Security News

The first report on the new campaign came in a RedDrip Team tweet on March 12, 2020: "Malicious document, pretending to be from the Government of #India with health advisory of Coronavirus, seems delivered by #Transparent Tribe. Victims are lured to enable macro to execute #Crimson #RAT payload.". There have been numerous media reports about the Chinese nation-state APT Vicious Panda.

A serious disconnect exists between how decision makers, and security practitioners perceive phishing prevention, according to a research by Ironscales. Among its key findings, the survey revealed that decision makers are four times more likely than security practitioners to consider email security the highest priority, suggesting that security personnel believe that they have a sufficient handle on phishing prevention while the C-Suite sees substantial business risk.

Researchers are warning of an increase in phishing emails that use YouTube redirect links, which help attackers skirt traditional defense measures. If certain malicious URLs are blocked by web browser phishing filters, attackers commonly use a redirector URL to bypass these filters and redirect the victim to their phishing landing page.

Even though the overall volume of malware dropped in 2019, phishing and business email compromise went up sharply, according to Trend Micro's 2019 Cloud App Security Roundup. More than 11 million of the 12.7 million high-risk emails blocked in 2019 were phishing related, making up 89% of all blocked emails.

Some 84% of phishing URLs seen by content delivery network Akamai were abusing media and e-commerce companies. Phishing attacks try to trick unsuspecting users by mimicking well-known brands and companies.

Over four months, it found 1,221 active phishing domains that were not part of the Akamai ecosystem but which either consumed data from or redirected victims to Akamai customer sites. "More importantly, we got a clear understanding on the number of victims, and such visibility is rarely published." Since he only used a sample dataset from the Akamai logs, he believes the true number of phishing sites using resources through Akamai is much higher.

Recently discovered spear-phishing emails are using a unique "Scare-factor" lure to convince victims to open attached malicious Microsoft Excel documents: Their HIV test results. "But they should never lead us to fall victim to phishing campaign. Threat actors regularly use purported health information in their phishing lures because it evokes an emotional response that is particularly effective in tricking potential victims to open malicious attachments or click malicious links."

Recently discovered spear-phishing emails are using a unique "Scare-factor" lure to convince victims to open attached malicious Microsoft Excel documents: Their HIV test results. "But they should never lead us to fall victim to phishing campaign. Threat actors regularly use purported health information in their phishing lures because it evokes an emotional response that is particularly effective in tricking potential victims to open malicious attachments or click malicious links."

A phishing campaign was recently discovered leveraging OneNote, Microsoft's digital notebook that automatically saves and syncs notes, to bypass detection tools and download malware onto victims' systems. The attacker was utilizing OneNote as a way to easily experiment with various lures that either delivered the credential-stealing Agent Tesla keylogger or linked to a phishing page - or both.

We are seeing phishing being threat number one, which leads to the human element here at this conference. Microsoft being the biggest target of phishing here in order to target companies and MSPs. There is an industrialization of what they are doing.