Cybersecurity nonprofit Security Alliance has released a new tool to help security researchers examine crypto-phishing attacks that led to more than $400 million stolen in the first half of this year.
On Monday, the Security Alliance (SEAL) announced that it is working on a new tool that will allow “advanced users and security researchers” to join the fight against crypto phishing by verifying whether reported phishing websites are malicious.
Cybersecurity researchers added that users often cannot see or reproduce what they see when they encounter a potentially malicious link, as scammers have developed “cloaking capabilities” that feed innocuous content to suspicious web scanners.
The SEAL’s new tool, called the “TLS Attestations and Verifiable Phishing Reports” system, aimed at assisting security researchers, can help prove that malicious websites actually contain phishing content that users claim to have seen.
“This is intended to be a tool to help experienced ‘good people’ work together better, not the average user,” SEAL told Cointelegraph.
“What we needed was a way to see what users were looking at. After all, if someone claims that a URL is serving malicious content, we can’t just take their word for it.”
How SEAL Verifiable Phishing Reports Work
This system works by having a trusted authentication server act as a cryptographic oracle during TLS connections.
Transport Layer Security (TLS) is a web protocol that ensures secure communications over computer networks by encrypting data to protect it from eavesdropping and tampering.
Related: Venus Protocol users lose $13.5 million in phishing attack
A user or researcher runs a local HTTP proxy that intercepts connections, retrieves connection details, and sends them to an attestation server. The server handles all encryption/decryption operations while the user maintains the actual network connection.
Verifiable phishing report
Users can submit “verifiable phishing reports,” which are cryptographically signed evidence of exactly what content a website served.
SEALs can verify that these are legitimate without visiting the phishing sites themselves, making it much harder for attackers to hide malicious content.
“This is a tool intended for advanced users and security researchers only,” SEAL writes on the GitHub download page.
Magazine: Bitcoin’s ‘macro whiplash’, Shuffle suffers from data breach: Hodler’s Digest
