The cybersecurity nonprofit, Security Alliance, has unveiled a new tool designed to aid security researchers in confirming crypto phishing attacks, which resulted in over $400 million in losses during the first half of this year.
On Monday, the Security Alliance (SEAL) announced that it had been developing a tool to empower “advanced users and security researchers” to combat crypto phishing by verifying reported phishing websites as malicious.
Cybersecurity researchers frequently face challenges in seeing or reproducing the content that users encounter when they click on potentially harmful links, as scammers have integrated “cloaking features” to display innocuous content to suspected web scanners.
SEAL’s innovative tool, the “TLS Attestations and Verifiable Phishing Reports” system, is specifically designed to assist security researchers in proving that a reported malicious website indeed hosts the phishing content users claim to see.
“It’s meant to be a resource for experienced ‘good guys’ to collaborate more effectively, rather than for the average user,” SEAL informed Cointelegraph.
“What we needed was a way to see what the user was seeing. After all, if someone claims that a URL was serving malicious content, we can’t just take their word for it.”
How SEAL’s verifiable phishing reports function
The system operates by having a trusted attestation server act as a cryptographic oracle during the TLS connection.
Transport Layer Security (TLS) is a crucial web protocol that ensures secure communications over a network by encrypting data to safeguard it from eavesdropping and tampering.
Related: Venus Protocol user faces a $13.5M loss due to phishing attack
The user or researcher runs a local HTTP proxy that intercepts connections, captures connection details, and relays them to the attestation server. This server manages all encryption/decryption tasks while the user sustains the actual network connection.
Verifiable Phishing Reports
Users can submit “Verifiable Phishing Reports,” which serve as cryptographically signed proofs showing precisely what content a website delivered to them.
SEAL is then able to verify these reports without needing to visit the phishing sites directly, complicating efforts for attackers to obscure their malicious content.
“This tool is designed exclusively for advanced users and security researchers,” noted SEAL on the GitHub download page.
Magazine: Bitcoin’s ‘macro whiplash,’ Shuffle experiences data breach: Hodler’s Digest