Evolution of Next Level Phishing Attacks with Worm-like Distribution | Cyware Alerts


Hackers have been devising creative ways to bypass security measures. Recently an innovative attack method was identified by Craig Hays, a cybersecurity architect and bug bounty hunter. Due to the outrageous success rate of the attack, he described it as one of the greatest password thefts ever seen.

What was discovered?

  • The new worm-like phishing attack used an ingenious way to hit a large number of people at the same time, and that too without using the traditional spray-and-pray tactics.
  • The phishing emails target employees of an organization by sending them replies to genuine emails, such as those exchanged between suppliers, customers, and colleagues.

How it works?

Hackers compromise an account and its credentials are sent to the remote bot that analyzes the emails. 

  • Subsequently, for each unique email chain in the compromised account, the bot replies to the most recent emails (using reply-all)—with a phishing page link—to capture credentials.
  • As more victims kept falling for the scam, the bot operation grew bigger and eventually started spreading outside the organization.

Similar recent incidents

Stealing existing email conversations and then using them for targeted attacks is not an entirely new thing. However, the worm-like behavior in such attacks was observed for the first time.

  • In late-August, TA542 was observed leveraging social engineering mechanisms and email thread hijacking technique to distribute Emotet malware via hundreds of thousands of messages.
  • Around the same time, Qbot was observed leveraging a special email collector module that would steal all email threads from its targeted victim’s Outlook client. The attackers then use these emails for future malspam campaigns.

Ending notes

Usually, the goal of such attacks is to harvest as many credentials as possible, which could then be sold on the dark web. In such situations, experts strongly recommend using multi-factor authentication and following password policies such as using strong, unique passwords and changing them at a regular interval of time.



Source link

Recent articles

Advertisers Flock to Election Night, When Live TV Is the Main Event Again

The companies that buy commercial time on the major broadcast networks and cable news channels are anticipating huge interest in election coverage on...

Trump and Biden supporters describe the money worries influencing their vote and the nation’s eviction crisis could make voting more difficult for some Americans

Hi there, MarketWatchers. Don’t miss these top stories:Personal FinanceCountries that will give you a...

IndiGo will continue to honour all lease payments: CFO | News

IndiGo will continue to honour all of its lease rental payments to lessors and has not been delaying any payments, the carrier’s chief...

WOW! Disney’s Working on Interactive Audio Animatronics That Have Us FLOORED!

Disney has always pushed the envelope with its robotic...

Journalist murdered in Mexico, sixth this year: governor | Mexico

49-year-old journalist and television news show host, Arturo Alba Medina, was assassinated a few minutes after the end of his programme in Chihuahua...

Leave a reply

Please enter your comment!
Please enter your name here