Hackers are going to great lengths, including mimicking real people and creating and updating fake social media profiles, to trick victims into clicking phishing links and handing over usernames and passwords. The alert from the UKs National Cyber Security Centre - the cybersecurity arm of intelligence service GCHQ - warns that the phishing attacks are targeting individuals and organisations in a range of sectors. The end goal of the phishing attacks is to dupe the victim into clicking malicious links that direct to fake, but realistic-looking, login pages, where the victim will enter their login credentials, providing the attackers with access to their account, which hackers abuse directly or use to gain access to other victims. Many of the malicious links are designed to look like commonly used cloud software and collaboration tools, including OneDrive, Google Drive, and other file-sharing platforms. In one case, the attackers even set up a Zoom call with the victim then sent a malicious URL in the chat bar during the call. Theyve also created multiple characters in the phishing thread to add the appearance of legitimacy.
The first stage of the spear-phishing attacks is research and preparation, with the attackers using publicly available profiles, such as social media and networking platforms, to find out as much as possible about the targets, including their real-world professional and personal contacts. Its also common for the attackers to set up fake social media and networking profiles based on real people to help make the approaches look convincing, while some of the approaches are designed to look like theyre related to real events, but are false. According to NCSC, the campaigns are the work of cyberattackers based in Russia and Iran. The Russian and Iranian campaigns arent related, but the tactics overlap because theyre effective at tricking people into falling victim to phishing attacks. No matter who the attackers are impersonating, or what lure theyre using, one feature common to many of the spear-phishing campaigns is how they target personal email addresses. Its likely that this tactic is being used to help get around any cybersecurity controls in place on corporate accounts and networks, although corporate or business email addresses have also been targeted.
Another key technique behind these ph
This Cyber News was published on www.zdnet.com. Publication date: Tue, 31 Jan 2023 20:12:02 +0000