25K Data leak can affect UAE Police adversely!!!

July 18, 2020 SecurifideAdvisory
0 Comment
darkweb, data-breach, deep-web, phishing, uae-police

25K UAE Police officials data leak can affect them adversely!!!

Few days ago, we have published on our twitter account that an unknown threat actor who goes by name “3lv4n” was trying to sell UAE police data on an underground forum, and later we informed the concerned authorities.

Twitter post of Leak by Security Chronicle
UAE police leak on Underground forum

Today, during deep web scans our security researchers found that the same threat actor has released more data for the above leak. The data include a “.vcf” file which shows more UAE police officials data such as name, home phone number, mobile phone number, email address, personal notes and their designation.

Recent post by threat actor on Underground forum
.vcf file posted by threat actor

“.vcf” stands for ‘Virtual Contact File’ and also known as “vCard”. It is a file format standard for electronic business cards. vCards are often attached to e-mail messages, but can be exchanged in other ways, such as Multimedia Messaging Service (MMS), on the World Wide Web, instant messaging or through QR code. They can contain name and address information, telephone numbers, e-mail addresses, URLs, logos, photographs, and audio clips.

Although, our researchers suspect that the threat actor got hold of a database from the victims android/iOS phone, as the sample screenshots looks like it has been taken from phone, and this is how import and export of “.vcf” file works:- whenever we try to export our contacts from the phone, it gives option to export in “.vcf” format, and again if we want to import same data then we can import through the same “.vcf” file present on the destination mobile phone.

Sample of data posted by the threat actor
.vcf file extracted by our researchers

Our researchers believe that the threat actor is not being paid the quoted amount for the volume of data which they want to sell, hence they are trying to publish the data in partial form to lure more buyers. We have noted the discussion on the underground forum where interested parties are trying to negotiate with the threat actor to buy the data at lesser price and ready to pay in the form of bitcoins.

What our inference is by the continuous revelations of the data is that the concerned party (UAE Police) though cannot be directly attacked but YES, they can be spear-phished or a targeted attack can soon happen on the UAE police, where they might receive any phishing link through a random email on their work email.

Using the leaked email credentials the potential attacker can launch a BEC (Business Email Compromise) campaign against the department where they can impersonate as a official of UAE police, and can place lots of procurement order and approve it from their shell company and commit a huge corporate fraud.

Threat actor posted the volume of data

They can also receive a scam message/vishing calls on their home/office mobile number, as it is also available for sale. As people are prone to click on the message which they receive through a direct text/SMS or on WhatsApp which might redirect them to disclose their credentials, same trick can also affect employees at UAE police.

“A targeted attack can be on an individual or group of individual from the same entity for a malicious intent.” The data might also enable a potential attacker to impersonate as a police officer from either Dubai or Abu Dhabi Police and con/deceit the general public in terms of monetary gains/fraud by using various methods.

Security Chronicle emphasize so much on this leak as in this matter internal as well national security might be compromised as the data belongs to the critical authority of the nation.

Recommendations by Security Chronicle:-

  1. UAE police department can follow a preventive approach, by starting an awareness campaign on phishing to make employees cautious enough to not open any suspicious email which might contain a malicious attachment or link and if they find the email suspicious then report it to their network security team.
  2. Department can also make aware employees on Vishing/SMS scams, which can lead to social engineering attacks and bank frauds.
  3. Department can set modified and out of box rules in their email filter which can prevent any spam message or unintended message.
  4. Department can run a phishing campaign and send purposefully a phishing lookalike email to their employees to cross verify their awareness towards phishing attack.

— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — -

This blog is a part of an independent research which we do on a frequent basis to keep internet a safer place.

Security Chronicle is a team of independent security researchers and a dedicated security news platform to educate, aware netizen on security risks & threats.

Twitter

LinkedIn

Email us at “secchronicle@gmail.com”.

data-breach
breach

Leave a Reply

Your email address will not be published. Required fields are marked *