The Latest in Phishing: First of 2018

Share with your network!

Wombat_Phishing-Attacks.jpg

We bring you the latest in phishing statistics and attacks from the wild.

Phishing Statistics and News:

  • We released our 2018 State of the Phish™ Report earlier this month. Our data revealed that 76% of organizations experienced phishing attacks in 2017. Nearly half of the infosec professionals surveyed said the rate of attacks has jumped from 2016. We structured the report a bit differently this year, so make sure you head to our website to read the full report.
  • Trend Micro’s latest report, Tracking Trends in Business Email Compromise (BEC) Schemes, predicts global losses from BEC attacks will surpass $9B in 2018, with this jump primarily due to the fact that “BEC scams bank on phishing approaches that time and again have proved to be effective.” Coverage in Dark Reading identifies stolen credentials and inbox targeting as common methods of attack, and claims the level of sophistication of these attacks is rising.
  • Data from UK cybersecurity firm Alert Logic cites that UK cybersecurity executives list phishing attacks, ransomware, and data loss as top concerns. Fewer than half of the 400 individuals surveyed were reasonably confident in their overall security readiness. To read a summary of the study’s findings, head to SC Magazine UK.

 

Increase your security response team's efficiency with PhishAlarm Analyzer

 

Phishing Attacks:

  • The popularity and widespread use of Netflix has again made its subscribers the target of a phishing attack. The latest scam has been grabbing headlines due to the convincing nature of the attack, which includes a spoofed landing page designed to steal users’ login and credit card details. According to web and email security provider Mailguard, the fake page directs subscribers to a legitimate Netflix page once they “update” their payment details.
  • A hacking outfit out of Russia that calls itself “Fancy Bear” is the topic of cybersecurity company Trend Micro’s recent blog post updating the criminal group’s efforts to target the US Senate and other political organizations worldwide. These same attackers have been linked to the 2016 Democratic National Committee (DNC) hack. Coverage in V3 outlines the attacks, which were fairly simple and relied on stolen credentials, social engineering, and other exploits.
  • Popular social networking site Twitter has been hijacked by scammers who were paying to promote tweets promising users to “Get Verified”. Twitter’s verification status is reserved for accounts that have higher visibility, are authentic, and of public interest. This isn’t the first time a scam of this type has operated on the social network. The ads have since been removed, as they clearly violate the company’s terms of use.
  • Upwards of 30,000 Florida Medicaid recipients have had their data compromised as a result of a phishing attack on the state’s Agency for Health Care Administration (AHCA). One of the agency’s employees reportedly fell for the attack in November 2017, giving attackers access to protected health information (PHI) such as patient names and addresses, medical conditions and diagnoses, and Medicaid ID numbers. According to the AHCA, there is no evidence (yet) that gold mine of information has been abused, but the breach has left many on high alert.
  • Proofpoint researchers have unveiled a vulnerability in Google Apps Script that attackers could use to compromise machines by automatically downloading malware from Google Drive. A proof of concept outlines Proofpoint’s research methods and the ways cybercriminals could abuse certain Apps Script events. SC Magazine noted that “a SaaS application like Google Drive creates an entirely new attack surface that business and consumers need to guard,” so users must remain vigilant against new attack techniques.
  • Cryptocurrency broker EtherDelta had their DNS hacked, and their website was replaced with a replica aimed at stealing users’ funds. Nearly $250,000 in ERC20 tokens were taken during the attack, which reportedly lasted about seven hours. According to EtherDelta, only those users who entered their private keys into the site during that window were compromised.
  • Veterans in the state of Illinois were inconvenienced by a phishing attack that crashed the statewide CyberVet system, delaying a wide range of benefit claims for millions of residents. The breach — which occurred back in July 2017, but wasn’t revealed until December — reportedly happened because the Illinois Department of Veterans’ Affairs had not implemented a recommended cybersecurity upgrade. The Department says it has since corrected the problem, boosting cybersecurity measures across the organization. Investigations have yet to turn up any suspects.