193% increase in PDF Phishing Detections indicate Phishing to still be a prime threat vector
By Shawn Pope
In Nuspire’s quarterly threat landscape report, three main vector datasets; Malware, Botnets, and Exploits are analyzed to identify the most prolific and prevalent threats throughout the quarter. The most prevalent malware identified in this quarter was PDF Phishing scams, which had a 193% increase in detections where fraudulent emails invite recipients to view or download a document in Microsoft OneDrive.
This trending phishing campaign indicates that these phishing scams are a prime threat vector for any business in any industry, and can easily go undetected, which can be costly for any organization. Given the current landscape identified in the quarterly threat report, this rise in malware, exploits, and botnets are likely to continue to grow and become more complex.
In this phishing campaign, fraudulent emails were sent to recipients to encourage them to view or download a document in Microsoft OneDrive. The link in the email directs the user to an authentic-looking OneDrive login designed to harvest their credentials. Once the credentials have been collected, the user is redirected to the real Microsoft page. With the victim’s credentials in hand, the attacker can do many things such as identity theft, financial loss on the user or business, prevent users from accessing their own accounts or launch additional business email compromise attacks.
This phishing campaign could affect numerous industries and can target any individual within an organization. 30% of the most targeted phishing attacks were directed at generic email accounts, which are typically shared by two or more employees within an organization. Generic addresses like ‘firstname.lastname@example.org’ can be valuable to attackers because they reach multiple targets, they are easy to obtain and usually public-facing, and they are harder to protect with multi-factor authentication due to multiple people monitoring the account.
What to Do
Malware comes in all shapes and sizes. It can be email attachments, fraudulent websites, or even malicious files. Mitigating this threat can be done in several ways via spam email filters, endpoint protection, and even a Next-Generation Firewall (NGFW) with support for AV detection and mitigation. As with all things in IT, two is one and one is none. A layered security approach should be a priority for every corporation. In addition, it is always important to educate employees on security best practices. Businesses can mitigate phishing scams like the PDF phishing campaign when employees are regularly trained on these types of threats.
Other Trending Threats
And while Phishing scams are a huge threat, there were a handful of other threats identified in the report that are currently trending and targeting businesses like yours;
- A surge in Remote Code Execution (RCE) attacks from two ThinkPHP RCE vulnerabilities that signify attackers are continuing to actively scan for vulnerable systems
- Continual decrease with the banking trojan Emotet, however, researches are confident that it will resurface with new tactics to go undetected
- 58% increase in Andromeda activity
- Sora tops the list with most botnet activity detected, with nearly doubling Andromeda activity
- Continued increase in DoublePulsar as noted in last quarter’s threat report
- Necurs botnet reappears. First identified back in 2012, Necurs was identified as one of the most prevalent botnet activities found this quarter
All findings in Nuspire’s quarterly threat landscape report indicate just how innovative cybercriminals are when it comes to changing their tactics. As mentioned in the report, even though some key findings slowly began to diminish, security experts are confident they will reappear with new tactics and techniques in order to avoid detection, which is why a fully managed security program is the most credible option to remain secure.
To access the full Threat Landscape Report, visit https://www.nuspire.com/resource-library/quarterly-threat-landscape-report/
About the Author
Shawn Pope, Security Analyst at Nuspire, a managed security services provider for companies in the automotive, industrial and healthcare sectors. For more information, visit www.nuspire.com