Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Why You Need to Study Nation-State Attacks
Newest First  |  Oldest First  |  Threaded View
MarkusJakobsson
50%
50%
MarkusJakobsson,
User Rank: Apprentice
8/26/2017 | 12:10:57 PM
Re: $0phiStic4ti0n
It is true that, by itself, a homograph attack would not be so sophisticated. But here it was part of a bigger picture. The attack also used other deceptive techniques, such as:

* Spoof the email from a source (accounts.googlemail.com) that *looked like* the source from which real notifications would be sent ([email protected].com) ...
* ... where this domain was not used by Google, and Google did not have a DMARC policy in place that caused rejection traffic appearing to come from subdomains not in use.

Of course, the attackers could have done "better" -- after all, the email was delivered in the spam folder of the intended victims. They could, for example, have used the "Spam phishinhg" techniques described by Hossein Siadati at the recent Decepticon conference, to overcome this drawback.

Maybe the attackers fouled up. Maybe they did not realize. Or maybe it just did not matter much to them: their yield was sufficient for them to be satisfied.

Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
8/26/2017 | 10:12:43 AM
$0phiStic4ti0n
I agree with the overall points, but...

"replacing some of their letters with Cyrillic letters that look the same to humans, but which thwart keyword-based filters"

...this can hardly be described, in my mind, as "sophisticated." It's no more sophisticated than people thinking their being secure by replacing the letter "o" in their passwords with numeral 0.


Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31769
PUBLISHED: 2021-06-21
MyQ Server in MyQ X Smart before 8.2 allows remote code execution by unprivileged users because administrative session data can be read in the %PROGRAMFILES%\MyQ\PHP\Sessions directory. The "Select server file" feature is only intended for administrators but actually does not require autho...
CVE-2020-20469
PUBLISHED: 2021-06-21
White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the log_edit.php files failing to filter the csa_to_user parameter, remote attackers can exploit the vulnerability to obtain database sensitive information.
CVE-2020-20470
PUBLISHED: 2021-06-21
White Shark System (WSS) 1.3.2 has web site physical path leakage vulnerability.
CVE-2020-20471
PUBLISHED: 2021-06-21
White Shark System (WSS) 1.3.2 has an unauthorized access vulnerability in default_user_edit.php, remote attackers can exploit this vulnerability to escalate to admin privileges.
CVE-2020-20472
PUBLISHED: 2021-06-21
White Shark System (WSS) 1.3.2 has a sensitive information disclosure vulnerability. The if_get_addbook.php file does not have an authentication operation. Remote attackers can obtain username information for all users of the current site.