Talion is a finalist for Best SIEM Solution
Talion is a finalist for Best SIEM Solution
Talion is a finalist for Best SIEM Solution
In an online world full of dense content and endless links, it’s not surprising that phishing and ransomware are on the rise.
41% of respondents in a security survey admitted that they “worry about ransomware attacks evolving beyond their team’s knowledge and skillset.”
But what about phishing attacks?
Now that cybercriminals are beginning to use ransomware tactics for their phishing campaigns, the line between these two attacks is blurred. Cyber-attacks are morphing into one another as cyber criminals seek out the most advanced method of taking down their victims.
We’ve researched these latest phishing trends and what you should look out for as a security leader.
Businesses are becoming more in tune with security awareness and training and, alongside the natural advancements in technology, cyber criminals are seeking newer, more efficient tactics to further exploit the vulnerabilities of unknowing victims.
When it comes to phishing, it’s acknowledged that Microsoft is the top target for brand impersonation, with 11,041 unique phishing URLs. Microsoft is a lucrative target not only due to its popularity as a chosen software, but also that it gives hackers the ability to distribute malware, launch ransomware attacks and more once the Microsoft account itself is compromised. The flexibility that makes it so attractive to business users is therefore, ironically, the very reason cybercriminals exploit it.
Recently, there has been talk of custom phishing kits which have been tailored specifically to bypass even the most seemingly protected software, through bypassing multi-factor authentication (MFA) processes. It is due to its unique attributes, such as HTML parsing and lack of domain translation, that security researchers believe that the attackers are using custom adversary-in-the-middle (AiTM) phishing kits to hurdle second authentication and steal email credentials.
Employees of all organisations should be extra wary of opening attachments or clicking links in emails sent from untrusted sources, and always check the URL in the address bar before moving ahead with any form of login process.
Hackers rip a page off the ransomware book as they begin to tackle phishing attacks in a new manner. The well-known countdown clock, used by ransomware gangs such as LockBit to encourage faster ransom payment, is now being used as a secondary tactic for after victims have clicked the phishing URL to panic them into handing over their passwords.
The tactic uses phishing emails to deliver a message warning the recipient that an attempt to login to their account from a location they have not used before has been blocked and they should click a link to verify their email address. Once clicked, the site displays a countdown clock ticking down from an hour, where the user must enter their username and password to “validate” their account before the countdown hits zero, otherwise it will be deleted.
This sense of urgency is what plays on the victim’s vulnerabilities as they are left in a position of panic, where they are likely to follow the instructions, even though there is no certainty the account will be deleted at all.
If the user targeted by the phishing email enters their login credentials, the site either claims they have used the wrong password or it says the login details are accepted, before redirecting them back to their company home page. In either case, the result is the same – the adversary steals the username and password to use in future attacks.
Example of Phishing Attack Countdown Clock
With phishing attacks now using ransomware tactics, the techniques of cyber-attackers are clearly never set in stone – so stay vigilant.
Keep up to date with the latest trends by signing up to our email newsletter and circulate security best practices within your organisation.
Download our Ultimate Guide to Phishing eBook for all the information you need on understanding and tackling phishing – ideal for emailing round to your employees as an awareness guide.
Call us directly and we’ll put you in touch with the most relevant cyber expert.
Not currently free to call? Give us a brief description of what you’re looking for by filling out our form and we’ll email you as soon as we can.
