Tag: Phishing

Account takeover attacks ramping up, leading to explosion of phishing

Account takeover attacks (ATO), in which a person’s credentials are stolen and used to send emails from their real account, often result in phishing attacks being sent from the victim’s account, according to a Barracuda Networks report. Out of the 60 total ATO incident recorded, 78% led to phishing emails, said the report.

Barracuda randomly selected 50 organizations to study from April to June 2018. The goal of the study was to analyze ATO attacks, which are much less likely to be blocked by security systems that filter for domain, sender, or IP reputation, said the report.

Read more about the findings of the new Barracuda report on TechRepublic.

This new UK phishing attack uses an old trick to steal passwords and credit card details

A new phishing campaign in the UK is using an old trick in an effort to steal login credentials, payment details and other sensitive information from victims by claiming to offer them a tax refund which can only be claimed online. The message claims to be the UK government’s tax office, HMRC, and tells potential victims that they’re due a tax refund of £542.94 “directly” onto their credit card.

In an attempt to pressure targets into falling for the scheme, they’re told that the link to the “customer” portal” expires on the day the message is received.

Read more about the new phishing campaign on ZDNet.

Phished credentials caused twice as many breaches than malware in the past year

Personal device use for remote work poses the biggest security risk to organisations safeguarding their increasingly mobile and cloud-based IT environment, according to a new survey of 100 UK-based senior IT security professionals. The findings also reveal that phishing attacks targeting user credentials continue to dominate as the primary source of security breaches.

Conducted from March to May by Rant, the survey found 58 percent of respondents believe that network access from non-corporate and personally-owned devices such as laptops, desktops or mobile phones is the highest risk in managing remote users, among other findings.

Read more about the findings of the new Rant survey on Help Net Security.

Analysis of half-a-billion emails reveals malware-less email attacks are on the rise

FireEye analyzed over half-a-billion emails from 1H 2018, and found that 32% of email traffic seen in the first half of 2018 was considered ‘clean’ and actually delivered to an inbox. Their report also found that 1 in every 101 emails had malicious intent. When compared to the previous six-month period, the changes depict that email-based threats keep increasing.

With email security solutions focused on detecting malware, cyber criminals are now adapting their attacks, exposing organizations to malware-less assaults such as CEO fraud. The majority of attacks blocked (90%) during analysis were malware-less. Phishing attacks alone made up 81% of the blocked malware-less emails, almost doubling from January to June 2018.

Read more about the results form the new report on Help Net Security.

What are phishing kits? Web components of phishing attacks explained

Phishing is a social attack, directly related to social engineering (which takes advantage of human traits like curiosity and compasion and a desire to help).  Commonly centered around email, criminals use phishing to obtain access or information. A phishing attack with a directed focus is called spear phishing.

Phishing attacks can trick users to clicking on a link to a site with malicious code or downloading code directly. Or they can trick users into revealing confidential information.

If a criminal wants to target a group or person within a company, they will use spear phishing to make the email look and feel legitimate. A phishing kit is the web component, or the back-end to a phishing attack. It’s the final step in most cases, where the criminal has replicated a known brand or organization. The kit helps the bad guys mirror legitimate websites, like the one from your bank.

Read more about phishing kits and how they work on CSO.

And to help protect yourself from this threat inform your strategy with insights from our Strategy Page.

Carbanak/Cobalt/FIN7 Group Targets Russian, Romanian Banks in New Attacks

The most financially destructive cybercrime organization in the world continues to hammer away at financial institution targets: The Carbanak Group – aka Cobalt Group and FIN7 – most recently was spotted trying to break into Russian and Romanian banks with spear-phishing emails loaded with dual malicious links.

The twofer strategy of loading an email with both a Word document and a JPEG – both rigged with malware – appears to be an insurance policy of sorts that the victim will be tempted to click on at least one of the links that leads to the malicious files, according to Richard Hummel, threat research manager for Arbor ASERT, which analyzed the group’s latest attack campaign.

Read more about the latest campaign by the Carbanak Group, whose alleged leader was arrested in Spain earlier this year, on DarkReading.

WhatsApp: Mobile Phishing’s Newest Attack Target

According to Verizon, 90% of all data breach incidents begin with a phish — and mobile is the fastest-growing vector of attack. New Wandera research shows a new phishing site is created every 20 seconds. Yet, within mobile phishing there are many different techniques and campaigns being employed by attackers, making it difficult to keep up with the latest threats.

Researchers at Wandera have observed a new trend that’s been growing in popularity among cybercriminals — with dozens of new attacks being detected every day, many last less than 24 hours before the campaign is shut down. This vast family of phishing attacks can be identified by a number of common features, most notably centering on WhatsApp.

Read more about the new trend in mobile phishing on DarkReading.

Iranian Hackers Charged in March Are Still Actively Phishing Universities

An Iranian hacking group has continued its phishing operations undeterred by indictments from the US Department of Justice. The group’s name is Cobalt Dickens or Silent Librarian. In March 2018, the US DOJ charged nine hackers it believed were behind the group’s activity.

The nine were charged with carrying out cyber-attacks against 144 US universities and 176 universities in 21 foreign countries, but also attacks against 47 US and foreign companies active in various private sectors. US cyber-security firm Secureworks says it has detected new phishing attacks carried out by the same Cobalt Dickens group.

Read more about the new Cobalt Dickens campaign targeting 76 universities located in 14 countries, on BleepingComputer.

Recent DNC Hacking Attempt Was Just a Simulated Phishing Test

A recent hacking attempt against the Democratic National Committee (DNC) proved to be a false alarm (see: Hackers again target Democratic National Committee), according to a clarifying statement released by the DNC chief security officer Bob Lord.

The attempted hack came to light after CNN and the Washington Post published news stories about a phishing attempt against a website owned by the DNC. The reports cited an alert issued by US cyber-security firm and government contractor Lookout.

Read more about the attempted hack that proved to be simulated phishing test, one which had not been authorized by the DNC, on BleepingComputer.

Latin America Served with ‘Dark Tequila’ Banking Malware

An advanced form of banking malware has been targeting users in Latin America since at least 2013, Kaspersky Lab researchers report. Most victims are in, or connected to, Mexico.

The malware, dubbed “Dark Tequila,” carries a multistage payload and spreads to victims via spear-phishing emails and infected USB devices. Its primary focus is stealing financial information; however, once on a target machine, it lifts credentials to other popular websites, business and personal email addresses, domain registers, and file storage accounts.

Read more about the Dark Tequila banking malware on DarkReading.