Security News

Scammers are taking advantage of the focus on COVID-19 testing and the need for at-home test kits, says Barracuda Networks. A recent blog post from security firm Barracuda Networks looks at the rise in phishing campaigns that exploit the concerns over such testing.

Google is rolling out new warning banners in Google Drive to alert users of potentially suspicious files that threat actors could use for malware delivery and in phishing attacks. "If a user opens a potentially suspicious or dangerous file in Google Drive, we will display a warning banner to help protect them and their organization from malware, phishing, and ransomware," Google explains.

A new phishing campaign using fake shipping delivery lures installs the STRRAT remote access trojan on unsuspecting victim's devices. Fortinet discovered the new campaign after spotting phishing emails impersonating Maersk Shipping, a giant in the global shipping industry, and using seemingly legitimate email addresses.

The WordPress WP HTML Mail plugin, installed in over 20,000 sites, is vulnerable to a high-severity flaw that can lead to code injection and the distribution of convincing phishing emails. 'WP HTML Mail' is a plugin used for designing custom emails, contact form notifications, and generally tailored messages that online platforms send to their audience.

A phishing campaign seen by email security provider Inky tries to trick its victims by inviting them to submit bids for alleged government projects. A phishing email that appears to come from an official government entity is especially deceptive as it carries an air of authority.

A new phishing campaign impersonating the United States Department of Labor asks recipients to submit bids to steal Office 365 credentials. The phishing campaign has been ongoing for at least a couple of months and utilizes over ten different phishing sites impersonating the government agency.

For the final quarter of 2021, DHL surpassed Microsoft as the brand most spoofed in phishing campaigns, says Check Point Research. For the final quarter of 2021, DHL took over the top spot from Microsoft as the most impersonated brand by cybercriminals using phishing tactics.

The Monetary Authority of Singapore says it is considering supervisory action against Southeast Asia's second largest bank, Oversea-Chinese Banking Corporation, which was criticised for its incident response to a widespread phishing scheme across the island nation. "Monetary Authority Singapore takes a serious view of the recent phishing scams involving OCBC Bank. They have significantly impacted several customers. OCBC has acknowledged that its incident response and customer service should have been better. MAS has been following up with the bank on these and broader issues relating to the incident," said MAS deputy managing director Ms Ho Hern Shin in a statement to The Register.

DHL was the most imitated brand in phishing campaigns throughout Q4 2021, pushing Microsoft to second place, and Google to fourth. Phishing campaigns impersonating the brand have good chances of reaching people who are waiting for a DHL package to arrive during the holiday season.

So how can organizations overcome the sudden increase in security threats and regain the upper hand against bad actors with fewer resources than ever before? Increasingly, it looks like zero-trust will become the ideal approach for doing more with less, because ultimately, it's the users and their cyber-hygiene that's the first line in phishing defense. As anyone, no matter how technically savvy, is at risk of falling victim to phishing attacks, it's vital that organizations rethink their approach to security as a whole to combat these threats.