The cybersecurity firm released its findings from the first few days of the conflict, finding that attacks against Ukraine far outweighed any other region, as the same sectors globally and in Russia did not show a similar increase.

Cyber attacks against Russian organizations increased by 4%, compared to the same days in the previous week, according to data from Check Point.

Compared to the Ukraine, the overall number of cyber attacks per organization increased by .2%. Regions across the world are experiencing a new decreases in cyber attacks per organization, the company says.

Interestingly, cyber attacks against the U.S. and North America have declined 12% and 13%, respectively, despite both the U.S. and Canada taking part in sanctions against Russia and supplying aid to Ukraine.

Read Next: Cybersecurity Experts: Ukraine, Russia Crisis Could Result in U.S. Cyberattacks

Increase in Phishing Emails  

Check Point also notes phishing emails in Russian and Ukrainian languages have increased by seven times. A third of the malicious phishing emails were directed at Russian recipients sent from Ukrainian email addresses, either real or spoofed.

Check Point says it is also observing an increase of fraudulent emails taking advantage of the situation, luring recipients to donate money to fake-Ukrainian aide organizations to gain financial profit.

WhisperGate & HermeticWiper Malware

The Cybersecurity and Infrastructure Agency (CISA) and the FBI issued a joint advisory on the destructive malware,  WhisperGate and HermeticWiper, both used to target organizations in Ukraine. The malware is capable of destroying computer systems and rendering them inoperable. It targets Windows devices, manipulating the master boot record, displays a fake ransomware note, and encrypts files based on certain file extension, which results in subsequent boot failure, according to SentinelLabs.

CISA and FBI notes that there is no credible threat to the U.S. at this time, but urges organizations to assess and bolster its cybersecurity.

How to Spot a Phishing Email

With any phishing email, it is imperative to look for the following, according to Check Point:

1. Fake domains
2. Unusual attachments
3. Incorrect Grammar or tone
4. Suspicious requests

The post Cyber Attack Trends Amid Russia-Ukraine Conflict appeared first on My TechDecisions.

The social engineered attacks are designed to look like a legitimate email from Zoom mimicking existing business workflows. Attackers will use the Zoom email address, “Zoom Communications” and include similar words as a real invite, such as [External] Zoom Meeting 11:00 AM Eastern Time [US and Canada].

When users click on the link to start meeting, it opens to a login screen for Microsoft Outlook, where unsuspecting victims enter in their credentials, the email security company says in a blog.

“The email attack bypassed native Microsoft email security controls. Microsoft assigned a Spam Confidence Level (SCL) of ‘-1’ to the emails; meaning the emails skipped spam filtering because Microsoft determined they were from a safe sender, to a safe recipient or were from an email source server on the IP Allow List,” writes Lauryn Cash in the Armorblox blog post.

The email is deceptive in that it mimics day-to-day business workflow. It’s habitual for users to simply click on “Start Meeting.”

Recommendations

According to Cash, organizations should take these actions to prevent compromise from this attack and similar ones:

• Use built-in email security with layers.
• Employees should always be watchful of social engineering cues. “Our brains have been trained to quickly execute on the requested actions. It’s best to engage with these emails in a rational and methodical manner wherever possible,” writes Cash. A good best practice is to perform an “eye test” on the email received that includes inspecting the sender name, email address, language within the email and any logical inconsistencies within the email.
• Follow multifactor authentication and password management best practices and always remember not to use the same password on multiple sites or accounts. Use a password management software to store account passwords and avoid using passwords that include publicly available information, such as date of birth, or generic 123 passwords.
• As always, continue to educate and train employees on phishing emails, such as looking for visible warning signs like poorly written emails, wrong signature lines or incorrect email addresses.

The post Double Check That Zoom Meeting Invite Before You Click ‘Start Meeting’ appeared first on My TechDecisions.

Twenty-three percent of all brand phishing attempts were related to DHL, up from just 9% in the previous quarter, according to Check Point Research’s latest Q4 brand phishing report.

Meanwhile, Microsoft only accounted for 20% of all phishing attempts in Q4 versus 29% in Q3. FedEx appeared in the top ten list for the first time in Q4 2021. Check Point Researchers concluded this as a direct result of threat actors trying to target vulnerable online shoppers through the holiday season as the pandemic remained a key concern.

WhatsApp came in third behind DHL and Microsoft in a global list of top targeted brands. The social messaging app, owned by Facebook, moved from 6th position to 3rd, representing 11% of all phishing attempts worldwide, according to Check Point Research.

Related: IT Is Losing The Phishing Fight

In a brand phishing attack, criminals will imitate the official website of a well-known brand by using a similar domain name or URL and web-page design to the genuine site. The link to the fake website can be sent to targeted individuals by email or text message, a user can be redirected during web browsing, or it may be triggered from a fraudulent mobile application. The fake website often contains a form intended to steal users’ credentials, payment details or other personal information.

Below are the top brands ranked by their overall appearance in brand phishing attempts:

DHL (related to 23% of all phishing attacks globally)
Microsoft (20%)
WhatsApp (11%)
Google (10%)
LinkedIn (8%)
Amazon (4%)
FedEx (3%)
Roblox (3%)
Paypal (2%)
Apple (2%)

The post The Most Imitated Brands in Phishing Attempts appeared first on My TechDecisions.

With work and home increasingly blurring amid the COVID-19 pandemic, Sailpoint set out to determine how users behaviors when conducting these activities could put a target on the organization’s back for a cyber attack or data breach.

At least 44% of respondents reported the number of phishing messages they’ve received is up year-over- year. The survey notes glaring generational differences when it comes to behaviors that are putting Baby Boomers, Gen X, Millennials and Gen Z and their employees at risk.

Email is a requirement to create any kind of online account including social media profiles. While social media sites are traditionally meant for personal use, the survey found that Gen Z (77%) and millennials (55%) are using corporate emails for their social media logins, compared to just 15% of Gen X and 7% of Baby Boomers. More than half a billion Facebook accounts were stolen in April, according to Business Insider. The survey notes risk is on the rise with new potential doorways being opened every day.

Related: Top Malicious Email Phishing Techniques Used By Cybercriminals

The holiday season presents greater corporate threats from younger generations the report says. Nearly one in three workers say they use their corporate email for online shopping; Baby Boomers are the least likely to engage in these activities. At least 39% have received a phishing message impersonating a retailer and 22% have received a message impersonating a marketing email.

The survey also notes that Baby Boomers are more well equipped to deal with phishing email; at least 94% are confident in their ability to detect a phishing message, while only 29% know how to appropriately react to a phishing email by forward it to IT.

When asked on how they would respond to a suspicious looking email with a link or attachment, 46% of Gen Z respondents said that they would open the link or attachment compared to just one percent of Baby Boomers, 29% of Millennials and 4% of Gen X said they would open the link or attachment.

“Over the last year and a half, we’ve seen countless, high-profile cyberattacks, stemming from email activity, that have brought organizations – like retailers, currency exchanges, and healthcare organizations – down to their knees,” said Heather Gantt-Evans, CISO at SailPoint in a statement.

“By using corporate email for personal use, employees are inadvertently expanding the threshold for malicious actors to enter a corporate network, completely unnoticed. As demonstrated by the data, most don’t know what to do if they see suspicious activity, but with proper education and training, we can deter these types of events to ensure business remains operating as usual,” she said.

The post SailPoint Survey: Generational Differences Exist Between Corporate Email Use & Cybersecurity appeared first on My TechDecisions.

After a year-long investigation, Microsoft 365 Defender Threat Intelligence Team discovered an unknown cybercriminal group was harvesting user credentials via an invoice-themed XLS.HTML phishing campaign.

The HTML attachment included JavaScript files used to steal passwords, which were then encoded using different mechanisms. The attackers moved from using the plaintext HTML code to employing multiple encoding techniques like Morse code. The operators kept changing their encryption mechanisms every 37 days on average, according to Microsoft.

The attachment is comparable to a jigsaw puzzle; segments of the HTML file may appear harmless at code level and may slip past conventional security solutions. “When the segments are put together and properly decoded does the malicious intent show,” writes Microsoft in a blog post.

Related: Ivanti: IT Is Losing The Phishing Fight

The XLS.HTML phishing campaign sent emails mimicking financial-related business transactions, such as a payment advice. The attachment is an HTML file, but the extension is modified using a variation of Excel like type files; xls.HTML, xslx.HTML, Xls.html, etc.

Unbeknownst victims are prompted to open the excel file. Once it’s opened, a browser window will display a fake Microsoft 365 dialog box to enter credentialed information, such as email address and password.

If the user enters their credentials, they’ll receive a fake note that the password is incorrect. Meanwhile, the phishing scheme is running in the background harvesting the password and other information about the user.

Microsoft recommends IT teams should perform the following to reduce impact of this phishing attack:

• Use mail flow rules or Group Policy for Outlook to strip .html or .htm or other file types that are not required for business.
• Turn on Safe Attachments policies to check attachments to inbound email. Enable Safe Links protection for users with zero-hour auto purge to remove emails when a URL gets weaponized post-delivery.
• Avoid password reuse between accounts and use multi-factor authentication (MFA).
• Educate end users on phishing tactics as part of security or phishing awareness training.

Additionally, you can look for alerts within the Microsoft 365 Security Center for emails delivered with xslx.html/xls.html attachments.

To locate specific attachments related to this campaign, run the following query:

// Searches for email attachments with a specific file name extension xls.html/xslx.html
EmailAttachmentInfo
| where FileType has “html”
| where FileName endswith_cs “._xslx.hTML” or FileName endswith_cs “_xls.HtMl” or FileName endswith_cs “._xls_x.h_T_M_L” or FileName endswith_cs “_xls.htML” or FileName endswith_cs “xls.htM” or FileName endswith_cs “xslx.HTML” or FileName endswith_cs “xls.HTML” or FileName endswith_cs “._xsl_x.hTML”
| join EmailEvents on $left.NetworkMessageId == $right.NetworkMessageId
| where EmailDirection == “Inbound”

The post Hackers Used Morse Code In This Phishing Attack appeared first on My TechDecisions.