Security News

Users clicking on a link sent through the messaging app are directed to an actor-controlled site, which, in turn, sends them to a landing domain impersonating a well-known brand, from where the victims are once again taken to sites distributing fraudulent apps and bogus rewards. Attacks wherein scammy mobile ads are clicked from an Android device have been observed to culminate in the deployment of a mobile trojan called Triada, which was recently spotted propagating via fake WhatsApp apps.

A ongoing phishing campaign has infected thousands of home and corporate users with a new version of the 'IceXLoader' malware. The discovery of the Nim-based malware came in June 2022 by Fortinet, when IceXLoader was in version 3.0, but the loader was missing key features and generally appeared like a work-in-progress.

CISA is now pushing phishing-resistant multifactor authentication. Roger Grimes has an excellent post reminding everyone that "Phishing-resistant" is not "Phishing proof," and that everyone needs to stop pretending otherwise.

Cybercriminals are getting craftier as auto retailers continue to fall victim to well-disguised cyberattacks. According to the second annual dealership cybersecurity study by CDK Global, 15% of dealers have experienced a cybersecurity incident in the past year.

A phishing-as-a-service platform known as Robin Banks has relocated its attack infrastructure to DDoS-Guard, a Russian provider of bulletproof hosting services. The switch comes after "Cloudflare disassociated Robin Banks phishing infrastructure from its services, causing a multi-day disruption to operations," according to a report from cybersecurity company IronNet.

In this Help Net Security video, Tonia Dudley, VP, CISO at Cofense, provides a look at the various changes seen in the phishing threat landscape. Dudley talks about the impact of credential phishing and business email compromise, which allow cybercriminals to steal substantial amounts of money from global organizations.

The Robin Banks phishing-as-a-service platform is back in action with infrastructure hosted by a Russian internet company that offers protection against distributed denial-of-service attacks. Robin Banks faced operational disruption in July 2022, when researchers at IronNet exposed the platform as a highly threatening phishing service targeting Citibank, Bank of America, Capital One, Wells Fargo, PNC, U.S. Bank, Santander, Lloyds Bank, and the Commonwealth Bank.

Following Musk's tweets, BleepingComputer observed newer phishing campaigns emerging with threat actors now targeting verified accounts. Like many phishing emails, these emails convey a false sense of urgency, urging the user to sign-in to their Twitter account or risk "Suspension."

As phishing attacks soar in frequency and sophistication and are delivered by an entirely new breed of cybercriminals, it's time we utilize the latest technology to anticipate threats before they advance. Smartphones have become increasingly targeted by hacking attempts - especially since the pandemic, with total phishing attacks in the second quarter of 2022 rising to over 1 million.

Dropbox has suffered a data breach, but users needn't worry because the attackers did not gain access to anyone's Dropbox account, password, or payment information. The compromised repositories contain "Copies of third-party libraries slightly modified for use by Dropbox, internal prototypes, and some tools and configuration files used by the security team" - but not code for Dropbox core apps or infrastructure.