Due to a recent Google change, MFA isn't truly MFA.
A social engineering phone call lends authenticity to the attacker’s malicious email
Facebook’s Messenger platform has been heavily abused in the past month to spread endless messages with malicious attachments from a swarm of fake and hijacked personal accounts. These threat actors are targeting millions of business accounts on Facebook’s platform — from highly-rated marketplace sellers to large corporations, with fake business inquiries, achieving a staggering “success rate” with approximately 1 out of 70 infected!
The report details the operations of W3LL, a threat actor behind a phishing empire that has remained largely unknown until now. Group-IB’s Threat Intelligence and Cyber Investigations teams have tracked the evolution of W3LL and uncovered that they played a major role in compromising Microsoft 365 business email accounts over the past 6 years. The threat actor created a hidden underground market, named W3LL Store, that served a closed community of at least 500 threat actors who could purchase a custom phishing kit called W3LL Panel, designed to bypass MFA, as well as 16 other fully customized tools for business email compromise (BEC) attacks. Group-IB investigators identified that W3LL’s phishing tools were used to target over 56,000 corporate Microsoft 365 accounts in the USA, Australia and Europe between October 2022 and July 2023. According to Group-IB’s rough estimates, W3LL’s Store’s turnover for the last 10 months may have reached $500,000. All the information collected by Group-IB’s cyber investigators about W3LL has been shared with relevant law enforcement organizations.
Help desk staff duped into resetting MFA on Okta super admin accounts, allowing threat actors to move laterally across targeted organizations.
Discover the lifecycle of a commercial web traffic filtering service originating from a GitHub project and how it found success within phishing operations, including how it evolved into a commercial platform offering under new branding.
Scammers are hacking websites powered by WordPress and placing phishing pages inside hidden directories. We share some statistics and tips on recognizing a hacked site.
In the evolving cybersecurity landscape, understanding the phishing threat has become more critical than ever. Read into a new threat resulting from the addition of a new Top-Level Domain (TLD), '.ZIP'.
A new generative AI cybercrime tool called WormGPT is making waves in underground forums. It empowers cybercriminals to automate phishing attacks.
Entre avril 2022 et juin 2023, une quarantaine de plaintes relatives à des cas de « phishing / hameçonnage », pour un montant de plus de 170'000…
Microsoft has identified a phishing campaign conducted by the threat actor tracked as Storm-0978 targeting defense and government entities in Europe and North America. The campaign involved the abuse of CVE-2023-36884, which included a zero-day remote code execution vulnerability exploited via Microsoft Word documents.
Over the past few days, we have seen phishing attacks that use a combination of compromised Microsoft 365 accounts and .rpmsg encrypted emails to deliver the phishing message.
This article explores a phishing technique that emulates a file archiver software in the browser while using a .zip domain.
An unusual attack/phishing campaign delivering malware while using meme-filled code and complex obfuscation methods continues dropping Xworm payloads for the last few months and is still ongoing today.
A review of Arun Vishwanath, “The Weakest Link: How to Diagnose, Detect, and Defend Users From Phishing Attacks” (MIT Press, 2022)
Many elements of the cyber threat landscape have changed significantly over the past two decades. For one, the number of attackers has grown dramatically, aided by the increasing availability of hacking tools and services as commodities for purchase in online marketplaces. The value of the losses cyber criminals have been able to inflict on their victims has also grown, though the dollar estimates vary widely in absolute terms. In recent years, the popularity of ransomware has increased substantially, prompting the Biden administration to initiate an ongoing diplomatic effort to foster cross-border efforts to curb this dangerous form of cyber-enabled extortion.
Kaspersky research on ChatGPT capabilities to tell a phishing link from a legitimate one by analyzing the URL, as well as extract target organization name.
Le Centre national pour la cybersécurité lance un avertissement: les cybercriminels ont accès à des comptes bancaires, malgré des mesures de protection élevées, en incitant les victimes à leur fournir des informations. Raiffeisen est notamment concernée
Threat actors are taking advantage of Microsoft OneNote's ability to embed files and use social engineering techniques, such as phishing emails and lures inside the OneNote document, to get unsuspecting users to download and open malicious files.
Cyble analyzes how Threat Actors are using the recent buzz around ChatGPT to launch Phishing attacks using various methods.
