Cybersecurity Training

Insufficient Cybersecurity Training, FakeCall Malware Threat, Women Duped Airport

Cybersecurity Training
DMARC Report
Insufficient Cybersecurity Training, FakeCall Malware Threat, Women Duped Airport
Loading
/

Once again, we are here with our weekly dose of cyber news that helps you stay well-informed and ahead of the threat actors. This week, we will shed light on the significance of cybersecurity training in organizations, learn in detail about FakeCall Android malware, and learn about the nightmarish experience of an Indian woman in Bengaluru airport.

Without any delay, let’s get started!

Limited cybersecurity training leads to cyberattacks in organizations!

Cybersecurity training should be made mandatory across all levels of an organization. However, cybersecurity executives hardly prioritize 360-degree training and restrict the same only to developers. They overlook the significance of all-encompassing awareness efforts. 

cybersecurity training

Their main goal is to stay relevant and create a security culture rather than preventing potential data breaches and cyber threats. They keep in mind other factors such as financial costs, client satisfaction, and so on.

Another factor that often leads to cybersecurity attacks on organizations is the lack of customized security mechanisms. One-size-fits-all security solutions do not work as effectively as customized ones

Because of inadequate cybersecurity training, not everyone in an organization is competent enough to combat security threats. Lack of awareness and resources often result in severe data breaches and monetary losses.

cyberattacks

FakeCall Android malware makes it convenient for threat actors!

Threat actors are getting more sophisticated with their attacking tactics every passing day. FakeCall is the latest addition to their attacking kit, which has amped up the vishing and smishing attempts. This malware enables the attackers to get better control over the compromised devices, which they can use to carry out other malicious activities.

Experts have been tracking this malware since 2022. This malware convinces victims to call fake numbers which are controlled by threat actors. Further, cybercriminals impersonate employees from prestigious finance institutions and trick the victims into sharing sensitive details.

malicious activities

The best thing about FakeCall is its attacker-controlled, command-and-control (C2) server, which enables the threat actors to carry out multiple deceiving activities. The malware allows threat actors to control the calls of an Android user. Also, it gives complete access and various Android permissions, which further helps cybercriminals carry out malicious activities.

The latest research suggests that FakeCall allows attackers to control victims’ device activity more closely. Basically, this malware facilitates a seamless integration with the victim’s Android devices. This helps the threat actor to avoid any kind of threat detection.

FakeCall malware gives scammers complete Android Accessibility Service access and helps them capture all the information clearly displayed on the screen. Threat actors can easily access sensitive user data, intercept important calls, and manipulate user interfaces. 

victim’s Android devices

FakeCall can mimic legit interfaces, thereby evading any kind of user detection

When a naive user downloads a malicious APK file unknowingly, the FakeCall malware starts working in the background. Users get prompted to set the app as the default call manager. The moment the user sets it as the default call handler, FakeCall gets access to all incoming and outgoing calls. Users then get to see a custom interface that looks exactly like a legit Android dialer. 

Indian women got duped at Bengaluru airport while downloading a lounge pass app!

On 29th September, an Indian woman named Bhargav Mani got scammed at the world-class  Bengaluru airport. All she wanted was to access the airport lounge by downloading the lounge pass app. However, she downloaded the same from a malicious link, which was allegedly ranking at the top of Google’s search engine page. As a result, threat actors got access to her phone calls and OTPs. Bhargav was unaware of all these and did not even use the lounge.

Google's search engine page

She continued with her journey and later got busy with a medical emergency in her family. 

Fifteen days later, she got her credit card bill, and that’s when she realized that her card had been swiped and a transaction worth $1035 had taken place, of which she was completely unaware. Bhargav immediately got in touch with her bank (HDFC) as well as the Bengaluru authority airport authorities. Her credit card has also been blocked for security purposes. She had also filed a cybercrime report with the concerned authorities. 

The Bengaluru airport authority wanted to share the images of those staff members with whom Bhargav had interacted on that fateful day. However, Bhargav is unable to recognize any of them as she was too exhausted on that day

email security

Bhargav is not blaming the airport authority for the scam. Rather, she is aware that threat actors got access to her phone through the spoofed link that somehow was ranking high on Google’s first page. She believes that such attacks are a part of bigger, organized cybercrimes. Women have fallen victim to scams involving email spoofing and phishing attacks that bypass security measures like DMARC, SPF, and DKIM, highlighting the need for improved awareness and education on email security protocols.

Similar Posts