• Skip to primary navigation
  • Skip to main content
nGuard

nGuard

Call us p. 704.583.4088
  • Solutions
    • Security Assessments
    • Compliance
    • Cyber Security Incidence Response
    • Penetration Testing
    • Managed Event Collection
    • Vulnerability Management
    • Red Teaming
    • Mobile Security
    • Cloud Security
  • Industries
    • Healthcare
    • Energy
    • Information Technology
    • Manufacturing
  • About Us
    • Our Company
    • Careers
    • Blog
  • Contact
Client PortalSpeak to An Expert

Facebook

TWiC | This Week in Cybersecurity – Let’s Go Phishing 🎣

Over the past week there have been many hot topics in cybersecurity. This edition of This Week in Cybersecurity includes stories focused on the latest in phishing campaigns tactics, techniques, procedures, common use cases, and infrastructure being used. Check out the details below.

  • Phishing Attacks Skyrocket with Microsoft and Facebook as Most Abused Brands

    The number of phishing attempts that misuse the Microsoft brand jumped 266 percent in the first quarter of 2022 compared to the same period last year, according to a report by researchers at Vade. In the same period of time, fake Facebook messages increased by 177% in the second quarter of 2022. In Q1 2022 compared to the previous year, there were 266 percent more instances of phishing assaults using the Microsoft name. As opposed to the previous year, hackers are ramping up their use of false messages that abuse well-known companies, bringing back the bloom of phishing attempts. According to the phishing research Microsoft, Facebook, and the French bank CrĂ©dit Agricole are the three most frequently impersonated companies in attacks.  CrĂ©dit Agricole, WhatsApp, and the French telecommunications provider Orange are some of the other top names that are misused in phishing attempts. Other well-known brands included Apple, Google, and PayPal.
  • DUCKTAIL Malware Targeting HR Professionals Through LinkedIn Spear-phishing Campaign

    Cybersecurity research has recently learned of an ongoing operation known as DUCKTAIL. This strategy aims to gain control of a company’s Facebook business account that handle its advertising. DUCKTAIL uses a malware component that steals information to hack Facebook Business accounts. This sets DUCKTAIL apart from other malware campaigns that used Facebook as a base of operations in the past. The malware is able to access the victim’s Facebook account by stealing cookies from the victim’s browser and utilizing authentication cookies during authenticated Facebook sessions. This has allowed hackers to access every Facebook Business account that the victim has access to, even ones with restricted access. DUCKTAIL has been using LinkedIn to identify potential targets for these campaigns.
  • 1,000s of Phishing Attacks Blast Off from InterPlanetary File System

    The InterPlanetary File System (IPFS), a distributed peer-to-peer file system, has become a hotbed of phishing-site storage. Thousands of emails containing phishing URLs are showing up in corporate inboxes. IPFS uses peer-to-peer (P2P) connections for file and service-sharing instead of a static resource demarked by a host and path. Phishers may start using even more sophisticated methods for replicating sites, such as using distributed hash tables. According to an anti-phishing expert, security admins need to educate themselves and their staff about how IPFS works.
  • Evilnum APT Hackers Group Attack Windows Using Weaponized Word Documents

    The APT threat actor, Evilnum, has been targeting European banking and investment organizations. Recently their tactics, techniques, and procedures have included spear-phishing emails with attachments like Microsoft Word, ISO, and Windows Shortcut (LNK) files.  Researchers discovered other variations of the campaign in late 2022, including ones that employed financial bribes to get victims to open malicious ZIP folders that were coupled with malicious .LNK files. In the middle of 2022, the methodology that was being used to distribute Word documents was altered once more to incorporate a mechanism that tries to connect to an attacker-controlled domain and obtain a remote template.

Stop Phishing
nGuard has been conducting social engineering assessments for almost 2 decades and has the experience and expertise to assess your users against phishing campaigns using a variety of attack methods. Using emails, phone calls, text messages, multi-factor prompt bombing attacks,  fake websites, and more, nGuard can thoroughly test your security awareness training program efficacy. Contact your Account Executive or Security Consultant to learn more about how nGuard can help.

Filed Under: Advisory, Breach, Compliance, Events, Financial, General, Products & Services, Vulnerabilities & Exploits Tagged With: apt, envilnum, Facebook, InterPlanetary File System, LinkedIn, malware, MFA, Microsoft, Multi-Factor Authentication, phishing, social engineering

Apple Sues Spyware Firm NSO Group

If you are not familiar with NSO Group, nGuard released a Security Advisory in August detailing the history of the NSO Group and their spyware platform, Pegasus. If you haven’t read the advisory, check it out here, or you can watch the summary video below:

In late November, Apple announced that it is suing the Israeli spyware firm NSO Group and its parent company OSY Technologies for targeting its users with their spyware. This is the second lawsuit against NSO Group with the first coming from Facebook, now owned by Meta, for targeting its users on the message application WhatsApp.

In addition to the lawsuit, which is seeking unspecified damages, Apple is requesting the NSO Group be banned from using Apple software, services, or devices. NSO Group created over 100 fake Apple IDs used to deploy their spyware Pegasus, which violates the iCloud terms of service. NSO Group still states they only sell spyware to government for lawful interceptions and says, “Thousands of lives were saved around the world thanks to NSO Group’s technologies used by its customers.” Although the NSO group states it has ethical purposes, evidence has shown otherwise and has led to the United States implementing sanctions and a blacklist on them for enabling “transnational repression.”

Apple did release software updates to patch the vulnerabilities exploited by NSO Group and has not seen any indications of Pegasus or any other NSO tools being used against their latest software, iOS 15. Apple has strongly urged iOS users to upgrade to the latest version of software to protect themselves from these types of attacks.

Filed Under: Advisory, Compliance, Events, General, Products & Services, Vulnerabilities & Exploits Tagged With: Apple, Facebook, NSO Group, Pegasus, Spyware

nGuard

nGuard

3540 Toringdon Way
Suite 200
Charlotte, NC 28277-4650

info@nGuard.com

Client Portal

Solutions

  • Security Assessments
  • Compliance
  • Cyber Security Incident Response
  • Penetration Testing
  • Managed Event Collection
  • nGuard Vulnerability Management
  • Mobile Security
  • Cloud Security

Industries

  • Energy
  • Healthcare
  • Manufacturing
  • Information Technology

About Us

  • Our Company
  • Careers
  • Blog

© 2023 nGuard. All rights reserved.

  • Privacy Policy