Archive for Avanan

Roblox Hacked To Facilitate New Attack: Avanan

Posted in Commentary with tags on May 12, 2022 by itnerd

Avanan, a Check Point Company, have taken a deep dive into hackers installing a self-executing program in Windows via a legitimate scripting engine in Roblox, one of the world’s most popular game systems with millions of daily active users.

In this attack, hackers exploit Roblox’s scripting engine to insert three malicious files: a backdoor trojan to potentially break applications, corrupt or remove data, or send information back to the hacker. The report goes into a lot of detail and offers some recommendations to allow you to protect yourself.

The report can be found here and it’s very much worth a read.

Cyber Criminals Exploit Google’s SMTP Relay Service To Land in Inboxes and Steal User Credentials

Posted in Commentary with tags on May 2, 2022 by itnerd

Avanan, A Check Point Company, has published its latest research report in which it describes how hackers strategically send out phishing emails using Google’s Simple Mail Transfer Protocol (SMTP) Relay service, a common service used to send out mass emails, while ensuring delivery. 

Hackers manipulate this service by spoofing reputable brands, like Venmo and Trello, to send out thousands of emails that bypass security tools and land directly inside users’ inboxes. These emails contain a malicious link or a document that leads users to give up their credentials. 

In this attack, hackers are taking advantage of a flaw in Google’s SMTP Relay service to send spoofed emails.

Hackers can utilize any Gmail tenant, from small companies to large, popular corporations. 

Once spoofed, they can send out phishing emails that are more likely to get into the inbox, as it leverages the inherent trust of legitimate brands.  

Once in the inbox, hackers hope that end-users will click on a malicious link or download a malicious document, to steal credentials. 

The full report can be found here and there are some mitigation strategies in the report that you can use to protect yourself. I also have a video which I have embedded below that shows a demonstration of the attack.

Hackers Spoof Credit Unions to Obtain User Credentials and Extract Funds: Avanan

Posted in Commentary with tags on April 21, 2022 by itnerd

In February, the National Credit Union Administration (NCUA) put out a statement noting that, due to the geopolitical climate, credit unions should “adopt a heightened state of awareness and to conduct proactive threat hunting.” Studies showed that 66% of credit unions lack proper email security to protect against phishing and 92% of credit unions don’t have strong enough email security. Avanan researchers have seen a significant uptick in spoofs of local credit unions, all with the goal of taking funds and credentials from end-users.

With that said Avanan, A Check Point Company published a new attack brief that analyzes how threat actors are impersonating local credit unions to get into inboxes. Hackers presented victims with a variation of attack strategies, ranging from wire transfer codes to incoming payment notifications to document alerts. 

I would recommend giving this report a look as it not only details the attack strategies, but it also makes suggestions as to how to mitigate these attacks.