US Energy Giant Hit, Website Scammers Exploit, Social Media Phishing – Cybersecurity News [August 14, 2023]

Listen to this blog post below

 

Here’s the latest phishing news causing a stir around the world this week.

 

Top US Energy Enterprise Falls Victim to QR Code Phishing Scam

An extensive phishing campaign has come to light, focusing on a prominent US energy enterprise. The attackers exploit a novel approach of employing a QR code phishing scam to infiltrate email inboxes and bypass security controls.

A substantial portion of the campaign’s 1,000 emails, approximately 29%, were directed at a significant US energy firm. Cofense, the organization that uncovered this scheme, noted that this deployment of QR codes on such a large scale is unprecedented. This incident suggests other threat actors may experiment with QR codes as a potential attack vector.

Although not disclosed by Cofense, the targeted energy organization was identified as a significant US-based corporation. The phishing attack commences with an email alerting recipients to update their Microsoft 365 account settings. Attached PNG or PDF files contain QR codes, urging the recipient to scan them for account verification, with a sense of urgency emphasized by a 2-3 day deadline.

While QR codes have been leveraged in smaller-scale phishing attempts, this campaign stands out due to its size and innovation. Organizations are advised to integrate image recognition tools into their phishing protection strategies to prevent falling prey to such scams. This enhancement can significantly bolster their defenses against phishing attacks.

 

Unprotected Websites Exploited by Scammers for Phishing Page Distribution

Malicious actors are capitalizing on websites lacking robust security safeguards to spread phishing pages.

Exploiting well-known vulnerabilities, scammers target vulnerable sites, planting fraudulent pages to harvest confidential and financial data. This stolen information is then used to siphon money from victims, often masquerading as popular services like streaming platforms. Kaspersky’s recent study reveals a concentration of malicious activities aimed at WordPress sites due to their established weak points.

 

 

Rather than relying solely on software vulnerabilities, attackers also employ tactics like exploiting site administrators with weak passwords or leaked credentials. This unauthorized access to control panels enables the publication of phishing pages.

As streaming services gain immense popularity, they’ve become prime targets for threat actors. Kaspersky uncovers meticulously crafted phishing pages that mimic well-known platforms like Netflix, HBO Max, Hulu, and Disney+. Purchasing subscriptions exclusively from authorized channels would be best to stay protected from unforeseen pitfalls.

 

Phishing Attacks Concentrate Half of Their Efforts on Social Media Platforms

Malicious actors have shifted their focus towards social media platforms, overtaking financial institutions as their prime target. These threat actors exploit vulnerabilities to obtain credentials, which are subsequently sold to potential attackers.

While many cyber attacks have historically targeted organizations for monetary gain, there’s a rising trend of initial access brokers solely concentrating on obtaining valid credentials. Moreover, another faction of adversaries has turned their attention solely to social media platforms.

Such strategic moves allow them to compromise accounts for scams and social engineering campaigns. Recent data from PhishLabs reveals a startling increase of 23% in attacks on social media sites in the last quarter, making it the most targeted sector and accounting for roughly half of all phishing attacks during that period.

Organizations must prioritize up-to-date awareness of social engineering techniques among their employees and provide consistent phishing awareness training to ensure constant vigilance. By offering comprehensive training programs, businesses can empower their staff to recognize and mitigate potential threats effectively.

 

Caution! Search Results Conceal Clickbait PDF Phishing Campaign

Recent research has revealed a concerning trend in a clickbait phishing attack involving a blend of PDF-based phishing attacks and SEO (Search Engine Optimization) techniques.

These combined attacks pose a significant challenge to conventional defense mechanisms, including blocklists, ad blockers, and antivirus services like VirusTotal. PDF-based attacks, which can take the form of embedded websites or email content, exploit familiar visual cues to deceive recipients into believing they’re accessing legitimate sources.

SEO attacks, on the other hand, leverage keyword combinations to manipulate search algorithms and boost the ranking of malicious links. Attackers often disguise malware as solutions to common technical issues or employ “data voids,” which are uncommon search term combinations that lead victims to their trap.

 

Image sourced from truelist.co

 

Such circumstances underscore the importance of empowering individuals to identify social engineering attempts and the new clickbait phishing attack, whether they arrive via phishing emails or clickbait PDFs in search results. The study emphasizes the need for modern security awareness training, recognizing humans as the ultimate line of defense against these novel threats.