Security News

Hackers are increasingly moving towards hybrid forms of phishing attacks that combine email and voice social engineering calls as a way to breach corporate networks for ransomware and data extortion attacks. According to Agari's Q2 2022 cyber-intelligence report, phishing volumes have only increased by 6% compared to Q1 2022.

Abnormal Security released a which report explores the current email threat landscape and provides insight into the latest advanced email attack trends, including increases in business email compromise, the evolution of financial supply chain compromise and the rise of brand impersonation in credential phishing attacks. The research found a 48% increase in email attacks over the previous six months, and 68.5% of those attacks included a credential phishing link.

Customer engagement platform Twilio on Monday disclosed that a "Sophisticated" threat actor gained "Unauthorized access" using an SMS-based phishing campaign aimed at its staff to gain information on a "Limited number" of accounts. The social-engineering attack was bent on stealing employee credentials, the company said, calling the as-yet-unidentified adversary "Well-organized" and "Methodical in their actions." The incident came to light on August 4.

Three different offshoots of the notorious Conti cybercrime cartel have resorted to the technique of call-back phishing as an initial access vector to breach targeted networks. "Three autonomous threat groups have since adopted and independently developed their own targeted phishing tactics derived from the call back phishing methodology," cybersecurity firm AdvIntel said in a Wednesday report.

How credential phishing attacks threaten a host of industries and organizations. A report released Thursday by email security provider Abnormal Security looks at the latest wave of credential phishing attacks and offers advice on how to stop them.

In this Help Net Security video, Security Consultant Kam Talebzadeh and Senior Security Researcher Nevada Romsdahl from Secureworks, showcase SquarePhish, a tool that combines QR codes and OAuth 2.0 device code flow for advanced phishing attacks. If you're at Black Hat USA 2022, you can learn more about SquarePhish.

At least three groups split from the Conti ransomware operation have adopted BazarCall phishing tactics as the primary method to gain initial access to a victim's network. Currently, there is evidence of three groups, all part of the former Conti ransomware operation, that used BazarCall or a version of those tactics: Silent Ransom Group, Quantum, and Roy/Zeon.

A new large-scale phishing campaign targeting Coinbase, MetaMask, Kraken, and Gemini users is abusing Google Sites and Microsoft Azure Web App to create fraudulent sites. Posting links to phishing pages on various legitimate sites aims to increase traffic and boost the malicious site's search engine rankings.

Cloudflare says it was subject to a similar attack to one made on comms company Twilio last week, but in this case it was thwarted by hardware security keys that are required to access applications and services. According to Cloudflare, it recorded a very similar incident late last month, which could suggest the two attacks may have originated from the same attacker or group.

Resecurity identified threat actors leveraging open redirect vulnerabilities in online services and apps to bypass spam filters to ultimately deliver phishing content. The spike of LogoKit was been identified around the beginning of August, when multiple new domain names impersonating popular services had been registered and leveraged together with open redirects.