Tag Archive for: credential

Credential Theft, O365 Lures Dominate Corporate Inboxes in Q1

/in


Credential Theft O365 Lures Dominate Corporate Inboxers in Q1

 

In Q1, PhishLabs analyzed and mitigated hundreds of thousands of
phishing attacks that targeted corporate users. In this post, we break down these attacks and shed light on the phishing emails that are making it into corporate inboxes.

 

Threats Found in Corporate Inboxes 

 

Credential Theft

Credential theft attacks continue to be the most prolific threats observed in corporate inboxes. In Q1, nearly two-thirds of all reported email threats attempted to steal credentials. This was an 11.6% increase from Q4 2020. 

 

Eighty-four percent of credential theft phishing attacks contained a link that led to a web page with a login form designed to harvest credentials. The remaining 16% delivered attachments similarly designed to lead victims to fake sites and steal sensitive information. Both tactics rely heavily on brand impersonation. 

 

O365

Corporate credentials for
Microsoft Office 365  continued to be targeted heavily in Q1. More than 44% of credential theft email lures targeted O365 logins. This is a 10.4% increase from Q4 2020. 

 

Response-Based

Response-based attacks such as BEC and 419 scams continued to thrive during Q1, contributing to 31% of total phishing emails that targeted corporate users. Advanced-Fee or 419 scams contributed to 60.6% of reported response-based threats. 

 

Breakdown of response-based threats:

 

  1. 419 (60.6%)
  2. BEC (19.7%)
  3. Job Scams (7.7%)
  4. Vishing (6.3%)
  5. Tech Support (5.7%)

 

Although BEC attacks contributed to less than a quarter of response-based attacks Q1, they continue to be a top threat to enterprises. Last year, losses attributed to BEC totaled more than
$1.8 Billion.  

 

Malware

In Q1, 6% of reported phishing lures delivered attachments or links to malware. This suggests email security controls are far better at detecting malicious code in email traffic than they are at detecting social engineering techniques. 

 

ZLoader accounted for 62% of all reported email-based payload activity. This was driven by a
one-day spike in attacks in February that represented one of the largest surges of a single payload we have seen in a 24-hour period.

 

ZLoader and…

Source…

Philippine Women’s University Selects Cyberinc Isla to Safeguard against Malware Attacks and Credential Theft

/in


Cyberinc’s Browser Isolation Platform to Protect University’s Online Activities by Isolating and Blocking Malicious Sites and Documents

Cyberinc announced today that the Philippine Women’s University (PWU) in Manila, Philippines, has chosen the Isla Browser Isolation Platform to protect the university, its teachers, and staff from the risk of online activities and ensuing threats such as phishing, ransomware and other malware. The Isla deployment adds a strong layer of security for PWU employees who are working or teaching online by isolating web pages and documents to ensure only safe content is rendered to end-user devices.

Browser isolation is a powerful technology that proactively stops breaches before they happen, easing the burden on university IT and security teams to help them operate more efficiently and effectively. With Cyberinc’s Isla Isolation Platform, PWU can protect employees and end-users who may accidentally click on a malicious link, download a risky file from phishing schemes, or succumb to credential theft, and other prominent web-based threats.

PWU is a 102-year-old university established in 1919, to lead the national charge seeking to empower women. It’s the first university for women in Asia founded by Asians and operates as a non-profit and non-sectarian institution. It started admitting men as early as the 1970s and has been fully co-educational ever since. PWU is in the top tier of the Philippine educational hierarchy and works to develop individuals through excellence in teaching, dynamic and relevant research, and responsive service supported by evolving technology for global competence.

“The PWU vision is to maintain excellence in teaching, research, and services. Security is an important component to delivering on our vision. Since the Covid-19 pandemic forced all education online, our university has been aggressively looking for ways to strengthen its cybersecurity,” said Marco Benitez, PWU President. “With our faculty and personnel needing access to online services for banking, or to download documents from government agencies and other organizations nearly every day, our risks have only risen. We were looking for a platform that offered…

Source…

Over 300K Spotify accounts hacked in credential stuffing attack

/in


Spotify

Hackers have been attempting to gain access to Spotify accounts using a database of 380 million records with login credentials and personal information collected from various sources.

For years, users have complained that their Spotify accounts were hacked after passwords were changed, new playlists would appear in their profiles, or their family accounts had strangers added from other countries.

Spotify users saying their accounts were hacked
Spotify users stating their accounts were hacked

A new report detailing how a database containing over 380 million records, including login credentials, is actively used to hack into Spotify accounts may shed some light on these account breaches.

300 million records with user info for hacking Spotify accounts

A common attack used to hack into accounts is called a credential stuffing attack, which is when threat actors make use of large collections of username/password combinations that were leaked in previous security breaches to gain access to user accounts on other online platforms.

Today, VPNMentor released a report about a database exposed on the Internet that contained 300 million username and password combinations used in credential stuffing attacks against Spotify.

Each record in this database contains a login name (email address), a password, and whether the credentials could successfully login to a Spotify account, as shown below.

Record in exposed database
Record in exposed database

It is not known how the 300 million records were collected, but it is likely through data breaches or large “collections” of credentials that are commonly released by threat actors for free.

The researchers believe that the 300 million records listed in the database allowed the attackers to breach 300,000 to 350,000 Spotify accounts.

VPNMentor contacted Spotify on July 9th, 2020, about the exposed database and its threat to accounts and received a response on the same day.

“In response to our inquiry, Spotify initiated a ‘rolling reset’ of passwords for all users affected. As a result, the information on the database would be voided and become useless,” the researchers stated.

It is not clear what is meant by a “rolling reset,” as Spotify account holders that BleepingComputer has spoken to did not recently…

Source…