![]() ![]() Avoiding Credential TheftĪs the campaign remains active, both ThreatLabZ and KnowBe4’s Kron recommend that organizations reiterate secure email practices with their employees to ensure that they’re not giving up their credentials to attackers.Īs an extra precaution, users should not open attachments in emails sent from untrusted or unknown sources, researchers noted. Analysis conducted by ThreatLabZ on the email headers used in the campaign shows that threat actors used email servers located in Japan to stage attacks, researchers said. If a victim follows through on the CAPTCHA, he or she is then redirected to legitimate-looking Microsoft Office 365 sign-in page to enter credentials on a site controlled by attackers, according to the post. This previously used tactic also helps attackers ” evade automated URL analysis tools,” a tactic also used in the July 2020 campaign, according to ThreatLabZ. The credential-phishing site even uses Google’s reCAPTCHA technique-requiring targets to prove they are “not a robot” by identifying objects in photos–to lend more credibility to the experience. “For instance, when an individual in Zscaler was targeted, the URL used the following format: /,” they wrote in the post. The messages include an HTML attachment that, if opened, redirects the user to a credential-phishing site that also appears to be the real deal by mimicking Microsoft’s own log-in page.įurther, attackers use a consistent format for the URLs used in the redirect process “which included the name of the targeted organization as well as the email address of the targeted individual,” researchers observed. They use an address in the “From” field that mimics the targeted organization’s name as well as logo branding on the mail itself to appear legitimate. However, one aspect of the campaign that does set it apart from other similarly themed attacks is that it involves “more research and effort as the attacks are customized for each target,” he said.Īttackers aim to lure victims with an email that informs them that they have a new voicemail in a message that appears to be coming from the targeted organization, according to ThreatLabZ. “While not a new approach, using voicemail notifications does continue to be very effective, as they tend to blend into the types of notifications that are part of our daily work,” he observed. The sad fact is, they still work, and as long as that’s the case, attackers will still leverage them, Erich Kron, security awareness advocate with security firm KnowBe4, said in an email to Threatpost. While the tactics in the campaign are far from novel, threat actors appear to be taking an “if it ain’t broke, don’t fix it” approach to stealing credentials as a way to access corporate networks, noted one security professional. verticals, including software security, the military, security solution providers, healthcare and pharmaceutical, and the manufacturing supply chain, researchers said. Other victims of the latest campaign include organizations in specific U.S. This gave ThreatLabZ particular insight into how the campaign works. ![]() In fact, Zscaler itself was one of the organizations targeted in the campaign, which researchers said is similar to one that ThreatLabZ discovered in July 2020. Both the emails and the credential-stealing page appear to be coming from legitimate entities, tactics that aim to dupe victims into falling for the ploy, they said. Attackers are using an oft-used and still effective lure to steal credentials to key Microsoft apps by sending emails notifying potential victims that they have a voicemail message, researchers have found.Ī team from Zscaler ThreatLabZ has been monitoring a campaign since May that targets key vertical industries in the United States with “malicious voicemail-notification-themed emails in an attempt to steal their Office365 and Outlook credentials,” researchers said in a blog post published recently. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |