in successful cybersecurity breaches.

Security Awareness 62

Security Awareness Social Engineering Phishing Engineering 62

Security Affairs

JULY 11, 2022

Figure 2 presents an example of an SMS sent to Internet end-users during the ANUBIS social engineering wave. Figure 2: Example of SMS sent during the social engineering wave. Operators can easily make this configuration through an interface that uses the CloudFlare API for configuring new DNS zones.

Phishing 100

Phishing Social Engineering Banking Engineering 100

Security Boulevard

JANUARY 17, 2024

This blog post describes methods that SpecterOps consultants have researched to successfully circumvent this technology during offensive assessments. This can be accomplished in a couple of different ways depending on the capabilities and configuration of the RBI implementation using either DNS C2 or Third-Party C2.

DNS 64

DNS Penetration Testing Passwords Encryption 64

Digital Shadows

JANUARY 30, 2023

Editor’s note: Dean Murphy , Brandon Tirado , and Joseph Morales all contributed to this blog. The SocGholish malware distribution network employs social engineering and drive-by compromise to drop malware on endpoints. The VirusTotal passive DNS entry for this IP address showed various subdomains being used.

Social Engineering 40

Social Engineering DNS Engineering Malware 40

Security Boulevard

APRIL 26, 2022

Some details about this campaign were published in this Korean blog, however they did not perform the threat attribution. In this blog, we will share the technical details of the attack chains, and will explain how we correlated this threat actor to Lazarus. This is done for the purpose of social engineering.

Phishing 52

Phishing DNS Cryptocurrency Accountability 52

Daniel Miessler

SEPTEMBER 27, 2020

If your VPN includes all DNS requests and traffic then you could be hiding significantly from your ISP. You will eventually be hacked via phishing, social engineering, poisoning a site you already frequent, or some other technique. How bad is it to be a public figure (blog/YouTube) in 2020? This is true. Script Kiddies.

VPN 326

VPN Risk Hacking Encryption 326

Security Boulevard

JUNE 28, 2023

You decide to take a look at their DNS cache to get a list of internal resources the user has been browsing and as you look through the list, there are several that you recognize based on naming conventions. Introduction Let me paint a picture for you. One in particular might be interesting: Atlassian.

Authentication 52

Authentication Passwords Penetration Testing Social Engineering 52

eSecurity Planet

DECEMBER 3, 2021

Krebs wrote for The Washington Post between 1995 and 2009 before launching his current blog KrebsOnSecurity.com. Facebook Plans on Backdooring WhatsApp [link] — Schneier Blog (@schneierblog) August 1, 2019. " Instead of keeping DNS for most consumers at their ISP, the DoH providers now seize a Web usage goldmine.

Accountability 134

Accountability Cybersecurity Penetration Testing InfoSec 134

Webroot

JULY 6, 2022

Social engineering attacks like phishing, baiting and scareware have skyrocketed to take the top spot as the #1 cause of cybersecurity breaches. So what makes social engineering so effective? When cybercriminals use social engineering tactics, they prey on our natural instinct to help one another.

Social Engineering 124

Social Engineering Engineering Scams Phishing 124

Security Affairs

FEBRUARY 19, 2019

Users who receive emails this nature should be aware if they are part of a social engineering campaign. The malware tries to resolve the DNS: sameerd.net. As shown, the DNS has not been resolved. Figure 31: Available ports of the malicious DNS. Figure 3: Passive DNS replication. For more details, see below.

Malware 78

Malware Phishing DNS Engineering 78

Security Boulevard

APRIL 13, 2022

To prevent the attack techniques noted in this blog post, disable the “Allow connection fallback to NTLM” client push installation setting, which is enabled by default in SCCM. If dynamic DNS updates are also supported, tools such as Invoke-DNSUpdate can be used to create a DNS entry for the new system that points to an arbitrary IP address.

Authentication 52

Authentication Accountability Penetration Testing Software 52

SecureList

MAY 27, 2022

The attackers study their victims carefully and use the information they find to frame social engineering attacks. The group uses various malware families, including Wroba, and attack methods that include phishing, mining, smishing and DNS poisoning. When opened, this document eventually downloads a backdoor.

Phishing 103

Phishing Spyware Firmware Malware 103

SecureList

APRIL 27, 2021

In November and December 2020, two public blog posts were published about this campaign. Although Lyceum still prefers taking advantage of DNS tunneling, it appears to have replaced the previously documented.NET payload with a new C++ backdoor and a PowerShell script that serve the same purpose. Final thoughts.

Malware 138

Malware Spyware Government Social Engineering 138

SecureList

APRIL 27, 2022

We recently identified additional malicious activities, conducted by Tomiris operators since at least October 2021, against government, telecoms and engineering organizations in Kyrgyzstan, Afghanistan and Russia. We exposed similarities between DarkHalo’s SunShuttle backdoor and the Tomiris implant. Final thoughts.

Malware 130

Malware Firmware Government Phishing 130

Security Affairs

JANUARY 15, 2020

If so we are facing a state-sponsored group with high capabilities in developing persistence and hidden communication channels (for example over DNS) but without a deep interest in exploiting services. Original Post published on Ramilli’s blog: Iranian Threat Actors: Preliminary Analysis.

Computers and Electronics 77

Computers and Electronics Penetration Testing Malware Government 77

SecureList

OCTOBER 26, 2021

In June, more than six months after DarkHalo had gone dark, we observed the DNS hijacking of multiple government zones of a CIS member state that allowed the attacker to redirect traffic from government mail servers to computers under their control – probably achieved by obtaining credentials to the control panel of the victims’ registrar.

Malware 140

Malware Government Surveillance Spyware 140

Lenny Zeltser

MAY 3, 2019

Many of the attack tactics involved elements of social engineering–persuasion tactics that take advantage of human psychology to trick victims into taking actions that have aided the adversaries. Lock down domain registrar and DNS settings. Attackers tricked victims into taking risky actions.

Cybersecurity 111

Cybersecurity Social Engineering Authentication Software 111