Big Sioux Digital Web Design & Hosting

09/14/2021

Beware of clever phishing attacks by cyber criminals.

Phishing is “social engineering” (psychological manipulation) intended to trick human targets into clicking a link, opening an attachment, or performing some other damaging action.

Phishing attacks appear to come from trusted sources. Attackers try to instill a sense of urgency, claiming some disaster to the victim unless the victim takes an action baited by the attacker.

Attackers want to provoke an urgent emotional response, such as clicking a link. Once in the attacker's control, the victim is presented with choices intended to acquire confidential information.

Here are some of the ways attackers try to manipulate victims.

Email phishing
Most phishing attacks consist of "bulk" emails broadcast to a wide audience, not personalized or targeted to a specific individual or company.

Spear phishing
Spear phishing directly targets a specific person or organization with tailored phishing emails. Attackers use personal information about their target to increase the probability of success.

For example, “Fancy Bear” used spear phishing to target email accounts associated with Hillary Clinton's 2016 presidential campaign.

Spear phishing often targets financial service employees who have access to confidential financial information desired by criminals.

Using proprietary information of previously compromised accounts, attackers try to install malware to spear phish other people within the targeted organization. Compromised information is sold to other criminals, who repeat similar phishing attacks.

Whaling
Whaling occurs when spear phishing is directed at senior decision makers, using information of particular interest to the persons being attacked.

CEO Fraud
An example of CEO fraud is the use of a fake email that appears to be sent from a senior executive to an employee with the goal of getting that person to perform an action, such as wiring money to an outside account.

Clone phishing
Clone phishing is the use of a previously delivered legitimate email containing an attachment or link. The nearly identical clone email appears to come from the original sender, but contains malicious content sent from a fake email address.

Voice phishing
Vishing (voice phishing) uses a victim’s phone to play an automated recording intended to trick the victim into calling a phone number controlled by the attacker to obtain confidential information.

SMS phishing
Smishing (SMS phishing) is the use of broadcast cell phone text messages with a link, or phone number, or email address provided by the attacker to acquire a victim’s confidential information.

Website page hijacking
Page hijacking occurs when a legitimate website page is recoded to redirect users to a malicious website.

10/20/2020

Trends in Malicious Attachments Used in Phishing Emails

People need to be familiar with the types of malicious attachments used in phishing emails, our friend Larry Abrams at BleepingComputer writes. One of the most common methods of installing malware is via macros embedded in Microsoft Office documents.

These are disabled by default for security reasons, but attackers craft documents to trick users into enabling macros. Different commodity malware strains tend to use different techniques to convince people to enable macros.

Threat actors using the Dridex Trojan, for example, frequently use documents that have very small or hard-to-read content, with a large banner telling the user to click “Enable content” in order to view the content clearly.

Emotet, on the other hand, is often distributed via documents that display an error informing the user that they need to enable content to gain access to the document.

The BazarLoader malware is often spread via phishing emails that contain a link to Google Docs or Google Sheets. If a user clicks the link, they’ll be asked to download what appears to be a Word document. This is actually an executable file that installs the malware directly.

These techniques aren’t exclusive to these strains of malware, but users can protect themselves as long as they know they should NEVER CLICK “Enable content” IN AN OFFICE DOCUMENT.

While the use of macro-laden Office documents is extremely widespread and effective, Lawrence adds that attackers can also use files that execute automatically when they’re opened.

“Finally, you should NEVER OPEN ATTACHMENTS THAT END WITH THE .vbs, .js, .exe, .ps1, .jar, .bat, .com, or .scr EXTENSIONS AS THEY CAN ALL BE USED TO EXECUTE COMMANDS ON A COMPUTER,” Abrams says.

“As most email services, including Office and Gmail, block ‘executable’ attachments, malware distributors will send them in password-protected archives and include the password in the email. This technique allows the executable attachment to bypass email security gateways and reach the intended recipient.”

Blog post with Links:

People need to be familiar with the types of malicious attachments used in phishing emails.

09/01/2020

Tesla and the FBI Just Prevented a $1 Million Ransomware Hack at the Nevada Gigafactory

Fred Lambert at Electrek just reported on a story published Aug 26th, and he reveals who was targeted: "Tesla and the FBI worked together to prevent a group of ransomware hackers from attacking Tesla’s Gigafactory Nevada, according to a complaint from the FBI.

The FBI released information this week on the arrest of Egor Igorevich Kriuchkov, a 27-year-old Russian citizen, who they claim was part of a group who attempted to extort millions of dollars from a company in Nevada, which has now been identified as Tesla.

According to the complaint, Kriuchkov traveled to the US in July on a tourist visa and made contact with a Russian-speaking employee at Tesla Gigafactory Nevada.

He met the employee, who remains anonymous in the complaint, several times socially before making him a proposition to pay him to help introduce malware in Tesla’s internal computer system in order to extract corporate data and affect Tesla’s operations.

Kriuchkov alleged that he was representing a group that would then arrange a ransom with Tesla in order to not release the information and stop affecting its operations.

The well-trained employee didn’t refuse, but he immediately informed Tesla, who in turn informed the FBI.

CONTINUED:

Tesla and the FBI just prevented a $1 million ransomware hack at the Nevada Gigafactory