Security News

Three different state-sponsored threat actors aligned with China, India, and Russia have been observed adopting a new method called RTF template injection as part of their phishing campaigns to deliver malware to targeted systems. "RTF template injection is a novel technique that is ideal for malicious phishing attachments because it is simple and allows threat actors to retrieve malicious content from a remote URL using an RTF file," Proofpoint researchers said in a new report shared with The Hacker News.

Three APT hacking groups from India, Russia, and China, were observed using a novel RTF template injection technique in their recent phishing campaigns. Researchers at Proofpoint spotted the first cases of weaponized RTF template injection in March 2021, and since then, actors have been steadily optimizing the technique.

An APWG's report reveals that it saw 260,642 phishing attacks in July 2021 - the highest monthly total observed since APWG began its reporting program in 2004. Overall, the number of phishing attacks has doubled from early 2020.

The TrickBot malware operators have been using a new method to check the screen resolution of a victim system to evade detection of security software and analysis by researchers. Last year, the TrickBot gang added a new feature to their malware that terminated the infection chain if a device was using non-standard screen resolutions of 800x600 and 1024x768.

Google's Cybersecurity Action Team has released its first "Threat horizon" report on the scary things it's found on the internet. The Team's first report offers six nuggets of intelligence, and The Register believes none will surprise readers.

The Security Service of Ukraine has arrested five members of the international 'Phoenix' hacking group who specialize in the remote hacking of mobile devices. The goal of 'Phoenix' was to gain remote access to the accounts of mobile device users and then monetize them by hijacking their e-payment or bank accounts or selling their private information to third parties.

The Federal Bureau of Investigation warned today of recently detected spear-phishing email campaigns targeting customers of "Brand-name companies" in attacks known as brand phishing.In addition to these ongoing phishing attacks, threat actors are also likely developing tools to bait potential targets into revealing info for bypassing account protections two-factor authentication by intercepting emails and compromising accounts.

Secure email gateway protections aren't necessarily enough to stop phishing emails from delivering ransomware to employees, especially if the cybercrooks are using legitimate cloud services to host malicious pages. Researchers are raising the alarm over a phishing email kicking off a Halloween-themed MICROP ransomware offensive, which they observed making its way to a target's inbox despite its being secured by an SEG. Infection Routine.

Phishing emails are now skating past traditional defenses. Even with the most sophisticated email scanning and phishing detection system available, phishing emails are still a very common intrusion vector for cybercriminals to use to introduce malware, including ransomware, to a business' network.

Phishing actors are now actively abusing the Glitch platform to host short-lived credential-stealing URLs for free while evading detection and takedowns. Glitch is a cloud hosting service that allows people to deploy apps and websites using Node.js, React, and other development platforms.