Dec 05 2022

Data of Israeli Employees from 29 Logistics Firms Sold Online

Category: Data Breach,data securityDISC @ 10:33 am

The 50GB worth of data is currently being sold on two clear web forums with a price tag of 1 BTC per database.

A group of hackers has posted a trove of approximately 50GB of data for sale on two online forums and a Telegram group. The data was posted on 26 and 27th November 2022. This was revealed to by researchers at VPNMentor.

A probe into the incident revealed that the data belonged to 29 Israeli transportation, logistics services and forwarding firms. Researchers believe that the hackers breached a software provider’s single point of failure, gained unauthorized access to these logistics firms’ supply chains, and exfiltrated a trove of personal data and shipping records.

50 GB of Israeli Firms’ Data on Sale

Hackers have posted the stolen data for sale. Visitors can buy a complete employee and customer information dataset from the targeted companies. The per-database rate is 1 BTC, which equals $17,000. An analysis of the graphics associated with these posts revealed that the data is part of a Black Friday Sale.

Previously, when some Israeli delivery firms were targeted in cyberattacks, the Israeli government’s cyber agencies named Iranian threat actors as the perpetrators. However, it is unclear if the same actors are responsible in this instance.

Details of Leaked Data

According to VPNMentor’s blog post, exposed data includes contract details and shipment information of the affected Israeli firms. The hackers have listed 1.1 million records for sale on different online forums. It seems like they have shared a small sample of data.

Whether 1 record represented 1 person or 1.1 million people were impacted in this data breach couldn’t be determined. The exposed information includes full names, addresses, and contact numbers.

Researchers were unsure whether the exposed addresses were work or home addresses. Customers’ exposed data includes full names and shipping details (sender and receiver’s addresses, number of packages, contact numbers, etc.).

Data of 1 Million Israeli Employees from 29 Logistic Firms Sold Online

Possible Dangers

These records can be exploited to intercept packages or blackmail/threaten courier firms’ employees into handing over valuable shipments. Threat actors can use personal data such as full names or contact details to target people with scams and phishing attacks.

Customers of these firms should be wary of suspicious SMS messages and calls and do not share personal information via phone. They should reveal sensitive data only to a trusted source only when necessary.

Tags: Data loss, Logistics Firms, phishing attacks, scams

Oct 08 2022

Email Defenses Under Siege: Phishing Attacks Dramatically Improve

Category: Information Security,PhishingDISC @ 3:31 pm

About 1 in 5 phishing email messages reach workers’ inboxes, as attackers get better at dodging Microsoft’s platform defenses and defenders run into processing limitations.

computer code on a screen with a red fish hook dangling in the middle
Source: Andrea Danti via Alamy Stock Photo

This week’s report that cyberattackers are laser-focused on crafting attacks specialized to bypass Microsoft’s default security showcases an alarming evolution in phishing tactics, security experts said this week.

Threat actors are getting better at slipping phishing attacks through the weak spots in platform email defenses, using a variety of techniques, such as zero-point font obfuscation, hiding behind cloud-messaging services, and delaying payload activation, for instance. They’re also doing more targeting and research on victims.

As a result, nearly 1 in 5 phishing emails (18.8%) bypassed Microsoft’s platform defenses and landed in workers’ inboxes in 2022, a rate that increased 74% compared to 2020, according to research published on Oct. 6 by cybersecurity firm Check Point Software. Attackers increasingly used techniques to pass security checks, such as Sender Policy Framework (SPF), and obfuscate functional components of an e-mail, such as using zero-size fonts or hiding malicious URLs from analysis.

The increasing capabilities of attackers is due to the better understanding of current defenses, says Gil Friedrich, vice president of email security at Avanan, an email security firm acquired by Check Point in August 2021.

“It is a family of 10 to 20 techniques, but they all lead to the objective of deceiving a company’s security layers,” he says. “The end result is always an email that looks genuine to the recipient but looks different to the algorithm that analyzes the content.”

Microsoft declined to comment on the research. However, the company has warned of advanced techniques, such as adversary-in-the-middle phishing (AiTM), which uses a custom URL to place a proxy server between a victim and their desired site, allowing the attacker to capture sensitive data, such as usernames and passwords. In July, the company warned that more than 10,000 organizations had been targeted during one AiTM campaign.

Check Point is not the only vendor to warn that phishing attacks are getting better. In a survey, email security firm Proofpoint found that 83% of organizations experienced a successful email-based phishing attack, nearly half again as many as suffered such an attack in 2020. Cybersecurity firm Trend Micro saw the number of phishing attacks more than double, growing 137% in the first half of 2022 compared to the same period in 2021, according to the firm’s 2022 Mid-year Cybersecurity report.

Meanwhile, cybercriminals services, such as phishing-as-a-service and malware-as-a-service, are encapsulating the most successful techniques into easy-to-use offerings. In a survey of penetration testers and red teams, nearly half (49%) considered phishing and social engineering to be the attack techniques with the best return on investment.

Research & Recon Inform Phishing

Defending Phishing Attacks on Organizations For Beginners

Phishing Awareness and Training

Phishing Detection Using Content-Based Image Classification

Tags: phishing attacks, Phishing Awareness and Training

Jul 26 2022

Phishing Attacks Skyrocket with Microsoft and Facebook as Most Abused Brands

Category: Information Security,PhishingDISC @ 4:03 pm

Instances of phishing attacks leveraging the Microsoft brand increased 266 percent in Q1 compared to the year prior.

The bloom is back on phishing attacks with criminals doubling down on fake messages abusing popular brands compared to the year prior. Microsoft, Facebook and French bank Crédit Agricole are the top abused brands in attacks, according to study on phishing released Tuesday.

According to the report by researchers at Vade, phishing attacks abusing the Microsoft brand increased 266 percent in the first quarter of 2022, compared to the year prior. Fake Facebook messages are up 177 percent in the second quarter of 2022 within the same timeframe.

The study by Vade analyzed unique instances of phishing URLs used by criminals carrying out phishing attacks and not the number of phishing emails associated with the URLs. The report tallied the 25 most commonly targeted companies, along with the most abused industries and days of the week for phishing emails.

Phishing By the Numbers

Other top abused brands in phishing attacks include Credit Agricole, WhatsApp, and French telecommunications company Orange. Popular brands also included PayPal, Google and Apple (see chart).

Through the first half of 2022, 34 percent of all unique phishing attacks tracked by the researchers impersonated financial services brands. The next most popular industry for criminals to abuse is cloud and the firms Microsoft, Google and Adobe. Social media was also a popular target with Facebook, WhatsApp and Instagram leading the list of brands leveraged in attacks.

The report revealed the most popular days for sending phishing emails is between Monday and Wednesday. Less than 20 percent of malicious emails are sent on the weekend.

“Phishing attacks are more sophisticated than ever,” wrote Adrien Gendre, chief tech and product officer at Vade in an email to Threatpost.

“Hackers have an arsenal of tools at their disposal to manipulate end users and evade email security, including phishing kits that can identify when they are being scanned by a vendor and trigger benign webpages to avoid detection. End users need to be continually trained to identify the latest phishing techniques,” he wrote.

Phishing Attacks: Advanced Attack Techniques

Tags: phishing attacks

Feb 14 2022

Analyzing Phishing attacks that use malicious PDFs

Category: PhishingDISC @ 10:20 am

Cybersecurity researchers Zoziel Pinto Freire analyzed the use of weaponized PDFs in phishing attacks

Every day everybody receives many phishing attacks with malicious docs or PDFs. I decided to take a look at one of these files. I did a static analysis and I went straight to the point to make this reading simple and fast.

Here is the received email as it was from the Caixa Economica Federal bank, but we can see the sender uses Gmail services and a strange name.

phishing PDFs

verified this e-mail header using MXtoolbox, and we can see the IP used by the sender (attacker).

phishing PDFs

Below is the reputation of the IP used by the attacker.

phishing PDFs

We can see this IP has a lot of mentions about malicious activities.

phishing PDFs

I downloaded this file in my VPS (Kali Linux) and used peepdf to do an analysis of the file structure, and I found 2 URIs in objects 3 and 5.

After I checked objects 3 and 5 using pdf-parser, I discovered a malicious URL in the 3.

Tools used during the analysis:

Phishing Attacks: Advanced Attack Techniques

Tags: phishing attacks

Feb 04 2022

Microsoft blocked tens of billions of brute-force and phishing attacks in 2021

Category: PhishingDISC @ 12:31 pm

Office 365 and Azure Active Directory (Azure AD) customers were the targets of billions of brute-force and phishing attacks last year.

Microsoft revealed that Office 365 and Azure Active Directory (Azure AD) customers were the targets of billions of phishing emails and brute force attacks last year.

The IT giant added has blocked more than 25.6 billion Azure AD brute force authentication attacks and detected 35.7 billion phishing emails with Microsoft Defender for Office 365 in 2021.

Enabling multi-factor authentication (MFA) and passwordless authentication would allow customers to protect their accounts from brute force attacks. However, only 22 percent of customers using Microsoft Azure Active Directory (Azure AD), Microsoft’s Cloud Identity Solution, have implemented a strong identity authentication protection as of December 2021. 

“MFA and passwordless solutions can go a long way in preventing a variety of threats and we’re committed to educating customers on solutions such as these to better protect themselves. From January 2021 through December 2021, we’ve blocked more than 25.6 billion Azure AD brute force authentication attacks and intercepted 35.7 billion phishing emails with Microsoft Defender for Office 365.” states Microsoft.

Microsoft added that its Defender for Endpoint blocked more than 9.6 billion malware threats
targeting enterprise and consumer customer devices, between January and December 2021.

Microsoft pointed out that online threats are increasing in volume, velocity, and level of sophistication. The company introduced Cyber Signals, a cyber threat intelligence brief informed by the latest Microsoft threat data and research.

Cyber Signals provide trend analysis and practical guidance to strengthen the defense of its customers. 

“With Cyber Signals, we’ll share trends, tactics, and strategies threat actors use to gain access to the hardware and software that houses one’s most sensitive data. We will also help inform the world on how, collectively, we can protect our most precious digital resources and our digital lives so we can build a safer world together.” concludes Microsoft.

Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails 

IBM Cybersecurity Fundamentals Professional Certificate

Tags: brute-force, phishing attacks