Security News

A new phishing campaign is using the fear of being infected as a way to spread malware, as spotted by security trainer KnowBe4. Cybercriminals who specialize in phishing attacks have been exploiting the coronavirus for the past couple of months.

Google says it has seen a drop in the number of warnings sent for potential government-backed phishing or malware attempts last year, mainly due to improved protection systems. "One reason for this decline is that our new protections are working-attackers' efforts have been slowed down and they're more deliberate in their attempts, meaning attempts are happening less frequently as attackers adapt," Google says.

There has been a steady increase in the number of coronavirus COVID-19-related email attacks since January, according to security firm Barracuda Networks, but researchers have observed a recent spike in this type of attack, up a whopping 667% since the end of February. "The attacks use common phishing tactics that are seen regularly; however, a growing number of campaigns are using the coronavirus as a lure to try to trick distracted users to capitalize on the fear and uncertainty of their intended victims," the company said.

Menlo Security, a leader in cloud security, announced its Global Cloud Proxy Platform built on an Isolation Core is integrated with VMware Workspace ONE Unified Endpoint Management to deliver mobile isolation capabilities. The solution will allow Workspace ONE UEM customers to better protect mobile devices from ransomware and phishing attacks by isolating threats in the cloud and preventing them from reaching the endpoint.

According to Reuters sources, the attack likely came from Darkhotel, a group that according to MITRE has been active since at least 2004. When you read about it, all the bad guy did was set up a phishing website that emulated the World Health Organization's internal mail server to harvest logins and passwords.

The latest malicious COVID-19 campaigns are repurposing conventional phishing emails with a coronavirus angle, says security trainer KnowBe4. With the coronavirus upper most in our minds, bad actors have been deploying different waves of COVID-19 phishing emails, each with its own unique approach, according to KnowBe4.

British police are saying coronavirus-related fraud reports have spiked by 400 per cent over the past six weeks as the COVID-19 illness continues its inexorable march through humanity. Although absolute numbers of reports are low, perhaps kept that way because the public now knows Action Fraud is largely useless, the National Fraud Intelligence Bureau said there were a total of 200 reports of coronavirus scams made to them since 1 February.

The Russia-linked cyber-espionage group known as Pawn Storm has been leveraging hijacked email accounts to send phishing emails to potential victims, Trend Micro's security researchers reveal. For years, Pawn Storm has relied on phishing to gain access to systems of interest, but Trend Micro observed a shift in tactics, techniques, and procedures in May 2019, when the group started using the compromised email accounts of high-profile targets to send credential phishing emails.

Phishing is typically used to gain credentials so attackers have access to an organization's systems, or as a way to deploy malware directly. One of the key reasons phishing is so successful is how easy it is to execute, and how many ways it can be used.

Setting out to find out, the researcher turned to the main domain registrars - GoDaddy, Namecheap and even Google Domains - to first see if he could snag appropriate URLs. "The great thing about using a proxy is that my domain's links previews, in every single platform, fetches Google Translate's exact description while pointing to my link," the researcher explained.