Security News
Phishing is typically used to gain credentials so attackers have access to an organization's systems, or as a way to deploy malware directly. One of the key reasons phishing is so successful is how easy it is to execute, and how many ways it can be used.
Setting out to find out, the researcher turned to the main domain registrars - GoDaddy, Namecheap and even Google Domains - to first see if he could snag appropriate URLs. "The great thing about using a proxy is that my domain's links previews, in every single platform, fetches Google Translate's exact description while pointing to my link," the researcher explained.
The first report on the new campaign came in a RedDrip Team tweet on March 12, 2020: "Malicious document, pretending to be from the Government of #India with health advisory of Coronavirus, seems delivered by #Transparent Tribe. Victims are lured to enable macro to execute #Crimson #RAT payload.". There have been numerous media reports about the Chinese nation-state APT Vicious Panda.
A serious disconnect exists between how decision makers, and security practitioners perceive phishing prevention, according to a research by Ironscales. Among its key findings, the survey revealed that decision makers are four times more likely than security practitioners to consider email security the highest priority, suggesting that security personnel believe that they have a sufficient handle on phishing prevention while the C-Suite sees substantial business risk.
Researchers are warning of an increase in phishing emails that use YouTube redirect links, which help attackers skirt traditional defense measures. If certain malicious URLs are blocked by web browser phishing filters, attackers commonly use a redirector URL to bypass these filters and redirect the victim to their phishing landing page.
Even though the overall volume of malware dropped in 2019, phishing and business email compromise went up sharply, according to Trend Micro's 2019 Cloud App Security Roundup. More than 11 million of the 12.7 million high-risk emails blocked in 2019 were phishing related, making up 89% of all blocked emails.
Some 84% of phishing URLs seen by content delivery network Akamai were abusing media and e-commerce companies. Phishing attacks try to trick unsuspecting users by mimicking well-known brands and companies.
Over four months, it found 1,221 active phishing domains that were not part of the Akamai ecosystem but which either consumed data from or redirected victims to Akamai customer sites. "More importantly, we got a clear understanding on the number of victims, and such visibility is rarely published." Since he only used a sample dataset from the Akamai logs, he believes the true number of phishing sites using resources through Akamai is much higher.
Recently discovered spear-phishing emails are using a unique "Scare-factor" lure to convince victims to open attached malicious Microsoft Excel documents: Their HIV test results. "But they should never lead us to fall victim to phishing campaign. Threat actors regularly use purported health information in their phishing lures because it evokes an emotional response that is particularly effective in tricking potential victims to open malicious attachments or click malicious links."
Recently discovered spear-phishing emails are using a unique "Scare-factor" lure to convince victims to open attached malicious Microsoft Excel documents: Their HIV test results. "But they should never lead us to fall victim to phishing campaign. Threat actors regularly use purported health information in their phishing lures because it evokes an emotional response that is particularly effective in tricking potential victims to open malicious attachments or click malicious links."