Phishing


Cybercriminals are Duping Millions of Accounts in the Latest Facebook Phishing Campaign

Cybercriminals are Duping Millions of Accounts in the Latest Facebook Phishing Campaign

The talk of the town is the phishing campaign on Facebook that has reportedly duped millions into providing their login credentials to cybercriminals. The Facebook phishing operation is the latest in a long line of cybersecurity news that has shaken people worldwide. Continue reading “Cybercriminals are Duping Millions of Accounts in the Latest Facebook Phishing Campaign” »

Phishing Trends in 2022 So Far, And What You Can Learn From Them

Phishing Trends in 2022 So Far, And What You Can Learn From Them

Phishing is one of the most formidable threats in the cyber world today. Even though various news, reports, and anti-phishing campaigns attempt to spread awareness and knowledge, people still fall victim to novel phishing methods. This article seeks to summarize key statistics observed so far in 2022 by various cybersecurity organizations and present them in a useful and comprehensive manner. It is also a warning for all organizations and individuals for the rest of the year. Continue reading “Phishing Trends in 2022 So Far, And What You Can Learn From Them” »

The Latest Malware Jester Stealer Warning in Ukraine from CERT-UA: Here’s Everything You Need to Know

The Latest Malware Jester Stealer Warning in Ukraine from CERT-UA: Here’s Everything You Need to Know

As the conflict between Russia and Ukraine escalates, the potential of utilizing more lethal weapons, which was previously merely a fear, may now take on a new form. The Ukrainian Computer Emergency Response Team (CERT-UA) has issued a warning about a huge distribution campaign based on the concept of a “chemical attack.” Receiving an email like this in Ukraine’s invasion-affected regions is sure to generate widespread panic. Jester Stealer, a malicious file capable of large-scale data theft, is back on the hunt.

 

What the Warning is About and How it Works

Recently, via its official website, CERT-UA (Center of Excellence for Applied Research and Training) issued a warning about the upcoming wave of cyberattacks on Ukrainians that shall distribute Jester Stealer.

It says, “The hackers obtain the stolen data over Telegram using statically established proxy addresses (e.g., within TOR),” and “They also employ anti-analysis methods (anti-VM/debug/sandbox).” The virus does not have a persistence mechanism and is removed as soon as its activity is accomplished.

 

Details as Issued by CERT-UA

The Ukrainian government’s unit for reacting to computer emergencies, CERT-UA, discovered the widespread circulation of emails with the subject “chemical attack” and a link to an XLS document containing a macro.

When you open the document and activate the macro, it will download and launch the EXE file, infecting your computer with the dangerous malware JesterStealer.

 

Another Phishing Campaign

CERT-UA has linked the Jester Stealer campaign with another phishing campaign their system identified as the work of Russian state actors linked to APT28 (aka Fancy Bear aka Strontium).

These emails, titled “Кіберaтака” (cyber-attack in Ukrainian), are disguised as a security alert from CERT-UA. They contain a RAR file titled “UkrScanner.rar” attached to them, and when opened, the files deploy a malware called CredoMap_v2.

 

Sources Through Which Jester Stealer Can Attack Your System

  • The files are obtained from compromised web pages, according to the CERT-UA.
  • JesterStealer extracts authentication and other information from Internet browsers, MAIL/FTP/VPN clients, crypto wallets, password managers, messengers, game programs, and other applications.

The stolen information is then sent back to the attackers via Telegram. When the malicious action is finished, the virus deletes itself.

 

In What Manner Does it Infiltrate Systems?

The Jester Stealer is a Net-based malware that generally infects target computers via phishing emails masquerading as a txt, jar, ps1, bat, png, doc, Xls, pdf, mp3, mp4, or ppt file attachment.

Threat actors may also use random distribution routes, such as pirated material and hacking tools marketed on YouTube.

 

What is Jester Stealer?

Jester Stealer is an Information Stealer who takes your sensitive information, including login passwords, cookies, credit card information, etc., and passes it to a Threat Actor (TA). TAs collect and use stolen data by uploading it to a remote server, which in turn is sold on dark web markets or used in future attacks. Jester Stealer is a new threat that surfaced on cybercrime forums in July 2021. It has been upgraded seven times since then, with each version offering new features.

In addition to the Stealer’s anti-sandbox and anti-VM capabilities also allow data exfiltration through various platforms, including browsers, VPN clients, password managers, chat messengers, email clients, and crypto-wallets. Data is exfiltrated via TOR as logs to Telegram Bot.

 

Its unique characteristics

Jester Stealer has the following features:

  • The AES-CBC-256 algorithm is used to encrypt the connection.
  • Tor servers may be found around the network.
  • All logs are sent to your Telegram bot.
  • Swift log collecting in memory with no data written to the disc.
  • For lifetime access, Jester Stealer can be purchased for $99 a month or $249.

 

What is at Stake?

Since it encrypts connections with AES-CBC-256, integrates Tor network servers, redirects logs to Telegram bots, and bundles stolen material in memory before exfiltration, its attack vector is vast:

  • Passwords, credit cards, cookies, autofill information, browsing histories, and bookmarks/favorites for more than 20 web browsers.
  • Password managers such as KeePass, NordPass, LastPass, BitWarden, 1Password, RoboForm, and others.
  • Software for gaming: Steam sessions, Twitch streams, and OBS profiles with broadcast keys.
  • Thunderbird, Outlook, and FoxMail as potential email clients.
  • Apps for instant messaging: Telegram, Discord, WhatsApp, Signal, and Pidgin
  • The most popular digital wallets include Electrum, Exodus, Guarda, Atomic, Coinomi, Jaxx, Wasabi, Zcash, etc.

 

Guidelines to Safeguard Your Information Systems

Avoid Unreliable Websites: Keeping info-stealing infections to a minimum can be done by not downloading executable files from untrustworthy websites or torrent swarms.

Use official news sources: Stick to official news sources for breaking news in impacted areas. A true warning on the President’s website, or comparable message from official sources on Twitter, is more likely to be trusted than random emails.

Up-to-date Anti-Virus: It is always best to avoid downloading and executing files that arrive in unsolicited emails and check downloaded files on an up-to-date anti-virus program.

Avoid persuading emails that ask to download macros: Attackers frequently use deceptive messages, e.g., asking you to cancel an order or read a legal document. They will somehow make you download a document and then attempt to convince you to let macros execute. No reputable and legitimate organization will ask you to open an Excel file to cancel an order, and also, you don’t need macros to read a Word page.

Upgrading Overall Security: Develop a security attitude among your staff. Enable multi-factor authentication, ensuring strong passwords, and remember that phishing is still the most common attack vector, even for sophisticated adversaries.

 

Final Words

The conflict between Ukraine and Russia is not the only reason for the cyberattack warning; phishing attempts have taken over the digital world. There is no hard and fast rule for protecting oneself against such cyber assaults; the only golden rule is to follow the fundamental cyber protection principles to avoid financial and reputational damages to your business.

Evolving Phishing Attack Trends: A Nightmare for Security Solutions

Evolving Phishing Attack Trends: A Nightmare for Security Solutions

Phishing has been one of the most widespread cyber threats and a significant challenge for security solutions for almost three decades. According to this phishing report, in 2021, 35% of all data breaches included scams trying to rob users of their sensitive information and login credentials. Over the past year, phishing attacks have increased by 29% globally. The menace of phishing poses a threat to organizations worldwide. Continue reading “Evolving Phishing Attack Trends: A Nightmare for Security Solutions” »

Social Media Impersonation in Phishing: 2022’s Latest Wave of Cybercrime

Social Media Impersonation in Phishing: 2022’s Latest Wave of Cybercrime

Cybercrimes have escalated significantly in the past couple of years owing to the mass adoption of online services. Threat actors have exhibited their affinity towards social media profiles and emails, targeting innocent people to scam them out of their finances and private data using phishing to sell on the dark web, to be spread and used in impersonation scams. As per recent reports, social media is the most recent category that cybercrime groups are exploiting for malicious purposes. Continue reading “Social Media Impersonation in Phishing: 2022’s Latest Wave of Cybercrime” »

Voice Phishing: Surfacing of a New Cyber Threat on Whatsapp

Voice Phishing: Surfacing of a New Cyber Threat on Whatsapp

Researchers at Armorblox found a malicious campaign that targeted WhatsApp users. The attackers have reached over 27,660 email addresses through targeted phishing attacks appearing to be from WhatsApp. When receiving attachments over email, you might be tricked by the threat actor into downloading other forms of malicious software. The following sections discuss more details about the latest phishing scheme. Continue reading “Voice Phishing: Surfacing of a New Cyber Threat on Whatsapp” »

RTLO Phishing Scam Revival – Everything You Need to Know About this Age-old Cyber Threat

RTLO Phishing Scam Revival – Everything You Need to Know About this Age-old Cyber Threat

The RTLO (or RLO) technique is one of the cybercriminals’ oldest and most common techniques. With the help of this technique, they can make a hyperlink look less suspicious, making you think that it is safe to click on it. However, once you click on the link, it might take you to the attacker’s domain that might ask you for confidential information under a suspicious ruse or download suspicious software on your local device. Continue reading “RTLO Phishing Scam Revival – Everything You Need to Know About this Age-old Cyber Threat” »

Threat Actors are Using the Russia-Ukraine Conflict to Launch Phishing Attacks

Threat Actors are Using the Russia-Ukraine Conflict to Launch Phishing Attacks

Recently, according to a Google report, Russian and Belarusian cybercriminals have attacked Ukrainian citizens, using the ongoing conflict as an opportunity to benefit from it. The recent Russia-Ukraine war has become an opportunity for cyberattackers. CSIS reported that in February of 2022, the Ukrainian Ministries, Education, and Infrastructures were attacked. This led to a massive loss for the Ukrainian government. Grasping the understanding of the Ukrainian system gave the cybercriminals a clear understanding of how to proceed with their activities.

Continue reading “Threat Actors are Using the Russia-Ukraine Conflict to Launch Phishing Attacks” »

Data Breaches & How They Impact Small Businesses

Data Breaches & How They Impact Small Businesses

The rising threat of cyberattacks and data breaches, in particular, can cripple any organization, especially a small business. SMBs and SMEs are the top targets for threat actors owing to their lack of proper cybersecurity defenses and risk mitigation practices.

SMBs and SMEs need to understand the risks of data breaches and take proactive measures to ensure the security of their enterprise if they wish to maintain a strong market position. They need to evolve their cybersecurity practices with time to grow well for the future.

Continue reading “Data Breaches & How They Impact Small Businesses” »

Latest Phishing Trends: Financial Services, Facebook, and Microsoft, the Biggest Impersonation Targets of Threat Actors

Latest Phishing Trends: Financial Services, Facebook, and Microsoft, the Biggest Impersonation Targets of Threat Actors

Phishing remains the top method that cybercriminals use to target individuals and employees worldwide to lure them in and lead them to fake applications, websites, and payment portals to steal information and hard-earned money.

VadeSecure’s latest report highlights how financial services is the most impersonated sector today, along with Facebook and Microsoft taking the crown for the most impersonated brands by phishing criminals. It is imperative to understand the rising threat of phishing, the latest phishing scams, and how you can ensure your organization’s protection against phishing.

Continue reading “Latest Phishing Trends: Financial Services, Facebook, and Microsoft, the Biggest Impersonation Targets of Threat Actors” »

The surge of LinkedIn Phishing Attacks – Courtesy of the “The Great Resignation”

The surge of LinkedIn Phishing Attacks – Courtesy of the “The Great Resignation”

Cybercriminals have always been actively looking for methods to breach security and acquire information that can be used as leverage over the victims. Due to the recent transition in the job market where individuals are always on the lookout for new and better opportunities, attackers have found a new method to exploit the vulnerabilities of jobseekers. The recent LinkedIn phishing attacks have proven how unguarded LinkedIn users are to such attacks.

Continue reading “The surge of LinkedIn Phishing Attacks – Courtesy of the “The Great Resignation”” »

Two Decades-Old Phishing Attack Revamped

Two Decades-Old Phishing Attack Revamped

The RLO technique is a simple technique that disguises malicious files making them seem like simple text files. When downloaded by the user, these files could damage their device or could be used to acquire sensitive information. Although this technique became outdated, recently, attackers started using it again as people lowered their guard against cyber attacks.

Continue reading “Two Decades-Old Phishing Attack Revamped” »

Cryptocurrency Phishing Scams: 2022’s top and Latest Threat Revealed by Security Regulators

Cryptocurrency Phishing Scams: 2022’s top and Latest Threat Revealed by Security Regulators

The most significant hazards to investors in 2022, according to NASAA (North American Securities Administrators Association), are cryptocurrency and digital asset-related frauds. Investors should be aware of the current cryptocurrency phishing scams getting more attention worldwide.

According to the FTC’s research, threat actors exploit popular social media platforms like Instagram and Facebook as a playground for pulling investment-related scams. Due to their popularity and excellent profits, crypto assets and stablecoins make appealing targets, making cryptocurrency one of the most vulnerable marketplaces for investors globally.

Continue reading “Cryptocurrency Phishing Scams: 2022’s top and Latest Threat Revealed by Security Regulators” »

Latest Phishing Campaign Targeting Microsoft Proves Why Not Having Multi-Factor Authentication is Risky for Organizations

Latest Phishing Campaign Targeting Microsoft Proves Why Not Having Multi-Factor Authentication is Risky for Organizations

Phishing is the most frequently used break-in technique and an attack vector malicious actors have used for years. The latest report by the Microsoft 365 Defender Threat Intelligence Team warns of a new and powerful phishing campaign that targets employees’ bring-your-own-device(s) (BYODs). The attackers register their own devices in corporate networks and gradually make their way into internal and external corporate networks. In this phishing scam, the adversaries target the unmanaged devices within organizations to compromise networks and evade detection by taking advantage of the absence of security measures like multi-factor authentication (MFA) within organizations.

  Continue reading “Latest Phishing Campaign Targeting Microsoft Proves Why Not Having Multi-Factor Authentication is Risky for Organizations” »

Threat Actors Exploit Adobe’s Creative Cloud

Threat Actors Exploit Adobe’s Creative Cloud

Entrepreneurs using Adobe Creative Cloud as a part of their organizational operations need to guard against a new cyberattack model employed by threat actors. Other loopholes call for more robust countermeasures even when deploying adequate phishing solutions. Malicious actors are leveraging the popular application, Adobe Creative Cloud, to dispatch malicious links to users that seem legitimate. Failure to have robust email phishing protection mechanisms in place would compromise your credentials.

Continue reading “Threat Actors Exploit Adobe’s Creative Cloud” »

Recent FIFA 22 Incident and Phishing Attacks in the Gaming industry

Recent FIFA 22 Incident and Phishing Attacks in the Gaming industry

There has been an unprecedented rise in gaming during the last few years, with smartphones making it more popular than ever. The gaming industry is valued at $165 billion, with current estimates of over 3.4 billion players worldwide. From a handful of game developers in the early years, the industry now has many options, ranging from individual contributors to substantial gaming providers, rolling out games by the dozen.

Continue reading “Recent FIFA 22 Incident and Phishing Attacks in the Gaming industry” »

Malicious Actors Exploit Commenting Feature In Google Docs to Send Phishing Emails

Malicious Actors Exploit Commenting Feature In Google Docs to Send Phishing Emails

According to a recent Axios report, over 2 million monthly active users use G Suite products. In the 2017 Google I/O Conference, the organization mentioned that Google Drive alone has over 800 million daily users, and this figure is only increasing. If someone were to exploit a vulnerability in this famous collaborative work and educational platform, the consequences would affect millions. In a recent incident, cyber adversaries have targeted G Suite product users, exploiting a vulnerability in the ‘Comment’ option available in Google Docs, Google Sheets, and Google Slides. Here are the details about the breach and some recommendations on how to stop phishing emails. Continue reading “Malicious Actors Exploit Commenting Feature In Google Docs to Send Phishing Emails” »

The Rise of Survey Scams in The Advertising Industry And The Precautions Organizations Need To Take To Prevent Such Scams

The Rise of Survey Scams in The Advertising Industry And The Precautions Organizations Need To Take To Prevent Such Scams

Digitization has witnessed a sudden boom in online data storage, where not only work but entertainment, education, and communication have become dependent on the internet. Numerous survey scams are gaining popularity once again by promoting various products or free samples to users in return for their information. Scammers pretend to be some famous brand to steal the personal data of the victims using such scams. And everyone using the internet is not entirely accustomed to its usage, nor are they familiar with the features of such frauds.  Continue reading “The Rise of Survey Scams in The Advertising Industry And The Precautions Organizations Need To Take To Prevent Such Scams” »