Category: spoofing

This is a newly discovered email vulnerability:

The email your manager received and forwarded to you was something completely innocent, such as a potential customer asking a few questions. All that email was supposed to achieve was being forwarded to you. However, the moment the email appeared in your inbox, it changed. The innocent pretext disappeared and the real phishing email became visible. A phishing email you had to trust because you knew the sender and they even confirmed that they had forwarded it to you.

This attack is possible because most email clients allow CSS to be used to style HTML emails. When an email is forwarded, the position of the original email in the DOM usually changes, allowing for CSS rules to be selectively applied only when an email has been forwarded.

An attacker can use this to include elements in the email that appear or disappear depending on the context in which the email is viewed. Because they are usually invisible, only appear in certain circumstances, and can be used for all sorts of mischief, I’ll refer to these elements as kobold letters, after the elusive sprites of mythology.

I can certainly imagine the possibilities.

A sophisticated cyber attack orchestrated by unidentified cyber criminals has resulted in the unlawful acquisition of $6 million from a Connecticut-based school. The New Haven Public Schools fell victim to this cyber assault, with an ongoing forensic investigation still in progress to uncover the individuals responsible for the incident.

Authorities have managed to successfully recover $3.6 million of the stolen funds from the criminals involved, a commendable feat carried out by the FBI.

Dr. Madeline Negron, the superintendent of New Haven Public Schools, expressed a pressing need for accountability, emphasizing that the funds stolen were intended for the students of the institution.

The method employed in the attack was cunningly devised. The hackers infiltrated the email account of the Chief Operating Officer, enabling them to covertly monitor the flow of business emails. Seizing the opportune moment, the cyber criminal executed a sophisticated middle attack, effectively hijacking the funds designated for urgent expenses.

FBI’s dedicated Cyber Task Force has managed to reclaim a portion of the embezzled amount and is actively pursuing the individuals responsible for this breach.

Suspicions are gravitating towards a state-sponsored hacking group linked to an Asian nation. However, the exact identity remains undisclosed until sufficient evidence can be amassed.

The prevalence of cyber attacks targeting educational institutions and healthcare systems has experienced an upward trajectory in recent times. Notably, approximately 38% of these attacks in the year 2022 were attributed to state-funded entities.

It is important to note:

1.) Spoofing entails assuming a falsified identity—whether of an individual, company, or organization—to carry out identity theft attacks. Hackers adopt fraudulent personas to pilfer personal data or credentials, often selling this data on the dark web for financial gain. Spoofing is also employed to propagate malware through malicious links and attachments, orchestrate denial-of-service attacks to restrict access, and bypass network controls.
   

2.) Mitigating the risks associated with spoofing involves activating email spam filters, refraining from opening links and attachments sent by unfamiliar sources, investing in reputable anti-malware solutions, and avoiding the submission of personal details through online forms. These measures collectively contribute to safeguarding against spoofing attacks.

The post Connecticut school loses millions in Spoofing Cyber Attack appeared first on Cybersecurity Insiders.

Time-triggered Ethernet (TTE) is used in spacecraft, basically to use the same hardware to process traffic with different timing and criticality. Researchers have defeated it:

On Tuesday, researchers published findings that, for the first time, break TTE’s isolation guarantees. The result is PCspooF, an attack that allows a single non-critical device connected to a single plane to disrupt synchronization and communication between TTE devices on all planes. The attack works by exploiting a vulnerability in the TTE protocol. The work was completed by researchers at the University of Michigan, the University of Pennsylvania, and NASA’s Johnson Space Center.

“Our evaluation shows that successful attacks are possible in seconds and that each successful attack can cause TTE devices to lose synchronization for up to a second and drop tens of TT messages—both of which can result in the failure of critical systems like aircraft or automobiles,” the researchers wrote. “We also show that, in a simulated spaceflight mission, PCspooF causes uncontrolled maneuvers that threaten safety and mission success.”

Much more detail in the article—and the research paper.