The Latest Phishing Trends Traced to Russia

The Latest Phishing Trends Traced to Russia

Russia and its hackers have been popular in the news for the past several years. Whether to allegedly influence foreign elections or steal intellectual property its sphere of influence is worldwide.

But first a bit of history. How did we get to this point in time? Countries have always been involved with clandestine activities to undermine or even overthrow neighboring governments. They have used deception and sometimes even force to accomplish their goals. So it was only a matter of time before technology was embraced as a tool to this end. And so began the partnership between hacker and government.

In 2009, Google China was hit by a security breach. Upon further investigation, it was determined that China was targeting the emails of individuals and groups who were focused on human rights and human rights violations. These Google users resided not just in China, but in the United States and Europe. Google had entered the Chinese market in 2006 subject to China’s strict internet policy. However, the resulting breach three years later caused the company to relocate its servers to Hong Kong.

One very active Russian hacker team is known by several names:

It is most known for its attack on the Democratic National Committee’s computer in 2016 but it has existed since at least 2007. The DNC has never allowed government agencies to analyze the computers so it is difficult to determine the extent of the attack.

This group’s signature mark is to cause its viruses and other malware to evolve into different threats. But in a nod to the past, it also makes use of previous malware that evades detection because it is no longer deemed a threat.

In the latter case, recent malware attacks from the group have focused on using an encrypted connection to carry the malware.

This means that while delivery is taking place the malware is not detected. This type of attack has pretty much disappeared until recently when it started making a comeback in October and November of this year. It was determined that the suspected targets were government entities in North America, Europe, and an unnamed former USSR state. In this particular phishing sweep, the malware contained evidence of an evolution AND the encrypted connection.

It has been reported that APT28 has started to use a new Trojan named Cannon, as well as its favorite, Zebrocy, which it used to target government agencies in North America and Europe. Both Trojans download another wave of malware after a computer system has already been compromised. The difference between the two is that Cannon uses legitimate email providers for its email accounts. In this way, the malware makes itself harder to detect.

Another group of hackers has a similar name, APT29. It has been very quiet since 2017 but appears to have come roaring back with a vengeance. Its targets have included

  • law enforcement,
  • think tanks,
  • drug companies,
  • different media outlets, and
  • contractors in the defence industry.

APT29, also known as Cozy Bear and like APT28 is believed to be working on behalf of Russia’s military intelligence service. The group has been operational since at least 2014.

This is how the latest malware worked: the email falsely appeared to come from the US State Department from a well-known individual who is employed there. The email even had a legitimate US State Department form to lend an air of authenticity to it. The email had links that when clicked, caused a Windows back door named Cobalt Strike to infest the device.

This attack is very similar to one which occurred in November of 2016 which took advantage of a hacked email server in a hospital. In this scenario, the  emails contained a ZIP archive which in turn held a Windows shortcut file with the malware payload.

An interesting possibility is that these malware attacks are really false flags, intended to make them appear to come from state sponsored hackers in Russia. But the attacks are being published in the media with the hope that malware researches can contribute their opinions on the attacks.

Earlier in 2018, Microsoft acknowledged that it had assisted the US Government to thwart attacks by Russian hackers against at least three politicians who were running in this year’s midterm elections.

The software company attributed the attacks to members of the APT28 group, which they have nicknamed Strontium.

The attempts involved web domain sites that appeared to belong to the US Senate or to conservative think tanks, and even to a product page of Microsoft’s. But in all cases they were actually fake sites.

There was no evidence that hackers successfully tricked any visitors to give out personal information; the company acknowledged that the fake sites were created recently and registered with major web-hosting companies. Microsoft’s Digital Crimes Unit has used the US court system to seize and shut down 84 fake websites since 2016 that were allegedly created by the APT28 group of hackers.

While the Russian hackers seem to have their fingers in a lot of digital pie, it has become apparent that the biggest threat from them is during the election cycle. Political campaigns usually do not have the funding required to mount a good defense against cyber attacks. While it may be possible to hack into voting machines, experts say it would be extremely unlikely that enough machines would be compromised to change the outcome of an election. All fifty states and some 1000 local governments have opened a center to share and compare investigations and findings.

It is a game of cat and Russian mouse that continues unabated 24/7/365. Unrelenting vigilance is necessary to combat the threat that according to Kirstjen Neilsen, Secretary of Homeland Security,  has “democracy in the crosshairs”.

References

Top 10 most notorious cyber attacks in history

RUSSIA’S ELITE HACKERS MAY HAVE NEW PHISHING TRICKS

Russia’s Cozy Bear comes out of hiding with post-election spear-phishing blitz

Microsoft helped the US Government is protecting at least three 2018 midterm election candidates from attacks of Russian cyberspies.

Microsoft Detects More Russian Cyber Attacks Ahead of Mid-Term Election

Russia Linked Group Resurfaces With Large-Scale Phishing Campaign

How the U.S. Is Fighting Russian Election Interference

Spear Phishing Prevention for Small and Medium Size Businesses

Spear Phishing Prevention for Small and Medium Size Businesses

What is spear phishing?

Spear phishing is when you receive an email from someone or some company you trust. It looks legitimate. It may even have the names and extension number of coworkers. It looks authentic, so you don’t give it a second thought. But you should, because it’s from an attacker, and they’re trying to steal your valuable information.

Continue reading “Spear Phishing Prevention for Small and Medium Size Businesses” »

Top Phishing Email Attacks Worldwide in 2018

Top Phishing Email Attacks Worldwide in 2018

 

2018 was a good or bad year for phishing depending on which side of the law you were on! Phishing is defined in many places on the internet, but I like the Cambridge Dictionary definition the best: “an attempt to trick someone into giving information over the internet or by email that would allow someone else to take money from them, for example by taking money out of their bank account”.

Continue reading “Top Phishing Email Attacks Worldwide in 2018” »

Alumni Email Forwarding Service

Alumni Email Forwarding Service

One of the things that we have noticed in the last few years is that the migration to the cloud has created a huge gap created by the migration to the cloud by Universities and Colleges. While Office 365 or Google Apps are attractive options of hosting current students and faculty and staff, they are not a good fit to handle the unique needs for alumni email forwarding.

Continue reading “Alumni Email Forwarding Service” »

What is Backup MX, and What Should You Look For?

What is Backup MX, and What Should You Look For?

Despite the rise of tools like Slack, Skype or Jabber the reality is that nearly all business communication between companies is over email. When your mail server is compromised and goes offline, not only internal communications will be disrupted, but external ones as well. Sales inquiries, customer service requests, and important inter-business communication channels will be cut off, and inbound emails will bounce, causing potentially significant disruption and potential loss of revenue.

Continue reading “What is Backup MX, and What Should You Look For?” »

Outbound Spam Protection Policy Change

Outbound Spam Protection Policy Change

We often write about preventing spam from getting into your mailbox, (as you know Spam Filtering is one of our most popular products), however we really don’t stop to talk about the problem of SMTP service providers inadvertently allowing their customers to send out what would be considered by the recipient to be SPAM or outbound spam protection.The tools, techniques, and mitigation required to defend an inbox are very well established and documented. But preventing authenticated, paying customers from abusing your network to send spam intentionally or because of a compromised system is an issue that we are attacking head-on.

Continue reading “Outbound Spam Protection Policy Change” »

Ransomware Attacks Your Organization’s Ability to Function

Ransomware Attacks Your Organization’s Ability to Function

By the time any business is aware that they are the target of a ransomware attack, it’s too late. Once a hacker has breached security and enticed a user to click on a malicious link or attachment, access to local data on that employee’s computer is locked. In order to unlock the data, a ransom must be paid. In about 91% of cases, the vector for ransomware is incoming email, often in the form of a spear phishing attack that purports to be from a sender known and trusted by the victim.

Read More

Effective Spam Blocking is Vital to Your Organization

Effective Spam Blocking is Vital to Your Organization

Spam is one of the most ubiquitous and costly annoyances to companies today. It clogs inboxes. It consumes storage space and bogs down email servers. And it consumes tremendous amounts of bandwidth with frivolous or dangerous messages and traffic. With the yearly increase in the volume of spam, finding the right spam blocking solution is vitally important to business, because without effective spam blocking, productivity can and will grind to a halt.

Continue reading “Effective Spam Blocking is Vital to Your Organization” »

Cloud-Based Spam Filtering Protects Your Company

Cloud-Based Spam Filtering Protects Your Company

Each year, an increasing number of spam emails are sent to corporate employees, threatening to clog corporate email servers and slow productivity to a crawl. With the rising concern to business that spam has created, more organizations are turning to cloud-based spam filtering solutions to ameliorate the threat of disruption from spam.

Continue reading “Cloud-Based Spam Filtering Protects Your Company” »

The Top Three Email Based Threats And How To Avoid Them

The Top Three Email Based Threats And How To Avoid Them

Email threats come in a variety of forms. With over 90% of security threats beginning with some form of email attack, it is imperative that organizations educate their users on these forms of attack, get better email hosting and take steps to harden their networks against them. Three of the most commonly seen broad categories of email threat are Phishing, Ransomware, and Domain Name Spoofing.

Continue reading “The Top Three Email Based Threats And How To Avoid Them” »

The Threat Of Ransomware is Real

The Threat Of Ransomware is Real

Ransomware is a multi-million dollar a year online business that can strike any organization.

Both Ransomware and legitimate business engage in email marketing campaigns with the intent of making sales to new customers. In the case of legitimate business, some good or service of value is returned to the client. In the case of ransomware, business is slowed or halted by malware that locks or deletes files, and a ransom is demanded that may or may not stop the attack or reverse the damage if paid. Ransomware is criminal but make no mistakes: its top producers make millions of dollars a year in revenue.

Read More

Superior Email Security is the Key to Stopping Ransomware

Superior Email Security is the Key to Stopping Ransomware

The number of ransomware attacks is increasing worldwide, which forces corporate IT teams to come up with innovative solutions to combat the threat.

But email based threats like ransomware are costly and difficult to fight with on-site solutions alone. With an on-site solution, by the time the existence of ransomware is known, the threat is already wreaking havoc across the network.

Once ransomware gains access to a company’s systems, it’s too late. In the best cases, only a few isolated computers are held hostage. But if shared network drives are present, the ransomware can propagate across entire corporate networks, quickly bringing the organization to its knees.

Continue reading “Superior Email Security is the Key to Stopping Ransomware” »

Effective Spam Filtering Protects Your Employees

Effective Spam Filtering Protects Your Employees

Spam is more than just an annoyance, and effective spam filtering is a critical part of any IT security plan. Each day, corporate email servers are inundated with a vast amount of spam. To combat this rising tide, organizations need sophisticated spam filtering. When proper spam filtering is in place, employee inboxes are kept free of unwanted messages, and unwanted traffic stays off the network.

Continue reading “Effective Spam Filtering Protects Your Employees” »

Office 365 Is A Fantastic Tool, But…

Office 365 Is A Fantastic Tool, But…

Microsoft® Office 365™ is a fantastic choice for companies that want to implement a cloud-based email solution.

Unfortunately, however, the out-of-the-box email archiving solution provided by Office 365 doesn’t meet the stringent security requirements or give the functionality that most organizations expect and demand. These functions include limitations on the number of saved searches, the total volume of messages stored in the archive and ALL users, not just active users are billed at the full rate.

Continue reading “Office 365 Is A Fantastic Tool, But…” »

The Threat Of Phishing Email Attack Is Serious

The Threat Of Phishing Email Attack Is Serious

A phishing attack takes advantage of the user’s trust by impersonating an email from a friend, associate, well known business contact or senior management.

The user is tricked into sharing login credentials, account information, personal or corporate data, or other sensitive information. Often, the user is asked to click on a link to a site that looks exactly like the real thing: online banking site spoofs are common, as are paypal, google login pages or almost any cloud service.

Continue reading “The Threat Of Phishing Email Attack Is Serious” »

Pin It on Pinterest