Multiple government procurement services were targeted by a credential harvesting campaign that uses bogus pages to steal login credentials. Cybersecurity company Anomali uncovered a campaign that used 62 domains and around 122 phishing sites in its operations and targeted 12 countries, including the United States, Canada, Japan, and Poland.
The use of bogus login pages continues to be a popular method for credential harvesting campaigns. The Trend Micro™ Cloud App Security™ solution blocked 2.4 million attacks of this type in 2019 1H — a 59% increase from 1.5 million in 2018 2H.
For this campaign, threat actors used phishing emails carrying documents written in the language of the country being targeted. The phishing emails were also found with URLs to fake but legitimate-looking login pages. These URLS were primarily hosted on the following IP addresses: 31[.]210[.]96[.]221, 193[.]29[.]187[.]173, 91[.]235[.]116[.]146, 188[.]241[.]58[.]170.
If the recipient of the phishing email clicks on the malicious URL, they will be redirected to a login page that is an imitation of a legitimate website the campaign is spoofing. A login attempt will then lead to the theft of the user’s credentials.
Aside from the websites of international government departments, those belonging to email services and two courier services were also spoofed by the threat actors. The U.S. Department of Energy, Canada’s Government eProcurement service, China’s SF-Express courier service, and Australia’s Government eProcurement Portal were some of the target organizations.[Read: Machine learning use in email security solutions that block credential phishing attacks ]
Email users should always be aware of the latest phishing tactics in order to avoid falling victim to credential harvesting attacks. After all, such attacks are becoming highly deceptive; in fact, it has become relatively easy for cybercriminals to obtain a .gov domain that they can use to further disguise their schemes.
To minimize the chance of becoming a victim, users can follow these best practices in identifying phishing attacks :
Like it? Add this infographic to your site:1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
In the first half of this year, cybersecurity strongholds were surrounded by cybercriminals waiting to pounce at the sight of even the slightest crack in defenses to ravage valuable assets. View the report
The upheavals of 2020 challenged the limits of organizations and users, and provided openings for malicious actors. A robust cybersecurity posture can help equip enterprises and individuals amid a continuously changing threat landscape. View the 2020 Annual Cybersecurity Report
Btcardsu dumps-shopru
