Global Threat Statistics for the week of March 22, 2019

By: Julia Sowells

PayPal Phishing Casts a Wide Net

One of the most successful phishing methods is to co-opt a well-respected brand. PayPal topped the list by a wide margin in a recent analysis of over 100 million endpoints by Comodo Threat Intelligence Lab. PayPal was impersonated in 39% of all such attacks, with Microsoft a distant second at 20%.

Sharing this information is important so that your users know to be more vigilant if they get an email or alert, supposedly from PayPal, Microsoft, or the others in this chart. Some of these phishing websites look quite authentic and may fool even security-minded users. This type of information is a great addition to your security awareness program.

Top Brands co-opted for phishing websites

The scale at which these attacks are being deployed is evident in the number of web pages using this type of attack. This analysis discovered 61,767 web pages impersonating these brands for the purpose of phishing. Just over half were taken down by the time this article was written. That still leaves almost 30,000 malicious web pages to lure your users.

6 characteristics that make brands good targets for phishing impersonation

1. Registered user accounts

Brands that have hundreds of thousands of registered user accounts are an inviting target for cybercriminals. Consider, for example, PayPal with 267 million registered user accounts. If an attacker can send phishing emails to 1% of them, that’s 2.67 million chances that a user will click on a link that brings that user to their malicious website. If just 1% of those users click that link, they get 26,700 accounts that they have compromised.

2. Trusted brand

When dealing with a trusted brand, people tend to let their guard down. If a phishing website impersonates a trusted brand well enough, that lower level of user vigilance increases the chances of a successful attack.

3. Access to money

In most cases, this is the ultimate goal. There are other motivations such as hacktivism or cyber warfare.

More: https://hackercombat.com/global-threat-statistics-for-the-week-of-march/

BEWARE – New ‘Creative’ Phishing Attack You Really Should Pay Attention To

By: Mohit Kumar

A cybersecurity researcher who last month warned of a creative phishing campaign has now shared details of a new but similar attack campaign with The Hacker News that has specifically been designed to target mobile users.

Just like the previous campaign, the new phishing attack is also based on the idea that a malicious web page could mimic look and feel of the browser window to trick even the most vigilant users into giving away their login credentials to attackers.

Antoine Vincent Jebara, co-founder and CEO of password managing software Myki, shared a new video with The Hacker News, demonstrating how attackers can reproduce native iOS behavior, browser URL bar and tab switching animation effects of Safari in a very realistic manner on a web-page to present fake login pages, without actually opening or redirecting users to a new tab.

New Phishing Attack Mimics Mobile Browser Animation and Design

As you can see in the video, a malicious website that looks like Airbnb prompts users to authenticate using Facebook login, but upon clicking, the page displays a fake tab switching animation video aimed to trick users into thinking that their browsers are behaving normally.

“The Facebook login page is also definitely fake and is an overlay over the current page that makes it look like an authentic Facebook page,” Jebara said.

 

“From the moment a user accesses the malicious website, they are manipulated into performing actions that seem legitimate, all with the purpose of building up their confidence to submit their Facebook password at the final stage of the attack.”

If users are not very attentive to details and fail to spot minor differences, they would eventually end up filling the username and password fields on the phishing page, resulting in giving away their social media credentials to the attackers.

More: https://thehackernews.com/2019/03/ios-mobile-phishing-attack.html?m=1

América Latina registra 3,7 milhões de ataques de malware por dia, afirma Kaspersky Lab

By: TI Inside Online

A Kaspersky Lab registrou um aumento de 14,5% nos ataques de malware durante os últimos 12 meses na América Latina em relação a 2017– o que significa uma média de 3,7 milhões de ataques diários e mais de 1 bilhão no ano. Entre os países que registraram maior crescimento, a Argentina está no primeiro lugar com um aumento de 62%, seguido pelo Peru (39%) e México (35%). “Os resultados mostram que toda a região tem experimentado uma quantidade considerável de ciberameaças, com a grande maioria concentrada em roubo de dinheiro”, destaca Fabio Assolini, analista sênior de segurança da Kaspersky Lab.

Além dos malware, a Kaspersky Lab bloqueou mais de 70 milhões de ataques de phishing na América Latina entre novembro de 2017 e novembro de 2018; a média de ataques diário é de 192 mil, representando um crescimento de 115% quando comparado com o período anterior (novembro/2016 até novembro/2017). O ranking dos países mais atacados por phishing está diferente neste ano: o Brasil perdeu a liderança e agora figura em terceiro lugar no ranking, com um aumento de 110%. O México (120%) está na primeira posição e a Colômbia (118%) em segundo lugar.

Phishing e vulnerabilidade

O aumento constante dos números de ataques de phishing é uma das principais razões de comprometimento de contas. Isso porque, os usuários que clicam em links suspeitos, por muitas vezes, fornecem informações pessoais e logins de acesso. As violações de dados têm se tornado comuns e preocupantes, já que as pessoas revelam não apenas uma grande quantidade de informações sobre elas mesmas, mas também informam detalhes do cartão de crédito e conta corrente. Em posse destes, violações e acessos não-autorizados são os menores dos problemas, o maior deles serão os danos financeiros, pois a primeira coisa que o cibercriminoso fará será tentar efetuar compras em nome da vítima.

“Tipos de incidentes assim servem como um grande passo para que algumas mudanças importantes nas políticas de privacidade e no comportamento das pessoas sejam feitas em relação aos dados que são compartilhados”, diz Assolini. “É muito comum que os usuários utilizem as mesmas senhas para diferentes sites e o cibercriminoso testará a combinação em todos os serviços e redes sociais mais populares. Ao ter informações vazadas, a primeira e mais importante ação que deve ser feita é a troca das senhas em outros logins – mesmo que este não tenha sido comprometido.”

Países

Por mais que Argentina, Brasil, Chile, Colômbia, México e Peru façam parte da América Latina e sejam visados por diferentes cibercriminosos, é preciso entender que os golpes têm se desenvolvido de maneiras distintas em cada país. Na Argentina, o caso Prilex voltou à tona quando um turista viajou ao Brasil e teve seu cartão de crédito clonado. “A primeira vez que identificamos esse grupo foi em um ataque à caixas eletrônicos direcionado aos bancos, principalmente no território brasileiro. Posteriormente, o grupo migrou seus esforços para sistemas de pontos de venda desenvolvidos por fornecedores brasileiros, clonando cartões de crédito, o que permitia a criação de um novo golpe totalmente funcional, habilitado inclusive para transações protegidas por chip e senha”, explica Assolini.

WhatsApp: Newest Attack Target for Mobile Phishing

By: Uladzislau Murashka

 

Phishing attacks aren’t nearly as successful as they used to be because by now people have learned to look out for the emails that ask them to provide sensitive details. While this is true for emails, it seems that pioneer attackers have embraced other ways of utilizing phishing attacks, namely through messaging services such as WhatsApp, Skype, and even plain old SMS.

Mobile Phishing
Mobile phishing is an issue that shows no signs of abating anytime soon. According to Verizon, 90% of their recorded data breaches began with a phishing attack and right now mobile is an increasingly common attack vector.

Recent research from Wandera shows a new trend among cyber-criminals toward mobile phishing. Every day, dozens of new attacks are detected and many of them last less than a day before being shut down and relocated elsewhere. These phishing attacks share many standard features, notably centering around the use of WhatsApp.

Distribution Methods
Now that there is a widespread awareness of the dangers email-based phishing attacks bring, many savvy cyber-criminals are instead moving on to using other vectors that allow them to attack mobile devices. Many of such attacks center on WhatsApp as both the initial method of delivery and the way to reach more targets after every single success.

It isn’t just the awareness that has led to this shift. Email clients and providers have many built-in tools that identify any potential phishing emails and alert the user or automatically delete the email.

In contrast, there are no such security measures for SMS, or for app-based messaging services. Given the sheer number of different messaging apps out there, it is challenging to develop a catch-all defense against mobile phishing attacks. This results in mobile-based attacks being at least three times more effective than the phishing that takes place through desktop. Without any doubt, mobile providers should make further investments into raising cybersecurity awareness and improving it on mobile.

Exploiting WhatsApp
Unlike with phishing emails, which are often flagged as potentially malicious, there is no filtering or alert system on WhatsApp either. When a user receives a link on WhatsApp, it usually generates a preview of that website’s logo and page title. These are easy for an attacker to fake but might give a phishing message enough of a veneer of legitimacy for the user to get caught off guard.

More: https://www.zdnet.com/article/25-android-smartphone-models-contain-severe-vulnerabilities-off-the-shelf/

Phishing attacks: Why is email still such an easy target for hackers?

By: Danny Palmer

The majority of cyber attacks begin with one simple phishing email. So will it ever be possible to close this door to hackers, once and for all?

Email is incredibly useful, which is why we all still use it. But chief among its downsides (along with getting caught in a group-cc’d message hell) is that email remains one of the most common routes for hackers to attack businesses.

Around one in every hundred messages sent is a malicious hacking attempt. That might not seem like a large figure, but when millions of messages are sent every day, it adds up — especially when it just takes one employee to fall victim to a phishing message and potentially lead to a whole organisation being compromised.

For example, the cyber attack against the Democratic National Committee that led to thousands of private emails being exposed in the run up to the US Presidential election started with just one successful phishing email, while countless espionage and malware campaigns have also gained entry to organisations via an email-based attack.

But if email leaves us so vulnerable to attempts at hacking, why do we stick with it?

“Email is still the main way that two entities who may not have a relationship get together and communicate. Whether it’s a law firm communicating with a business or a candidate applying for a job, email is still the bridge to getting these entities communicating. It’s not going away,” says Aaron Higbee, co-founder and CTO at anti-phishing company Cofense.

As long as email is here, phishing will also remain a problem — and while some phishing campaigns are really sophisticated and based around cyber criminals performing deep reconnaissance on targets, other email-based attacks aren’t so sophisticated — and yet are still worryingly successful.

More:  https://www.zdnet.com/article/phishing-attacks-why-is-email-still-such-an-easy-target-for-hackers/

 

3 Out of 4 Employees Pose a Security Risk

By: Steve Zurier

New MediaPRO study also finds that management performed worse than entry- and mid-level employees in how to handle a suspected phishing email.

Despite concerted efforts by many US organizations to improve security awareness among users, a new study shows they still have a long way to go.

Some 75% of respondents today pose a moderate or severe risk to their company’s data, according to MediaPRO’s third annual State of Privacy and Security Awareness Report, and 85% of finance workers show some lack of data security and privacy knowledge.

Tom Pendergast, chief security and privacy strategist at security awareness and training provider MediaPRO, says the firm surveyed more than 1,000 employees across the United States to quantify the state of privacy and security awareness in 2018. More people fell into the risk category this year than in 2017 – and that number had nearly doubled since the inaugural survey, he says.

“The overall results revealed a trend we weren’t happy to see, that employees performed worse across the board compared to the previous year,” Pendergast says. “While I think there’s a certain amount of security fatigue from news of all the attacks, if in five years I don’t see significant change I will be surprised. There’s both a cultural a business awareness of the need to do good work in this area.”

MediaPRO based its study on a variety of questions that focus on real-world scenarios, such as correctly identifying personal information, logging on to public Wi-Fi networks, and spotting phishing emails. Based on the percentage of privacy and security-aware behaviors, respondents were assigned to one of three risk profiles: risk, novice, or hero.

Here’s a thumbnail of some other notable findings:

1. Employee performance was worse this year across all eight industry verticals measured. Respondents did much worse in identifying malware warning signs, knowing how to spot a phishing email and social media safety.

More: https://www.darkreading.com/endpoint/privacy/3-out-of-4-employees-pose-a-security-risk/d/d-id/1333037

Brasil tem maior parcela de usuários atacados por phishing no segundo trimestre de 2018

By: TI Inside Online

No segundo trimestre de 2018, as tecnologias antiphishing da Kaspersky Lab bloquearam mais de 107 milhões de tentativas de acesso a páginas de phishing, das quais 35,7% estavam relacionadas a serviços financeiros e atingiam os clientes por meio de páginas falsas de bancos ou sistemas de pagamento.

O setor de TI foi o segundo mais atingido, com 13,83% dos ataques voltados às empresas de tecnologia, um índice 12,28 pontos percentuais mais alto do que no trimestre anterior, segundo o Relatório de Spam e Phishing do segundo trimestre de 2018 da Kaspersky Lab.

Os resultados acima mostram que, para proteger seu dinheiro, os usuários devem ser extremamente cuidadosos com sua segurança ao navegar pela Internet. Os ataques a clientes de organizações financeiras, incluindo transações de bancos, sistemas de pagamento e lojas online, são uma moda permanente no crime virtual e envolve o roubo de dinheiro, além de dados pessoais.

Ao criar páginas falsas de bancos, sistemas de pagamento ou compras, os invasores coletam informações sigilosas de vítimas desavisadas, como seus nomes, senhas, endereços de e-mail, números de telefone, números de cartões de crédito e códigos PIN.

No segundo trimestre de 2018, os usuários de serviços financeiros foram muito perturbados, com 21,1% dos ataques relacionados a bancos, 8,17% a lojas virtuais e 6,43% a sistemas de pagamento, compreendendo mais de um terço dos ataques totais. O Brasil continuou sendo o país com a maior parcela dos usuários atacados por golpes de phishing no segundo trimestre de 2018 (15,51%). Em seguida, vieram China (14,44%), Geórgia (14,44%), Quirguistão (13,6%) e Rússia (13,27%).

Curiosamente, houve quase 60.000 tentativas de visitar páginas da Web fraudulentas que apresentavam carteiras e câmbios de criptomoedas populares entre abril e junho. Além do phishing tradicional, que possibilita o acesso às contas da vítima e informações privadas importantes, os criminosos virtuais tentam forçar suas vítimas a transferir criptomoedas para eles de maneira independente. Um dos truques usados é a distribuição gratuita de criptomoeda.

Mais: http://tiinside.com.br/tiinside/seguranca/mercado

Email Phishers Using New Way to Bypass Microsoft Office 365 Protections

By: Swati Khandelwal

Phishing works no matter how hard a company tries to protect its customers or employees.

Security researchers have been warning of a new phishing attack that cybercriminals and email scammers are using in the wild to bypass the Advanced Threat Protection (ATP) mechanism implemented by widely used email services like Microsoft Office 365.

Microsoft Office 365 is an all-in-solution for users that offers several different online services, including Exchange Online, SharePoint Online, Lync Online and other Office Web Apps, like Word, Excel, PowerPoint, Outlook and OneNote.

On the top of these services, Microsoft also offers an artificial intelligence and machine learning powered security protection to help defend against potential phishing and other threats by going one level deep to scan the links in the email bodies to look for any blacklisted or suspicious domain.

But as I said, phishers always find a way to bypass security protections in order to victimize users.

Just over a month ago, the scammers were found using the ZeroFont technique to mimic a popular company and tricked users into giving away their personal and banking information.

 In May 2018, cybercriminals had also been found splitting up the malicious URL in a way that the Safe Links security feature in Office 365 fails to identify and replace the partial hyperlink, eventually redirecting victims to the phishing site.

UnityPoint warns 1.4 million patients their information might have been breached by email hackers

By: Tony Leys

One of Iowa’s main hospital and clinic systems has notified about 1.4 million patients that their personal information might have been breached.

 UnityPoint Health officials said hackers used “phishing” techniques to break into the company’s email system. The company, based in West Des Moines, said the hackers could have obtained medical information, such as diagnoses and types of care, that was included in emails.

“While we are not aware of any misuse of patient information related to this incident, we are notifying patients about what happened, what information was involved, what we have done to address the situation, and what patients can do to help protect their information,” RaeAnn Isaacson, UnityPoint’s privacy officer, said in a press release Monday.

The hackers also might have obtained some patients’ financial information, such as bank account numbers, UnityPoint said.

The hackers used official-looking emails to obtain employees’ passwords, leading to the breach, the company said. The company said after it discovered the problem May 31, it hired outside experts and notified the FBI.

More: https://amp-desmoinesregister-com.cdn.ampproject.org