At a glance.
- Phishing operations targets Office 365 users.
- Vultur malware in the Android ecosystem.
- Phishing rising.
Phishing operation targets Microsoft Office 365.
ZDNet details a phishing campaign aimed at Microsoft 365 users that is especially cunning in its ability to evade typical methods of defense. The operators clearly know what they’re doing, employing a convincing fake Microsoft 365 webpage, spoofed sender addresses, and Google cloud web app hosting to make the scam all the more believable and undetectable. Targets receive an email that mimics a “file share” request for a fake Excel spreadsheet. The email lures victims to the phishing site, and the attack evades sandboxes by requiring a sign-in to navigate to the final page. The Microsoft Security Intelligence team released an advisory telling users what to look out for. "An active phishing campaign is using a crafty combination of legitimate-looking original sender email addresses, spoofed display sender addresses that contain the target usernames and domains, and display names that mimic legitimate services to try and slip through email filters," the warning explains.
Troy Gill, Manager of Security Research at Zix | AppRiver, took occasion to offer advice on phishing:
“Phishing continues to be the bread and butter for bad actors looking to gain access to sensitive information. We continue to see phishing campaigns rise, with even more intricate attempts to deceive the everyday individual to gain access to credentials and cause further harm to individuals and enterprises. The tactics described in the warning by Microsoft, which outlines attackers abusing legitimate services like Google and SharePoint, have become very popular over the past several years. In order to help reduce the risk of phishing campaigns and other email threats, organizations should follow these top six tips:
"1. Never reuse the same password on different services, if the service is compromised attackers will try that same password for others.
"2. Limit authorized use of third-party services- this will help limit the attack surface criminal have to work with
"3. Use end-to-end email encryption for any message containing confidential or personally identifiable information
"4. Ensure your solution is capable of dynamically analyzing email attachments and URLs
"5. Continuously audit your email environment. An O365 Security audit can provide critical insights into possible compromised accounts as well as if there is activity on accounts that should no longer be active
"6. If there is any suspicion about a message or transaction, it never hurts to call the sender. Most will be glad of your security protocols in place to help prevent fraud”
Vultur malware preys on Android users.
iTech Post reports on a new malware operation that targets Android devices and records a user’s activities in order to gather private info. The remote access Trojan, dubbed Vultur, relies on screen-recording to film the user’s activities, transmitting the footage to the attackers servers, and it’s automatically triggered when the user accesses a bank account, social media platform, or cryptocurrency site. Vultur infects devices through apps available in Google PlayStore that focus on fitness, phone security, or authentication like the Protection Guard app, which Vultur has used to hack over 30,000 phones. What’s worse, Vultur is designed to block any user attempts to delete the infected app. So far, users in Italy, Spain, and Australia have been hit the hardest. One tell-tale sign your device might be infected: researchers have found that whenever Vultur begins recording, a "casting" icon or Protection Guard logo appears.
Sam Bakken, Director of Product Marketing at OneSpan, wrote to offer some perspective on keyloggers in general:
"This attack is novel in that it relies on reading and recording a mobile device's screen or keylogging to steal a user's credentials rather than overlay attacks. Screenreading and keylogging malware can be less a resource-intensive method than overlay attacks that mimic targeted banks' mobile app or mobile website log-in screens. The attack started with a malicious app published on the Google Play Store. While Google does seem to respond to alerts of malicious apps, that's no comfort to victims that have already been fleeced of their credentials or funds. A recent report from AV-TEST also showed that Google Play Protect, whose objective is to identify malware, placed last amongst its mobile security app peers. The key takeaway is that developers/publishers of mobile apps that facilitate payments or other banking activities should not assume their apps and users are protected by the Android operating system or the Google Play Store alone. They need to take additional action with multiple layers of security, including strong customer authentication and app shielding. When this is integrated into a mobile banking app, it will continuously monitor the app and shut down if screenreading or keylogging activity by this Vultur malware is detected.
Survey shows phishing scams on the rise.
UK security firm Egress has released its 2021 Insider Data Breach Survey, and after querying five hundred IT leaders and three thousand employees in the US and UK, data shows that 73% of organizations were hit by phishing attacks. RealWire also reports that over half of the IT leaders surveyed feel the increased reliance on remote work this past year could be to blame for the surge in phishing scams, and they worry remote work will continue to make it difficult to protect against scams in the future. Jack Chapman, Egress’s Vice President of Threat Intelligence, explained, “With many organisations planning for a remote or hybrid future, phishing is a risk that must remain central to any security team’s plans for securing their workforce.”