Security News

According to Reuters sources, the attack likely came from Darkhotel, a group that according to MITRE has been active since at least 2004. When you read about it, all the bad guy did was set up a phishing website that emulated the World Health Organization's internal mail server to harvest logins and passwords.

The latest malicious COVID-19 campaigns are repurposing conventional phishing emails with a coronavirus angle, says security trainer KnowBe4. With the coronavirus upper most in our minds, bad actors have been deploying different waves of COVID-19 phishing emails, each with its own unique approach, according to KnowBe4.

British police are saying coronavirus-related fraud reports have spiked by 400 per cent over the past six weeks as the COVID-19 illness continues its inexorable march through humanity. Although absolute numbers of reports are low, perhaps kept that way because the public now knows Action Fraud is largely useless, the National Fraud Intelligence Bureau said there were a total of 200 reports of coronavirus scams made to them since 1 February.

The Russia-linked cyber-espionage group known as Pawn Storm has been leveraging hijacked email accounts to send phishing emails to potential victims, Trend Micro's security researchers reveal. For years, Pawn Storm has relied on phishing to gain access to systems of interest, but Trend Micro observed a shift in tactics, techniques, and procedures in May 2019, when the group started using the compromised email accounts of high-profile targets to send credential phishing emails.

Phishing is typically used to gain credentials so attackers have access to an organization's systems, or as a way to deploy malware directly. One of the key reasons phishing is so successful is how easy it is to execute, and how many ways it can be used.

Setting out to find out, the researcher turned to the main domain registrars - GoDaddy, Namecheap and even Google Domains - to first see if he could snag appropriate URLs. "The great thing about using a proxy is that my domain's links previews, in every single platform, fetches Google Translate's exact description while pointing to my link," the researcher explained.

The first report on the new campaign came in a RedDrip Team tweet on March 12, 2020: "Malicious document, pretending to be from the Government of #India with health advisory of Coronavirus, seems delivered by #Transparent Tribe. Victims are lured to enable macro to execute #Crimson #RAT payload.". There have been numerous media reports about the Chinese nation-state APT Vicious Panda.

A serious disconnect exists between how decision makers, and security practitioners perceive phishing prevention, according to a research by Ironscales. Among its key findings, the survey revealed that decision makers are four times more likely than security practitioners to consider email security the highest priority, suggesting that security personnel believe that they have a sufficient handle on phishing prevention while the C-Suite sees substantial business risk.

Researchers are warning of an increase in phishing emails that use YouTube redirect links, which help attackers skirt traditional defense measures. If certain malicious URLs are blocked by web browser phishing filters, attackers commonly use a redirector URL to bypass these filters and redirect the victim to their phishing landing page.

Even though the overall volume of malware dropped in 2019, phishing and business email compromise went up sharply, according to Trend Micro's 2019 Cloud App Security Roundup. More than 11 million of the 12.7 million high-risk emails blocked in 2019 were phishing related, making up 89% of all blocked emails.