🚀 لقد رفعت CloudSek جولة B1 من السلسلة B1 بقيمة 19 مليون دولار - تعزيز مستقبل الأمن السيبراني التنبؤي
اقرأ المزيد
حدد الروابط الضارة ومحاولات التصيد الاحتيالي وواجهها بفعالية باستخدام CloudSek xvigil عناوين URL المزيفة ووحدة التصيد الاحتيالي، مما يعزز دفاعك ضد التهديدات الإلكترونية
Schedule a DemoCloudSEK’s Threat Intelligence team uncovered a new attack vector for soiling the brand reputation of organizations by supplementing existing scam infrastructure.
Threat Actors have always been on the lookout for ways that they can use to make their scam operations seem legitimate. Historically, we have seen that even if the Fake Domain or the scam domain might seem very real the end goal of the threat actor is receiving money from the victims. A simple check generally reveals if the payment is actually going to the desired organization or not.
In this attack vector lack of verification of the name of the organization while registering a merchant account using a payment provider makes it fairly tough for a victim to differentiate between a legitimate and illegitimate merchant VPA/transaction.
Qwiklabs is a cloud-based platform that offers hands-on learning experiences for developers and IT professionals. It provides temporary credentials to Google Cloud Platform (GCP) and other cloud platforms, allowing users to practice their skills in real-world environments. Although the intended use of the temporary credentials is learning GCP skills, threat actors are abusing this to add a layer of obscurity by using these credentials to create merchant accounts.
We uncovered the following while investigating this attack vector:
The screenshot on the right is an authorized reseller of Apple in India and all the details are verifiable, which includes the Mobile number, Email information as well as the Website. Whereas, the screenshot on the left is a scam merchant account because of the following reasons:
Qwiklabs is used because while creating a Gmail account and signing up for pay.google.com to setup merchant transactions a Phone Number verification is required which can land a threat actor in trouble. While signing up for qwiklabs the following are required -
Please Note - A temporary inbox provider like temp-mail.org can be used to fill in the company email.
Once an attacker has signed in to the portal they can choose a learning path which contains a hands-on learning lab, for that qwiklabs gives temporary access to gmail inbox. This Gmail inbox is then used to set up a merchant UPI ID without the use of a phone number.
The above account was created without divulging any personal information.
A User can take following precautions to be safe from this type of elaborate scheme:
يسلط هذا التقرير الاستشاري الضوء على الهجمات الأخيرة على البنوك الهندية، مع التركيز على اثنين من العوامل الرئيسية للهجوم: التوترات الجيوسياسية وسرقة أوراق الاعتماد وعمليات الاستحواذ على حسابات وسائل التواصل الاجتماعي.
كشف فريق استخبارات التهديدات في CloudSek مؤخرًا عن برنامج تعليمي شامل حول تجاوز التحقق من الصور الذاتية في منتدى الجرائم الإلكترونية الناطق باللغة الروسية.
واجهت WazirX، وهي بورصة هندية رائدة في مجال العملات المشفرة، خرقًا أمنيًا كبيرًا في 18 يوليو 2024 مما أدى إلى خسائر مالية كبيرة تزيد عن 200 مليون دولار. تعمق في تحليلنا التفصيلي للكشف عن كيفية تطور الهجوم والجناة المحتملين والآثار الأوسع على مستخدمي WazirX.
Take action now
CloudSEK Platform is a no-code platform that powers our products with predictive threat analytic capabilities.
Digital Risk Protection platform which gives Initial Attack Vector Protection for employees and customers.
Software and Supply chain Monitoring providing Initial Attack Vector Protection for Software Supply Chain risks.
Creates a blueprint of an organization's external attack surface including the core infrastructure and the software components.
Instant Security Score for any Android Mobile App on your phone. Search for any app to get an instant risk score.