Security News

Security researchers are seeing an uptick in the use of reverse tunnel services along with URL shorteners for large-scale phishing campaigns, making the malicious activity more difficult to stop. With reverse tunnels, threat actors can host the phishing pages locally on their own computers and route connections through the external service.

The Microsoft Digital Crimes Unit has disrupted a spear-phishing operation linked to an Iranian threat actor tracked as Bohrium that targeted customers in the U.S., Middle East, and India. Bohrium has targeted organizations from a wide range of industry sectors, including tech, transportation, government, and education, according to Amy Hogan-Burney, the General Manager of Microsoft DCU. Microsoft has taken down 41 domains used in this campaign to establish a command and control infrastructure that enabled the attackers to deploy malicious tools designed to help them gain access to targets' devices and exfiltrate stolen information from compromised systems.

RuneScape is a free online MMORPG game first released two decades ago but continues to be popular in the gaming community and enjoyed by millions of players. The latest phishing campaign, spotted by Malwarebytes, attempts to target players of both the Old School and the standard editions via a fake email change notice.

An emailed report seemingly about a payment will, when opened in Excel on a Windows system, attempt to inject three pieces of file-less malware that steal sensitive information. From there, the malicious code will not only steal information, but can also remotely control aspects of the PC. The first of the three pieces of malware is AveMariaRAT, followed by Pandora hVCN RAT and BitRAT. AveMariaRAT has a range of features, from stealing sensitive data to achieving privilege escalation, remote desktop control, and camera capturing.

Telegram's anonymous blogging platform, Telegraph, is being actively exploited by phishing actors who take advantage of the platform's lax policies to set up interim landing pages that lead to the theft of account credentials. Telegraph is a blogging platform that lets anyone publish anything without creating an account or providing any identification details.

Tax software vendor Intuit has warned that QuickBooks customers are being targeted in an ongoing series of phishing attacks impersonating the company and trying to lure them with fake account suspension warnings. Today's alert comes after Intuit received multiple user reports who received these phishing emails and notified their QuickBooks accounts were suspended following a failed business info review.

Interpol and cops in Africa have arrested a Nigerian man suspected of running a multi-continent cybercrime ring that specialized in phishing emails targeting businesses. Interpol's African Joint Operation against Cybercrime referred the intelligence to Nigerian police, who were supported by law enforcement in Australia, Canada, and the US. Ultimately Nigerian cops arrested the suspect at Murtala Mohammed International Airport in Lagos.

Cases of voice phishing or vishing have been reported to have risen a whopping 550% over the past 12 months alone, according to the Quarterly Threat Trends & Intelligence Report co-authored by Agari and PhishLabs. "We are seeing an increase in threat actors moving away from standard voice phishing campaigns to initiating multi-stage malicious email attacks. In these campaigns, actors use a callback number within the body of the email as a lure, then rely on social engineering and impersonation to trick the victim into calling and interacting with a fake representative."

A new possession-factor API now aims to do precisely that, replacing knowledge-based credentials, by using the SIM card for possession factor device binding and user authentication, thus reducing the possibility of phishing. It's inside everyone's mobile phone, and is built on cryptographic security when connecting to mobile network authentication.

As is often the case, the initial delivery channel for the phishing scam is email. Once the user has clicked, they are led to a chatbot-like page, which is where the real phishing occurs.