Account takeover attacks (ATO), in which a person’s credentials are stolen and used to send emails from their real account, often result in phishing attacks being sent from the victim’s account, according to a Barracuda Networks report. Out of the 60 total ATO incident recorded, 78% led to phishing emails, said the report.
Barracuda randomly selected 50 organizations to study from April to June 2018. The goal of the study was to analyze ATO attacks, which are much less likely to be blocked by security systems that filter for domain, sender, or IP reputation, said the report.
Read more about the findings of the new Barracuda report on TechRepublic.
A new phishing campaign in the UK is using an old trick in an effort to steal login credentials, payment details and other sensitive information from victims by claiming to offer them a tax refund which can only be claimed online. The message claims to be the UK government’s tax office, HMRC, and tells potential victims that they’re due a tax refund of £542.94 “directly” onto their credit card.
In an attempt to pressure targets into falling for the scheme, they’re told that the link to the “customer” portal” expires on the day the message is received.
Read more about the new phishing campaign on ZDNet.
Personal device use for remote work poses the biggest security risk to organisations safeguarding their increasingly mobile and cloud-based IT environment, according to a new survey of 100 UK-based senior IT security professionals. The findings also reveal that phishing attacks targeting user credentials continue to dominate as the primary source of security breaches.
Conducted from March to May by Rant, the survey found 58 percent of respondents believe that network access from non-corporate and personally-owned devices such as laptops, desktops or mobile phones is the highest risk in managing remote users, among other findings.
FireEye analyzed over half-a-billion emails from 1H 2018, and found that 32% of email traffic seen in the first half of 2018 was considered ‘clean’ and actually delivered to an inbox. Their report also found that 1 in every 101 emails had malicious intent. When compared to the previous six-month period, the changes depict that email-based threats keep increasing.
With email security solutions focused on detecting malware, cyber criminals are now adapting their attacks, exposing organizations to malware-less assaults such as CEO fraud. The majority of attacks blocked (90%) during analysis were malware-less. Phishing attacks alone made up 81% of the blocked malware-less emails, almost doubling from January to June 2018.
Phishing is a social attack, directly related to social engineering (which takes advantage of human traits like curiosity and compasion and a desire to help). Commonly centered around email, criminals use phishing to obtain access or information. A phishing attack with a directed focus is called spear phishing.
Phishing attacks can trick users to clicking on a link to a site with malicious code or downloading code directly. Or they can trick users into revealing confidential information.
If a criminal wants to target a group or person within a company, they will use spear phishing to make the email look and feel legitimate. A phishing kit is the web component, or the back-end to a phishing attack. It’s the final step in most cases, where the criminal has replicated a known brand or organization. The kit helps the bad guys mirror legitimate websites, like the one from your bank.
Read more about phishing kits and how they work on CSO.
And to help protect yourself from this threat inform your strategy with insights from our Strategy Page.
The most financially destructive cybercrime organization in the world continues to hammer away at financial institution targets: The Carbanak Group – aka Cobalt Group and FIN7 – most recently was spotted trying to break into Russian and Romanian banks with spear-phishing emails loaded with dual malicious links.
The twofer strategy of loading an email with both a Word document and a JPEG – both rigged with malware – appears to be an insurance policy of sorts that the victim will be tempted to click on at least one of the links that leads to the malicious files, according to Richard Hummel, threat research manager for Arbor ASERT, which analyzed the group’s latest attack campaign.
According to Verizon, 90% of all data breach incidents begin with a phish — and mobile is the fastest-growing vector of attack. New Wandera research shows a new phishing site is created every 20 seconds. Yet, within mobile phishing there are many different techniques and campaigns being employed by attackers, making it difficult to keep up with the latest threats.
Researchers at Wandera have observed a new trend that’s been growing in popularity among cybercriminals — with dozens of new attacks being detected every day, many last less than 24 hours before the campaign is shut down. This vast family of phishing attacks can be identified by a number of common features, most notably centering on WhatsApp.
Read more about the new trend in mobile phishing on DarkReading.
An Iranian hacking group has continued its phishing operations undeterred by indictments from the US Department of Justice. The group’s name is Cobalt Dickens or Silent Librarian. In March 2018, the US DOJ charged nine hackers it believed were behind the group’s activity.
The nine were charged with carrying out cyber-attacks against 144 US universities and 176 universities in 21 foreign countries, but also attacks against 47 US and foreign companies active in various private sectors. US cyber-security firm Secureworks says it has detected new phishing attacks carried out by the same Cobalt Dickens group.
Read more about the new Cobalt Dickens campaign targeting 76 universities located in 14 countries, on BleepingComputer.
The attempted hack came to light after CNN and the Washington Post published news stories about a phishing attempt against a website owned by the DNC. The reports cited an alert issued by US cyber-security firm and government contractor Lookout.
Read more about the attempted hack that proved to be simulated phishing test, one which had not been authorized by the DNC, on BleepingComputer.
An advanced form of banking malware has been targeting users in Latin America since at least 2013, Kaspersky Lab researchers report. Most victims are in, or connected to, Mexico.
The malware, dubbed “Dark Tequila,” carries a multistage payload and spreads to victims via spear-phishing emails and infected USB devices. Its primary focus is stealing financial information; however, once on a target machine, it lifts credentials to other popular websites, business and personal email addresses, domain registers, and file storage accounts.
Read more about the Dark Tequila banking malware on DarkReading.