Uncategorized Whatsapp phishing

Whatsapp phishing attacks; Italian government banned two well-established companies

Phishing is the oldest and predominant type of cyber-attacks. The hacker sends malicious content through emails and text messages to the target. The target opens them unknowingly after which the whole system gets affected by the malware and lead to compromise. The success rates of phishing attacks is 50% because not everyone will open the link or attachment tagged with the content. But still these attacking techniques have taken down major organizations and led to financial crisis.

Recently, two of the companys working with the Italian government were draped by the public prosecutors, since they spread malware which infected millions of people through fake version of Whatsapp.

Since Whatsapp is a widely used media, there are many cyber threats rising against Whatsapp. There are even fake versions of different social media which are contaminated with malwares.

On February 2021, the prosecutors office in Naples released the order to block the surveillance services from SIO and Cy4gate. These companies were held responsible for spreading phishing malware through duplicate Whatsapp platforms. These malwares were also found to have the characteristics of spyware. When affected, it would pop a notification bar, which when tipped off would start the surveillance on the target’s device.

As allegations rose against their company, they formed a team to study their collaborations with their customers and whether any malware is being spread through clients.

These complaints were registered by the Italian government. So when these organizations were found to have a negative background, they were forced to dismiss their connection with the government as of pertinent law.

The cyber security officers in Italy mainly focus on evidences like wiretaps and spywares while investigating a cyber-attack. These records help them to find a way to reach the culprits. The major banned companies in Italy include Hacking Team, Negg, eSurv and now Cy4gate.

Whatsapp phishing

Nowadays mobile phones are used as an attacking agent to perform cyber-crimes, mainly phishing. As most of the advanced applications are available in mobile phones, the threat actors infect these applications to get access of the target’s mobile.

The Whatsapp phishing scams are increasing day by day. Instead of sending malicious attachments through emails, it’s now convenient for the hackers to send it through Whatsapp. Whatsapp has become an inevitable part of humans.

Since many email phishing attacks have been reported in the past, people have started to stay alert of suspicious emails. They are well equipped with threat detector softwares to protect their account. Due to this reason, the threat actors have turned to Whatsapp. Whatsapp is an easy way to reach multiple targets at a time.

It is easy for them to send links through Whatsapp, since there is no way to get doubted and also they will look legitimate. Till now Whatsapp has never released any feature to detect phishing links. So this is a golden opportunity for the cyber criminals and they are utilising it cunningly.

How can you detect a fake message in Whatsapp?

  • Frequently forwarded messages

Whatsapp has a feature that helps you to forward messages from one recipient to other. While doing so Whatsapp indicates them by showing an arrow mark on top of the message. If the post or link is forwarded more than 5 times, instead of single arrow indication, double arrow will appear. If it is found to be forwarded many times, there are chances that it is a scam.

  • Unrecognized number

When you receive message from strangers, check the authenticity of the sender. If you find anything suspicious about the message or the profile, ignore them. Do not open the attachment or link.

  • Scams and suspicious links

The motive of a threat actor is to make you open the malicious link which leads to the compromise of your personal information. These links can look genuine. Some of the major links of Whatsapp scams include:

  1. Whatsapp gold
  2. Whatsapp expiration
  3. Shopping vouchers.

How to safeguard?

  • Enable two step verification
  • Never respond to strange messages or open the attachments send by them.
  • Limit providing your personal information (like mobile number) in other social media platforms.
  • Always check the genuinity of a message before forwarding them.
  • Never join unnecessary groups.
supply chain attacks

Contemporary solution to supply chain attacks; Centris

Centris is a tool that mitigates vulnerability propagation & license violation at one scan.

Centris is a new mechanism designed and developed by software researchers from Korean University and Georgia institute of technology. This is brought up to secure and manage the reuse of open source software components.

Centris employs a new method to track software components in software projects even when the integration is under partial condition and in a modified structure. It has successfully mitigated old vulnerabilities in hundreds of GitHub projects.

The tool was introduced in a paper on the arXiv preprint server and serves as a DevSecOps-friendly tool. As an official announcement this tool will be presented at the International Conference on Software Engineering (ICSE) by the end of 2021.

Open source software – vulnerabilities

Some of the advantages of using an open source software including cutting down the time for software development and presents application up to public scrutiny. This helps to improve security.

Use of open source software, not in their original version may lead to wrong happenings.

In most of the cases, OSS projects or component are used in a nested format where one component may contain part of another open source project.

In some complicated situations, the creator changes the name of the file and the order of open source projects that they include into their code.

Due to all these reasons, tracking the changes in OSS components is difficult.

Some of the prominent and traditional tools which are used to manage OSS elements included in software projects miss modified components as they assume codes rather than in its original form.

Other tools which use code cloning detection technique may possibly provide too many false positives.

Losing the track record of OSS dependencies can pose a severe threat as there are possibilities to generate vulnerability in untracked OSS components. It therefore tends to stay in the application for a long time.

Apparently some of the researchers found that a GitHub project with more than 36,000 stars, Godot Engine were reusing a single file from JPEG compressor and had vulnerabilities with a score of 7.8 CVSS back in 2017.

As they are using a single file from the JPEG compressor, the OSS dependencies failed to track the vulnerability and dependency.

Centris; an introduction

Centris consists of a component database which consists of functions extracted from around 10,000 GitHub projects and encompassing more than 80 billion lines of codes.

All the versions of centris are checked and processed to eliminate prolixity and reduce the space to store the functions.

Centris utilises the database to spot reused OSS functions and their related versions in the targets project. This helps them to pick up OSS components regardless of the parts of the codebase which are reused.

Centris has a precision rate of 91% and recall percentage of 94 to identify reused OSS components. This does not fail even when modified OSS reuse is prominent.

Successfully centris has discovered that around 572 OSS projects have at least one vulnerable OSS component. Among these 27 OSS projects are still using the vulnerable OSS in the new version.

Centris can stand strong against license violation and the vulnerability propagation. This readily eliminates the software supply chain attacks where the attacker spreads infectious payloads through genuine software distribution channels.

Future concepts

There are discussions taking place to add more security feature to centris. The developers are focussing to provide alerts when a new vulnerability is discovered in components.

There are possibilities of combining centris with VUDDY, a vulnerability checker which they developed back in 2017.