Sophisticated phishing attacks targeting Apple users, the challenges of defending Minecraft servers against DDoS attacks, and the hidden dangers of apps turning devices into proxy network nodes.
[00:05] – Intro
[01:03] – MFA Bombings targeting apple users
[05:00] – Crafting Shields: Defending Minecraft Servers Against DDoS Attacks
[07:47] – Apps secretly turning devices into proxy network nodes removed from Google PlayOriginal URLs:
- MFA Bombings targeting Apple users: https://krebsonsecurity.com/2024/03/recent-mfa-bombing-attacks-targeting-apple-users/
- Crafting Shields: Defending Minecraft Servers Against DDoS Attacks: https://thehackernews.com/2024/03/crafting-shields-defending-minecraft.html
- Apps secretly turning devices into proxy network nodes removed from Google Play: https://www.helpnetsecurity.com/2024/03/26/smartphone-apps-proxy-network/
- Latest phishing scams targeting Apple users
- How to defend Minecraft servers from DDoS attacks
- Uncovering proxy networks through smartphone apps
- Strategies for digital defense against cyber threats
- Awareness and prevention of app-based security risks
- Cybersecurity tips for Apple device owners
- Protecting online privacy and security in digital gaming
- Combatting cybercrime with effective defense tactics
- Enhancing network security against unauthorized access
- Safeguarding against mobile app threats and vulnerabilities
Transcript:
Mar 27
Hey, welcome back to the Daily Decrypt. Attackers are leveraging MFA fatigue by overwhelming Apple users with relentless password reset notifications and cunningly spoofed support calls, significantly compromising their account security and personal information. What steps can individuals take to safeguard against MFA fatigue and these advanced phishing tactics targeting Apple accounts?
Minecraft servers are under siege by DDoS attacks, exploiting the game’s immense popularity to disrupt service, degrade player experience, and inflict financial and reputational damage on server owners. And security researchers have discovered that popular smartphone apps might be secretly turning your device into a node within a proxy network, exposing users to cyber threats and potentially facilitating criminal activities.
How can you tell if your device is part of a proxy network? Stick around to find out.
Cyber security researchers have uncovered a sophisticated phishing attack targeting Apple users. Attackers bombard devices with password reset prompts. followed by a fake call from Apple Support in an effort to gain access to Apple IDs and potentially wipe users devices. So, this is one of the oldest tricks in the book.
I’m surprised it’s taken this long to make headlines. If an attacker has access to your email address, which they likely do. They can attempt to log into, let’s say, your Yahoo account, and underneath the login information is a little button that says reset password. When they click that, it will likely reach out to your phone or some other device, or maybe it’ll ask security questions, which usually can be searched for and found online.
in an attempt to reset your password. Okay, so a little bit on that. Never tell the truth on these security questions. That’s my pro tip for the day. Make up a lie and store it in your password manager. So what was my first job? Chef. You know, something that it’s not, and then I store that answer in my password manager in a secure note.
So I can always reference it. And that way. When someone looks up and finds out that my first job was actually a Jimmy John’s delivery driver, and they enter that in, it’s wrong. But, to get back on track here, that’s all that attackers are doing is they have your email address, which is also your Apple ID, and they’re requesting permission to change your password.
That’s where MFA fatigue comes into play, which is a very common technique you may not have heard of. where attackers send push notifications asking to log in over and over and over and over and over again. All day, all night, you’re getting beeps being asked to log in. Eventually, you get so sick of these beeps, psychologically, you’re just gonna approve them.
So that’s what they’re doing here. They’re requesting a password change, which creates a little push notification on your phone. and they do it hundreds of times. You essentially can’t use your phone because you’re continuing to get these push notifications. Eventually, you’re gonna just give in. Now, don’t give in.
Instead, go to your desktop computer or some other device that you have and change your Apple ID email address. That way, when they send push notifications to that email address, it’s no longer coming to you, you can move on with your life. Make sure you delete the old email address as well. So that’s step one.
if this starts happening to you. But another piece of general advice is to always beware of unsolicited support calls. Apple’s not going to call you, making you change your password. Make sure to verify the identity of the caller as well. So if Apple does call you, hang up the phone. Go find Apple support.
It’s probably in your iPhone somewhere official. Don’t click on an ad for Apple support when you Google it. Find the actual number, call them in, tell them what is happening. They will let you know if it was a scam or if it’s real. But now you have verified that you are talking to the real Apple. I think you can even text message with Apple now.
Um, so anyone who calls you, never accept a request to reset your password. These attacks do point out a potential flaw in Apple’s rate limiting service. Like, there’s no reason that this should be making it through this many times, once or twice, and then it should shut down and lock you out, right? I personally have been locked out of my Apple devices for failing to enter my password multiple times.
They do not care. They will lock you out of your device. So it’s interesting why this is happening. So if, yeah, if you keep up to date with your Apple updates, hopefully this will soon be a thing of the past.
Minecraft is a very old but very beloved video game, primarily on PCs, but it involves players to host their own servers that other players can join. Now this can be scaled to As big or as small as you’d like it. Like I’ve played Minecraft with a couple of my friends and that’s it. But there can be hundreds of thousands of players on a single server as well.
It’s pretty much like an open source game in that realm. Well, This makes it a prime target for DDoS, or Distributed Denial of Service attacks. These attacks aim to disrupt the game by overwhelming servers with a flood of internet traffic, rendering them slow or completely unresponsive. Despite their frequency, many attacks go unnoticed and unreported.
underlying a critical need for enhanced vigilance and protection measures. So during a DDoS attack, attackers use a network of compromised computers to send an enormous amount of traffic to a Minecraft server. This deluge of requests overwhelms the server’s capacity to respond, leading to login issues, lag, or total server shutdowns.
And having been a casual gamer in the online gaming community. People in this community are relentless. If they figure out a way to attack you, they will do it. So the motivations aren’t particularly clear. There are Minecraft servers out there that are monetizing, I’m sure, and maybe they pissed someone off and now they’re the victim of a DDoS attack.
So how do you protect your Minecraft server against this attack? Start with the basics, like updating your server and plugins, install antivirus software, and use secure connections. There are specialized services like G Core DDoS Protection that offer tailored real time safeguards to ensure your gaming experience remains uninterrupted.
If you’re trying to run a giant Minecraft server, I’d recommend one of these tailored services. You can also set up a VPN, but if you’re letting anyone You’re really opening the floodgates for DDoS attacks. So like, if you’re just running a small Minecraft server, try to use a VPN. It’ll be fun to figure out, and then your friends, whom you better trust, can enter into a more secure network.
Have you ever faced a DDoS attack on your server? Let us know. We’d love to hear a tweet or a Instagram message from you. Just hearing how it happened and what it looked like.
Your smartphone could unwittingly become part of a proxy network through seemingly innocuous app downloads. Apps found on the official or third party stores may rope your device into these networks without explicit consent or knowledge, posing security risks and potential involvement in cybercriminal activities.
There was a recent investigation by Human Security’s Satori Threat Intelligence team that unveiled a widespread issue where apps, including a VPN service that’s been removed by Google, they utilize a library called ProxyLib, or its variants like LumiApps SDK, to enroll devices in proxy networks. These networks can then be used for ad fraud, among other illicit activities, with developers possibly unaware of the underlying functionality.
Apps leveraging the LumiApps SDK, freely available and advertised even on the dark web, may not clearly disclose their operations to end users. Such activities could include enrolling your device as a node in a residential proxy network which could be leveraged by threat actors for malicious purposes.
So in this context, a proxy network is a system that allows internet traffic to be routed through various devices, such as smartphones, acting as intermediary servers or, quote, nodes. This setup can mask the original source of the traffic, making it appear as if it originates from a different location or device.
Proxy networks can often be used for legitimate purposes like anonymizing internet usage for privacy protection or bypassing geo restrictions, or even conducting market research. So when you get an ad for NordVPN or another VPN to mask your IP address, that’s being done by a proxy. But if someone has the ability to route their traffic through your device, they can do anything on the internet.
including nefarious activities, and make it look like it’s you. That is one of the biggest risks of using the dark web because it works in a similar way. On the surface, you probably won’t even notice anything’s different, maybe a little bit of a slower connection, who knows. But this goes back to my episode yesterday where I cautioned everyone, if you have unused apps, on your phone or on your computer, it’s best to delete them because they might have permissions that grant them access to everything on your phone.
And the more things that have those permissions, the less secure you are, right? And so the same goes for these apps. It sounds honestly like the developers don’t even know that their app is creating this proxy network, like it’s a little bit downstream from that. It’s a package that they’re using to develop.
that is a malicious intent. But yeah, always exercise caution too when you’re downloading apps, especially from third party sites. Google Play and the Apple App Store offer some level of protection from these apps, but even still, make sure it’s an app that you need and will utilize. And when you’re done needing it and utilizing it, remove it from your phone or device.
And that’s all we’ve got for you today. Thanks so much for listening. Tomorrow we’ll be bringing in a guest, dogespan, to talk about some Microsoft stuff. So we’re pretty excited about that, but until then, thanks for listening and we’ll talk to you tomorrow.
Leave a Reply