Security News

In this Help Net Security video, Alex Paquette, COO at Ironscales, discusses the impact in terms of the time and energy required to defend against the never-ending and ever-evolving onslaught of phishing attacks. A recent study conducted by Osterman Research found that IT and security teams spend one-third of their time handling phishing threats every week.

The Luna Moth campaign has extorted hundreds of thousands of dollars from several victims in the legal and retail sectors. The attacks are notable for employing a technique called callback phishing or telephone-oriented attack delivery, wherein the victims are social engineered into making a phone call through phishing emails containing invoices and subscription-themed lures.

Phishing attempts targeting victims in the Middle East increased 100 percent last month in the lead up to the World Cup in Qatar, according to security shop Trellix. Trellix's phishing net also caught emails spoofing Snoonu, the official food delivery partner of the World Cup, that offered fake free match tickets and contained a malicious xlsm attachment.

A sophisticated phishing kit has been targeting North Americans since mid-September, using lures focused on holidays like Labor Day and Halloween. The kit uses multiple evasion detection techniques and incorporates several mechanisms to keep non-victims away from its phishing pages.

Phishing emails distributing the QBot malware are using a DLL hijacking flaw in the Windows 10 Control Panel to infect computers, likely as an attempt to evade detection by security software. If a threat actor creates a malicious DLL using the same name as one of the program's required DLLs and stores it in the same folder as the executable, the program would load that malicious DLL instead and infect the computer.

Users clicking on a link sent through the messaging app are directed to an actor-controlled site, which, in turn, sends them to a landing domain impersonating a well-known brand, from where the victims are once again taken to sites distributing fraudulent apps and bogus rewards. Attacks wherein scammy mobile ads are clicked from an Android device have been observed to culminate in the deployment of a mobile trojan called Triada, which was recently spotted propagating via fake WhatsApp apps.

A ongoing phishing campaign has infected thousands of home and corporate users with a new version of the 'IceXLoader' malware. The discovery of the Nim-based malware came in June 2022 by Fortinet, when IceXLoader was in version 3.0, but the loader was missing key features and generally appeared like a work-in-progress.

CISA is now pushing phishing-resistant multifactor authentication. Roger Grimes has an excellent post reminding everyone that "Phishing-resistant" is not "Phishing proof," and that everyone needs to stop pretending otherwise.

Cybercriminals are getting craftier as auto retailers continue to fall victim to well-disguised cyberattacks. According to the second annual dealership cybersecurity study by CDK Global, 15% of dealers have experienced a cybersecurity incident in the past year.

A phishing-as-a-service platform known as Robin Banks has relocated its attack infrastructure to DDoS-Guard, a Russian provider of bulletproof hosting services. The switch comes after "Cloudflare disassociated Robin Banks phishing infrastructure from its services, causing a multi-day disruption to operations," according to a report from cybersecurity company IronNet.