Hackers unleash smart Twitter phishing tool that snags two in three users

Just. Don't. Click. On. Dodgy. ShortURLs. People.


Black Hat Twitter scammers have a new weapon with the release of an effective spear phishing tool that lands a victim almost two thirds of the time, dwarfing the usual five-to-fifteen-per-cent-open-rate for spam tweets.

The SNAP_R machine learning spear phishing Twitter bot is a data-driven menace unleashed at the Black Hat security conference that is capable of consuming information from victim tweets to target users.

Creators John Seymour and Philip Tully of Baltimore security firm ZeroFox say the neural network is the world's first end-to-end Twitter pwn cannon useful to scammers, penetration testers, and staff recruiters.

"The model is trained using spear phishing pen­testing data, and in order to make a click­through more likely, it is dynamically seeded with topics extracted from timeline posts of both the target and the users they retweet or follow," the researchers write in a paper titled Weaponising data science for social engineering: Automated end-to-end spear phishing on Twitter [PDF].

"We augment the model with clustering to identify high value targets based on their level of social engagement such as their number of followers and retweets, and measure success using click ­rates of IP- ­tracked links.

"Taken together, these techniques enable the world's first automated end­to-­end spear phishing campaign generator for Twitter."

Twitter is an incubator of phishing thanks largely to the prevalence of typos and shortened URLs that make it hard for users to know exactly where links are taking them. Plenty of phools phall for incoming spam links that send them nowhere good.

The tool, available as a downloadable zip archive, can be used to send phishing emails during times when users are active in order to increase the chances a poisoned link will be clicked.

It sifts through a user's previous tweets using its machine learning capabilities to craft tweets relevant to a target's interests, outpacing previous works that have merely spun Tweeted statements into questions.

Seymour and Tully fed their beast with some two million tweets when testing over a week of processing effort. Of the 90 Twitter users tested, between 30 to 60 percent clicked the phishing links, way above usual click rates.

Only the choicest Twitter victims that represented high value are targeted in order to stay under the radar of defenders employed by the 140 character social network giant.

"Click­through rates are among the highest ever reported for a large ­scale phishing campaign, underscoring the efficacy of coordinated automatic social engineering at scale," the duo say.

Publication of the tool is made in the name of awareness, the pair say, as is much offensive security research. ®


Tiny Kobalos malware seen backdooring SSH tools, menacing supercomputers, an ISP, and more – ESET

Linux variant studied, dissected in detail in case you want to look out for it

ESET researchers say they have found a lightweight strain of malware that targets multiple OSes and has hit supercomputers, an ISP, and other organisations.

Nicknamed Kobalos, the software nasty is said to be portable to Linux, the BSDs, Solaris, and possibly AIX and Windows. ESET researchers Marc-Etienne M.Léveillé and Ignacio Sanmillan appear to have analysed primarily the Linux version of the code. Here's a summary of the key findings from their research:

Continue reading

From a trickle to an Application Stream: Red Hat opens barriers for RHEL 8.3 beta

System Roles another key ingredient in six-monthly update

Red Hat Enterprise Linux (RHEL) 8.3 has hit beta, with security and production stability pointed to as key goals for the update.

RHEL 8.0 was released in May 2019 and introduced the concept of "Application Streams", based on a separate repository dedicated to "all the applications you might want to run in a given userspace" including tools, runtimes, database managers and web servers. The smart piece is that there are "multiple virtual repositories within one physical repository" so users can fix on a particular version of an application but still get security and bug updates.

Continue reading

Red Hat snaps up Kubernetes security specialist StackRox

Onward to OpenShift

IBM-owned Red Hat is to snaffle container security outfit StackRox and plans to fold the company's tech into its OpenShift platform.

The amount being spent on the acquisition was not shared, although Crunchbase reported that StackRox has picked up more than $65m of funding in recent years, with a $26.5m investment led by Menlo Ventures as recently as September last year.

Continue reading

Red Hat returns with another peace offering in the wake of the CentOS Stream affair: More free stuff

Approved open-source projects to get no-cost subscriptions (if they haven't already got one)

Red Hat today further extended its olive branch to open-source groups with another freebie of sorts: this time, Red Hat Enterprise Linux (RHEL) for Open Source Infrastructure.

The IBM-owned Linux distro giant will offer selected bodies free "RHEL subscriptions for any use within the confines of their infrastructure." By infrastructure, they mean things like build and continuous integration systems, and web and mail servers.

Continue reading

To plug gap left by CentOS, Red Hat amends RHEL dev subscription to allow up to 16 systems in production

'First of many new programs,' says biz, but it is no substitute for free CentOS

Red Hat, which is killing CentOS Linux in favour of CentOS Stream, will extend its developer subscription to allow free production use of RHEL for up to 16 systems.

CentOS Linux is a community build of Red Hat Enterprise Linux (RHEL) and therefore suitable for production use. CentOS Stream, which will remain available, is a preview build of what is likely to be in RHEL – great for testing but not ideal for production use.

Continue reading

When it comes to hacking societies, Russia remains the master at sowing discord and disinformation online

China can't hold a candle to GRU's shenanigans, says expert

Black Hat While China is the bête noire du jour of the US government, Russia is the master of spreading disinformation, fostering conflict, and derailing discourse online, the Black Hat security conference was told today.

At her Thursday keynote, Stanford Internet Observatory's research manager Renee DiResta explained how Russian military intelligence – the GRU – and the private Internet Research Agency (IRA) were putting the likes of China to shame. Security companies and government agencies have good reason to move their focus from Beijing to Moscow, she warned.

Continue reading

Red Hat defends its CentOS decision, claims Stream version can cover '95% of current user workloads'

Doing both CentOS Stream and CentOS Linux would mean doing both poorly claims CentOS board member

Red Hat's Karsten Wade, a Senior Community Architect and member of the CentOS board, has defended the decision to kill off CentOS Linux in favour of CentOS Stream, saying the two projects were "antithetical" and Stream is a satisfactory replacement in most cases.

CentOS Linux is downstream of Red Hat Enterprise Linux (RHEL), whereas CentOS Stream, introduced in September 2019, is upstream, a late development build of what will shortly go into RHEL (unless problems are discovered).

Continue reading

Biz forked out $115k to tout 'Time AI' crypto at Black Hat. Now it sues organizers because hackers heckled it

Lawsuit argues event bosses breached deal by failing to prevent audience hostility

Crown Sterling, a Newport Beach, California-based biz that calls itself "a leading digital cryptographic firm," is suing UBM, the UK-based owner of the Black Hat USA conference, in America for allegedly violating its sponsorship agreement.

The complaint [PDF], filed late last week in a New York district court, blames the conference organizers for allowing Black Hat attendees to disrupt Crown Sterling's talk about supposedly disruptive cryptographic technology – a presentation Crown Sterling paid $115,000 to present to hackers. The heckling then spilled online.

Continue reading

How to fool infosec wonks into pinning a cyber attack on China, Russia, Iran, whomever

Learning points, not an instruction manual

Black Hat Europe Faking digital evidence during a cyber attack – planting a false flag – is simple if you know how, as noted infosec veteran Jake Williams told London's Black Hat Europe conference.

Speaking to a packed room, Williams informed his rapt audience that it's straightforward to misdirect investigators trying to attribute a cyber attack to a particular location or nation state.

Continue reading

Data-stealing, password-harvesting, backdoor-opening QNAP NAS malware cruises along at 62,000 infections

If you're still using a vulnerable box, you ought to factory reset it before patching

Some 62,000 QNAP network-attached storage (NAS) boxes are right now infected with the data-stealing QSnatch malware, the US and UK governments warned today.

A joint statement from America's Cybersecurity and Infrastructure Security Agency (CISA) and Britain's National Cyber Security Centre (NCSC) said the software nasty, first spotted in October, has hijacked tens of thousands as of mid-June, 2020, with "a particularly high number of infections in North America and Europe." It is estimated 7,600 hijacked QNAP boxes were in America, and 3,900 in the UK.

Continue reading

Biting the hand that feeds IT © 1998–2021