Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Phishing emails. Show all posts
typosquatting attack
Cyber Security fake Microsoft emails Microsoft account security Password Theft Phishing emails typosquatting attack

Microsoft Users Warned as Hackers Use Typosquatting to Steal Login Credentials

 

Microsoft account holders are being urged to stay vigilant as cybercriminals increasingly target them through a deceptive tactic known as typosquatting. Attackers are registering look-alike websites and email addresses that closely resemble legitimate Microsoft domains, with the goal of tricking users into revealing their passwords.

Harley Sugarman, CEO of Anagram Security, recently highlighted this risk by sharing a screenshot of a phishing email he received that used this method. In the sender’s address, the letter “m” was cleverly replaced with an “r” and an “n,” creating a nearly identical visual match. Because the difference is subtle, many users may not notice the change and could easily be misled.

Typosquatting itself is not a new cybercrime technique. For years, hackers and online fraudsters have relied on it to exploit small typing errors or momentary lapses in attention. The strategy involves purchasing domains or email addresses that closely mimic real ones, hoping users will accidentally visit or click them. Once there, victims are often presented with fake login pages designed to look authentic. Any credentials entered are then captured and sent directly to the attackers.

A major reason this tactic continues to succeed is that many people don’t take time to carefully inspect URLs or sender addresses. A single incorrect character in a link or email can redirect users to a convincing replica of a legitimate site, where usernames and passwords are harvested without suspicion.

To reduce the risk of falling victim, security experts recommend switching to passkeys wherever possible, as they are significantly more secure than traditional passwords. Microsoft and other tech companies have been actively encouraging this shift. For users who can’t yet adopt passkeys, strong and unique passwords—or long passphrases—are essential, ideally stored and autofilled using a reputable password manager.

Additional protection measures include enabling browser safeguards. Both Microsoft Edge and Google Chrome can flag suspicious or mistyped URLs if these features are turned on. Bookmarking frequently used websites, such as email services, banking platforms, shopping portals, and social media accounts, can also help ensure you’re visiting the correct destination.

Standard phishing precautions remain just as important. Be skeptical of unexpected emails claiming there’s an issue with your account. Instead of clicking links, log in through a trusted, independent method to verify any alerts. Avoid downloading attachments or replying to unsolicited messages, as engagement can signal to scammers that your account is active.

Carefully reviewing sender email addresses, hovering over links to preview their destinations, and watching for messages that create urgency—such as demands to immediately reset a password—can help identify phishing attempts. Using reliable antivirus software adds another layer of defense against malware and other online threats.

Although typosquatting is one of the oldest scams in cybersecurity, it continues to resurface because it preys on simple mistakes. Staying alert while browsing unfamiliar websites or checking your inbox remains one of the most effective ways to stay safe
Read more »
PowerShell
Advanced persistent threat (APT) Advanced Social Engineering Cyber Attacks cyber espionage espionage Fake Website Phishing emails PowerShell

ClickFix Attacks: North Korea, Iran, Russia APT Groups Exploit Social Engineering for Espionage

ClickFix attacks are rapidly becoming a favored tactic among advanced persistent threat (APT) groups from North Korea, Iran, and Russia, particularly in recent cyber-espionage operations. This technique involves malicious websites posing as legitimate software or document-sharing platforms. Targets are enticed through phishing emails or malicious advertising and then confronted with fake error messages claiming a failed document download or access issue. 


To resolve the supposed problem, users are instructed to click a “Fix” button that directs them to run a PowerShell or command-line script. Executing this script allows malware to infiltrate their systems. Microsoft’s Threat Intelligence division highlighted earlier this year that the North Korean group ‘Kimsuky’ utilized a similar approach through a fake “device registration” page. 

A new report from Proofpoint now confirms that Kimsuky, along with Iran’s MuddyWater, Russia’s APT28, and the UNK_RemoteRogue group, deployed ClickFix techniques between late 2024 and early 2025. Kimsuky’s campaign, conducted between January and February 2025, specifically targeted think tanks involved in North Korean policy research. The attackers initially contacted victims using spoofed emails designed to appear as if they were sent by Japanese diplomats. After gaining trust, they provided malicious PDF attachments leading to a counterfeit secure drive. Victims were then asked to manually run a PowerShell command, which triggered the download of a second script that established persistence with scheduled tasks and installed QuasarRAT, all while distracting the victim with a harmless-looking PDF. 

In mid-November 2024, Iran’s MuddyWater launched its campaign, targeting 39 organizations across the Middle East. Victims received phishing emails disguised as urgent Microsoft security alerts, prompting them to run PowerShell scripts with administrative rights. This led to the deployment of ‘Level,’ a remote monitoring and management (RMM) tool used to conduct espionage activities. Meanwhile, Russian group UNK_RemoteRogue focused on two organizations tied to a leading arms manufacturer in December 2024. Attackers used compromised Zimbra servers to send fake Microsoft Office messages. Clicking the embedded links directed victims to fraudulent Microsoft Word pages featuring Russian-language instructions and a video tutorial. 

Victims executing the provided script unknowingly triggered JavaScript that ran PowerShell commands, connecting their systems to a server managed through the Empire C2 framework. Proofpoint also found that APT28, an infamous Russian cyber-espionage unit, used ClickFix tactics as early as October 2024. In that instance, phishing emails mimicked Google Spreadsheet notifications, including a fake reCAPTCHA and a prompt to execute PowerShell commands. Running these commands enabled attackers to create an SSH tunnel and activate Metasploit, providing them with covert access to compromised machines. 

The growing use of ClickFix attacks by multiple state-sponsored groups underscores the method’s effectiveness, primarily due to the widespread lack of caution when executing unfamiliar commands. To avoid falling victim, users should be extremely wary of running scripts or commands they do not recognize, particularly when asked to use elevated privileges.
Read more »
Ransomware attack
Cyber Attacks data security Hacking Attack Internet Services Library Phishing emails Public Networks Ransomware attack

Delaware Libraries Hit by Ransomware Attack, Internet Services Disrupted

 

Last week, Delaware’s public libraries faced a cyberattack, causing widespread disruption to computer and internet access. Signs posted at libraries informed visitors that Wi-Fi and PCs were out of service, with officials confirming a ransomware attack took down all internet services. Despite the inconvenience, visitors can still check out books and use other library services. Ransomware attacks like this often start with phishing emails or social engineering, where users are tricked into actions that allow hackers access. 

Matt Barnett, CEO of cybersecurity firm Sevn-X, explained that attackers typically cast a wide net with phishing emails, waiting for a target to take the bait. He speculated that the hackers responsible for this attack are likely from Russia or Eastern Europe, suggesting they targeted Delaware not out of malice but simply because it was an easy opportunity. Hackers look for low-hanging fruit, making any vulnerable entity a potential target. Ransomware attacks usually demand payment in exchange for returning access to the compromised systems. 

In this instance, Delaware state officials have not confirmed if any personal information was stolen. However, the situation serves as a stark reminder of the importance of cybersecurity, even for community services like public libraries. Cybersecurity experts stress the need for vigilance and proactive measures to protect against such threats. Organizations should implement strong email security protocols, train employees to recognize phishing attempts, and regularly update software to patch vulnerabilities. Regular data backups are also essential, ensuring that in the event of an attack, systems can be restored without paying a ransom. 

While this attack has disrupted library services, it is also a learning opportunity. Public institutions, often seen as “soft targets,” must prioritize cybersecurity to protect their networks, systems, and the personal data of their users. By investing in robust cybersecurity measures, conducting employee training, and implementing multi-factor authentication, public services can better defend themselves against future attacks. 

This incident serves as a reminder that cyber threats are ever-present, and even seemingly small targets like public libraries are not immune. As ransomware attacks continue to rise, organizations of all sizes must take active steps to fortify their defenses and educate themselves about potential risks.
Read more »
User Security
Cyber Security Data Privacy Email Spoofing Phishing emails User Security

Google Strengthens Gmail Security, Blocks Spoofed Emails to Combat Phishing

 

Google has begun automatically blocking emails sent by bulk senders who do not satisfy tighter spam criteria and authenticating their messages in line with new requirements to strengthen defences against spam and phishing attacks. 

As announced in October, users who send more than 5,000 messages per day to Gmail accounts must now configure SPF/DKIM and DMARC email authentication for their domains. 

The updated regulations also mandate that bulk email senders refrain from delivering unsolicited or unwanted messages, offer a one-click unsubscribe option, and react to requests to unsubscribe within two working days. 

Additionally, spam rates must be kept at 0.3%, and "From" headers cannot act like to be from Gmail. Email delivery issues, such as emails being rejected or automatically directed to recipients' spam folders, may arise from noncompliance. 

"Bulk senders who don't meet our sender requirements will start getting temporary errors with error codes on a small portion of messages that don't meet the requirements," Google stated. "These temporary errors help senders identify email that doesn't meet our guidelines so senders can resolve issues that prevent compliance.” 

In April 2024, we will start rejecting non-compliant traffic. Rejection will be gradual, affecting solely non-compliant traffic. We strongly recommend senders to utilise the temporary failure enforcement period to make any necessary changes to become compliant, Google added. 

The company also intends to implement these regulations beginning in June, with an expedited timeline for domains used to send bulk emails starting January 1, 2024.

As Google said when the new guidelines were first released, its AI-powered defences can successfully filter roughly 15 billion unwelcome emails per day, avoiding more than 99.9% of spam, phishing attempts, and malware from reaching users' inboxes. 

"You shouldn't need to worry about the intricacies of email security standards, but you should be able to confidently rely on an email's source," noted Neil Kumaran, Group Product Manager for Gmail Security & Trust in October. "Ultimately, this will close loopholes exploited by attackers that threaten everyone who uses email.”
Read more »
US infrastructure
AsyncRAT command-and-control infrastructure Cybersecurity domain generation algorithm malware open-source trojan Phishing emails Threat Group US infrastructure

This Malware is Assaulting Critical US Infrastructure for Almost a Year

 

Over the course of the last 11 months, a threat group has actively engaged in a phishing campaign targeting employees across various companies, distributing an open-source trojan program named AsyncRAT. The victims of this campaign notably include companies responsible for managing critical infrastructure in the United States.

The cybersecurity division of AT&T, known as Alien Labs, has reported that the attackers employ a domain generation algorithm (DGA) within their command-and-control (C&C) infrastructure. This technique helps them rotate through a large number of domains, making it challenging to block traffic. In an effort to evade detection, the threat actors continually generate new samples of the malicious tool. Researchers have identified over 300 samples and 100 domains associated with this particular campaign.

AsyncRAT, an open-source remote access tool released in 2019 and still available on GitHub, serves as the attackers' weapon of choice. As a remote access trojan (RAT), AsyncRAT offers features such as keylogging, exfiltration techniques, and initial access staging for delivering the final payload.

It's not uncommon for even sophisticated threat actors to utilize open-source malware frameworks, providing advantages such as low development costs and plausible deniability. Interestingly, AsyncRAT had been previously employed in 2022 by an APT group known as Earth Berberoka or GamblingPuppet, as tracked by security firm Trend Micro.

The phishing emails, scrutinized by Alien Labs and other researchers, employ a thread hijacking technique to direct users to a phishing page, eventually dropping a JavaScript (.js) file on users' computers. This script, when opened in Notepad, contains numerous randomly commented-out English words, while variants using Sanskrit characters have also been reported in previous campaigns. The highly obfuscated script aims to download the second-stage payload from a URL encoded using a custom cipher and decimal values.

The second-stage payload is another encoded script in PowerShell, executed directly in memory without being saved to disk. The PowerShell script communicates with a rotating C&C server domain, sending information such as computer hostname and a variable indicating the likelihood of the computer being a virtual machine or sandbox.

If deemed a valid target, the C&C server deploys AsyncRAT. In the case of a potential virtual machine or sandbox, the server redirects the request to Google or launches a different PowerShell script that downloads and initiates a decoy RAT, designed to distract researchers investigating the campaign.

To further complicate detection, the attackers regularly randomize the script code and malware samples, and they rotate C&C domains weekly. Despite these efforts, Alien Lab researchers managed to reverse-engineer the domain generation algorithm, providing insights into historical samples and enabling the development of detection signatures for future infrastructure identification. The AT&T Alien Labs report includes detection signatures for the Suricata intrusion detection system and a list of indicators of compromise (IOC) for building detections on other systems.
Read more »
Phishing emails
Banks Cyber Security Data Breaches Phishing Attack Phishing Education Phishing emails

Tips for Banks to Prevent Data Breaches Through Phishing Education


Despite the roaring advancement in the field of technology, phishing remains one of the most common cybersecurity hazards. According to recent studies, phishing losses in the US alone were $52 million.

The lack of proper awareness in regards to cybersecurity could be one of the reasons why phishing attacks are escalating at a concerning rate. While many finance institutions are aware of the importance to cybersecurity, they fail to educate their employees of the same. 

Here, we are mentioning some ideas which might help banks to thwart phishing efforts and safeguard the information of their customers and employees:

Focus on Behavioral Change

The majority of banks use a similar approach for their cybersecurity training programs: they put all of their non-technical staff in a room, have their security team show a lecture with a few slides showing breach numbers, and attempt to scared them into acting accordingly.

It goes without saying that this strategy is ineffective. It is time for banks to start seeing their staff as a bulwark against phishing attempts rather than as a risk.

One way to do this is for banks to change their employees’ behaviors under stress, rather than threatening them by making them aware of the stressful situations. For example, instead of showing them the malicious emails, they must be educated on the right measure they must follow to identify such emails. 

A bank can also do this by running simulations of the situations, where an employee will be free to make mistakes and learn from those mistakes. This way, an employee can as well make judgements on their actions and even receive instant feedbacks in a safe environment. By doing so, an actual breach will not be the only time the employee is dealing with a feedback. 

Employees can view learning paths and review progress on simulation platforms. The skills of a technological employee will differ greatly from those of a non-technical person. The way forward is to provide positive feedback throughout and to customize learning routes.

Install Security as a Founding Principle

For most banks, the importance of security is communicated with a negative attitude. They draw attention to the possibility of a breach, the harm to the bank's reputation, and the possible consequences for an employee's career should they fall prey to phishing scams.

When a worker receives a phony email from someone posing as their manager, these intimidation techniques are ineffective. Because they trust the manager's persona, employees are unlikely to refuse a request from that organization. Rather, banks ought to embrace a proactive stance and integrate security into their overall brand.

For example, inducing fear among the employees into not clicking the malicious links, banks should instead introduce policies when an employee could quickly determine whether an email is a phishing attempt, rather than attempting to scare them into not clicking on harmful links. Giving them access to an automated tool or having a security guard on duty are excellent choices.

Policies like shredding and discarding important documents in secure bins to cybersecurity practices is essential. Employees must be reminded that the work they do is in fact critical and their actions do matter.

Set Communication Templates

Bank personnel utilize emails, which are rich in data, to communicate with a variety of stakeholders. This is used by malicious actors, who impersonate a different individual and deceive workers into downloading malware.

Informing staff members of appropriate communication styles and methods is one way to avoid situations like this one. Establishing a communication template, for example, will enable staff members to quickly spot emails that depart from the standard.

External actors are unlikely to be familiar with internal communications templates, thus they will likely send emails in a manner that is easily recognized by staff as being out of compliance. Although putting in place such a procedure may sound oppressive, it is the most effective technique to assist staff in overcoming the appearance of a false identity.

For instance, the majority of staff members will click on an email from the bank's CEO right away. They will overlook the fact that the email was sent by the CEO persona, though, if they see that the communication format is incorrect. With their minds thus occupied, kids are less likely to click on a link that could be harmful.

These templates are ingrained in the company's culture, and how banks convey their significance will determine a lot. Once more, a fear-based strategy rarely succeeds. Banks need to consider effective ways to enforce them.  

Read more »
Phishing emails
AI Threat AI-powered tool Artificial Intelligence ChatGPT Cyber Defender Data Breach Digital Age IBM X-Force OpenAI Phishing Attacks Phishing emails

AI-Generated Phishing Emails: A Growing Threat

The effectiveness of phishing emails created by artificial intelligence (AI) is quickly catching up to that of emails created by humans, according to disturbing new research. With artificial intelligence advancing so quickly, there is concern that there may be a rise in cyber dangers. One example of this is OpenAI's ChatGPT.

IBM's X-Force recently conducted a comprehensive study, pitting ChatGPT against human experts in the realm of phishing attacks. The results were eye-opening, demonstrating that ChatGPT was able to craft deceptive emails that were nearly indistinguishable from those composed by humans. This marks a significant milestone in the evolution of cyber threats, as AI now poses a formidable challenge to conventional cybersecurity measures.

One of the critical findings of the study was the sheer volume of phishing emails that ChatGPT was able to generate in a short span of time. This capability greatly amplifies the potential reach and impact of such attacks, as cybercriminals can now deploy a massive wave of convincing emails with unprecedented efficiency.

Furthermore, the study highlighted the adaptability of AI-powered phishing. ChatGPT demonstrated the ability to adjust its tactics in response to recipient interactions, enabling it to refine its approach and increase its chances of success. This level of sophistication raises concerns about the evolving nature of cyber threats and the need for adaptive cybersecurity strategies.

While AI-generated phishing is on the rise, it's important to note that human social engineers still maintain an edge in certain nuanced scenarios. Human intuition, emotional intelligence, and contextual understanding remain formidable obstacles for AI to completely overcome. However, as AI continues to advance, it's crucial for cybersecurity professionals to stay vigilant and proactive in their efforts to detect and mitigate evolving threats.

Cybersecurity measures need to be reevaluated in light of the growing competition between AI-generated phishing emails and human-crafted attacks. Defenders must adjust to this new reality as the landscape changes. Staying ahead of cyber threats in this quickly evolving digital age will require combining the strengths of human experience with cutting-edge technologies.

Read more »
VIPRE Security Group
AI Detection Chat-GPT Cloud Services cloud storage services generative AI tools hacker tactics malspam malware delivery Phishing emails phishing threats Spam Technology VIPRE Security Group

Rising Email Security Threats: Here’s All You Need to Know

 

A recent study highlights the heightened threat posed by spam and phishing emails due to the proliferation of generative artificial intelligence (AI) tools such as Chat-GPT and the growing popularity of cloud services.

According to a fresh report from VIPRE Security Group, the surge in cloud usage has correlated with an uptick in hacker activity. In this quarter, 58% of malicious emails were found to be delivering malware through links, while the remaining 42% relied on attachments.

Furthermore, cloud storage services have emerged as a prominent method for delivering malicious spam (malspam), accounting for 67% of such delivery in the quarter, as per VIPRE's findings. The remaining 33% utilized legitimate yet manipulated websites.

The integration of generative AI tools has made it significantly harder to detect spam and phishing emails. Traditionally, grammatical errors, misspellings, or unusual formatting were red flags that tipped off potential victims to the phishing attempt, enabling them to avoid downloading attachments or clicking on links.

However, with the advent of AI tools like Chat-GPT, hackers are now able to craft well-structured, linguistically sophisticated messages that are virtually indistinguishable from benign correspondence. This necessitates victims to adopt additional precautions to thwart the threat.

In the third quarter of this year alone, VIPRE's tools identified a staggering 233.9 million malicious emails. Among these, 110 million contained malicious content, while 118 million carried malicious attachments. Moreover, 150,000 emails displayed "previously unknown behaviors," indicating that hackers are continually innovating their strategies to optimize performance.

Phishing and spam persist as favored attack methods in the arsenal of every hacker. They are cost-effective to produce and deploy, and with a stroke of luck, can reach a wide audience of potential victims. Companies are advised to educate their staff about the risks associated with phishing and to meticulously scrutinize every incoming email, regardless of the sender's apparent legitimacy.
Read more »
Subscribe to: Comments (Atom)