Security News

An ongoing phishing campaign is reeling in victims with a recycled Cisco security advisory that warns of a critical vulnerability. The campaign urges victims to "Update," only to steal their credentials for Cisco's Webex web conferencing platform instead. The campaign is looking to leverage the wave of remote workers who, in the midst of the coronavirus pandemic have come to rely on online conferencing tools like Webex.

Enterprise SaaS-based attacks are becoming more prevalent, according to Menlo, which said that 97% of these attacks use just five popular SaaS services. With the coronavirus spreading, such phishing attacks are likely to increase, while attackers are expected to continue to evolve their techniques.

Akamai researchers have seen recycled phishing kits from as far back as July being used in coronavirus-based phishing attacks now. While most of these URLs are new, the phishing kits that operate in the background are not.

Researchers are warning of an upward surge in social-engineering lures in malicious emails that promise victims financial relief during the coronavirus pandemic. This latest trend shows cybercriminals continuing to look to the newest developments in the coronavirus saga as leverage for phishing campaigns, targeted emails spreading malware and more.

The Cofense Phishing Defense Center discovered new phishing attacks that use socially engineered emails promising access to important information about cases of COVID-19 in the receiver's local area, according to a blog post published Tuesday by Cofense researcher Kian Mahdavi. "While these secure email gateways are designed to safeguard end users from clicking on malicious links and attachments, both failed in a new phishing attack we recently observed," Mahdavi wrote in the post.

A new phishing campaign is using the fear of being infected as a way to spread malware, as spotted by security trainer KnowBe4. Cybercriminals who specialize in phishing attacks have been exploiting the coronavirus for the past couple of months.

Google says it has seen a drop in the number of warnings sent for potential government-backed phishing or malware attempts last year, mainly due to improved protection systems. "One reason for this decline is that our new protections are working-attackers' efforts have been slowed down and they're more deliberate in their attempts, meaning attempts are happening less frequently as attackers adapt," Google says.

There has been a steady increase in the number of coronavirus COVID-19-related email attacks since January, according to security firm Barracuda Networks, but researchers have observed a recent spike in this type of attack, up a whopping 667% since the end of February. "The attacks use common phishing tactics that are seen regularly; however, a growing number of campaigns are using the coronavirus as a lure to try to trick distracted users to capitalize on the fear and uncertainty of their intended victims," the company said.

Menlo Security, a leader in cloud security, announced its Global Cloud Proxy Platform built on an Isolation Core is integrated with VMware Workspace ONE Unified Endpoint Management to deliver mobile isolation capabilities. The solution will allow Workspace ONE UEM customers to better protect mobile devices from ransomware and phishing attacks by isolating threats in the cloud and preventing them from reaching the endpoint.

According to Reuters sources, the attack likely came from Darkhotel, a group that according to MITRE has been active since at least 2004. When you read about it, all the bad guy did was set up a phishing website that emulated the World Health Organization's internal mail server to harvest logins and passwords.