Advisory ID: ngCERT-2023-0008
Summary: Phishing is a type of cyberattack that employs social engineering techniques to persuade a potential victim(s) to reveal sensitive information via deceptive emails, text messages, phone calls, and/or social media. The attacker may be looking for personally identifiable information (PII), banking details, and account credentials. The goal could also be to trick the victim into downloading malware.
Description: Such an attack usually starts with a phishing email, text message (also known as smishing), or even a direct message (DM) on a social media app that appears urgent and requires you to either click on a link that takes you to an external website or download a file attachment. This website is fraudulent and is intended to collect sensitive, potentially damaging information from the potential victim.Another technique involves using a phone call, or vishing, to trick victims into disclosing sensitive information. In order to collect their information and compromise their accounts, the attacker would either call the victim or use an automated system to pretend to be calling from their bank.
Consquences: Phishing attacks can lead to identity theft, data theft, and massive financial losses for the victims.
Damage/Probability: CRITICAL/HIGH
Solution : Some countermeasures against phishing are:
i. Enable multifactor authentication (MFA) – if possible, use more than a two-step process.
ii. Change passwords regularly.
iii. Use spam filters.
iv. Change web browser settings to prevent fraudulent websites from opening i.e. web filters.
v. Always use “https” when browsing the web (there are settings in most web browsers that allow for strict usage of “https”).
vi. Use anti-malware to detect malware in phishing emails
vii. Usage of comprehensive solutions by organisations such as security information and event management (SIEM) and endpoint detection and response (EDR) can help filter phishing emails before they get to the users.
viii. Cybersecurity awareness training for staff to spot characteristic features of phishing scams, such as:
a. Poor spelling or grammar
b. Requests to transfer money or for personal and payment information
c. Suspect file attachments
d. Discrepancies in the sender address
e. A sense of urgency e.g. ‘You will lose access to this service in 24 hours…’
f. Usage of a link-shortening service
Hyperlink:
Advisory ID: NCC-CSIRT-040423-018
Summary: In the world of messaging apps, one of the most popular and recognizable is WhatsApp. WhatsApp is 100% free-to-use, has a great mobile app, and supports audio and video calls. No matter how you rely on WhatsApp for all your messaging needs or just use it from time to time, it is recommended setting it up with two-factor authentication (2FA). With this enabled, you will need to enter a custom PIN every time you log in to WhatsApp from a new device, adding an extra layer of security to your account.
Vulnerable Platform(s): All Operating Systems
Threat Type: N/A
Product : WhatsApp
Version: All Versions
Description: Two-factor authentication (2FA) is an identity and access management security method that requires two forms of identification to access resources and data. 2FA gives businesses/ people the ability to monitor and help safeguard their most vulnerable information and networks. 2FA is important because it prevents cybercriminals from stealing, destroying, or accessing your internal data records for their own use. The popularity of WhatsApp which is a Meta-owned service makes it a prime target for hackers and scammers who are always looking for ways to gain unauthorized access to your account. For additional security, WhatsApp provides two-factor authentication so you can further secure your account using a PIN. It is an optional feature that adds more security to your WhatsApp account, but it is recommended that everyone installs 2FA to protect themselves.
Consquences: Account Takeover
Impact/Probability: HIGH/MEDUIM
Solution :
To Enable 2FA on WhatsApp, follow the following steps;
1. Open WhatsApp
2. Tap Settings
3. Tap Account
4. Tap Two-Step Verification
5. Tap Enable
6. Enter the Six-Digit PIN you wish to use
7. Tap Next, then enter it a second time to confirm it.
8. Tap Next
9. Add an email address for extra security (this step is optional but it is an extra way to retrieve your account if you forget your Pin).
10. Tap Next
How to Change Your WhatsApp Pin or Email Address
You may wish to do this regularly if you're worried that your PIN is easy to guess or someone else may have figured it out. Make sure an active email address is always used so you don't get locked out
1. Tap Settings > Two-Step Verification.
2. Tap Change PIN or Change Email Address.
3. Enter your new PIN or email address, then tap Next.
4. Your PIN or email address is now changed.
References:
https://www.lifewire.com/how-to-use-two-step-verification-2fa-in-whatsapp-4782837
https://www.microsoft.com/en-us/security/business/security-101/what-is-two-factor-authentication-2fa
https://www.androidpolice.com/whatsapp-would-please-you-enable-2fa/
https://faq.whatsapp.com/1278661612895630\
Advisory ID: NCC-CSIRT-280323-017
Summary: Fraud Prevention firm, Cleafy have dubbed an Andriod banking Trojan named Nexus as a new botnet under the malware-as-a-service (MaaS) business model. Nexus provides all the main features to perform ATO attacks (Account Takeover) against banking portals and cryptocurrency services, such as credentials stealing and SMS interception.
Vulnerable Platform(s): Android Operating Systems
Read more: Nexus Android Trojan Targeting Financial Applications
Advisory ID: NCC-CSIRT-200323-016
Summary: Hackers employ a sophisticated fake Chrome ChatGPT browser extension to compromise thousands of Facebook accounts, including high-profile business accounts. According to Jai Vijayan, a writer from DarkReading, at least 2,000 victims downloaded the malicious app from Goole Play app store. Successful exploits take advantage of the substantial level of public interest in ChatGPT to spread malware on the compromise systems.
Vulnerable Platform(s): Google Chrome Browser
Advisory ID: NCC-CSIRT-130323-015
Summary: Xenomorph is a banking malware that has the capabilities to automatically complete fraudulent transactions on Infected devices from infection to funds exfiltration, making it one of the most advanced and dangerous Android Malware trojans in circulation.
Vulnerable Platform(s): Andriod Operating Systems