Tag: phishing
Rise in Tax-Related Phishing Scams Detected – March 22nd
Microsoft's Threat Intelligence arm issued a warning on the rise of new, sophisticated tax phishing scams that could lead to stolen personal and financial data. These tax-related phishing scams are initiated by impersonating trusted employers, tax agencies, and payment processors. Victims click on a malicious attachment, which leads to a believable landing page designed to capture sensitive information.
Beware of fake Google docs
An under-the-radar attack that creates fake Google docs is now playing havoc across multiple sectors in the US and UK, particularly in healthcare. Companies’ increasing reliance on widely-used off-the-shelf external software may save costs and create efficiencies in the short-term, but it also offers new inroads for the current generation of increasingly devious and skilled cybercriminals Cybersecurity firm Netskope has identified a new Google Docs threat in the wild, AZORult infostealer. It is designed to steal sensitive information such as user credentials, browser information, credit card details and crypto-wallet data. A comprehensive study conducted by Netskope’s research team has uncovered a campaign where an attacker created fake Google Docs pages on Google sites from which to download malicious payloads.
Chinese ‘Earth Krahang’ Group Compromised 70 Organizations – March 20th
Trend Micro reported on an advanced persistent threat actor linked to the Chinese government called ‘Earth Krahang’, compromising over 70 organizations, with a focus on governments. Focusing on cyber espionage, 'Earth Krahang' and its attacks target government agencies, affecting 48 government organizations across Asia, the Americas, Europe, and Africa.
Google’s Improvements to Chrome’s ‘Safe Browsing’ Mode – March 18th
Google announced major security-focused revamps to Chrome's 'Safe Browsing' mode, which enables the service to work while checking against a server-side malware-site list in real-time. The added safety feature to Google Chrome's 'Safe Browsing' mode is a massive improvement compared to the browsing mode cross-checking against lists of malware-infected sites that were manually added every two hours.
Security Flaws Found in ChatGPT Plugins – March 15th
According to Salt Labs research, third-party OpenAI ChatGPT plugin security flaws could allow attackers to install malicious plugins, and hijack third-party website accounts. Leveraging security gaps in ChatGPT plugins' large language models (LLMs), OAuth workflow, and PluginLab both feature weaponizable vulnerabilities.
Russian Hackers Breach Microsoft’s Code Base – March 8th
Microsoft announced the cyber campaign by the Russian-state-sponsored 'Midnight Blizzard' hackers, resulting in the group stealing the tech giant's source code. The sophisticated 'Midnight Blizzard' campaign is said to be rooted in a grander scheme to gain unauthorized access to Microsoft's environment using the stolen source code.
Skype, Google Meet, and Zoom were used in the New Trojan Campaign – March 7th
Zscaler discovered a new remote access trojan (RAT) campaign that lures victims through fake online meeting links. Once the victims are lured into downloading the RAT through the meeting links impersonating Skype, Google Meet, and Zoom, the RAT payload may enable threat actors to steal sensitive information.
BlackCat gives go-ahead for healthcare attacks
Following actions taken against the infamous BlackCat ransomware group in December by the US Federal Bureau of Investigation (FBI), the cybercriminal gang has warned it is taking off the gloves in its fight with law enforcement. BlackCat previously took pride in regularly announcing that it does not encourage or support affiliates who target crucial sectors such as healthcare. But this approach has changed radically since the end of 2023. “Since mid-December 2023, of the nearly 70 leaked victims, the healthcare sector has been the most commonly victimized. This is likely in response to the ALPHV Blackcat administrator’s post encouraging its affiliates to target hospitals after operational action against the group and its infrastructure in early December 2023,” said the FBI.
50% of Companies Experienced IoT Cyber Incidents – February 28th
A Viakoo survey unveiled that 50% of respondents experienced IoT cyber incidents in 2023. Among those IoT cyber incidents, 44% were reported to be 'severe', while 22% were labeled as 'threatening'.
High level executives targeted in ongoing attacks
Highly organized cybercriminals suspected to be based in Russia and Nigeria are targeting hundreds of executives in dozens of organizations in an ongoing Microsoft Azure cloud account takeover (ATO) campaign. According to US cybersecurity firm Proofpoint: “As part of this campaign, which is still active, threat actors target users with individualized phishing lures within shared documents.” Innocent but weaponized documents sent to key executives include embedded links to “View Document”, which automatically directs them to a malicious site. The users affected by the attacks occupy a variety of trusted positions within their organizations. Victims include chief financial officers (CFOs), finance managers, account managers, corporate vice presidents, and sales directors. Proofpoint believes that targeting this variety of executive positions is far from being a series of random phishing attacks.
Iran targets Western journalists
Hackers with close ties to the intelligence arm of Iran’s military, the Islamic Revolutionary Guard, are now personally targeting journalists, professors, and researchers. According to Microsoft, which detected the new activity, Iran is anxious to gather information on the entire range of Western views regarding the ongoing conflict in the Middle East. “Based on the identities of the targets observed in this campaign and the use of lures related to the Israel-Hamas war, this campaign may be an attempt to gather perspectives on events related to the war from individuals across the ideological spectrum,” says Microsoft. The Iran-backed hackers, known as Mint Sandstorm, a composite name used to describe several subgroups of activity with ties to the Islamic Revolutionary Guard, use a range of new techniques. For example, the hackers use legitimate but compromised email accounts to conduct highly planned phishing attacks against key journalists.
CISA and FBI Release IOCs Associated with Androxgh0st Malware – January 17th
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released a joint cybersecurity advisory (CSA) containing the Indicators of Compromise (IOC) associated with the Androxgh0st malware. The joint CSA also contained the dangerous Androxgh0st malware tactics, techniques, and procedures associated with the malware's threat actors. The malware establishes a botnet for victim identification, exploits vulnerable networks, targets the theft of sensitive data, and may lead to remote code execution.