Security News

Jack Wallen shows you how to run a phishing simulation on your employees to test their understanding of how this type of attack works.

New research shows that 77 percent of pharmaceutical mobile phishing attempts in the third-quarter of 2020 sought to deliver malware on victims' systems. "On a global scale, there have been multiple reports of foreign adversaries targeting pharmaceutical industry executives with mobile spear phishing attacks," according to Hank Schless, senior manager of security solutions at Lookout wrote on Tuesday in an analysis of the trend.

Microsoft is tracking an ongoing Office 365 phishing campaign that makes use of several methods to evade automated analysis in attacks against enterprise targets. The phishing emails used in this campaign are also heavily obfuscated to make sure that secure email gateways will not be able to detect the malicious messages and automatically block them before they land in the targets' inboxes.

Fake shipping notices and charity frauds are two scams cited by the security company GreatHorn, which offers tips to consumers on how to avoid them. In a blog post published on Thursday, security company GreatHorn warns of four different scams likely to pop up this season and offers advice on how to combat them.

Nuspire released a report, outlining new cybercriminal activity and tactics, techniques and procedures throughout Q3 2020, with additional insight from Recorded Future. Malware campaigns, like Emotet, utilized these events as phishing lure themes to assist in delivery.

A new email tool advertised on a cybercriminal forum provides a stealthier method for carrying out fraud or malware attacks by allowing messages to be injected directly into the victim's inbox. Called "Email Appender," the tool can enable more sophisticated phishing and business email compromise attacks as well as help the less technical actors in the ransomware business.

The number of phishing incidents in 2020 is now set to increase 15% year-on-year, though this could soon change as second waves of the pandemic spread. The three primary objectives for COVID-19-related phishing emails were identified as fraudulent donations to fake charities, credential harvesting and malware delivery. "The risk of being phished is higher than ever and fraudsters are increasingly using digital certificates to make their sites appear genuine," said David Warburton, Senior Threat Evangelist at F5 Labs.

As COVID-19 continues to threaten the world, these types of attacks are expected to persist, according to cyber threat intelligence provider Check Point Research. In a report released Tuesday titled Securing the 'next normal, Check Point discussed its 2021 predictions in the face of the pandemic.

Microsoft is working on adding a new Microsoft Forms phishing attempt review feature that will allow Office 365 admins to confirm and block forms that try to maliciously harvest sensitive data. Phishing attempts are detected by Microsoft Forms with the help of proactive phishing detection, a protection feature that will proactively identify malicious password collection in forms and surveys.

A social housing provider in Norwich, England, has said it was hit with the Sodinokibi ransomware following what it assumes was a successful phishing attack. "Whilst the investigation is still going on we can confirm that the incident was caused by ransomware, known as Sodinokibi, via a suspected phishing attack," said Flagship in a statement on its partially pwned website.