Cloud email threats soar 101% in a year
Trend Micro announced this number as their observation of growth in email-borne cyber-threats that they blocked last year. They also note a 138% year-on-year increase in phishing emails, of which 40% were credential phishing attempts. They also blocked 3.3 million malicious files in cloud-based emails, including a 134% increase in known threats and a 221% increase in unknown malware. Another security company, Proofpoint warned in a new report of the continued dangers posed by social engineering, highlighting how many users don’t realize that threat actors may spend considerable time and effort building a rapport over email with their victims, especially if they’re trying to conduct a business email compromise (BEC) attack, it said.
NHS warns of scam COVID-19 text messages
The UK’s National Health Service (NHS) is warning about a rash of fake annnouncement, sent out as SMS text messages, telling recipients of their exposure to the Omicron variant of COVID-19. The link leads to a lookalike website that pretends to belong to the NHS. The bogus website confirms that the test is free, but asks for 99 pence to cover postage. Its true mission, though, is to collect personal information including name and address. The fact that this is being reported in mid-June 2022 shows that Covid-related scams are still successful.
Fancy Bear uses nuke threat lure to exploit 1-click bug
APT group Fancy Bear is behind a phishing campaign that uses the threat of nuclear war to exploit a known one-click Microsoft flaw. Its intention is to deliver malware that can steal credentials from the Chrome, Firefox, and Edge browsers. Researchers at Malwarebytes state that the group is pushing malicious documents weaponized with the exploit for Follina. Their campaign targets users with emails carrying a malicious RTF file called “Nuclear Terrorism A Very Real Threat” in an attempt to prey on victims’ fears that the invasion of Ukraine will escalate into a nuclear conflict, researchers said.
Chinese hackers distributing SMS bomber tool with malware hidden inside
In a recent publication, Check Point, an Israeli cybersecurity firm, disclosed the discovery of a concerning threat cluster linked to the hacking collective Tropic Trooper. This cluster employs a newly identified malware crafted in Nim language, termed Nimbda. Intriguingly, Nimbda is paired with a Chinese language greyware tool known as an “SMS Bomber,” which is likely illicitly circulated within Chinese-speaking online communities. This tandem is utilized in a fresh campaign aimed at specific targets. An SMS Bomber, as its name suggests, inundates a phone number with denial-of-service attacks, rendering it temporarily unusable.
Thanks to today’s episode sponsor, Optiv
• Increasing security
• Decreasing risk
• Lowering cost
Learn more at www.optiv.com/IAM-Microsoft.
New MetaMask phishing campaign uses KYC lures to steal passphrases
A new phishing campaign targets users on Microsoft 365 by spoofing the popular MetaMask cryptocurrency wallet provider and attempting to steal recovery phrases. According to email security firm Armorblox the new campaign distributes messages that resemble legitimate identity verification requests. They appear to be sent from MetaMask support and are spoofs of a Know Your Customer (KYC) verification request and features convincing branding and no typos or other obvious scam giveaways. KYC requests are part of standard anti-money laundering legal obligations financial companies must abide by, so receiving a request would not necessarily be unusual.
Critical PHP vulnerability exposes QNAP NAS devices to remote attacks
QNAP, the Taiwanese maker of network-attached storage devices, said on Wednesday it is fixing a critical three-year-old PHP vulnerability tha ffects PHP versions in the 7.1. and 7.2 range. It is tracked as CVE-2019-11043, is rated 9.8 out of 10 on the CVSS scale. The alert comes a week after QNAP revealed that it’s “thoroughly investigating” yet another wave of DeadBolt ransomware attacks targeting QNAP NAS devices running outdated versions of QTS 4.x.
Microsoft’s AI spots ransomware attacks before they get started
Microsoft is focusing on disrupting the earliest stages of a ransomware attack with AI enhancements for Microsoft Defender for Endpoint. In what the company calls “early incrimination,” they are developing machine learning (ML) algorithms to determine “malicious intent” in files, processes, user accounts, and devices. Microsoft engineers have developed three sets of AI-generated inputs that independently generate a risk score determining whether an entity is likely involved in an active ransomware attack:
• Time-based and statistical analysis of security alerts at the organizational level
• Graph-based aggregation of suspicious events across devices
• Device-based monitoring to flag suspicious activities
By correlating these datasets, Defender can detect patterns and connections that might have been missed otherwise. If a high enough confidence level is reached, it automatically blocks the files and entities involved in the ransomware.
(ZDNet)
Amazon’s Alexa could turn dead loved ones’ voices into digital assistant
Claiming it will allow people to “make the memories last”, the company is developing technology that will allow its Alexa digital assistant to mimic the voice of anyone it hears from less than a minute of provided audio, Rohit Prasad, its senior vice-president and head scientist, said on Wednesday. He added that during the coronavirus pandemic “so many of us have lost someone we love”. They announced the existence of this technology from beyond the grave at the company’s re:Mars conference, focusing on its “ambient computing” achievements in the realms of machine learning, automation, robots, and space.