Blast Phishing Attack Fooled Many Users

  /     /     /  
Publicated : 22/11/2024   Category : security


Blast Phishing Attack Fooled Many Users


Spam disguised as convincing emails from LinkedIn, Facebook, and other trusted entities were one targeted operation aimed at stealing online financial credentials, say Trend Micro researchers.



Recent widespread spam runs posing as convincing-looking email messages from LinkedIn, Facebook, ADP, American Express, US Airways, the U.S. Postal Service, UPS, and several other high-profile organizations are all part of a single, orchestrated attack campaign using the Blackhole exploit kit and aimed at stealing victims online financial credentials,
Dark Reading
has learned.
Researchers at Trend Micro say they found multiple common threads that tie the spam messages together as one effort by one cybercriminal group, or multiple groups working together. Its one operation probably run by two to three individuals very focused on the theft of financial credentials, and likely out of Eastern Europe, said Tom Kellermann, VP of cybersecurity at Trend Micro. The attackers are using mostly Zeus and Cridex malware variants in the attacks via the Blackhole Exploit Kit, he says.
But this is not your fathers spam: The attackers blended phishing, spear-phishing, drive-by downloads, and traffic redirection all into one attack. Spam is not the right word for this, Kellermann said. I call this phenomenon blast phishing or dynamite phishing. And the attackers have done their homework on victims, as well, he says, targeting groups that have trusted relationships with specific organizations, for example.
Read the rest of this article on
Dark Reading
.
Employees and their browsers might be the weak link in your security plan. The new, all-digital
Endpoint Insecurity
issue of Dark Reading shows how to strengthen them. (Free registration required.)

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security

▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security

▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Blast Phishing Attack Fooled Many Users