Security News

Google has revealed earlier this week that Gmail users from the United States are the most popular target for email-based phishing and malware attacks. After inspecting phishing and malware campaigns blocked by Gmail within five months, Google found that 42% of all targets were from the US, with the next two most targeted users being from the UK and Japan.

Security biz Proofpoint and its subsidiary Wombat Security Technologies have sued Facebook and its Instagram subsidiary to prevent the seizure of internet domain names used for security testing. It sets up domain names that incorporate trademarked terms, like Facebook and Instagram, or fragments of those terms that have similar looking domain names.

Australian users are, for example, at a higher risk of being targeted that U.S.-based users, and older people are more likely to be targeted than youngsters. The researchers have analyzed over 1.2 billion email-based phishing and malware attacks against Gmail users and have singled out some interesting findings.

Cyber cops in Ukraine carried out an arrest and several raids last week in connection with the author of a U-Admin, a software package used to administer what's being called "One of the world's largest phishing services." The operation was carried out in coordination with the FBI and authorities in Australia, which was particularly hard hit by phishing scams perpetrated by U-Admin customers. The Ukrainian attorney general's office said it worked with the nation's police force to identify a 39-year-old man from the Ternopil region who developed a phishing package and special administrative panel for the product.

Law enforcement officials in Ukraine, in coordination with authorities from the U.S. and Australia, last week shut down one of the world's largest phishing services that were used to attack financial institutions in 11 countries, causing tens of millions of dollars in losses. The Ukrainian attorney general's office said it worked with the National Police and its Main Investigation Department to identify a 39-year-old man from the Ternopil region who developed a phishing package and a special administrative panel for the service, which were then aimed at several banks located in Australia, Spain, the U.S., Italy, Chile, the Netherlands, Mexico, France, Switzerland, Germany, and the U.K. Computer equipment, mobile phones, and hard drives were seized as part of five authorized searches conducted during the course of the operation.

On the receiving end, a successful phishing campaign can damage an organization in more ways than one. A report released Sunday by security provider Proofpoint looks at the impact of a phishing attack and offers tips on how to combat one.

A new targeted phishing campaign includes the novel obfuscation technique of using Morse code to hide malicious URLs in an email attachment. Samuel Morse and Alfred Vail invented morse code as a way of transmitting messages across telegraph wire.

Microsoft has warned of an increasing number of consent phishing attacks targeting remote workers during recent months, BleepingComputer has learned. Consent phishing is an application-based attack variant where the attackers attempt to trick targets into providing malicious Office 365 OAuth apps with access to their Office 365 accounts.

IRONSCALES announced new platform features as part of its new release to further improve the company's ability to detect advanced and highly targeted phishing attacks, especially those focused on credential harvesting and account takeover. IRONSCALES unveiled improvements to its phishing awareness training module with the addition of a "One-click campaign" feature offering a more seamless process for security teams to test employees' individual phishing awareness via targeted simulations.

Threat actors are sending phishing emails impersonating a Small Business Administration lender to prey on US business owners who want to apply for a Paycheck Protection Program loan to keep their business going during the COVID-19 crisis. The attackers behind this phishing campaign are taking advantage of the ongoing financial problems some businesses are experiencing due to the pandemic to lure them into handing over sensitive business and personal info.