Demo
Blurred Lines: Phishing Catches Ransomware Bait - Talion

In an online world full of dense content and endless links, it’s not surprising that phishing and ransomware are on the rise.

41% of respondents in a security survey admitted that they “worry about ransomware attacks evolving beyond their team’s knowledge and skillset.”

But what about phishing attacks?

Now that cybercriminals are beginning to utilise ransomware tactics for their phishing campaigns, the line between these two attacks is blurred. Cyber-attacks are morphing into one another as cyber criminals seek out the most advanced method of taking down their victims.

We’ve researched these latest phishing trends and what you should look out for as a security leader.

 

The Rise Of Phishing Complexity

Businesses are becoming more in tune with security awareness and training and, alongside the natural advancements in technology, cyber criminals are seeking newer, more efficient tactics to further exploit the vulnerabilities of unknowing victims.

When it comes to phishing, it’s acknowledged that Microsoft is the top target for brand impersonation, with 11,041 unique phishing URLs. Microsoft is a lucrative target not only due to its popularity as a chosen software, but also that it gives hackers the ability to distribute malware, launch ransomware attacks and more once the Microsoft account itself is compromised. The flexibility that makes it so attractive to business users is therefore, ironically, the very reason cybercriminals exploit it.

Recently, there has been talk of custom phishing kits which have been tailored specifically to bypass even the most seemingly protected software, through bypassing multi-factor authentication (MFA) processes. It is due to its unique attributes, such as HTML parsing and lack of domain translation, that security researchers believe that the attackers are using custom adversary-in-the-middle (AiTM) phishing kits to hurdle second authentication and steal email credentials.

Employees of all organisations should be extra wary of opening attachments or clicking links in emails sent from untrusted sources, and always check the URL in the address bar before moving ahead with any form of login process.

 

 

Phishing Attacks Borrow Ransomware Techniques

Hackers rip a page off the ransomware book as they begin to tackle phishing attacks in a new manner. The well-known countdown clock, utilised by ransomware gangs such as LockBit to encourage faster ransom payment, is now being utilised as a secondary tactic for after victims have clicked the phishing URL to panic them into handing over their passwords.

The tactic utilises phishing emails to deliver a message warning the recipient that an attempt to login to their account from a location they have not used before has been blocked and they should click a link to verify their email address. Once clicked, the site displays a countdown clock ticking down from an hour, where the user must enter their username and password to “validate” their account before the countdown hits zero, otherwise it will be deleted.

This sense of urgency is what plays on the victim’s vulnerabilities as they are left in a position of panic, where they are likely to follow the instructions, even though there is no certainty the account will be deleted at all.

If the user targeted by the phishing email enters their login credentials, the site either claims they have used the wrong password or it says the login details are accepted, before redirecting them back to their company home page. In either case, the result is the same – the adversary steals the username and password to utilise in future attacks.

 

Example of Phishing Attack Countdown Clock

 

With phishing attacks now utilising ransomware tactics, the techniques of cyber-attackers are clearly never set in stone – so stay vigilant.

Keep up to date with the latest trends by signing up to our email newsletter and circulate security best practices within your organisation.

Read our Ultimate Guide to Phishing eBook for all the information you need on understanding and tackling phishing – ideal for emailing round to your employees as an awareness guide.

 

 
Watch demo video
We’re a tight-knit, highly skilled operation, so when a threat arises, we move quickly.
Talion
Watch demo video
We’re a tight-knit, highly skilled operation, so when a threat arises, we move quickly.
Talion
24x7x365 UK-based Security Operations Centre
Talion
Service underpinned by market leading threat intelligence team
Talion
Continually developed threat relevant content, backed by SLAs
Talion
MDR service has featured in the Gartner Magic Quadrant for 6 consecutive years
Talion
Experts in SIEM and SOAR technology
Talion
UK-based Senior Leadership
I'm ready
Request a more in-depth demo.
Discuss your cyber security needs
Fill in the form below and one of our team will be in touch to arrange your demo.

Call us on 0800 048 5775

Call us directly and we’ll put you in touch with the most relevant cyber expert.

Send us a message

Give us a brief description of what you’re looking for and we’ll put you in touch with the best person.