Security News

The turnkey platform allows users to customize campaigns and develop their own phishing ploys so they can then use the PhaaS platform to help with phishing kits, email templates and hosting services needed to launch attacks. With more than 100 available phishing templates that mimic known brands and services-including Microsoft itself-the BulletProofLink operation is responsible for many of the phishing campaigns that impact enterprises today, they said.

Microsoft has opened the lid on a large-scale phishing-as-a-service operation that's involved in selling phishing kits and email templates as well as providing hosting and automated services at a low cost, thus enabling cyber actors to purchase phishing campaigns and deploy them with minimal efforts. "With over 100 available phishing templates that mimic known brands and services, the BulletProofLink operation is responsible for many of the phishing campaigns that impact enterprises today," Microsoft 365 Defender Threat Intelligence Team said in a Tuesday report.

Microsoft says BulletProofLink, a large-scale phishing-as-a-service operation it spotted while investigating recent phishing attacks, is the driving force behind many phishing campaigns that have targeted many corporate organizations lately. "With over 100 available phishing templates that mimic known brands and services, the BulletProofLink operation is responsible for many of the phishing campaigns that impact enterprises today."

Hackers are upping their game, using an approach I call "Deep Sea Phishing," which is the use of a combination of the techniques described below to become more aggressive. In February, 10,000 Microsoft users were targeted in a phishing campaign which sent emails purporting to be from FedEx, DHL Express and other couriers which contained links to phishing pages hosted on legitimate domains, with the goal of obtaining recipients' work email credentials.

Police arrested 106 people suspected of carrying out online fraud for an organized crime gang linked to the Italian Mafia, Europol said on Monday. It's claimed the suspects scammed hundreds of victims using phishing; SIM swapping attacks, in which crooks typically take control of people's cellphone numbers to get account login tokens texted to them; and so-called business email compromise, in which fraudsters typically use bogus invoices and the like to trick company staff into transferring money to the thieves.

In collaboration with Europol and Eurojust, European law enforcement dismantled an extensive network of cybercriminals linked to the Italian Mafia that was able to defraud their victims of roughly €10 million last year alone. "The Spanish National Police, supported by the Italian National Police, Europol and Eurojust, dismantled an organised crime group linked to the Italian Mafia involved in online fraud, money laundering, drug trafficking and property crime," the Europol said today.

A phishing campaign that mostly targeted the global aviation industry may be connected to Nigeria, according to Cisco Talos. The malicious campaigns centred around phishing emails linking to "Off-the-shelf malware" being sent to people around the world - even those with a marginal interest in commercial aviation.

Threat actors impersonated the U.S. Department of Transportation in a two-day phishing campaign that used a combination of tactics - including creating new domains that mimic federal sites so as to appear to be legitimate - to evade security detections. The date of its creation - revealed by WHOIS - seems to signal that the site was set up specifically for the phishing campaign.

33% of emails employees report as phishing attempts are either malicious or highly suspect, according to new research. The finding comes from an analysis of emails reported by employees from organizations across the globe during the first half of 2021, and highlights the efficacy of employee-led efforts in preventing cyberattacks.

On Wednesday, Expel released a report, highlighting the top keywords used in phishing attempt subject lines. Some of the top listed phishing keywords are designed to imitate legitimate business invoices.