Pu Chen/ Xiner Zou/ Danlei Wei/ Jiashan Yang
Hackers Could Have Scored Unlimited Airline Miles by Targeting One Platform
Flaws in the Points.com platform, which is used to manage dozens of major travel rewards programs, exposed user data—and could have let an attacker snag some extra perks.
TRAVEL REWARDS PROGRAMMES, such as those provided by hotels and airlines, highlight the unique benefits of joining their club over others. But behind the scenes, several of these programs—including Delta SkyMiles, United MileagePlus, Hilton Honours, and Marriott Bonvoy—share the same digital infrastructure. The business Points, which offers a variety of services including a comprehensive application programming interface (API), provides the backend.
Hacker culture refers to a loosely defined subculture, which is developed around the activities and values of hackers. Hackers are individuals who have advanced computer skills and often engage in activities related to computer programming, network security and digital technology. Hacker culture is characterized by a set of values, attitudes and practices formed over the past decades.
Recently, a malicious advertising campaign was discovered, focusing on enterprise users who are downloading the widely used web conferencing application Webex. In this activity, a malicious actor bought an advertisement imitating the Cisco brand, which was displayed as the top result in Google search.
If you don’t look carefully, the advertisement is completely legal, with the Webex logo and the official website. However, if you click the menu to the right of the advertisement, you will find other details, which show that the advertiser is an individual from Mexico, which is unlikely to be associated with Cisco. Threatening actors take advantage of a weakness in Google ads called tracking templates. According to Google, tracking templates are places where URL tracking information is placed, providing advertisers with valuable indicators. Nevertheless, researchers have found that it can also be used as a filtering and redirection mechanism. MSI Installer is equipped with anti-sandbox function, which only runs in a specific environment. It starts multiple processes, including PowerShell, and installs BatLoader from local sources. BatLoader drops DanaBot in turn.
“Panel #4: Hackers on the Screen and on the Page: Cybersecurity in Pop Culture” by New America is licensed under CC BY-NC 2.0.
W3LL Panel Phishing Kit Used to Hijack Over 56,000 Microsoft 365 Accounts
A relatively unknown threat group W3LL, which started six years ago with a custom tool for bulk email spam, is now running a massive operation by selling a phishing kit that targets Microsoft 365 business email accounts.
Automating a variety of attacks has been one of the key reasons for the rising popularity of phishing kits. While W3LL Panel is just one case, there was a report of a surge in EvilProxy phishing attacks in the last five months. These phishing kits remain a potential threat in today’s dynamic threat landscape, which emphasizes the importance of staying up to date about changing TTPs used by threat actors.
Newman, L. H. (2023, August 3). Hackers Could Have Scored Unlimited Airline Miles by Targeting One Platform. Wired. https://www.wired.com/story/points-travel-rewards-platform-flaws/
Labs, C. (2023, September 15). Hacker News | Latest Cyber Hacking News | Recent Internet Hacking News | Cyware. Cyware Labs. https://cyware.com/hacker-news
Labs, C. (2023, September 11). W3LL Panel Phishing Kit Used to Hijack Over 56,000 Microsoft 365 Accounts | Cyware Hacker News. Cyware Labs. https://cyware.com/news/w3ll-panel-phishing-kit-used-to-hijack-over-56000-microsoft-365-accounts-c9b41439
Thomas, A. (2012). Hacker Stock Photo. In openverse. https://openverse.org/image/808c1504-a96d-4d41-b938-309719db2c05?q=hacker
New America. (2016). Hackers on the Screen and on the Page: Cybersecurity in Pop Culture. In openverse. https://openverse.org/image/9a794c3e-32d7-4fc7-a8eb-3d3a52696996?q=hacker%20culture
Klug, dustball. (2012). Ninja Hacker [Openverse]. In https://cyware.com/news/w3ll-panel-phishing-kit-used-to-hijack-over-56000-microsoft-365-accounts-c9b41439.