Tag Archive for: Phishing

Google Chrome to get real-time phishing protection 


Google will bring real-time malware protection and phishing protection to all Chrome users in an update later this month.

The update from Google is expected later this month and will come with an opt-in for enhanced browsing protection mode.

Currently the safe browsing standard uses a local list against which sites, downloads, and extensions are checked. This list is downloaded every 30 to 60 minutes from Google’s servers. However, with the update Google plans to switch to real-time checks against ist server-side list to keep up with malicious websites that surface and disappear in under 10 minutes.

This improved time is expected to block 25% more phishing attempts, Google shared in a blog post.

(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)

The new capability will also be rolling out to Android later this month. Google says the feature uses encryption and other privacy enhancing techniques ensuring user privacy.

This is a Premium article available exclusively to our subscribers. To read 250+ such premium articles every
month

You have exhausted your free article limit.
Please support quality journalism.

You have exhausted your free article limit.
Please support quality journalism.

This is your last free article.

Source…

India Braces Against Phishing, Ransomware Surge and Alert Fatigue, Urging Swift Adoption of AI, and Automation for Security Operations


Fortinet®, the global cybersecurity leader driving the convergence of networking and security, has revealed the outcomes of a new survey conducted by IDC on the state of Security Operations (SecOps) in the Asia-Pacific region. The survey, commissioned by Fortinet, provides valuable insights into the current SecOps landscape, emphasizing the role of Artificial Intelligence (AI) and automation. It explores various aspects, including prevalent security practices, attack frequency and impact, detection and response times, alert fatigue, the status, and impact of automation in SecOps workflows, and challenges related to skill development within the SecOps domain. Key findings from India include:

 

Current Security Challenges: Threats and Team Readiness

 

  • Most Common Cyber Threats: Phishing and Insider threats are the most predominant cyber threat in India, with Approximately 50% of organizations ranking them as their top concerns. The top five threats include phishing, insider threats, ransomware, unpatched vulnerabilities, and identity theft.

 

  • Ransomware Surge: Ransomware incidents have doubled across India, with 70% of organizations reporting at least a 2X increase in 2023, compared to 2022. Phishing and malware are the primary attack vectors. Other significant vectors include social engineering attacks, insider threats, and zero-day exploits.

 

  • Insider Threats and Remote Work: 88% of the respondents feel that Remote work has led to an increase in insider threat incidents. Insufficient training, lack of employee care, and inadequate communication contribute to this surge, emphasizing the need to address human factors in cybersecurity.

 

  • Resourcing IT Security Teams: Only 44% of businesses have dedicated IT resources for security teams. This augments the challenges faced by organizations in strengthening their security measures.

 

  • Impact of Emerging Technologies: Hybrid work, AI, and IT/OT system convergence pose significant challenges. Cloud technology adoption emerges as a primary challenge, impacting organizational vulnerability to cyber threats.

 

SecOps SOS: Struggles with Alert Fatigue and Threat Containment

 

  • Threat Containment and Preparedness: Approximately one out of three…

Source…

Hackers using Microsoft Teams for phishing attacks to spread malware: Report


Cybercriminals are leveraging Microsoft Teams for a new malware campaign, using group chat requests to push DarkGate malware paylo…
Read More
Cybercriminals are using Microsoft’s video conferencing platform Teams for a new malware campaign. According to a report by AT&T Cybersecurity research, hackers are using Microsoft Teams group chat requests as new phishing attacks to push malicious attachments that can install DarkGate malware payloads on victims’ systems. Researchers claim that the attackers may have used a compromised Teams user (or domain) to send over 1,000 malicious Teams group chat invites.

How these Microsoft Teams group chat requests can be harmfulThe report claims that once the malware is installed on a victim’s system, it will reach out to its command-and-control server. This server has already been identified as part of DarkGate malware infrastructure by Palo Alto Networks, report Bleeping Computer.

As per the report, the hackers were able to push this phishing campaign as Microsoft allows Teams users to message other users by default.

AT&T Cybersecurity network security engineer Peter Boyle has warned: “Unless absolutely necessary for daily business use, disabling External Access in Microsoft Teams is advisable for most companies, as email is generally a more secure and more closely monitored communication channel. As always, end users should be trained to pay attention to…

Source…

Russia’s APT28 used new malware in a recent phishing campaign


Russia-linked APT28 used new malware in a recent phishing campaign

Pierluigi Paganini
December 29, 2023

Ukraine’s CERT (CERT-UA) warned of a new phishing campaign by the APT28 group to deploy previously undocumented malware strains.

The Computer Emergency Response Team of Ukraine (CERT-UA) warned of a new cyber espionage campaign carried out by the Russia-linked group APT28 (aka “Forest Blizzard”, “Fancybear” or “Strontium”).

The group employed previously undetected malware such as OCEANMAP, MASEPIE, and STEELHOOK to steal sensitive information from target networks.

APT28

CERT-UA discovered multiple phishing attacks aimed at government organizations between December 15 and December 25. The phishing emails attempt to trick recipients into clicking on an embedded link to view a document.

Upon clicking the links, the victims are redirected to a web resource where, with the help of JavaScript and features of the application protocol “search” (“ms-search”) [1], a shortcut file (LNK) is downloaded.

Once the file is opened, a PowerShell command downloads a decoy document from a remote server, along with the Python programming language interpreter and the Client.py file classified as MASEPIE.

MASEPIE is a Python tool used to upload/unload files and execute commands. The malware communicated with C2 infrastructure via TCP, it use the AES-128-CBC algorithm to encrypt the traffic. The 16-byte key is generated during the initial connection setup. The backdoor maintains persistence by setting the ‘SysUpdate’ key in the OS registry and storing the LNK file ‘SystemUpdate.lnk’ in the startup directory.

Threat actors also used the MASEPIE malware to load and execute OPENSSH (for building a tunnel), STEELHOOK PowerShell scripts (stealing data from Chrome/Edge Internet browsers), and the OCEANMAP backdoor. 

“In addition, IMPACKET, SMBEXEC, etc. are created on the computer within an hour from the moment of the initial compromise, with the help of which network reconnaissance and attempts at further horizontal movement are carried out.” reads the advisory published by CERT-UA. “According to the combination of tactics, techniques, procedures and tools, the…

Source…