- NBC News is reporting that North Korea was behind a series of spear phishing emails sent to U.S. electric companies back in September that contained malware-laden attachments with fake invitations for a fundraiser. According to coverage of the incident by eSecurity Planet, researchers believe the attacks were for recon purposes, stating, “There’s no evidence that North Korean hackers yet have the ability to manipulate or disrupt energy sector operations.”
- Facebook users are being warned to watch out for a phishing attack that utilizes the platform’s Trusted Contacts functionality, a feature that helps members regain access to their accounts after being locked out or forgetting their password. A series of codes are generated between groups of “Trusted Contacts,” and when one of the accounts has been compromised, hackers can gain access to the victim’s account by requesting the code, which appears to come from someone they know. Internet advocacy nonprofit Access Now discovered the attack, and identified some of its first targets as activists from Africa and the Middle East. More details and ways to avoid attacks like these can be found on International Business Times.
- iOS users should exercise caution when they see a pop-up window that prompts them to sign into their iTunes or App Store accounts using their Apple IDs, as scammers have begun to spoof these windows to trick victims into revealing their credentials. According to developer Felix Krause, executing the simple scam requires less than 30 lines of code. 9to5mac outlines Krause’s advice for avoiding this scam, which includes bypassing a pop-up in favor of opening Settings manually and accessing applications directly.
- Aptly named KnockKnock due to its “backdoor” approach to accessing accounts, a new (and relatively small) botnet has been targeting Office 365 system and admin accounts since May, operating under the assumption that these types of accounts are “often automated and ignored, not protected by two-factor authentication and secured with poor passwords.” Past victims include those in the manufacturing, finance, healthcare, and public sectors. The attackers’ clever and stealthy techniques are outlined in an article by ZDnet.
- A spear phishing campaign dubbed “FreeMilk” was discovered by researchers at Palo Alto Networks. According to ZD Net, the highly targeted attack intercepts and highjacks legitimate ongoing email chains, inserting malware-laden messages into conversations that appear to be to coming from the original senders. Victims include an international sporting organization and a Middle Eastern bank, among others.
- Criminals have begun to capitalize on fears sparked by the Equifax breach, as consumers are on high alert for related scams. Barracuda Networks’ September Threat Spotlight highlighted a growing trend in phishing email variants impersonating “secure messages” from large financial institutions like Bank of America. Though Barracuda’s Fleming Shi told The Washington Post that it’s “too early to confirm a definite correlation between these secure message attacks and the Equifax breach,” he noted that the company had tracked “roughly 300,000 fraudulent emails in recent weeks impersonating Bank of America, and 150,000 pretending to be CIBC.”
- The launch of Google’s Accelerated Mobile Pages (AMP) was a win for websites trying to optimize for mobile, but it has recently been exposed that this highly controversial feature “raised concerns that AMP pages obfuscate true URLs,” among other disadvantages for readers as noted in an article from Salon. This approach is a goldmine for cybercriminals who use fake security alerts to steal information. The Salon article goes on to note, “Because of the way that Google has implemented AMP, however, Gmail users and people using Google apps for institutional use are now more vulnerable to such attacks. Phishers who use AMP pages can thereby employ official "google.com" web addresses to direct users to malicious sites.” Despite a number of changes since launch, Google has yet to remedy the situation.
- Government staff of Bucks County, Pennsylvania, were hit with a phishing attack that affected hundreds. The fake emails were soliciting payment on fake invoices. If a recipient clicked the attached PDF, his or her computer was infected with malware and the malicious email was distributed to everyone on the user’s contact list. Officials suspect the source of the attack stemmed from a state agency that emailed an employee who was working from home, but have yet to confirm. Read the full story on the Bucks County Courier Times.
- The Better Business Bureau has warned of a phishing scam that uses its name and logo to claim that certain companies are violating federal laws such as the Fair Labor Standards Act, or the Safety and Health Act. To avoid downloading credential-stealing malware, recipients are urged not to click any links in any unsolicited email coming from the BBB. Further instructions can be found on the BBB website.
Subscribe to the Proofpoint Blog