Tag Archive for: Phishing

Phishing ai danni di clienti Booking.com e settore turistico: come difendersi

/in


Nel corso delle ultime settimane, il settore turistico è stato preso di mira da una sofisticata campagna di furto di informazioni che ha colpito hotel, siti di prenotazione e agenzie di viaggio.

I ricercatori di sicurezza hanno scoperto che i criminal hacker utilizzano un approccio indiretto e una falsa pagina di pagamento di Booking.com per ottenere un accesso illimitato ai dati finanziari dei clienti.

La falsa pagina web di Booking.com usata come esca

La campagna, definita “Phishing di Livello Successivo” dai ricercatori di cyber security, è stata scoperta da Perception Point, un’azienda specializzata nella sicurezza informatica. La campagna inizia con una semplice richiesta di prenotazione o si riferisce a una prenotazione già esistente.

Abilitazione al cloud: migrazione, gestione delle applicazioni e sicurezza. Rendi più potente l’IT

Una volta stabilito il contatto con l’hotel o l’agenzia di viaggi, gli attaccanti trovano una scusa, come una presunta condizione medica o una richiesta speciale da parte di un viaggiatore, per inviare documenti importanti tramite una URL appositamente disegnata.

Tuttavia, l’URL in realtà conduce a un malware progettato per operare in modo invisibile, rubando dati sensibili come le credenziali di accesso e le informazioni finanziarie dei clienti.

Ciò che rende questa campagna particolarmente pericolosa è il suo approccio successivo.

Secondo un rapporto recente di Akamai, un’azienda Internet specializzata in servizi di cloud e sicurezza, una volta che il malware è stato eseguito con successo sull’hotel o l’agenzia di viaggi, gli attaccanti ottengono accesso diretto alla messaggistica con i clienti legittimi. Questo canale di comunicazione diretto e affidabile consente loro di inviare messaggi di phishing mascherati da richieste legittime provenienti dall’hotel o dalla società di prenotazione compromessa.

Il messaggio richiede ulteriori verifiche sulla carta di credito e si basa su tecniche di ingegneria sociale avanzate. Shiran Guez, Senior Manager della Sicurezza Informatica presso Akamai, ha sottolineato che il messaggio è scritto in modo professionale e si basa sulle autentiche interazioni dell’hotel con i suoi ospiti,…

Source…

Security News This Week: US Energy Firm Targeted With Malicious QR Codes in Mass Phishing Attack

/in


At the Defcon security conference in Las Vegas last weekend, thousands of hackers competed in a red-team challenge to find flaws in generative AI chat platforms and help better secure these emerging systems. Meanwhile, researchers presented findings across the conference, including new discoveries about strategies to bypass a recent addition to Apple’s macOS that is supposed to flag potentially malicious software on your computer. 

Kids are facing a massive online scam campaign that targets them with fake offers and promotions related to the popular video games Fortnite and Roblox. And the racket all traces back to one rogue digital marketing company. The social media platform X, formerly Twitter, has been filing lawsuits and pursuing a strategic legal offensive to oppose researchers who study hate speech and online harassment using data from the social network.

On Thursday, an innovation agency within the US Department of Health and Human Services announced plans to fund research into digital defenses for health care infrastructure. The goal is to rapidly develop new tools that can protect US medical systems against ransomware attacks and other threats.

But wait, there’s more! Each week, we round up the stories we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

A large phishing campaign that’s been active since May has been targeting an array of companies with malicious QR codes in attempts to steal Microsoft account credentials. Notably, researchers from the security firm Cofense observed the attacks against “a major Energy company based in the US.” The campaign also targeted organizations in other industries, including finance, insurance, manufacturing, and tech. Malicious QR codes were used in nearly a third of the emails reviewed by researchers. QR codes have disadvantages in phishing, since victims need to be compelled to scan them for the attack to progress. But they make it more difficult for victims to evaluate the trustworthiness of the URL they’re clicking on, and it’s more likely that emails containing a QR code will reach their target, because it’s more difficult for spam filters to assess QR…

Source…

Hackers exploit Salesforce email zero-day for Facebook phishing campaign

/in


The threat actors used a vulnerability named “PhishForce” to conceal malicious email traffic in Salesforce’s legitimate email gateway services, capitalising on Salesforce and Meta’s size and reputation.

The attackers managed to evade conventional detection methods by “leveraging Salesforce’s domain and reputation and exploiting legacy quirks in Facebook’s web games platform,” the researchers added.

Salesforce has around 150,000 clients, a significant number of which are small businesses. Security vulnerabilities like these could be especially detrimental to SMBs, up to and including the closure of their business, if hackers get access to their sensitive data.

The Email Gateway feature is an important part of the Salesforce CRM. It consists of specialised servers dedicated to efficiently sending a large volume of email notifications and messages to customers worldwide.

Customers using the Salesforce CRM can send emails under their own brand by using custom domains. However, to ensure security and prevent abuse, the system follows a process of validating the ownership of the domain name before allowing emails to be sent.

The validation step ensures that only legitimate and authorised users can use custom domains for sending emails through the Salesforce platform.

In this phishing campaign, however, the fraudulent email messages appeared to come from Meta, while actually being sent from an email address with a “@salesforce.com” domain.

The campaign’s primary objective is to trick recipients into clicking on a link by claiming their Facebook accounts are under investigation, due to alleged involvement in impersonation activities (oh, the irony).

Upon clicking the embedded button, the victim is redirected to a rogue landing page hosted and displayed as part of the Facebook gaming platform (“apps.facebook.com”).

This tactic adds further legitimacy to the attack, making it significantly more challenging for email recipients to discern the page’s fraudulent nature.

The landing page is designed to capture the victim’s account credentials, as well as any two-factor authentication (2FA) codes they might enter.

Swift response

Upon replicating the creation of a Salesforce-branded address…

Source…

Number of email-based phishing attacks surges 464%

/in


The evolving cyberattack landscape reveals the increasing utilization of generative artificial intelligence (AI) systems, like ChatGPT, by cybercriminals for crafting malicious content and executing sophisticated attacks, according to Acronis.

evolving cyberattack landscape

The biannual threat report highlights ransomware as the dominant risk to small and medium-sized businesses. And while the number of new ransomware variants continues to decline, ransomware attacks’ severity remains significant. Equally concerning is the growing prominence of data stealers, who leverage stolen credentials to gain unauthorized access to sensitive information.

“The volume of threats in 2023 has surged relative to last year, a sign that criminals are scaling and enhancing how they compromise systems and execute attacks,” said Candid Wüest, Acronis VP of Research.

“To address the dynamic threat landscape, organizations need agile, comprehensive, unified security solutions that provide the necessary visibility to understand attacks, simplify context, and provide efficient remediation of any threat, whether it may be malware, system vulnerability, and everything in between,” Wüest continued.

Phishing is the primary method criminals leverage to unearth login credentials. In the first half of 2023 alone, the number of email-based phishing attacks has surged 464% when compared to 2022.

Over the same frame, there has also been a 24% increase in attacks per organization. In the first half of 2023, Acronis-monitored endpoints observed a 15% increase in the number of files and URLs per scanned email. Cybercriminals have also tapped into the burgeoning large language model (LLM)-based AI market, using platforms to create, automate, scale, and improve new attacks through active learning.

The cyberattack landscape is evolving

Cybercriminals are becoming more sophisticated in their attacks, using AI and existing ransomware code to drill deeper into victims’ systems and extract sensitive information. AI-created malware is adept at avoiding detection in traditional antivirus models and public ransomware cases have exploded relative to last year. Acronis-monitored endpoints are picking up valuable data about how…

Source…