Security News

A new Proofpoint report indicates that in late 2022, threat actor TA473 targeted elected officials and staffers in the U.S., as well as experts in European politics and economics. TA473 is a threat actor, known since 2021, that has targeted several countries aligned against the interests of Belarus and Russia; the group is also known as Winter Vivern for some security companies and governmental entities.

IPFS is a peer-to-peer network protocol designed to provide a decentralized and distributed web. In a usual phishing case, the target is enticed to visit a fraudulent phishing page that will steal their credentials and possibly their credit card information; however, this fraudulent page can be hosted on IPFS and accessed via a gateway.

In yet another sign that Telegram is increasingly becoming a thriving hub for cybercrime, researchers have found that threat actors are using the messaging platform to peddle phishing kits and help set up phishing campaigns. "To promote their 'goods,' phishers create Telegram channels through which they educate their audience about phishing and entertain subscribers with polls like, 'What type of personal data do you prefer?'," Kaspersky web content analyst Olga Svistunova said in a report published this week.

Phishers are targeting YouTube content creators by leveraging the service's Share Video by Email feature, which delivers the phishing email from an official YouTube email address. The email informs the targets of a new monetization policy, new rules, and prompts them to view a video.

Telegram has become the working ground for the creators of phishing bots and kits looking to market their products to a larger audience or to recruit unpaid helpers. While the messaging platform has been used for cybercriminal activities for several years, it appears that threat actors in the phishing business have started to rely on it more lately.

The Cyber Police of Ukraine, in collaboration with law enforcement officials from Czechia, has arrested several members of a cybercriminal gang that set up phishing sites to target European users. The suspects are alleged to have created more than 100 phishing portals aimed at users in France, Spain, Poland, Czechia, Portugal, and other nations in the region.

New research from Microsoft's Threat Intelligence team exposed the activities of a threat actor named DEV-1101, which started advertising for an open-source phishing kit to deploy an adversary-in-the-middle campaign. According to Microsoft, the threat actor described the kit as a phishing application with "Reverse-proxy capabilities, automated setup, detection evasion through an antibot database, management of phishing activity through Telegram bots, and a wide range of ready-made phishing pages mimicking services such as Microsoft Office or Outlook."

Microsoft announced that the new Windows 11 build rolling out to Insiders in the Canary channel comes with increased protection against phishing attacks and support for SHA-3 cryptographic hash functions. Enhanced Phishing Protection is a Defender SmartScreen feature introduced with the release of Windows 11 22H2 in September 2022 and is designed to protect user credentials against phishing attacks.

After news broke late last week about Silicon Valley Bank's bank run and collapse, security researchers started warning SVB account holders about incoming SVB-related scams and phishing attempts. Proofpoint researchers flagged a campaign using messages supposedly coming from several cryptocurrency brands, trying to trick users into installing a Smart Contract that would transfer the contents of their wallet to the attacker's wallet.

Phishing attacks have become increasingly prevalent and sophisticated, making it more difficult for individuals to protect themselves from these scams. In this Help Net Security video, Ofek Ronen, Software Engineer at Perception Point, discusses two-step phishing attacks, which are not only dangerous but also evasive, making them even more challenging to detect and avoid.