Since late December 2022, the ThreatSpike team has noticed a significant rise in highly targeted phishing campaigns aimed at the hospitality sector, which distribute infostealer malware. The threat actors (TAs) are primarily targeting front desk and reception staff, as they are responsible for handling customer queries via a generic email that can easily be found on the company website.
The advent of cloud applications led to a new generation of phishing attacks (named OAuth phishing or consent phishing) where, rather than stealing the user credentials, threat actors aim to obtain an authorization token via a rogue cloud app that allows them to perform harmful activities on the victim’s cloud environment.
Zero-day vulnerabilities present a very real threat to cybersecurity. Exploiting a zero-day vulnerability as an attack vector is a complex process, but it allows attackers to slip into your system undetected and leave without a trace.
Going into 2023, phishing is still as large a concern as ever. “If it ain’t broke, don’t fix it,” seems to hold in this tried-and-true attack method. The 2022 Verizon Data Breach Investigations Report states that 75% of last year’s social engineering attacks in North America involved phishing, over 33 million accounts were phished last year alone, and phishing accounted for 41% of social engineering compromise overall.
It's time for you and your colleagues to become more skeptical about what you read. That's a takeaway from a series of experiments undertaken using GPT-3 AI text-generating interfaces to create malicious messages designed to spear-phish, scam, harrass, and spread fake news. Experts at WithSecure have described their investigations into just how easy it is to automate the creation of credible yet malicious content at incredible speed.
#Phishing, #spearphishing, #whaling... confused? Don’t be. This quick off-the-cuff video will clear up the confusion. Possibly. Part of our #cybersecurity101 series where we’re outlining the basic terms of the world of cyber security.
Looking for more help? Head over to www.bulletproof.co.uk
Throughout 2022, threat actors have been masquerading as the postal service Singapore Post (SingPost) and one of Singapore’s leading telecommunications companies Singtel. Victims are being targeted by phishing emails that appear to be from Singapore Post or Singtel. In these emails, users were sent messages informing them of fake billing issues or outstanding payments with links to fraudulent websites that asked for their personal information.
