Search This Blog

Showing posts with label Credential Phishing. Show all posts

Credential Phishing and Brute Force Attacks Continue to Surge

Financial and reputational aspects of organizations across the globe are taking a severe hit as they witness advanced email threats from unprecedented email attacks that continue to escalate, as per a recent report by Abnormal Security. Unsuspecting victims fall prey to the schemes which are devised to make the malicious emails land directly into their inboxes evading security mechanisms. 

As threat actors continue to work around various phishing techniques, cyber-attacks via credential phishing and brute force continue to remain effective attack vectors. Advanced email threats such as 'Business Email Compromise' attacks are designed to safely bypass secure email gateways and other conventional security infrastructure allowing the operators to steal in billions each year.  

After gaining access to email accounts, attackers can leverage these accounts to target other associated employees including business partners, vendors, and co-workers. Consequently, it allows them to infiltrate other parts of the compromised organization. Cybercriminals use these credential phishing and brute force attacks to obtain sensitive information such as usernames, passwords, and passphrases. 

The report enlists in its key findings that 5% of all organizations fell prey to brute force attacks in early June 2021, while 73% of all sophisticated threats were credential phishing attacks. 

Since Q4 2020, business email compromise attacks underwent a rise by 22% whereas 61% of companies witnessed a vendor email compromise attack this quarter. Alongside, the experts also made a prediction that there is a 60% probability of an account takeover attack being successful each week for firms having over 50,000 employees. 

While commenting on the matter, Evan Reiser, CEO, Abnormal Security, said, “Socially-engineered attacks are dramatically rising within enterprises worldwide, creating unprecedented financial and reputational risks. These never-before-seen attacks are becoming more sophisticated with every passing day. They don’t contain indicators of compromise, such as links, attachments, and reputational risks, so they evade secure email gateways and other traditional email infrastructure, landing in inboxes where unsuspecting employees fall victim to their schemes, which include ransomware. To effectively protect against these attacks, we can no longer rely only upon established threat intelligence. To baseline good behavior, we need to look further to comprehensively understand employee and vendor identities and their relationships, all with deep context, including content and tone. Any subtle deviations from this baseline expose the possibility of a threat or attack.” 

Furthermore, the report highlights the rise of impersonation, and how cybercriminals are employing it to trick users into submitting sensitive data. Experts remark that the impersonation of internal systems namely IT Support and IT Help Desk has risen 46% in the last two quarters. 

Socially engineered credential phishing and account takeover attacks are surfacing as a major concern for enterprises worldwide because these attacks could potentially provide the access required to carry out other ransomware and malware-based attacks.

Hacker Uses Credential Phishing to Gain Access Into PayPal Account


Analysts from Cofense Phishing Defense Center recently found a unique PayPal credential phishing attack. Phishing is a harmful technique that hackers use to steal sensitive information like banking information, credit card data, usernames, and passwords. The actors pretend to be genuine individuals to lure victims by gaining their trust and stealing their personal information. Even worse, the confidential data stolen through phishing attacks can be used for identity theft, financial theft to gain illegal access into victim accounts, or use this account access to blackmail the victims. 

Because credential phishing is generally conducted through a simple URL link, it is easy to ignore exaggerated or subtle tactics that hackers use to steal credentials from innocent victims. As per the experts, the attack isn't very sophisticated and doesn't seem suspicious. Cybersecurity Analyst Alex Geoghagan said that the email may compel the victim to try finding the solution to the problem quickly. The hacker didn't even bother hiding 'from' email address, which was later identified as not actually being from PayPal. But, the e-mail was very well put together and no one would've thought it as a fraud. 

Alex Geoghagan says "There is a “Help & Contact” link, as well as an (ironic) “Learn to identify Phishing” link in the body of the email, both leading to authentic PayPal links. Beyond the first clue in the sender email address, when hovering over the button labeled “Confirm Your Account,” it does not lead to a PayPal URL. It instead leads to a URL at direct[.]lc[.]chat. A user familiar with PayPal may notice at this point that they are being taken to a domain outside of PayPal, while the legitimate PayPal live chat is hosted within the PayPal domain and requires that you log in to use it." 

After a fake live chat has been accessed, hacker uses automated scripts to start communication with the victims and tries to steal user data, e-mail address, credit card information etc. In other words, hacker takes this information to appear as genuine and store enough information for authentication. Once the information is acquired, hacker tries to steal victim's PayPal credentials. After that, a verification code is sent to target via SMS to make him think an authorised person has access to his device. "This attack demonstrates the complexity of phishing attacks that go beyond the typical “Forms” page or spoofed login. In this case, a carefully crafted email appears to be legitimate until a recipient dives into the headers and links, which is something your average user will most likely not do," says Alex Geoghagan.