Tag Archives: Threat Report

Technology

BlueVoyant Research Illuminates Latest Cyber Attack Techniques and Best Defence Practices

The most recent cyber criminal tactics include using generative AI for phishing, online advertisements as an attack vector, and continued quicker exploitation of new vulnerabilities 

BlueVoyant, a cybersecurity company that illuminates, validates, and remediates internal and external risks today released the findings of its second external cyber defence trends report, which highlights the new risks organisations face from outside the traditional IT perimeters. 

“Organisations’ attack surfaces are ever expanding, and cyber threat actors are adapting their strategies to exploit new avenues of vulnerabilities,” said Joel Molinoff, BlueVoyant’s global head of supply chain defence. “BlueVoyant undertook this research to shine a light on the attack vectors organisations need to be aware of and recommended actions to help prevent the latest threats.” 

 Artificial Intelligence (AI) is transforming how enterprises do business with the ability to generate content efficiently. Cyber criminals are also capitalising on AI to create more effective phishing campaigns. 

 “The biggest cybersecurity risk from the increasing use of AI tools is an escalated volume of attacks,” said Ron Feler, BlueVoyant’s global head of threat intelligence. “While the essentials of the attacks don’t change, the increased number and diversity of attacks make defenders’ jobs more challenging.” 

 The report’s key findings focus on: 

  • Online Ads as an Attack Vector: BlueVoyant’s threat intelligence has observed threat actors using search engine ads as phishing distribution vectors to lure unsuspecting victims to malicious websites impersonating large financial institutions in the United States, United Kingdom, and Eastern Europe.  
  • Cyber Criminals’ Use of AI: While AI does not fundamentally change the way threat actors levy attacks, security teams should be aware of how their adversaries are using it to streamline their workflow and make brand abuse easier. 
  • The Need for Better Email Security: Many organisations are not enabling all key components that secure the authenticity and integrity of the messages, which could leave them susceptible to email-based threats. 
  • The Continued Need to Patch Quicker: In the first report, BlueVoyant found that organisations were often slow to patch systems even as attackers were exploiting new vulnerabilities faster. Now, the exploitation of vulnerabilities is happening even faster, prompting a high-stakes race between threat actors and defenders after a disclosure. 

 The research was completed using trend data queries from BlueVoyant’s Supply Chain Defence and Digital Risk Protection solutions. 

 Supply Chain Defence  is a fully-managed solution that continuously monitors clients’ vendors, suppliers, and other third parties for any vulnerabilities, and then works with those third parties to quickly resolve issues. The platform identifies enterprises’ internet-facing software vulnerabilities and other exploitable opportunities with techniques similar to those used by external cyber attackers while profiling prospective targets. 

 Digital Risk Protection goes outside the wire to find threats against clients, employees and business partners on the clear, deep, and dark web, plus instant messaging applications. The platform has unique access to DNS data sets and cyber crime channels to find the latest cyber attacker techniques, tactics, and procedures, and to provide unlimited external remediation to help prevent financial loss and reputation damage.  

 Learn more about external threats and how to reduce risk in the BlueVoyant research report: “External Cyber Defence Trends.

News, Security

Egress Mid-Year Threat Report Details Scams Affecting Cryptocurrency-based Ukraine Donations, Job Seekers, Electronic Voters, and More

LONDON, UK – 18th May 2022 – Egress, the leading provider of intelligent email security, today issued its mid-year 2022 threat report offering details of emerging vulnerabilities along with insights, from the Egress threat intelligence team, about protecting employees, customers, and businesses from these specific cyberattacks.

The full report, available here: http://www.egress.com/resources/cybersecurity-information/threat-report-launch, provides comprehensive details about threats associated with scam cryptocurrency donations to war-torn Ukraine, email phishing attacks using LinkedIn to target jobseekers, a rise in sextortion phishing emails and zero-day exploits circulating on the dark web, targeting electronic voters as well as Facebook and Gmail users.

Scams Exploit Cryptocurrency-Based Ukraine Donations

Egress analysts have observed a surge in phishing attacks exploiting the war in Ukraine. Targeting individuals and organisations across the U.S. and the U.K., the emails impersonate display names and email addresses of well-known Ukrainian bodies. Examples include emails impersonating the Ukrainian Government asking for cryptocurrency donations to assist their war effort. Egress has located other emails impersonating the Ukrainian Ministry of Defence, the Aid for Ukraine charity, The United Nations, and Ukrainian President Volodymyr Zelenskyy.

“To succeed, these attacks must bypass email defences and get a person to act, which relies on engendering emotional reactions to the needs of refugees and children,” explained Jack Chapman, Vice President of Threat Intelligence at Egress. “If you choose to donate cryptocurrency to a cause, use a reputable source to verify its authenticity and only use publicly available cryptocurrency addresses.”

LinkedIn Impersonation Targets Jobseekers

This email attack targets individuals and organisations in the U.S. and the U.K. using spoofed LinkedIn branding. It encourages targets to click on phishing links and enter credentials onto fraudulent websites, which are scraped when the victim believes they are logging in. Once the scam is completed, the victim is redirected to the real LinkedIn site, so they have no idea their credentials have been stolen and do not take remedial action such as changing their password.

“Current employment trends such as The Great Resignation help to make this attack more convincing by flattering jobseekers into believing their profile is being viewed and expertise is needed,” said Chapman. “We advise organisations to examine their current anti-phishing security stack to ensure they have intelligent controls that engage and warn the user of the threat. Meanwhile, individuals should take extreme caution when reading notification emails that request them to click on a hyperlink, particularly on mobile devices.”

Sextortion Phishing on the Rise

Egress researchers observed a 334% increase in sextortion attacks since March 2022. In these cases, sextortion-oriented phishing emails are targeting individuals and organisations across the U.S. and the U.K. through a variety of subject lines coercing victims to panic and click through for more information. Emails use emotive, threatening language to socially engineer their victim to extort payment. For example, one email states “I don’t think this kind of content would be very good for your reputation”. The attacks follow a similar format by stating the problem, threat, ‘solution’, the deadline to comply, and futility of reporting the incident.

“Phishing attacks like these try to use our own psychology – especially shame, panic, and fear – against us,” explained Chapman. “By providing a specific deadline, cybercriminals apply pressure on victims to comply quickly. Related to these scams our advice is simple – don’t pay the ransom.”

New Threats Target Electronic Voters, Facebook, and Gmail Users

This threat is targeting electronic voters as well as Facebook and Gmail users through zero-day exploits posted to Empire Market, a DarkWeb marketplace where exploits, phishing tools, and templates are available to purchase. Egress analysts found an electronic voting exploit for sale, which allows malicious software to be loaded onto voting machines. Another offers a way to take over a Facebook account through a password reset vulnerability to harvest victim information and make further phishing attacks more believable. A third exploit targets Gmail accounts remotely via a code injection allowing attackers to access accounts, regardless of two-factor authentication.

“New zero-day exploits are being discovered all the time,” added Chapman. “Social media accounts contain a host of information about people, such as date of birth, geographic locations, mother’s surname, and more. Our advice is to stay on top of the latest threats by keeping up with advice from your threat intelligence network.”