Security News

To address this issue and provide practical prevention solutions, Criminal IP, a CTI search engine developed by AI SPERA, launched a comprehensive Chrome extension named "Criminal IP Phishing scams link checker" on May 22, 2023. A web browsing guard against Phishing, Malware, and Ransomware based on AI. This Criminal IP's Chrome extension offers real-time scanning of websites worldwide, using AI-based detection to identify recently created phishing sites.

Phishing scams pose an escalating danger as cybercriminals employ increasingly sophisticated techniques, rendering their detection and prevention more challenging. In this Help Net Security video, Abhilash Garimella, Head of Research at Bolster, talks about the evolution of phishing and scam websites in 2023.

The threat actors behind the CopperStealer malware resurfaced with two new campaigns in March and April 2023 that are designed to deliver two novel payloads dubbed CopperStealth and CopperPhish. Active since at least 2021, Water Orthrus has a track record of leveraging pay-per-install networks to redirect victims landing on cracked software download sites to drop an information stealer codenamed CopperStealer.

A new phishing-as-a-service platform named Greatness has been leveraged by cybercriminals to target business users of the Microsoft 365 cloud service since at least mid-2022, effectively lowering the bar to entry for phishing attacks. "Greatness, for now, is only focused on Microsoft 365 phishing pages, providing its affiliates with an attachment and link builder that creates highly convincing decoy and login pages," Cisco Talos researcher Tiago Pereira said.

Manufacturing businesses, healthcare organizations, and tech companies in English-speaking countries are the most targeted by phishers leveraging a relatively new phishing-as-a-service tool called Greatness, created to phish Microsoft 365 users. The Greatness PaaS. Greatness is a PaaS tool/service specifically designed to compromise Microsoft 365 credentials.

In a new report by Cisco Talos, researchers explain how the Greatness phishing platform launched in mid-2022, with a spike in activity in December 2022 and then again in March 2023. The phishing service will automatically inject the target's company logo and background image from the employer's actual Microsoft 365 login page.

The National Police of Spain have arrested two hackers, 15 members of a criminal organization, and another 23 people involved in illegal financial operations in Madrid and Seville for alleged bank scams. The cybercrime operation is an email and SMS-based phishing campaign that allegedly scammed over 300,000 people and resulted in confirmed losses of at least 700,000 euros.

The report revealed a significant increase in MFA deployment for customers, which jumped to 57% from 45%. "Not all MFA is equal, and even though businesses know legacy MFA tools are not effective to stay secure, we're seeing they're still using them as primary tools of defense," said Ronnie Manning, CMO, Yubico. "Now more than ever, education around the importance of phishing-resistant MFA is critical to officially move away from legacy MFA tools that are leaving thousands of businesses exposed to cyberattacks around the world," Manning continued.

The report found that a majority of modern phishing attacks rely on stolen credentials and outlined the growing threat from Adversary-in-the-Middle attacks, increased use of the InterPlanetary File System, as well as reliance on phishing kits sourced from black markets and AI tools like ChatGPT. "Phishing remains one of the most prevalent threat vectors cybercriminals utilize to breach global organizations. Year-over-year, we continue to see an increase in the number of phishing attacks which are becoming more sophisticated in nature. Threat actors are leveraging phishing kits & AI tools to launch highly effective e-mail, SMiShing, and Vishing campaigns at scale"," said Deepen Desai, Global CISO and Head of Security, Zscaler. "AitM attacks supported by growth in Phishing-as-a-Service have allowed attackers to bypass traditional security models, including multi-factor authentication. To protect their environment, organizations should adopt a zero trust architecture to significantly minimize the attack surface, prevent compromise, and reduce the blast radius in case of a successful attack," added Desai.

Google's Threat Analysis Group has been monitoring and disrupting Russian state-backed cyberattacks targeting Ukraine's critical infrastructure in 2023. Google reports that from January to March 2023, Ukraine received roughly 60% of the phishing attacks originating from Russia, making it the most prominent target.