The FBI has warned about North Korean hackers Kimsuky leveraging QR codes in phishing attacks targeting U.S. and foreign government entities, academia, think tanks, and others.
Behavioral economics offers valuable insights into why humans fall for phishing and social engineering attacks. Bad actors in the world of cybersecurity prey upon these human tendencies to drive actions that put organizations at risk.
Aside from having prefabricated phishing attack pages set up for them, subscribers to the MFA bypass service get the benefit of interception of the user's 2FA token as they complete their login.
Initial access broker with close links to ransomware groups is targeting organizations with Microsoft Teams phishing attacks, with malicious links leading to a malicious SharePoint-hosted file.
Hackers were impersonating cybersecurity companies by sending phishing emails asking the target to callback to resolve potential network compromise. Victims are then guided to install remote administration tools.
According to the Phishing Activity Trends Report by the Anti-Phishing Working Group (APWG), phishing attacks surpassed one million for the first time in three months in the first quarter of 2022.
The nature of phishing attacks and the role of human error in the problem means that it’s unlikely we can completely eliminate this threat. Implementation of behavioral analytics solutions allow security teams to clearly identify irregular or abnormal behaviors and take action to determine if someone with access is a potential threat.
Hackers recently gained access to internal tools at leading email marketing platform Mailchimp, and made use of them in targeted phishing attacks on owners of crypto wallets.
The fact that phishing attacks have been on the rise is no secret. One of the most interesting developments is that malicious emails are now being timed to coincide with the "mid-afternoon slump" common to office workers.
Threat intelligence firm Group-IB says cybercriminals actively used Google Forms and Telegram bots to collect stolen data from exploit kits during phishing attacks.
