This week has produced some interesting phishing campaigns and some new tactics with the attackers creating some new and innovative methods to bait users and make their campaigns look more legitimate. We work tirelessly to discover the latest techniques used for phishing in order to brief our clients and create realistic phishing campaigns to lure our clients staff into taking the bait. The pieces below are derived through Internet research and the output from our investigations and research.
You've heard a great deal about ethical hackers, who emulate the Tactics Techniques and Procedures (TTP) of a hacker to test your defences. Well, I'm an ethical phisherman, I use the same TTP as an attacker to lure your staff into taking my bait and then instead of exploiting them, they receive education, whilst you receive statistics on how many staff, from which departments using what devices, at what time. This process helps to shape behaviour and encourages staff to report suspicious emails and in doing so improve your defences Take a look at our Managed Phishing Assessment Service
With the huge increase in the usage of Office 365 coupled with some of the deployments being made in haste, there has been a bit of a feeding frenzy from numerous phishing campaigners.
One clever campaign discovered by Check Point Research was found to use legitimate domains coupled with legitimate Adobe Campaign redirection and Oxford University email addresses as the source. It all started with the fake missed voice message emails, that I'm sure most of us received, The Check Point Research article is worth a read and really well written. More Info ....
reCAPTCHA - I am not a robot
Microsoft Security Intelligence have reported that a threat actor is cleverly using CAPTCHA to avoid automated analysis of their malware infested websites More Info.... I imagine it might also add a degree of legitimacy to human visitors. Ars Technica have a good article about it here More Info...
Bypassing Email Defences of SPF, DKIM and DMARC
Anand Chetan of Armorblox reports on how a recent Bank of America phishing campaign used simplicity and authenticity to bypass the usual security measures. The email was well crafted for receipt by just a few users, although the sender name was impersonated, the email address was a legitimate Yahoo address and therefore passed the usual checks. The phishing domain was also legitimate having been created a few days prior and was not yet identified as rogue.
Help Net Security have released an interesting article following a report by Abnormal Security on the trends they have noticed during the current pandemic with an initial increase of 436% which later reduced to an average of 173% increase, which is still significant. They also report on "...a shift from individual to group BEC attacks, with campaigns with more than 10 recipients up 27% compared to Q4 2019. Attackers also adjusted their targets, with attacks on finance employees increasing more than 75% as attacks on C-Suite executives decreased by 37%. This illustrates a trend away from paycheck and engagement fraud and toward payment fraud, specifically invoice fraud attacks, which increased more than 75%...." More Info...
Some Other Phishing Highlights This Week
Furloughed workers and the dormant phishing threat. A concern was raised this week that once furloughed workers open their inboxes after several months of build up, they may be more likely to open phishing emails in their haste to catch up
North Korea BEC Scams. At The ESET Virtual World Security Conference, ESET researcher, Jean-lan Boutin disclosed that the North Korean Lazarus Group are attempting to steal money from targets they initially breached for espionage.
Covid-19 Themed Campaigns Down. The Microsoft Threat Protection Intelligence Team report that the Covid-19 themed campaigns are significantly down on the March peak. More Info...
We've helped several clients reduce the number of successful phishing email attacks As part of our Managed Phishing Assessment Service we send realistic but benign phishing emails and the responses have been shocking. One client had 32% of the