Security News

In this Help Net Security video, Roman Faithfull, Cyber Intelligence Analyst at Digital Shadows, talks about how threat actors mobilize new members within the cybercriminal ecosystem. Cybercriminal forums are awash with users advertising and requesting the services of developers to design fresh new malware.

To help combat the constant risk of password theft, Microsoft added phishing protection in Windows 11 Version 22H2. When enabled, Enhanced Phishing Protection is offered through Microsoft Defender SmartScreen. If Enhanced Phishing Protection detects a user entered their Windows password into a website or an application, an alert and prompt are shown warning the user to change their password.

In this Help Net Security video, Alex Paquette, COO at Ironscales, discusses the impact in terms of the time and energy required to defend against the never-ending and ever-evolving onslaught of phishing attacks. A recent study conducted by Osterman Research found that IT and security teams spend one-third of their time handling phishing threats every week.

The Luna Moth campaign has extorted hundreds of thousands of dollars from several victims in the legal and retail sectors. The attacks are notable for employing a technique called callback phishing or telephone-oriented attack delivery, wherein the victims are social engineered into making a phone call through phishing emails containing invoices and subscription-themed lures.

Phishing attempts targeting victims in the Middle East increased 100 percent last month in the lead up to the World Cup in Qatar, according to security shop Trellix. Trellix's phishing net also caught emails spoofing Snoonu, the official food delivery partner of the World Cup, that offered fake free match tickets and contained a malicious xlsm attachment.

A sophisticated phishing kit has been targeting North Americans since mid-September, using lures focused on holidays like Labor Day and Halloween. The kit uses multiple evasion detection techniques and incorporates several mechanisms to keep non-victims away from its phishing pages.

Phishing emails distributing the QBot malware are using a DLL hijacking flaw in the Windows 10 Control Panel to infect computers, likely as an attempt to evade detection by security software. If a threat actor creates a malicious DLL using the same name as one of the program's required DLLs and stores it in the same folder as the executable, the program would load that malicious DLL instead and infect the computer.

Users clicking on a link sent through the messaging app are directed to an actor-controlled site, which, in turn, sends them to a landing domain impersonating a well-known brand, from where the victims are once again taken to sites distributing fraudulent apps and bogus rewards. Attacks wherein scammy mobile ads are clicked from an Android device have been observed to culminate in the deployment of a mobile trojan called Triada, which was recently spotted propagating via fake WhatsApp apps.

A ongoing phishing campaign has infected thousands of home and corporate users with a new version of the 'IceXLoader' malware. The discovery of the Nim-based malware came in June 2022 by Fortinet, when IceXLoader was in version 3.0, but the loader was missing key features and generally appeared like a work-in-progress.

CISA is now pushing phishing-resistant multifactor authentication. Roger Grimes has an excellent post reminding everyone that "Phishing-resistant" is not "Phishing proof," and that everyone needs to stop pretending otherwise.