BEWARE – New ‘Creative’ Phishing Attack You Really Should Pay Attention To

By: Mohit Kumar

A cybersecurity researcher who last month warned of a creative phishing campaign has now shared details of a new but similar attack campaign with The Hacker News that has specifically been designed to target mobile users.

Just like the previous campaign, the new phishing attack is also based on the idea that a malicious web page could mimic look and feel of the browser window to trick even the most vigilant users into giving away their login credentials to attackers.

Antoine Vincent Jebara, co-founder and CEO of password managing software Myki, shared a new video with The Hacker News, demonstrating how attackers can reproduce native iOS behavior, browser URL bar and tab switching animation effects of Safari in a very realistic manner on a web-page to present fake login pages, without actually opening or redirecting users to a new tab.

New Phishing Attack Mimics Mobile Browser Animation and Design

As you can see in the video, a malicious website that looks like Airbnb prompts users to authenticate using Facebook login, but upon clicking, the page displays a fake tab switching animation video aimed to trick users into thinking that their browsers are behaving normally.

“The Facebook login page is also definitely fake and is an overlay over the current page that makes it look like an authentic Facebook page,” Jebara said.

 

“From the moment a user accesses the malicious website, they are manipulated into performing actions that seem legitimate, all with the purpose of building up their confidence to submit their Facebook password at the final stage of the attack.”

If users are not very attentive to details and fail to spot minor differences, they would eventually end up filling the username and password fields on the phishing page, resulting in giving away their social media credentials to the attackers.

More: https://thehackernews.com/2019/03/ios-mobile-phishing-attack.html?m=1

América Latina registra 3,7 milhões de ataques de malware por dia, afirma Kaspersky Lab

By: TI Inside Online

A Kaspersky Lab registrou um aumento de 14,5% nos ataques de malware durante os últimos 12 meses na América Latina em relação a 2017– o que significa uma média de 3,7 milhões de ataques diários e mais de 1 bilhão no ano. Entre os países que registraram maior crescimento, a Argentina está no primeiro lugar com um aumento de 62%, seguido pelo Peru (39%) e México (35%). “Os resultados mostram que toda a região tem experimentado uma quantidade considerável de ciberameaças, com a grande maioria concentrada em roubo de dinheiro”, destaca Fabio Assolini, analista sênior de segurança da Kaspersky Lab.

Além dos malware, a Kaspersky Lab bloqueou mais de 70 milhões de ataques de phishing na América Latina entre novembro de 2017 e novembro de 2018; a média de ataques diário é de 192 mil, representando um crescimento de 115% quando comparado com o período anterior (novembro/2016 até novembro/2017). O ranking dos países mais atacados por phishing está diferente neste ano: o Brasil perdeu a liderança e agora figura em terceiro lugar no ranking, com um aumento de 110%. O México (120%) está na primeira posição e a Colômbia (118%) em segundo lugar.

Phishing e vulnerabilidade

O aumento constante dos números de ataques de phishing é uma das principais razões de comprometimento de contas. Isso porque, os usuários que clicam em links suspeitos, por muitas vezes, fornecem informações pessoais e logins de acesso. As violações de dados têm se tornado comuns e preocupantes, já que as pessoas revelam não apenas uma grande quantidade de informações sobre elas mesmas, mas também informam detalhes do cartão de crédito e conta corrente. Em posse destes, violações e acessos não-autorizados são os menores dos problemas, o maior deles serão os danos financeiros, pois a primeira coisa que o cibercriminoso fará será tentar efetuar compras em nome da vítima.

“Tipos de incidentes assim servem como um grande passo para que algumas mudanças importantes nas políticas de privacidade e no comportamento das pessoas sejam feitas em relação aos dados que são compartilhados”, diz Assolini. “É muito comum que os usuários utilizem as mesmas senhas para diferentes sites e o cibercriminoso testará a combinação em todos os serviços e redes sociais mais populares. Ao ter informações vazadas, a primeira e mais importante ação que deve ser feita é a troca das senhas em outros logins – mesmo que este não tenha sido comprometido.”

Países

Por mais que Argentina, Brasil, Chile, Colômbia, México e Peru façam parte da América Latina e sejam visados por diferentes cibercriminosos, é preciso entender que os golpes têm se desenvolvido de maneiras distintas em cada país. Na Argentina, o caso Prilex voltou à tona quando um turista viajou ao Brasil e teve seu cartão de crédito clonado. “A primeira vez que identificamos esse grupo foi em um ataque à caixas eletrônicos direcionado aos bancos, principalmente no território brasileiro. Posteriormente, o grupo migrou seus esforços para sistemas de pontos de venda desenvolvidos por fornecedores brasileiros, clonando cartões de crédito, o que permitia a criação de um novo golpe totalmente funcional, habilitado inclusive para transações protegidas por chip e senha”, explica Assolini.

WhatsApp: Newest Attack Target for Mobile Phishing

By: Uladzislau Murashka

 

Phishing attacks aren’t nearly as successful as they used to be because by now people have learned to look out for the emails that ask them to provide sensitive details. While this is true for emails, it seems that pioneer attackers have embraced other ways of utilizing phishing attacks, namely through messaging services such as WhatsApp, Skype, and even plain old SMS.

Mobile Phishing
Mobile phishing is an issue that shows no signs of abating anytime soon. According to Verizon, 90% of their recorded data breaches began with a phishing attack and right now mobile is an increasingly common attack vector.

Recent research from Wandera shows a new trend among cyber-criminals toward mobile phishing. Every day, dozens of new attacks are detected and many of them last less than a day before being shut down and relocated elsewhere. These phishing attacks share many standard features, notably centering around the use of WhatsApp.

Distribution Methods
Now that there is a widespread awareness of the dangers email-based phishing attacks bring, many savvy cyber-criminals are instead moving on to using other vectors that allow them to attack mobile devices. Many of such attacks center on WhatsApp as both the initial method of delivery and the way to reach more targets after every single success.

It isn’t just the awareness that has led to this shift. Email clients and providers have many built-in tools that identify any potential phishing emails and alert the user or automatically delete the email.

In contrast, there are no such security measures for SMS, or for app-based messaging services. Given the sheer number of different messaging apps out there, it is challenging to develop a catch-all defense against mobile phishing attacks. This results in mobile-based attacks being at least three times more effective than the phishing that takes place through desktop. Without any doubt, mobile providers should make further investments into raising cybersecurity awareness and improving it on mobile.

Exploiting WhatsApp
Unlike with phishing emails, which are often flagged as potentially malicious, there is no filtering or alert system on WhatsApp either. When a user receives a link on WhatsApp, it usually generates a preview of that website’s logo and page title. These are easy for an attacker to fake but might give a phishing message enough of a veneer of legitimacy for the user to get caught off guard.

More: https://www.zdnet.com/article/25-android-smartphone-models-contain-severe-vulnerabilities-off-the-shelf/

Phishing attacks: Why is email still such an easy target for hackers?

By: Danny Palmer

The majority of cyber attacks begin with one simple phishing email. So will it ever be possible to close this door to hackers, once and for all?

Email is incredibly useful, which is why we all still use it. But chief among its downsides (along with getting caught in a group-cc’d message hell) is that email remains one of the most common routes for hackers to attack businesses.

Around one in every hundred messages sent is a malicious hacking attempt. That might not seem like a large figure, but when millions of messages are sent every day, it adds up — especially when it just takes one employee to fall victim to a phishing message and potentially lead to a whole organisation being compromised.

For example, the cyber attack against the Democratic National Committee that led to thousands of private emails being exposed in the run up to the US Presidential election started with just one successful phishing email, while countless espionage and malware campaigns have also gained entry to organisations via an email-based attack.

But if email leaves us so vulnerable to attempts at hacking, why do we stick with it?

“Email is still the main way that two entities who may not have a relationship get together and communicate. Whether it’s a law firm communicating with a business or a candidate applying for a job, email is still the bridge to getting these entities communicating. It’s not going away,” says Aaron Higbee, co-founder and CTO at anti-phishing company Cofense.

As long as email is here, phishing will also remain a problem — and while some phishing campaigns are really sophisticated and based around cyber criminals performing deep reconnaissance on targets, other email-based attacks aren’t so sophisticated — and yet are still worryingly successful.

More:  https://www.zdnet.com/article/phishing-attacks-why-is-email-still-such-an-easy-target-for-hackers/

 

3 Out of 4 Employees Pose a Security Risk

By: Steve Zurier

New MediaPRO study also finds that management performed worse than entry- and mid-level employees in how to handle a suspected phishing email.

Despite concerted efforts by many US organizations to improve security awareness among users, a new study shows they still have a long way to go.

Some 75% of respondents today pose a moderate or severe risk to their company’s data, according to MediaPRO’s third annual State of Privacy and Security Awareness Report, and 85% of finance workers show some lack of data security and privacy knowledge.

Tom Pendergast, chief security and privacy strategist at security awareness and training provider MediaPRO, says the firm surveyed more than 1,000 employees across the United States to quantify the state of privacy and security awareness in 2018. More people fell into the risk category this year than in 2017 – and that number had nearly doubled since the inaugural survey, he says.

“The overall results revealed a trend we weren’t happy to see, that employees performed worse across the board compared to the previous year,” Pendergast says. “While I think there’s a certain amount of security fatigue from news of all the attacks, if in five years I don’t see significant change I will be surprised. There’s both a cultural a business awareness of the need to do good work in this area.”

MediaPRO based its study on a variety of questions that focus on real-world scenarios, such as correctly identifying personal information, logging on to public Wi-Fi networks, and spotting phishing emails. Based on the percentage of privacy and security-aware behaviors, respondents were assigned to one of three risk profiles: risk, novice, or hero.

Here’s a thumbnail of some other notable findings:

1. Employee performance was worse this year across all eight industry verticals measured. Respondents did much worse in identifying malware warning signs, knowing how to spot a phishing email and social media safety.

More: https://www.darkreading.com/endpoint/privacy/3-out-of-4-employees-pose-a-security-risk/d/d-id/1333037

Brasil tem maior parcela de usuários atacados por phishing no segundo trimestre de 2018

By: TI Inside Online

No segundo trimestre de 2018, as tecnologias antiphishing da Kaspersky Lab bloquearam mais de 107 milhões de tentativas de acesso a páginas de phishing, das quais 35,7% estavam relacionadas a serviços financeiros e atingiam os clientes por meio de páginas falsas de bancos ou sistemas de pagamento.

O setor de TI foi o segundo mais atingido, com 13,83% dos ataques voltados às empresas de tecnologia, um índice 12,28 pontos percentuais mais alto do que no trimestre anterior, segundo o Relatório de Spam e Phishing do segundo trimestre de 2018 da Kaspersky Lab.

Os resultados acima mostram que, para proteger seu dinheiro, os usuários devem ser extremamente cuidadosos com sua segurança ao navegar pela Internet. Os ataques a clientes de organizações financeiras, incluindo transações de bancos, sistemas de pagamento e lojas online, são uma moda permanente no crime virtual e envolve o roubo de dinheiro, além de dados pessoais.

Ao criar páginas falsas de bancos, sistemas de pagamento ou compras, os invasores coletam informações sigilosas de vítimas desavisadas, como seus nomes, senhas, endereços de e-mail, números de telefone, números de cartões de crédito e códigos PIN.

No segundo trimestre de 2018, os usuários de serviços financeiros foram muito perturbados, com 21,1% dos ataques relacionados a bancos, 8,17% a lojas virtuais e 6,43% a sistemas de pagamento, compreendendo mais de um terço dos ataques totais. O Brasil continuou sendo o país com a maior parcela dos usuários atacados por golpes de phishing no segundo trimestre de 2018 (15,51%). Em seguida, vieram China (14,44%), Geórgia (14,44%), Quirguistão (13,6%) e Rússia (13,27%).

Curiosamente, houve quase 60.000 tentativas de visitar páginas da Web fraudulentas que apresentavam carteiras e câmbios de criptomoedas populares entre abril e junho. Além do phishing tradicional, que possibilita o acesso às contas da vítima e informações privadas importantes, os criminosos virtuais tentam forçar suas vítimas a transferir criptomoedas para eles de maneira independente. Um dos truques usados é a distribuição gratuita de criptomoeda.

Mais: http://tiinside.com.br/tiinside/seguranca/mercado

Email Phishers Using New Way to Bypass Microsoft Office 365 Protections

By: Swati Khandelwal

Phishing works no matter how hard a company tries to protect its customers or employees.

Security researchers have been warning of a new phishing attack that cybercriminals and email scammers are using in the wild to bypass the Advanced Threat Protection (ATP) mechanism implemented by widely used email services like Microsoft Office 365.

Microsoft Office 365 is an all-in-solution for users that offers several different online services, including Exchange Online, SharePoint Online, Lync Online and other Office Web Apps, like Word, Excel, PowerPoint, Outlook and OneNote.

On the top of these services, Microsoft also offers an artificial intelligence and machine learning powered security protection to help defend against potential phishing and other threats by going one level deep to scan the links in the email bodies to look for any blacklisted or suspicious domain.

But as I said, phishers always find a way to bypass security protections in order to victimize users.

Just over a month ago, the scammers were found using the ZeroFont technique to mimic a popular company and tricked users into giving away their personal and banking information.

 In May 2018, cybercriminals had also been found splitting up the malicious URL in a way that the Safe Links security feature in Office 365 fails to identify and replace the partial hyperlink, eventually redirecting victims to the phishing site.

UnityPoint warns 1.4 million patients their information might have been breached by email hackers

By: Tony Leys

One of Iowa’s main hospital and clinic systems has notified about 1.4 million patients that their personal information might have been breached.

 UnityPoint Health officials said hackers used “phishing” techniques to break into the company’s email system. The company, based in West Des Moines, said the hackers could have obtained medical information, such as diagnoses and types of care, that was included in emails.

“While we are not aware of any misuse of patient information related to this incident, we are notifying patients about what happened, what information was involved, what we have done to address the situation, and what patients can do to help protect their information,” RaeAnn Isaacson, UnityPoint’s privacy officer, said in a press release Monday.

The hackers also might have obtained some patients’ financial information, such as bank account numbers, UnityPoint said.

The hackers used official-looking emails to obtain employees’ passwords, leading to the breach, the company said. The company said after it discovered the problem May 31, it hired outside experts and notified the FBI.

More: https://amp-desmoinesregister-com.cdn.ampproject.org

“CRYPTOJACKING”, A NOVA ARMA DOS CRIMINOSOS DA INTERNET

By: Telesíntese Redação

A McAfee publicou hoje, 27, o Relatório de ameaças do McAfee Labs: junho de 2018 ,que examina o crescimento e as tendências de novos tipos de malware, ransomware e outras ameaças no 1º trimestre de 2018. O McAfee Labs registrou, em média, cinco novas amostras de ameaças por segundo, incluindo um aumento nos casos de “cryptojacking” e outros malwares de mineração de criptomoedas.

“Neste semestre, foram revelados novos dados sobre campanhas complexas de ataques cibernéticos realizados por nações em conflitos internacionais contra usuários e sistemas empresariais de todo o mundo”, afirmou Raj Samani, cientista-chefe na McAfee. “Os criminosos demonstraram um impressionante nível de agilidade técnica e inovação nas ferramentas e táticas utilizadas. Eles continuaram recorrendo à mineração de criptomoedas como via fácil de lucrar com suas atividades criminosas.”

Os hackers ampliaram suas operações de cryptojacking e outros esquemas de mineração de criptomoedas, em que os criminosos sequestram os navegadores das vítimas ou infectam seus sistemas para usá-los secretamente com a finalidade de minerar criptomoedas legítimas, como Bitcoin. Essa categoria de malwares mineradores de moedas teve um impressionante crescimento de 629% no primeiro trimestre de 2018, disparando de aproximadamente 400 mil amostras totais conhecidas no 4º trimestre de 2017 para mais de 2,9 milhões no trimestre seguinte. Isso indica que os criminosos cibernéticos continuam apostando na abordagem de simplesmente infectar os sistemas dos usuários e coletar pagamentos sem depender de terceiros para lucrar com seus crimes.

“Os criminosos cibernéticos geralmente optam pelas atividades criminosas que geram o maior lucro possível”, afirmou Steve Grobman, CTO da McAfee.  “Nos últimos trimestres, observamos uma transição do roubo de dados para o ransomware, que é um crime mais eficiente.  Com a constante valorização das criptomoedas, as tendências do mercado estão levando os criminosos a adotar o cryptojacking e o roubo de criptomoedas. O crime cibernético é um negócio, e as tendências do mercado continuarão influenciando a decisão dos criminosos sobre onde concentrar seus esforços.”

 Campanhas de roubo de Bitcoin

A quadrilha de crime cibernético Lazarus lançou uma campanha de phishing extremamente sofisticada para roubar Bitcoins, a HaoBao, tendo como alvo instituições financeiras internacionais e usuários do Bitcoin. Quando os destinatários de e-mails abrem anexos maliciosos, um implante analisa o sistema em busca de transações de Bitcoin e instala um malware que constantemente coleta dados e minera criptomoedas.

Mais: http://www.telesintese.com.br/cryptojacking-a-nova-arma-dos-criminosos-da-internet/