Cybercriminals are exploiting the introduction of “.ZIP” as a new generic Top-Level Domain (gTLD) to launch phishing attacks, according to researchers at Fortinet. “Cybercriminals are always on the lookout for new opportunities and techniques to exploit, and the recent availability of '.ZIP' domains for public purchase has unfortunately created such an opportunity,” the researchers write.

Almost every organization freely admits that people are the biggest risk to its security. This year’s Data Breach Investigations Report by Verizon highlights that 74% of incidents involved the human element. People are a ‘soft’ target for cybercriminals. Networks and software can only be exploited if pre-existing vulnerabilities are discovered and hacked before they’re patched. People, however, can be engineered into creating vulnerability at any time.

In recent years, fake job hiring scams have become a common form of social engineering. Threat actors use these scams to steal money, launder money, commit identity theft, or carry out other fraudulent or illegal activities. The motives of threat actors behind fake job hiring scams vary. Some are simply looking to make a quick buck, while others are more interested in stealing personal information or committing identity theft.

The quantity of emails involved in scams and cyber attacks continues to grow as credential theft and response-based phishing persist as top attack variants. The ripple effect from cybercrime-as-a-service launching a few years back has reached critical mass, where we’re seeing significant increases in the percentage of emails that are either clearly determined to be malicious (7.7%) as well as those suspicious enough that users are recommended to not engage with (15.9%).

A manufacturing organization became the target of a business email compromise (BEC) attack. The threat actor utilized stolen credentials and then hoped a prompt-bomb attack will work — it did, and the threat actor was able to take over the user’s inbox. While, thankfully, this incident was detected and responded to by Arctic Wolf before more damage was done, BEC attacks are becoming more common and more successful by the month.

Netskope Threat Labs is tracking phishing campaigns that are abusing several free cloud services to host their websites and collect user information. These campaigns host their phishing sites in AWS Amplify which is available to free-tier users. Some phishing campaigns also abuse Telegram and Static Forms to collect users’ credentials. These phishing attacks aim to steal banking, webmail, and Microsoft 365 credentials, as well as victims’ card payment details.

Every employee in an organization has access to email, creating a vulnerability that cybercriminals seek to exploit through phishing attacks. There are many different types of phishing attacks that bad actors use to achieve their goals, and it is important to have the right processes and security solutions in place to prevent employees from falling victim.

Since December 22nd, 2022, there has been an increase in malware sent via Phishing emails via a OneNote attachment. As with most phishing emails, the end user would open the OneNote attachment but unlike Microsoft Word or Microsoft Excel, OneNote does not support macros. This is how threat actors previously launched scripts to install malware.

A fat finger error is a keyboard input mistake that results in the wrong information being transmitted. The term originated in financial trading markets and is now used more broadly in the security industry to describe data breaches that are caused by human error, particularly when the breach is attributed to mistyped information, like an email address. There are few people who have not experienced the sinking feeling caused by making a fat finger error.

Using a new twist to bypass detection from security solutions, cyber attacks are now employing what will be construed as a benign image whose malicious intent can’t be traced. Threat actors need some means of getting a user to engage with malicious content – whether an attachment, link, or phone call, there needs to be some content within an email that provides the victim user with their next step.