Security News
The number of phishing incidents in 2020 is now set to increase 15% year-on-year, though this could soon change as second waves of the pandemic spread. The three primary objectives for COVID-19-related phishing emails were identified as fraudulent donations to fake charities, credential harvesting and malware delivery. "The risk of being phished is higher than ever and fraudsters are increasingly using digital certificates to make their sites appear genuine," said David Warburton, Senior Threat Evangelist at F5 Labs.
As COVID-19 continues to threaten the world, these types of attacks are expected to persist, according to cyber threat intelligence provider Check Point Research. In a report released Tuesday titled Securing the 'next normal, Check Point discussed its 2021 predictions in the face of the pandemic.
Microsoft is working on adding a new Microsoft Forms phishing attempt review feature that will allow Office 365 admins to confirm and block forms that try to maliciously harvest sensitive data. Phishing attempts are detected by Microsoft Forms with the help of proactive phishing detection, a protection feature that will proactively identify malicious password collection in forms and surveys.
A social housing provider in Norwich, England, has said it was hit with the Sodinokibi ransomware following what it assumes was a successful phishing attack. "Whilst the investigation is still going on we can confirm that the incident was caused by ransomware, known as Sodinokibi, via a suspected phishing attack," said Flagship in a statement on its partially pwned website.
Abstract: Phishing scam emails are emails that pretend to be something they are not in order to get the recipient of the email to undertake some action they normally would not. While technical protections against phishing reduce the number of phishing emails received, they are not perfect and phishing remains one of the largest sources of security risk in technology and communication systems.
The Qbot botnet is now spewing U.S. election-themed phishing emails used to infect victims with malicious payloads designed to harvest user data and emails for use in future campaigns. "In addition to stealing and exfiltrating data from its victims, QBot will also start grabbing emails that will later be used as part of the next malspam campaigns," Malwarebytes' Jérôme Segura and Hossein Jazi explain.
A creative Office 365 phishing campaign has been inverting images used as backgrounds for landing pages to avoid getting flagged as malicious by crawlers designed to spot phishing sites. This tactic has been used by several Office 365 credential phishing sites according to WMC Global analysts who spotted while being deployed as part of the same phishing kit created and sold by a single threat actor to multiple users.
For attackers, it's almost a no-brainer: phishing is cheap and humans are fallible, even after going through anti-phishing training. That's why defenders must preempt attacks, he says, and reinforce a lesson during a live attack.
Cellusys pioneers the use of zero trust security to help their 800 million mobile phone end users combat SMS phishing and fraud. Cellusys has partnered with internet security firm MetaCert to provide an SMS security solution, using zero trust methodology to combat cyberattacks such as phishing, malware and financial fraud.
Attackers are compromising email accounts from popular universities, including Purdue and Oxford, to launch attacks that get around DMARC and SPF. Cybercriminals are hijacking legitimate email accounts from more than a dozen universities - including Purdue University, University of Oxford in the U.K. and Stanford University - and using the accounts to bypass detection and trick victims into handing over their email credentials or installing malware. The highest number of phishing emails detected came from compromised Purdue University accounts, stolen in campaigns from Jan. to Sept. Behind Purdue University was Oxford, Hunter College and Worcester Polytechnic Institute.