November 21, 2022
David Redekop

This Week In Nerd News (TWINN) – November 21, 2022

TWINN #99 Punycode is useful to criminals

YouTube video

Can you tell the difference between tоrоntо.com and toronto.com? Don’t worry, I cannot either. The difference between the letter ‘o’ and the Cyrillic small letter ‘о’ is indistinguishable. There are letters in other character sets that are remarkably similar to ASCII characters, and with the help of punycode, it makes the Toronto URLs look the same.

Let’s take a step back. Punycode is a specific unicode that converts words which cannot be written in ASCII. ASCII itself was developed from telegraph code and became a standard set of usable characters as initially promoted by Bell services. As is common in technology, the stack we have been building relies on foundations that cannot easily be changed, so we find a way to make it work. Punycode is a way of making the machines use ASCII only, while humans can use other character sets.

If there’s one assurance we can count on, it’s that if a human can be deceived, criminals will find a way to monetize it, and that’s what a group called Disneyland Malware Team has capitalized on as reported by Brian Krebs.

Disneyland Malware Team: It’s a Puny World After All

At least modern browsers now display the ASCII code in the URL bar, plus Zero Trust connectivity has always provided protection against this type of phishing attack. Back to the Toronto URL, If you paste tоrоntо.com into a browser in a zero trust environment, you will see how it actually translates to xn--trnt-55dbc.com, which clearly is not the toronto.com we thought we were going to.

Read More: Disneyland Malware Team: It’s a Puny World After All

Researchers Quietly Cracked Zeppelin Ransomware Keys.

This is a lesson in always involving law enforcement in the event of ransomware. It might already have a way to obtain decryption keys.

Read More: Researchers Quietly Cracked Zeppelin Ransomware Keys.

Iran-backed hackers breached a US federal agency that failed to patch year-old bug.

Even though the patching directive was issued, but not complied with once it became obvious that log4j was not as easily weaponized as initially reported.

Read More: Iran-backed hackers breached a US federal agency that failed to patch year-old bug.

How North Korea became a mastermind of crypto cybercrime.

“Crypto analysis firm Chainalysis estimates that North Korea stole approximately $1 billion in the first nine months of 2022 from decentralized crypto exchanges alone.” I would suggest the takeaways is that only Bitcoin is truly decentralized, and only when you use a custodial wallet, is your investment safe. Don’t hold significant amounts on any exchange.

Read More: How North Korea became a mastermind of crypto cybercrime.

Ransomware Group Remarkably Innovative, Microsoft Cautions.

“DEV-0569 notably relies on malvertising, phishing links that point to a malware downloader posing as software installers or updates embedded in spam emails, fake forum pages, and blog comments,” the Microsoft researchers said.

Read More: Ransomware Group Remarkably Innovative, Microsoft Cautions.

Did you know?

ntfy.sh is a wonderful resource to send push notifications for any imaginable scriptable scenario.

Need an IT professional? Request service today.