There are lots of clever tricks in here that make stopping this #quishing #phishing attack hard for us on the defender's side: 1. "The emails impersonate human resources (HR) departments, using salary updates as lures to open the PDFs, which are themed after Adobe or Microsoft." People love to click these kind of updates, and Adobe / Microsoft themes are legit enough. Plus, because it's a PDF, just looking for QR code images isn't going to stop them. 2. "Scanning the QR code on a mobile device bypasses phishing protections on the targeted organizations, taking victims to phishing pages that mimic the legitimate Microsoft 365 login interface." This means you've got no record of a "click" in the traditional sense, and you've got no network telemetry of these connections going out - essentially, the defenders are blind to user action here. 3. "The victim is prompted to enter their login credentials and 2FA token on the fake login page, and the phishing site captures these details in real-time. The stolen credentials and 2FA token are immediately relayed to the attackers via WebSockets, allowing them to hijack the target's account before the authentication and MFA-validated token expires." Are your defenses going to move this fast? I doubt it. Meanwhile, the attackers are running it all through a Telegram bot, and covering their tracks: "The ONNX phishing kit also uses encrypted JavaScript code that decrypts itself during page load, adding a layer of obfuscation to evade detection by anti-phishing tools and scanners." "Additionally, ONNX uses Cloudflare services to prevent its domains from being taken down, including an anti-bot CAPTCHA and IP proxying." "There is also a bulletproof hosting service to ensure that the operations aren't interrupted by reports and takedowns, as well as remote desktop protocol (RDP) services for managing the campaigns securely." This should give you a real sense of how sophisticated email attacks are happening today. Make sure your defenses are up to snuff!
Shay Colson, CISSP’s Post
More Relevant Posts
-
The article explains what a QR code is and how it's being used in phishing attacks. A QR (Quick Response) code is a two-dimensional barcode that can be scanned with a smartphone or other mobile device equipped with a camera. It can contain various types of information, such as website URLs, contact info, product details, etc., and is commonly used to take users to websites, files or apps. However, the FBI has warned about cybercriminals tampering with QR codes to steal funds from victims. Microsoft Security Research & Threat Intelligence also observed an increase in phishing attempts related to QR-codes around mid-September 2023. QR codes are used in phishing attacks because they move the attack away from well-protected corporate environments onto less secure personal mobile devices and leverage the most common credential theft vector - the URL. Microsoft Defender for Office 365 protects against these threats by using advanced image extraction technologies to detect a QR Code during mail flow and extract URL metadata for further analysis. The system also uses heuristic rules within Defender for Office 365 to block malicious messages. To stay protected against such threats, Microsoft recommends using Microsoft Defender XDR for comprehensive defense against advanced threats like QR code phishing; enabling endpoint protection on Android and iOS devices; conducting end-user training through Attack Simulation Training; regularly reviewing configuration settings within organization’s policies; managing priority accounts within organizations; reviewing any mail flow rules added etc. For more detailed information on this topic click here Post generated with the help of Azure OpenAI GPT4 🤖 #msftadvocate #MDO365 #Defender #DefenderForO365
Protect your organizations against QR code phishing with Defender for Office 365
techcommunity.microsoft.com
To view or add a comment, sign in
-
Perception Point combats QR code phishing threats using image recognition: Perception Point unveiled new solution to address the escalating threat of QR code phishing, commonly referred to as “quishing”. With the recent influx in quishing campaigns, the need for a definitive solution has never been more pressing. The re-emergence of QR codes during the COVID-19 pandemic, not only changed the way users interact with digital content but also provided cybercriminals with a novel avenue for evading detection. In 2023, quishing attacks surged dramatically, targeting and … More → The post Perception Point combats QR code phishing threats using image recognition appeared first on Help Net Security.
Perception Point combats QR code phishing threats using image recognition - Help Net Security
https://www.helpnetsecurity.com
To view or add a comment, sign in
-
Quishing is one of the newest forms of phishing you'll have to deal with. It's a phishing attack where cybercriminals embed malicious links into seemingly innocent QR codes. They then sneak these tainted codes into the physical world around you - flyers, advertisements, product labels and more. All it takes is one unsuspecting scan from your phone camera, and bam! You're either redirected to a phishing site or you unintentionally initiate a malicious action on your device. It's bringing phishing into the real world in a sneakier way. QR codes have become so mainstream and trusted that most people mindlessly scan them without a second thought. Exactly the blind spot cybercriminals exploit with quishing to pull off attacks. So, what can you do to prevent getting quished? Start by training your employees to be more QR code aware and sceptical: 1. Institute a "No QR Code scanning" policy for unknown/random QR sources. 2. Use examples to highlight quishing red flags like QRs leading to suspect URLs. 3. Regularly remind employees about quishing. 4. Adopt technical controls to detect and block malicious QR code URLs. Advanced email filters, like MailGuard, will spot scary QR codes in emails and stop them from reaching your team. Get educated, get trained and stay vigilant against the latest phishing offshoots. Too many businesses don’t consider fortifying their email security until after they’ve already suffered from a cyber-attack. Don’t wait until it’s too late. Speak to our team to request a free Microsoft 365 email security health check.
To view or add a comment, sign in
-
-
270 tech & security firms license my mobile app security patents. Patents pending for SMS. Helped to launch AIM. Co-invented the concept of classifying user accounts on the Internet #dyslexic #ADHD
Incredible. Globe Telecom in the Philippines has even devoted website space to the perils of SMS communication. You land on a page titled "We're all in this together." It's fascinating that the idea has been propagated that employees and consumers should somehow shoulder the responsibility for mitigating risks that employers and service providers have yet to adequately address. Cybersecurity vendors seem at a loss to develop effective anti-phishing measures, even though phishing tactics have remained fundamentally unchanged. As far back as 2017, attackers were using reverse-proxy phishing to snatch not just login credentials but also MFA codes. So, it's hardly a new or evolving threat. The core tactics of phishing, which involve deceptive impersonation to fool individuals, have stayed remarkably consistent since their inception in 1996 on the AOL network - where I was personally targeted when hackers impersonated my admin screen name inside emails, chatrooms, and instant messaging. Whether executed through Email, Slack, WhatsApp, RCS, iMessage, Google Search, Twitter, or SMS, the essence of phishing remains the same. The confusion arises not from an evolution in phishing strategies, but rather from the emerging channels that cybercriminals exploit to carry out these deceptive schemes. It’s not Globe’s fault that their customers are no longer permitted to send or receive SMS messages that contain a web link, it’s the fault of the cybersecurity industry... While it may seem that the cybersecurity sector has been reluctant to offer solutions for SMS phishing, consider another angle. The capability to test the efficacy of these protective measures with a single SMS could deter big players like Palo Alto Networks, ProofPoint, and Cisco from entering the market. Why haven't they offered a solution yet? The security market for SMS is likely to be bigger than that of Email Security. Going forward, it's reasonable to expect the security industry to shift its focus toward creating security protocols inspired by Zero Trust—the gold standard in cybersecurity. Traditional approaches, which rely on threat intelligence, are inadequate for handling deceptive URLs or web links in phishing attacks. In the SMS phishing context, the Zero Trust model acts like a kill switch. It dictates that each message with a link should be considered a potential threat and allowed through the network only after the web link is verified as legitimate. If we can't determine the legitimacy of the sender or message content, we must focus on the call to action—the link!
To view or add a comment, sign in
-
-
New Phishing Service Targets Financial Firms with Fake Microsoft Logins What's the Threat: - A new phishing service called ONNX targets Microsoft 365 accounts at financial firms. - Attackers use QR codes in PDF attachments to trick victims into logging in to fake Microsoft 365 login pages. How it Works: - Phishing emails with fake HR updates contain PDFs with malicious QR codes. - Scanning the QR code bypasses security protections and takes the user to a fake Microsoft 365 login page. - The fake login page steals login credentials and even 2FA tokens. - Stolen credentials are used to hijack email accounts and steal data or launch further attacks. What Makes it Dangerous: - ONNX is a service offered online, making it easy for criminals to launch phishing attacks. - The fake login pages look like real Microsoft logins and can bypass some security measures. - ONNX offers features to steal 2FA tokens, making it harder to protect accounts. How to Protect Yourself: - Be wary of emails with attachments, especially from unknown senders. - Don't scan QR codes from untrusted sources. - Verify the legitimacy of login pages before entering your credentials. - Consider using hardware security keys for added protection. For Businesses: - Block PDF and HTML attachments from unknown senders. - Block untrusted websites. - Implement multi-factor authentication and require strong passwords. - Consider hardware security keys for high-risk accounts. #CyberSecurity https://lnkd.in/dtgJ6jJE
ONNX phishing service targets Microsoft 365 accounts at financial firms
bleepingcomputer.com
To view or add a comment, sign in
-
ML powered Cybersecurity: { Cyber Threat Intelligence; Digital Forensics; Cyber Investigations and Incident Response }
Rise in QR Code and AI-Generated Phishing Threats Insikt Group's latest research from Q4 2023 to Q1 2024 highlights a troubling increase in QR code-based phishing attacks and the utilization of artificial intelligence in phishing campaigns. Cybercriminals are evolving their tactics to include the use of Amazon Web Services (AWS) Simple Notification Service (SNS) for sending scam text messages and leveraging Video Ad Serving Template (VAST) tags to distribute malicious advertisements. The study shows a sharp rise in incidents, with a 433% jump in QR code phishing, also known as "quishing," and an even more staggering 1,265% increase in AI-driven phishing efforts. These advanced tactics are proving to be highly effective in bypassing current security measures, especially in stealing multi-factor authentication (MFA) tokens. One of the preeminent dangers is the use of QR codes in phishing operations. These codes are now commonplace in threat actors' arsenals, driven by their effectiveness in deceiving users into surrendering credentials and MFA codes. Compounded by the use of AI, like the language model ChatGPT, to craft convincing emails, threat actors can mount large-scale phishing attacks at a lower cost, thus posing an enhanced threat to targets, particularly executives who are more likely to be targeted. Preventive Measures: To reduce the risk posed by these innovative phishing techniques, organizations should consider the following strategies: Awareness Training: Conduct ongoing cybersecurity training that includes awareness of QR code phishing threats. Security-Focused QR Scanners: Encourage the use of QR code scanner apps that offer robust security features, such as malicious URL detection. Advanced Endpoint Security: Implement mobile device management (MDM) and endpoint security solutions to protect against attacks on mobile devices. AI-Specific Countermeasures: Leverage machine learning tools capable of identifying AI-generated phishing content. SMS Scam Defense: Utilize technologies that filter out malicious SMS content, shielding users from these threats. VAST Tag Verification: Rigorously validate advertising VAST tags to prevent the insertion of malvertising content. As phishing tactics grow more sophisticated through the exploitation of QR codes, AI, and other innovative methods, organizations must stay vigilant by continually updating their defensive measures and ensuring that their workforce is educated on the latest threats. #cybersecurity #cyberawareness #cyberattack #cybernews #phishing #cyberthreat #smishing https://lnkd.in/dhbckFiw
Security Challenges Rise as QR Code and AI-Generated Phishing Proliferate | Recorded Future
recordedfuture.com
To view or add a comment, sign in
-
270 tech & security firms license my mobile app security patents. Patents pending for SMS. Helped to launch AIM. Co-invented the concept of classifying user accounts on the Internet #dyslexic #ADHD
The trend shows phishing moving from email to SMS. Aside from MetaCert, no cybersecurity company has offered a solution for telcos yet, despite obvious demand. They know it’s a big problem because some of them have been compromised via SMS phishing themselves. Not to mention the size of the market opportunity. I believe SMS security has the potential to be as big as the email security market/category. Take ProofPoint for example - one vendor in email security, was acquired for over $12bn just a few years ago. Why aren’t they offering the same kind of solution for SMS? Email and SMS phishing are the very same problem - messages containing dangerous links that cause harm. Smishing isn’t a new kind of problem - it’s an old problem that recently came to SMS. Why am I the only one questioning why the security industry isn’t offering a solution? The FBI shouldn’t say “phishing and smishing” because that’s like saying “automobiles and cars”. Smishing is just a category of phishing, and phishing is a category of “social engineering”. Deep fakes are a form of phishing too. A lot of security companies get this wrong. https://lnkd.in/gUt8fAUK
To view or add a comment, sign in
-
-
Security Operations Center Analyst | Cybersecurity Analyst | Security + | Incident Response | EndPoint Security | Splunk | IBM QRadar | Falcon Crowdstrike | Jira Ticket | Phishing Email Analysis.
🚨 𝗖𝗼𝗺𝗽𝗿𝗲𝗵𝗲𝗻𝘀𝗶𝘃𝗲 𝗜𝗻𝘃𝗲𝘀𝘁𝗶𝗴𝗮𝘁𝗶𝗼𝗻 𝗶𝗻𝘁𝗼 𝗮 𝗦𝗼𝗽𝗵𝗶𝘀𝘁𝗶𝗰𝗮𝘁𝗲𝗱 𝗣𝗵𝗶𝘀𝗵𝗶𝗻𝗴 𝗖𝗮𝗺𝗽𝗮𝗶𝗴𝗻 🚨 In today's post, we're sharing insights from our in-depth investigation into a recent phishing campaign that targeted our company. Our goal is to equip you with the knowledge to recognize and counter such threats. Here are some of the key findings and steps we took: 𝗞𝗲𝘆 𝗙𝗶𝗻𝗱𝗶𝗻𝗴𝘀: 🔍 We identified 72 phishing domains masquerading as legitimate companies. 🌐 These domains hosted convincing websites that deceived users into divulging their login credentials. 🛡️ The attack employed advanced techniques, including direct human interaction, to enhance its believability. 🔧 We reverse-engineered multiple fake websites to understand their operation. 📋 A list of Indicators of Compromise (IOCs) is available at the end of this post to bolster your security measures. 𝗔𝘁𝘁𝗮𝗰𝗸 𝗖𝗵𝗮𝗶𝗻 𝗕𝗿𝗲𝗮𝗸𝗱𝗼𝘄𝗻: 1. 𝑨𝒄𝒄𝒐𝒖𝒏𝒕 𝑪𝒐𝒎𝒑𝒓𝒐𝒎𝒊𝒔𝒆 : An account belonging to one of our clients was breached. 2. 𝑷𝒉𝒊𝒔𝒉𝒊𝒏𝒈 𝑬𝒎𝒂𝒊𝒍: The compromised account was used to send phishing emails to our employee. 3. 𝑪𝒓𝒆𝒅𝒆𝒏𝒕𝒊𝒂𝒍 𝑻𝒉𝒆𝒇𝒕: Our employee's credentials were stolen via a fake website. 4. 𝑭𝒖𝒓𝒕𝒉𝒆𝒓 𝑫𝒊𝒔𝒕𝒓𝒊𝒃𝒖𝒕𝒊𝒐𝒏: Phishing emails were sent from the compromised account to its contact list. 𝑰𝒏𝒄𝒊𝒅𝒆𝒏𝒕 𝑫𝒆𝒕𝒂𝒊𝒍𝒔: 📅 On May 27, 2024, one of our employees received an email from an existing client with a link to a supposed voice message. The email was crafted to look legitimate, featuring: - A familiar domain. - The sender's full name, phone number, and job title. - Professional language with minimal errors. 𝑹𝒆𝒅 𝑭𝒍𝒂𝒈𝒔: 🚩 The email contained an external link masked as "Play voice mail here." 🚩 It originated from a client department that had never contacted our colleague before. Our employee wisely uploaded the email to a sandbox environment for further analysis. Following the link led to a phishing page designed to mimic a Microsoft login page. 𝑷𝒉𝒊𝒔𝒉𝒊𝒏𝒈 𝑻𝒂𝒄𝒕𝒊𝒄𝒔: 📧 On June 18, 2024, phishing emails were sent from the compromised account to others, featuring poor quality compared to the initial email and linking to a Dropbox file-sharing service. This Dropbox link directed users to another phishing site. 𝑳𝒆𝒔𝒔𝒐𝒏𝒔 𝑳𝒆𝒂𝒓𝒏𝒆𝒅: 🔍 Always verify unexpected emails, especially those containing links or attachments. 💡 Use sandbox environments to safely analyze suspicious emails. 🔐 Regularly update and educate your team on phishing tactics and how to spot them. 𝗖𝗮𝗹𝗹 𝘁𝗼 𝗔𝗰𝘁𝗶𝗼𝗻: Let's stay vigilant and proactive in our fight against cyber threats. Review the provided list of IOCs to enhance your security posture and share this post to spread awareness. Stay safe and secure!
To view or add a comment, sign in
-
🚨 Alert: ONNX Phishing Service Targets Microsoft 365 Accounts at Financial Firms 🚨 A new phishing-as-a-service (PhaaS) platform called ONNX Store is targeting Microsoft 365 accounts of financial firm employees using QR codes embedded in PDF attachments. ONNX Store operates via Telegram bots and includes mechanisms to bypass two-factor authentication (2FA). Key Points: Platform: ONNX Store (rebranded Caffeine kit) Targets: Microsoft 365 and Office 365 accounts Method: Phishing emails with PDFs containing QR codes Lure: HR-related emails about salary updates Outcome: Captures login credentials and 2FA tokens, enabling account hijacking Analyst Insight: ONNX Store features: Telegram bot management Customizable phishing templates Encrypted JavaScript to evade detection Cloudflare services to prevent domain takedowns Four subscription tiers, up to $400/month Mitigation Tips: Block PDF and HTML attachments from unverified sources Block access to websites with untrusted or expired certificates Use FIDO2 hardware security keys for high-risk accounts Stay vigilant! Protect your accounts and educate your team about these sophisticated phishing tactics. 🔗 Learn more: https://lnkd.in/eyMZd8Vm #CyberSecurity #Phishing #Microsoft365 #ONNXStore #FinancialSecurity #StaySafeOnline
ONNX phishing service targets Microsoft 365 accounts at financial firms
bleepingcomputer.com
To view or add a comment, sign in
-
Threat actors are using the EvilProxy phishing service that can collect session cookies, which can be used to bypass multi-factor authentication (MFA) mechanisms, targeting Microsoft 365 accounts of key executives in U.S.-based organizations by abusing open redirects from the Indeed employment website for job listings. The sophistication and volume of attacks continues to increase. Your employees are woefully unprepared, despite attempts at awareness training. It's time for change! It's time for PhishCloud Inc. PhishCloud arms employees with the tools they need to clearly spot and avoid #phishingattacks, across all digital platforms – not just email – letting them Click with Confidence. PhishCloud gives your security team the real-time visibility and control they need to see and block #phishing attacks your employees see. And with real-time metrics, you no longer need to rely on simulations and reporting to understand your phishing risk. And PhishCloud delivers reality-based training that imparts real knowledge, not just awareness. www.phishcloud.com #technology #innovation #informationsecurity #phishingattackprevention https://lnkd.in/gNTnkdwK
EvilProxy uses indeed.com open redirect for Microsoft 365 phishing
bleepingcomputer.com
To view or add a comment, sign in
More from this author
-
Cybersecurity: A Tremendous Value Creation Opportunity for LMM PE Firms
Shay Colson, CISSP 1y -
Cybersecurity for Growth-Stage Companies: Start Sooner, Start Smaller
Shay Colson, CISSP 2y -
Private Equity Portfolio Companies: You Don't Need Cyber Insurance, You Need a Better Cybersecurity Story
Shay Colson, CISSP 2y