Phishing is a global business ... and an attack can be very costly!

We need to be prepared and vigilant about the different techniques criminals deploy to get us to part sensitive information. 

 

There is Phishing (get sensitive information using email from banks, social websites, typical scams), Spear Phishing (small targeted attacks on particular people), Whaling (spear phishing directed towards senior execs), Baiting (put something in front of you in an elevator with a view to sign), Honeytrap (makes a person interact with victims), Pretexting (false motive involving some real information on the victim in an attempt to get more information), Rogue Spyware (malware that deceives or misleads the user to pay for fake or simulated removal of malware).

 

Read about some real-life phishing attacks using a variation of phishing techniques.

A large credential phishing campaign using open redirector links to bypass security software is currently underway. This latest campaign couples well known brands such as Zoom, with open redirect links to lure individuals into interacting with those links. These links further redirect users to CAPTCHA verification pages, which adds an air of legitimacy and makes automated security analysis more difficult, before it prompts users for credentials.

 

A phishing operation dubbed BulletProofLink has been discovered to be providing attackers with everything they need for phishing attacks. This operation provides everything from phishing kits and templates to hosting services and other useful tools. The service provides more than 100 phishing templates that copy known brands such as Microsoft, and even creates unique subdomains to associate with their campaigns — over 300,000 of which were generated in a single run.

 

BulletProofLink provides services for as little as $800 per month, while individual services can cost much less. For instance, a one-time hosting link may only cost $50, and first-time customers even receive a 10% discount. Another brand new phishing attack is disguising itself as a UPS email that appears legitimate, but instead exploits a vulnerability in UPS’s main website. All of the links in the email are legitimate except for the button that opens the track package page. It contains a malicious payload that takes advantage of an XSS vulnerability in order to eventually download a malicious Word document that in turn delivers another malicious payload. Attacks like this demonstrate just how crafty attackers can be, and how tricky it can be to spot a phishing email.

 

A malware group known for pushing TeamTNT malware has a new campaign dubbed Chimaera, which has been attacking multiple operating systems. TeamTNT has added a number of tools to their arsenal, including shell scripts, a cryptominer, IRC, open-source tools, and more. More than 5,000 infections globally have been attributed to the group, and open source tools are now being used by TeamTNT to steal usernames and passwords, and have been attacking Windows and multiple Linux distributions, as well as AWS, Docker, and Kubernetes. In the past, they had also been observed attacking MacOS systems.

 

Phishing does not need to be that advanced in order to be successful. A British teenager earned more than $2.7 million U.S. with a fraudulent replica of the popular Love2Shop gift card online shop. The site was being run as a phishing site, collecting all payment card details and other private data entered on the site, while victims did not receive their promised gift cards. Law enforcement subsequently found details of 12,000 payment cards and around 200 PayPal accounts in the teen’s possession. The teen earned $440,000 U.S. from the website within a few weeks, which he then invested in Bitcoin that grew 10 times to a value of around $3 million U.S.

 

As cryptocurrencies become more and more popular, we see and will see more attacks on crypto exchanges and cryptocurrencies owners. For example, the crypto exchange Coinbase has recently disclosed that at least 6,000 customers had fallen victim to a phishing campaign earlier this year — resulting in funds being stolen from their accounts. The attacker obtained the email addresses, passwords, and phone numbers of Coinbase customers, and the company believes this was due to social engineering, such as an email phishing attack. Once logged in to customer accounts, the attacker was able to steal funds from these accounts. While Coinbase requires two-factor authentication, accounts using SMS for that verification were vulnerable due to a flaw in the SMS Account Recovery process. The flaw has since been patched, but not before funds were removed from accounts. Coinbase has chosen to reimburse customers, but most victims of phishing aren’t so fortunate. 

 

it is very important to have proper multilayered cyber protection, which will cover as many verticals and operating systems as possible, but that will also be able to restore machines and data if something slips through. Accxia Cyber Protection is exactly this type of solution: aimed to provide an excellent level of protection along with best in the industry recovery time for both machines and data.

 

Accxia Advanced Email Security scans all emails coming into your inbox and blocks phishing and other malicious emails from even being seen. This keeps your accounts and data safe by stopping an attack before it can even begin.

 

If you are unsure of your current security posture or you want to review the current tools you have in place or understand any security gaps you may have.

 

Download and assess your business's #CYBERFIT score with Accxia's free lightweight #CyberFit score tool, which is powered by Acronis. Run it without installation and compare the security configurations of your endpoint and IT environment against the industry's best standards. Get a remediation report in seconds and mitigate security risks and keep endpoints safe from Cyber Attacks based on informed, actionable recommendations.