How Todays Cybercriminals Sneak into Your Inbox

  /     /     /  
Publicated : 23/11/2024   Category : security


How Todays Cybercriminals Sneak into Your Inbox


The tactics and techniques most commonly used to slip past security defenses and catch employees off guard.



Cybercriminals are constantly altering their techniques to bypass increasingly advanced technical controls in order to deliver credential phishing attacks, business email compromise (BEC), and different forms of malware to unsuspecting users who rarely think twice about clicking.
Between Oct. 2018 and March 2019, researchers with the Cofense Phishing Defense Center analyzed 31,429 malicious emails. At 23,195, credential phishing attacks fueled the bulk of emailed cyberattacks, followed by malware delivery (4,835), BEC (2,681), and scams (718). Subtle tactics like changing file types, or using shortened URLs, are giving hackers a hand.
We do continue to see them evolve with simple adjustments, says Cofense co-founder and CTO Aaron Higbee. Credential-phishing emails using fake log-in pages are tough to stop at the gateway because often associated infrastructure doesnt seem malicious. Some campaigns, to disguise malintent, send emails from genuine Office 365 tenants using already compromised credentials or legitimate accounts – and a fake login page hosted on Microsoft infrastructure is nearly impossible to distinguish.
Researchers report many secure email gateways dont scan every URL; instead, they only focus on the type of URLs people actually click. But with more phishing attacks leveraging single-use URLs, enterprise risk grows. Attackers only need one set of legitimate credentials to break into a network, which is why credential phishing is such a popular attack technique, they explain.
Cloud adoption is changing the game for attackers hunting employee login data. Businesses are shifting the location of their login pages and, consequently, access to network credentials.
As organizations continue to move to cloud services, we see attackers going after cloud credentials, Higbee says. We are also seeing attackers use popular cloud services like SharePoint, OneDrive, Windows.net to host phishing kits. When the threat actor can obtain credentials, they are able to log into the hosted service as a legitimate user.
Its tough for organizations to defend against cloud-based threats because they dont always have the same visibility to logs and infrastructure as they do in the data center. Its a complex issue, Higbee continues, because businesses may engage with cloud providers and fail to include security teams, which need to be kept in the loop on monitoring and visibility needs.
Special Delivery: Malware
More attackers are using atypical, different file types to bypass attachment controls of email gateways and deliver payloads. As an example,
researchers point to
when Windows 10 changed file-handling for .ISO files, which gave hackers an opportunity to shift away from the .ZIP or .RAR files usually inspected by security tools. In April 2019, Cofense saw attackers rename .ISO files to .IMG, successfully transmitting malware through secure gateways.
The gateway sees this as a random attachment, but when you download the file to the device, Windows 10 treats it as an archive and opens it in explorer allowing the victim to click the contents within, says Higbee. Nothing changed in the malware, just the file extension name.
There is a challenge in defending against these types of threats because, as Higbee points out, there are legitimate attachment types you cant block without disrupting the business. We see this with PDF files that include links to the malicious site that might be a spoofed login page where they could capture credentials, he adds. Businesses cant blindly block these file types.
Some attackers rely on installation-as-a-service, through which they can pay to have malware installed on a machine, or group of machines, anywhere in the world. As Cofense points out, Emotet started as a banking Trojan but gained popularity as a loader for other malware; now, its operators have
transformed
Emotet into a complex bot responsible for several functions.
Cyberattackers who sent malware via malicious attachments in the past year exhibited a strong preference (45%) for exploiting a Microsoft Office memory corruption vulnerability (CVE-2017-11882). In previous years, they had heavily used malicious macros, which only accounted for 22% of malware delivery tactics this past year.
CVE-2017-11882 lets attackers abuse a flaw in Microsoft Equation Editor that enables arbitrary code execution. They can chain together multiple OLE objects to create a buffer overflow, which can be used to execute arbitrary commands often involving malicious executables. Equation Editor is an old application and lacks security of recent Microsoft programs; researchers expect the flaw will be exploited less as companies patch and use newer apps.
Related Content:
7 Recent Wins Against Cybercrime
The State of Cyber Security Incident Response
Certifiably Distracted: The Economics of Cybersecurity
Focusing on Endpoints: 5 Steps to Fight Cybercrime

Last News

▸ Feds probe cyber breaches at JPMorgan, other banks. ◂
Discovered: 23/12/2024
Category: security

▸ Security Problem Growing for Dairy Queen, UPS & Retailers, Back off ◂
Discovered: 23/12/2024
Category: security

▸ Veritabile Defecte de Proiectare a Securitatii in Software -> Top 10 Software Security Design Flaws ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
How Todays Cybercriminals Sneak into Your Inbox