The Latest Phishing Trends Traced to Russia

The Latest Phishing Trends Traced to Russia

Russia and its hackers have been popular in the news for the past several years. Whether to allegedly influence foreign elections or steal intellectual property its sphere of influence is worldwide.

But first a bit of history. How did we get to this point in time? Countries have always been involved with clandestine activities to undermine or even overthrow neighboring governments. They have used deception and sometimes even force to accomplish their goals. So it was only a matter of time before technology was embraced as a tool to this end. And so began the partnership between hacker and government.

In 2009, Google China was hit by a security breach. Upon further investigation, it was determined that China was targeting the emails of individuals and groups who were focused on human rights and human rights violations. These Google users resided not just in China, but in the United States and Europe. Google had entered the Chinese market in 2006 subject to China’s strict internet policy. However, the resulting breach three years later caused the company to relocate its servers to Hong Kong.

One very active Russian hacker team is known by several names:

It is most known for its attack on the Democratic National Committee’s computer in 2016 but it has existed since at least 2007. The DNC has never allowed government agencies to analyze the computers so it is difficult to determine the extent of the attack.

This group’s signature mark is to cause its viruses and other malware to evolve into different threats. But in a nod to the past, it also makes use of previous malware that evades detection because it is no longer deemed a threat.

In the latter case, recent malware attacks from the group have focused on using an encrypted connection to carry the malware.

This means that while delivery is taking place the malware is not detected. This type of attack has pretty much disappeared until recently when it started making a comeback in October and November of this year. It was determined that the suspected targets were government entities in North America, Europe, and an unnamed former USSR state. In this particular phishing sweep, the malware contained evidence of an evolution AND the encrypted connection.

It has been reported that APT28 has started to use a new Trojan named Cannon, as well as its favorite, Zebrocy, which it used to target government agencies in North America and Europe. Both Trojans download another wave of malware after a computer system has already been compromised. The difference between the two is that Cannon uses legitimate email providers for its email accounts. In this way, the malware makes itself harder to detect.

Another group of hackers has a similar name, APT29. It has been very quiet since 2017 but appears to have come roaring back with a vengeance. Its targets have included

  • law enforcement,
  • think tanks,
  • drug companies,
  • different media outlets, and
  • contractors in the defence industry.

APT29, also known as Cozy Bear and like APT28 is believed to be working on behalf of Russia’s military intelligence service. The group has been operational since at least 2014.

This is how the latest malware worked: the email falsely appeared to come from the US State Department from a well-known individual who is employed there. The email even had a legitimate US State Department form to lend an air of authenticity to it. The email had links that when clicked, caused a Windows back door named Cobalt Strike to infest the device.

This attack is very similar to one which occurred in November of 2016 which took advantage of a hacked email server in a hospital. In this scenario, the  emails contained a ZIP archive which in turn held a Windows shortcut file with the malware payload.

An interesting possibility is that these malware attacks are really false flags, intended to make them appear to come from state sponsored hackers in Russia. But the attacks are being published in the media with the hope that malware researches can contribute their opinions on the attacks.

Earlier in 2018, Microsoft acknowledged that it had assisted the US Government to thwart attacks by Russian hackers against at least three politicians who were running in this year’s midterm elections.

The software company attributed the attacks to members of the APT28 group, which they have nicknamed Strontium.

The attempts involved web domain sites that appeared to belong to the US Senate or to conservative think tanks, and even to a product page of Microsoft’s. But in all cases they were actually fake sites.

There was no evidence that hackers successfully tricked any visitors to give out personal information; the company acknowledged that the fake sites were created recently and registered with major web-hosting companies. Microsoft’s Digital Crimes Unit has used the US court system to seize and shut down 84 fake websites since 2016 that were allegedly created by the APT28 group of hackers.

While the Russian hackers seem to have their fingers in a lot of digital pie, it has become apparent that the biggest threat from them is during the election cycle. Political campaigns usually do not have the funding required to mount a good defense against cyber attacks. While it may be possible to hack into voting machines, experts say it would be extremely unlikely that enough machines would be compromised to change the outcome of an election. All fifty states and some 1000 local governments have opened a center to share and compare investigations and findings.

It is a game of cat and Russian mouse that continues unabated 24/7/365. Unrelenting vigilance is necessary to combat the threat that according to Kirstjen Neilsen, Secretary of Homeland Security,  has “democracy in the crosshairs”.

References

Top 10 most notorious cyber attacks in history

RUSSIA’S ELITE HACKERS MAY HAVE NEW PHISHING TRICKS

Russia’s Cozy Bear comes out of hiding with post-election spear-phishing blitz

Microsoft helped the US Government is protecting at least three 2018 midterm election candidates from attacks of Russian cyberspies.

Microsoft Detects More Russian Cyber Attacks Ahead of Mid-Term Election

Russia Linked Group Resurfaces With Large-Scale Phishing Campaign

How the U.S. Is Fighting Russian Election Interference

Spear Phishing Prevention for Small and Medium Size Businesses

Spear Phishing Prevention for Small and Medium Size Businesses

What is spear phishing?

Spear phishing is when you receive an email from someone or some company you trust. It looks legitimate. It may even have the names and extension number of coworkers. It looks authentic, so you don’t give it a second thought. But you should, because it’s from an attacker, and they’re trying to steal your valuable information.

Continue reading “Spear Phishing Prevention for Small and Medium Size Businesses” »

Top Phishing Email Attacks Worldwide in 2018

Top Phishing Email Attacks Worldwide in 2018

 

2018 was a good or bad year for phishing depending on which side of the law you were on! Phishing is defined in many places on the internet, but I like the Cambridge Dictionary definition the best: “an attempt to trick someone into giving information over the internet or by email that would allow someone else to take money from them, for example by taking money out of their bank account”.

Continue reading “Top Phishing Email Attacks Worldwide in 2018” »

Ransomware Attacks Your Organization’s Ability to Function

Ransomware Attacks Your Organization’s Ability to Function

By the time any business is aware that they are the target of a ransomware attack, it’s too late. Once a hacker has breached security and enticed a user to click on a malicious link or attachment, access to local data on that employee’s computer is locked. In order to unlock the data, a ransom must be paid. In about 91% of cases, the vector for ransomware is incoming email, often in the form of a spear phishing attack that purports to be from a sender known and trusted by the victim.

Read More

The Threat Of Ransomware is Real

The Threat Of Ransomware is Real

Ransomware is a multi-million dollar a year online business that can strike any organization.

Both Ransomware and legitimate business engage in email marketing campaigns with the intent of making sales to new customers. In the case of legitimate business, some good or service of value is returned to the client. In the case of ransomware, business is slowed or halted by malware that locks or deletes files, and a ransom is demanded that may or may not stop the attack or reverse the damage if paid. Ransomware is criminal but make no mistakes: its top producers make millions of dollars a year in revenue.

Read More

Are You Ready To Meet The Threat Of Locky Ransomware?

Are You Ready To Meet The Threat Of Locky Ransomware?

Locky is a ransomware variant that was first reported in 2016.

The most common version of the attack arrives as an attachment to an email. When opened, the attachment is mostly unreadable, except for a direction to the user to enable macros in order to make the content readable. If this is done however, an embedded macro in the “message” runs and saves the Locky virus to the user’s hard drive. After that, typically any Microsoft Office files, videos, and images on the hard drive are encrypted through the office 365 phishing email.

Read More

Phishing is a Threat – Protect Yourself!

Phishing is a Threat – Protect Yourself!

The overwhelming majority of attempts to compromise the security of business information today being with a phishing attack. By relying on the misplaced trust of users, phishing, spear-fishing, and whaling attacks gain access to confidential data: users click a link, open an attachment from a “trusted source,” respond to a social engineering attempt, or are otherwise tricked into revealing such information.

Read More

Advanced Threat Defense Helps Your Organization Mitigate Phishing Scams

Advanced Threat Defense Helps Your Organization Mitigate Phishing Scams

Every day, there is an increasing number of phishing and spear fishing threats, which cause disruption and damaging loss of revenue to companies worldwide.

These scams are crafted with the sole purpose of getting your employees to reveal passwords, security credentials, business secrets, and other information which would otherwise remain secure. So-called phishing scams are responsible for the vast majority of hacking attacks against corporations and individuals today.

Continue reading “Advanced Threat Defense Helps Your Organization Mitigate Phishing Scams” »

DuoCircle Sponsoring LetsEncrypt.org

DuoCircle Sponsoring LetsEncrypt.org

DuoCircle’s Advanced Threat Defense automatically generates SSL-certified domains for anti-phishing protection

At DuoCircle, we prioritize privacy and understand the need for encryption on the Web. We are passionate advocates for free speech, and the need to make encrypted connections ubiquitous online. We are happy to announce our sponsorship of Let’s Encrypt a market and thought leader in SSL and privacy online. While we are not a web hosting company that would benefit from issuing SSL certificates with each website we still believe in using the best of breed technology in all of our offerings. We specifically engineered our Advanced Threat Defense system for malware and phishing protection to utilize Let’s Encrypt certificates for our client domains.  Continue reading “DuoCircle Sponsoring LetsEncrypt.org” »

Phishing Protection for Businesses

Phishing Protection for Businesses

Protect your end users from email-based exploits

Last year was a rough year for malware and phishing. 2017 kicked off with hacking and malware infections making news in early January when an effective phishing scam targeted Google Gmail users by tricking them into sharing their login credentials. And now as we close out the year, these types of brazen frauds have not slowed down, in fact it has gotten worse.
Continue reading “Phishing Protection for Businesses” »

7 Ways to Protect Your Organization from Email-based Ransomware Attacks

7 Ways to Protect Your Organization from Email-based Ransomware Attacks

How email-based ransomware works and how to prevent attacks

Ransomware has become the largest, most dangerous malware threat to date. It affects individuals, businesses, and governments around the world by holding hard drive data hostage. The cost of ransomware infections was projected to exceed US$5 billion by the end of this year, according to this report from Cybersecurity Ventures. Costs go far beyond dealing directly with a ransomware attack. In many cases, organizations had to reduce or cease operations until the ransomware was removed. Lost business, damage to reputation, and lawsuits further added to the burden of cost for businesses that fell victim to ransomware attacks. Continue reading “7 Ways to Protect Your Organization from Email-based Ransomware Attacks” »

Understanding the Implications of the Google Phishing Attack

Understanding the Implications of the Google Phishing Attack

Did you receive a phishing email today from google with a document request from a friend? A user on reddit.com did and this is what he went through to figure it out.

You need to prepare yourself with the knowledge and understanding of just how important this attack vector is in context and how it is now going to be the model for NEW email-centric attacks. Continue reading “Understanding the Implications of the Google Phishing Attack” »

Quickbooks Phishing Email Live Walkthrough

Quickbooks Phishing Email Live Walkthrough

Hilton and I were talking and he mentioned to me that he got a great looking phishing email in his Yahoo account, so I decided to take a quick look at the format and believability of the message to see if it would fool the average user. I was VERY surprised at how well this message was formatted and you’ll see that during my review a second less. Continue reading “Quickbooks Phishing Email Live Walkthrough” »

65% of Global Businesses Ill-Equipped to Defend Against Email-Based Cyber-Attacks

65% of Global Businesses Ill-Equipped to Defend Against Email-Based Cyber-Attacks

If you believe your company is handling email security without any problems, the odds are you’re sadly mistaken. A recent Mimecast survey of IT security professionals found that 65% of them felt that their organization wasn’t capable of handling email-based cyber-attacks. A full third of them felt that their email was actually less secure than it was five years ago. Continue reading “65% of Global Businesses Ill-Equipped to Defend Against Email-Based Cyber-Attacks” »

Pin It on Pinterest