Gallery

A new scam borrows a page from the tech support scams that target older victims telling them potential fraud has been found, offering to “help” solve the issue and ultimately asking for banking details.

Security researchers at Malwarebytes highlight a new scam in which victims are called offering to help the victim with identified fraud on their bank account, drawing attention to both the idea of fraud and the victim’s money. But instead of triggering a response that puts the victim on edge and suspicious of everyone, this Fraud Support scam seems to instead put its victims at enough ease that they walk scammers right into their bank account.

While this scam typically preys on older victims, it demonstrates that if you align the right scam with the right target victim audience and create the right level of urgency, any scam – even one that feels a lot like the tech support scams – can be successful.

The scam also makes it clear that successful scams and cyberattacks don’t exclusively use email as their medium, making it obvious that anyone within an organization that has access to the company’s finances be put through Security Awareness Training to ensure they understand all the possible ways financial scams can take place, and how to avoid making your organizations a victim.

Researchers at Vade Secure warn of a large phishing campaign that’s impersonating shipping giant Maersk to target thousands of users in New Zealand.

“Several waves of phishing emails impersonating Maersk have targeted more than 18,000 recipients, 13,000 recipients, and 5,000 recipients respectively between January 2022 and May 2022, exploiting the global supply chain crisis affecting millions of businesses around the world,” the researchers write. “Users in New Zealand have been targeted with Maersk phishing emails with the subject line ‘Maersk Original Shipping Document’ followed by the email of the recipient and the from address displayed as service@maersk[.]com, which mimics a legitimate Maersk email address.”

The emails contain a link to a spoofed login page that asks the user to enter their email address and password in order to access their shipping information. The attackers are using compromised websites to host these phishing pages.

“Maersk phishing campaigns have been active since 2018, but this most recent campaign spiked in March and April 2022,” the researchers write. “Previous research suggests a link between the 2018 Maersk campaign and the ‘MartyMcFly’ investigation into attacks targeting the Italian naval industry. Like the previous campaign, the current campaign is using compromised websites to host phishing kits and potentially malware.”

The researchers add that New Zealand is a prime target for shipping-themed phishing attacks due to its location, particularly during the pandemic.

“New Zealand has been hit hard by the supply chain crisis, with products sitting in warehouses and no ships to transport them,” Vade says. “New Zealand’s size and geographical location makes it particularly vulnerable, with shipping companies prioritizing business with larger and more accessible countries. This makes anxious New Zealand businesses optimal targets for phishing attacks.”

New-school security awareness training can give your organization an essential layer of defense by teaching your employees how to thwart social engineering attacks.

Scammers use a variety of tried-and-true tactics to trick people, according to André Lameiras at ESET. For example, they can easily find open-source information about people on the internet and use this to craft targeted attacks.

“Some scammers will use all available and seemingly harmless data about you to their advantage, watching your every move online, typically on social media, in order to eventually exploit your digital footprint,” Lameiras says. “Unless you’re careful, the more you interact online, the higher the odds that they’ll know a lot about you – ultimately, they may have an easier time duping you.”

Scammers also know that people are more likely to fall for scams that appear to come from people in positions of authority, such as law enforcement. In targeted attacks, the scammers often pose as the user’s boss or an executive at their organization.

“People tend to trust those in positions of authority,” Lameiras says. “Fraudsters often impersonate people who hold some kind of expertise: a government worker, a lawyer, a company executive or an expert in a specific field. These are all people we were taught to trust. Scammers will try to look official and use the names of companies or organizations you might recognize.”

Additionally, scammers often use phony sob stories or pleas for help to take advantage of their victims’ sympathy.

“Ploys that involve requests for help create empathy with the scammer or with the people who the fraudster claims to represent,” ESET says. “For example, narratives of personal tragedies or public emergencies remain effective. Even if in the back of your mind you know it might not be true, you are still inclined to help ‘just in case.’ Scammers realize that people want to feel useful.”

New-school security awareness training can teach your employees to recognize social engineering tactics so they can avoid falling for scams.

A March 2022 report from the Senate Committee on Homeland Security and Governmental Affairs zeros in on the growing problem of ransomware and lessons learned so far.

When Senate committees need to better understand a pressing issue, staff reports are often written to help members understand the scope of the problem. One such report was just released on the topic of ransomware, entitled America’s Data Held Hostage: Case Studies in Ransomware Attacks on American Companies.

In it, some not-so-surprising stats were brought to life to simply and effectively summarize the state of ransomware:

• 3 million attempted ransomware attacks worldwide in 2021
• 5 million of those attacks occurred in the United States
• The U.S. experienced a 98% increase in attacks in 2021

The report provides committee members with three examples of real-world ransomware attacks. The first, in which a multi-sector Fortune 500 company with over 100,000 employees – and 200 employees focused solely on IT security – was the victim of a REvil ransomware attack, presents some quite shocking lessons learned.

• It took them a week to eradicate the threat actors from having access to their network
• Backups were one of the reasons it *only* took one week
• Their biggest takeaway was “the sophistication of hostile actors and the financial means at their disposal

It says a lot when an organization with 200 talented cybersecurity professionals can’t stop a successful attack from occurring (with no offense meant towards them), and when they are warning the rest of us about how sophisticated the cybercriminal really is.

Phishing still represents one of the top initial attack vectors in ransomware attacks, making it imperative that every single employee – from the bottom to the top – enroll in Security Awareness Training that heightens their sense of cyber-vigilance, limiting the attack surface and reducing the likelihood of a successful attack via phishing.

Researchers at Recorded Future’s Insikt Group warn that the Russian threat actor NOBELIUM (also known as APT29 or Cozy Bear) is using typosquatting domains to target the news and media industries with phishing pages.

“From mid-2021 onwards, Recorded Future’s midpoint collection revealed a steady rise in the use of NOBELIUM infrastructure tracked by Insikt Group as SOLARDEFLECTION, which encompasses command and control (C2) infrastructure,” the researchers write. “In this report, we highlight trends observed by Insikt Group while monitoring SOLARDEFLECTION infrastructure and the recurring use of typosquat domains by its operators. A key factor we have observed from NOBELIUM operators involved in threat activity is a reliance on domains that emulate other brands (some legitimate and some that are likely fictitious businesses). Domain registrations and typosquats can enable spear phishing campaigns or redirects that pose a threat to victim networks and brands.”

Recorded Future notes that the threat actor is effectively imitating the targeted companies.

“Analysis of recent and historical domains attributed to NOBELIUM broadly demonstrates the group’s familiarity with, and tendency to emulate, a variety of media, news and technology providers,” the researchers write. “The group has abused dynamic DNS resolution to construct and resolve to randomly generated subdomains for its C2s or root domains to mislead victims. The key aspect to these attacks is the use of either email addresses or URLs that look similar to the domain of a legitimate organization. Potentially harmful domain registrations and typosquats can enable spear phishing campaigns or redirects that pose an elevated risk to a company’s brand or employees.”

The researchers add that spear phishing is a common technique used by both criminal and nation-state threat actors.

“A successful spear phish is dependent on factors such as the quality of the message, the credibility of the sender address, and, in the case of a redirecting URL, the credibility of the domain name,” the researchers write. “Insikt Group has previously observed other Russian nexus groups using typosquatting in support of operations, such as those aimed at the 2020 presidential elections, to increase confidence in the validity of the fraudulent login portal used to harvest victim credentials. This tactic has also been reported recently in open sources in connection with intrusions targeting entities in Ukraine, likely in support of Russia’s invasion of the country.”

New-school security awareness training can enable your employees to thwart targeted social engineering attacks.

With the number of email breaches per year almost doubling in the last three years, organizations still don’t see email security solutions as being an effective means of stopping attacks.

Email remains a direct conduit for threat actors to access organizations and even specific individuals within, providing an opportunity to attack just the right potential victim recipient with the right message and the right trigger to elicit the desired response that spawns a cyberattack. According to Osterman Research’s Phishing, BEC, and Ransomware Threats for Microsoft 365 Users report, the use of email as a malicious vehicle is not only clear and present, but working to the cybercriminals advantage.

• Less than half of organizations rate their email security as being “effective”
• 64% of orgs believe their security solutions to be ineffective against attacks impersonating executives
• 54% believe their security solutions to be ineffective in preventing impersonated emails of any kind from reaching a user’s Inbox

This is not just “gut feeling” or intuition; it’s based on the resultant effectiveness of these solutions to stop attacks. According to the report:

• 89% of organizations experienced one or more successful email breaches during the last 12 months
• Ransomware attacks increased by 71% over the same period of time
• Microsoft 365 credential compromise attacks increased by 49%

According to the report, while 99% of organizations offer some kind of training on email threats at least annually, only 14% of organizations offer training monthly or more frequently. But those organizations that do conduct regular Security Awareness Training see a reduction in the likelihood of employees falling for phishing attacks, with 87% of those organizations seeing a “reasonable” or “significant” impact in the reduction of their email threat surface.