Awareness around COVID-19 SMS Phishing (Smishing)

This blog-post discusses an issue known for almost 20years, which is related to the online SMS platforms. Given the recent pandemic and the use of the GSM network for sending SMS notifications to the public, it in an opportunity to raise awareness regarding Smishing (SMS Phishing) attempts, targeting the public which is affected by COVID-19.

In Greece, the number 13033 is being used to send SMS confirmations to people who use this particular service, which is used for registering in advance their daily movements when it comes to get essential goods (such as, going to the supermarket, the pharmacy, etc.) before they exit their homes. Due to the COVID-19 pandemic, this process attempts to limit people’s unnecessary movement(s), in an attempt to minimise the risk of getting affected, or contaminating others in case the person is a carrier of the virus.

Given the importance of the pandemic and the necessity of this service, it is mandatory to mention that it is possible to spoof the SEND ID in order to send SMS updates to recipients pretending to be from the original 13033 service number. This action, have the potential to trick the recipients (general public) in clicking on malicious links, or by using Social Engineering (and potentially scare tactics) to ask recipients to pay a fine that has been imposed. 

"Given the current situation, it would be beneficial to everyone if the Ministry in Greece responsible for operating the 13033 service (and other Ministries around the globe that use similar services), could promote a campaign educating all recipients regarding the potential threat of Smishing"

More specifically, the public should be informed that they should under no circumstances visits any URLs received by the 13033 service and that the 13033 service will not send any messages requesting to pay any fines. The public need to be aware that in case they receive such messages, these should be ignored and deleted.  

The proof of concept for the alluded was tested and proven by @DimisMeu and we decided to publish this blog post in order to be able to raise the necessary awareness. 

Command line (CLI) check and monitor COVID-19 statistics

Use the following command to quickly check for COVID-19 (corona virus) statistics from the console (CLI), for the countries you want to monitor.

Command line:
clear && curl -s https://corona-stats.online/?minimal=true | grep "Rank\|(DE)\|(IT)\|(ES)\|(GR)\|(US)\|(AE)\|(GB)\|(CH)\|(AT)\|(NL)"

Modify the command as needed with any valid ISO 3166-1 Alpha-2 Country Codes. 

Thanks goes to @ekrysis for collecting the data sources and providing the means to query the information. See more at GitHub: https://github.com/sagarkarira/coronavirus-tracker-cli 

Some examples:
# Get data from worldometers api i.e source 2
curl https://corona-stats.online

Mac OS - Show the full path in the Finder title bar

A very useful feature that you might want to enable on Mac OS is to always have the full path of the working directory displayed in the Finder title bar. 

> Using the command line, run the following command to activate it:
defaults write com.apple.finder _FXShowPosixPathInTitle -bool true; killall Finder

> To deactivate the feature run the command:
defaults write com.apple.finder _FXShowPosixPathInTitle -bool false; killall Finder

NOTE: The above commands will terminate all of your open Finder windows. If you do not wish to have your Finder windows closed, you can run the commands without the
"; killall Finder" part. In that case, only new windows will have the full path until you close and reopen the ones that do not have it. 

How to "cheat" from reopening all of your Finder windows:

• Option A) On your Finder icon in your Dock, hold the ⌥ (alt/option) key and Right-Click, then Click Relaunch.
• Option B) Bring in-focus a Finder window. Hold the key Shift on the keyboard and click the  menu. The option Force Quit Finder will be available.  

Tip: You can Show/Hide the Path Bar at the bottom of the Finder windows at anytime from the menu. Bring in-focus a Finder window and to to View > Show Path Bar. This is useful if you need to instantly navigate up several folders. 

Bonus: Show/Hide the hidden files in Finder. 

1. Open the folder where you want to display the hidden files in Finder.
2. Hold down the keys Command, Shift and Period: cmd + shift + .
3. The hidden files and folders on your Mac will then appear partially transparent.

Security BSides Athens 2019

Security BSides Athens 2019 was the 4th Ethical Hacking / Information Security / Cybersecurity conference that took place in Athens, Greece. Once again we created a conference for the information security community, by the information security community, with a special thanks to all our volunteers. 

Due to the feedback we received we kept the same location again this year allowing more people to explore Athens Impact Hub. We try our best to make the event a unique experience each year and a day to look forward to. We have dedicated ourselves in having more quality in the event, rather that focus on quantity. 

Security BSides Athens 2019 (www.bsidesath.gr) took place at Impact Hub Athens (link). (All the information for our previous events is archived and can be found here: https://www.bsidesath.gr/index.php#Pevents)

This year we managed to reach 230 attendees throughout the day exceeding our expectation. 

We are the conference that introduced the "gamification" of the CTF, and we are very proud that we did that again this year! We tried to have a realistic CTF scenario with the help of our CTF partner Hack The Box, while demonstrating the ethical side of hacking. 

We look forward to seeing you at

Security BSides Athens 2020! 

Gulf Information Security Expo & Conference (GISEC 2019)

The Gulf Information Security Expo & Conference (GISEC) brings together over 6,000 top security professionals to discover cutting-edge solutions, share insights with industry experts and equip themselves with the right tools to protect their businesses from rapidly-evolving cyber attackers.

Supported by Smart Dubai, Dubai Police and the National Cyber Security Center KSA, GISEC is your opportunity to do business and share ideas with the world’s most important tech companies, government officials and private industries.

I was invited to go on stage and present at @GISECDUBAI at the #DarkStage, presenting on “CyberSecurity in Evolutionary Terms”.

#CyberDubai #GISEC #GISEC2019 #SmartDubai #SecurityMindset #ThoughtLeadership


See the GISEC 2019 - Post-show report can be found here

GISEC 2019 Speaker Profile: https://www.gisec.ae/conference-speakers/grigorios-fragkos