Threat actors are abusing a technique called “URL rewriting” to hide their phishing links from security filters, according to researchers at Perception Point. Security tools from major vendors use URL rewriting to prevent phishing attacks, but the same technique can be abused to trick these tools into thinking a malicious link is legitimate.

As Europe is returning from summer breaks, it is time to reflect on the first half of 2024 and look forward to the rest of the year. Ransomware attacks on hospitals, blue screens across the world crippling airline operations and other industries, deepfakes to sway opinion and possibly elections, deepfake social engineering tactics to extort significant amounts of money - so far the year has kept cybersecurity professionals busy.

Recently, we had a customer reach out to ask if disabling clickable uniform resource locator (URL) links in emails was enough protection by itself to potentially not need employee security awareness training and simulated phishing. We can understand why this misperception might exist. Many anti-phishing educational lessons discuss the need for people to evaluate all URL links before clicking on them.

The ransomware threat group formerly known as "Royal" has rebranded itself as BlackSuit and updated their attack methods, warns the FBI. The latest advisory from the FBI on ransomware threat group BlackSuit, is actually an updated 18-month-old advisory originally released to warn organizations about the threat group Royal. It appears that the group has rebranded, according to the advisory, and has updated their methods of attack.

When it comes to the duration of a ransomware attack and the subsequent recovery process, the numbers are staggering and vary wildly. Partly because there’s no single source which compiles all the information in a consistent manner. On average, a cyber attack can last anywhere from a few days to several weeks, with the recovery time often extending to months or even years.

Cross-Site Scripting (XSS) is alive and well, and used in attacks to obfuscate malicious links in phishing emails to redirect users to threat-actor controlled websites. We saw earlier this year that phishing attacks leveraging XSS were on the rise. Now, new scams are using XSS to hide their malicious intent within emails, according to new analysis from cybersecurity vendor INKY. These attacks usually begin with an email stating the victim has won something, as shown below: Source: INKY.

The latest data from Coveware shows a slowing of attack efficacy, a decrease in ransom payments being made, and a shift in initial access tactics. According to Coveware’s Q2 2024 Ransomware Quarterly Report, we see a few interesting trends: A new data point brought to light this quarter is the data exfiltration only (DXF) payment trend, which is relatively flat despite fluctuating between 53% in Q1 of 2022 when tracking began, down to a low of 23% in Q1 of this year.

File-sharing phishing attacks have skyrocketed over the past year, according to a new report from Abnormal Security. “In file-sharing phishing attacks, threat actors exploit popular platforms and plausible pretexts to impersonate trusted contacts and trick employees into disclosing private information or installing malware,” the report says.

Researchers at ThreatFabric warn that a phishing campaign is distributing the Chameleon Android malware by impersonating a Customer Relationship Management (CRM) app. The campaign is currently targeting users in Canada and Europe, but may expand to other regions. “The naming used for the dropper and the payloads clearly shows that the intended victims of the campaign are hospitality workers and potentially B2C business employees in general,” ThreatFabric says.

Researchers at Menlo Security warn that a phishing campaign is exploiting Google Drawings to evade security filters. The phishing emails inform the user that their Amazon account has been suspended, instructing them to click on a link in order to update their information and reactivate their account. The phishing page is crafted with Google Drawings, which makes it more likely to fool humans while evading detection by security technologies.