Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The Center for Internet Security (CIS) publishes Critical Security Controls that help organization improve cybersecurity. CIS Control 9 covers protections for email and web browsers.

A new cloud phishing campaign is abusing Microsoft Azure’s Static Web Apps service to steal credentials from multiple services including Microsoft 365, Outlook, and Yahoo Mail.

In this world, nothing is certain except death and taxes. The latter of which malicious actors capitalize on seasonally with phishing attacks. From consumers to corporate finance and human resources (HR) departments, these social engineering attacks have become so pervasive that the IRS issued an annual advisory as a warning to businesses and consumers.

The dangers of email security are often understated. One successful email attack can lead to malware injection, system compromise, impersonation, espionage, ransomware and more. After all, phishing remains the top attack vector used by hackers. The FBI reported phishing scams were extremely prominent, with 323,972 complaints being made in the U.S. in 2021, compared to 241,342 the previous year. Adjusted losses resulting from these attacks is more than $44 million, a $10 million decrease from 2020.

The rise in cybercrime has accelerated 600% over the last three years, and shows no signs of slowing down. Even though the pandemic accelerated online services, data, and particularly vulnerable home networks, the truth is that cybercriminals are caught only 0.03 percent of the time. That rate, combined with the fact that the average cost of a data breach stands at $3.86 million makes for an attractive calculation for cybercriminals.

By now, pretty much anyone who uses email is familiar with the term “phishing,” and is aware of the prevalence of phishing scams. However, the term “spear phishing”—and what it means exactly—might be a bit more elusive. Essentially, spear phishing is a more targeted and socially engineered version of a spray-and-pray, bait-and-hook, phishing email.

In today’s environment, much of the population are doing their bank or financial transactions online and online banking or wire transfers have become a huge necessity. Recently, we received a phishing email that is targeting PayPal accounts. The email header contains an alarming subject and the From: address is a spoofed PayPal-like domain. The Message-Id is also highly suspicious as it uses web hosting site DreamHost which is not related to PayPal.

Recently, we encountered an interesting phishing webpage that caught our interest because it acts like a chameleon by changing and blending its color based on its environment. In addition, the site adapts its background page and logo depending on user input to trick its victims into giving away their email credentials. We see an email with the “initial” URLs in the example below: Figure 1. The raw phishing email showing the URLs, purporting to be a fax message that needs to be accessed.