As emails continue to remain the primary mode of business communication, they also are threat actors’ favorite means to wreak havoc on organizational information assets. Following are some of the recent incidents where attackers bypassed common email security standards and targeted users.
Netflix Phishing Emails are Up By 78%
Security researchers warned that corporate accounts might be at risk after they noticed a 78% rise in email impersonation attacks posing as the Netflix brand since October. If employees used the same credentials for Netflix as their work accounts, such campaigns could imperil corporate data and systems, warned researchers.
The group behind the phishing campaign used Unicode characters to bypass NLP (natural language processing) scanning in traditional anti-phishing filters.
“Unicode helps convert international languages within browsers – but cybercriminals can use it for visual spoofing where they exploit international language characters and make a fake URL look legitimate,” researchers wrote.
For example, hackers can register a phishing domain ‘xn–pple-43d.com,’ which the browser will translate to ‘аpple.com.’ It is known as a homograph attack. Emails also use Unicode in sender display names like “help desk” and “Netflix.” But the cybercriminals didn’t stop there.
“They used other obfuscation techniques like breaking up the text into non-identifiable characters, using different language characters and white on white text to break the NLP‘s perception,” the researchers and security vendor Egress said. “For example, a machine will read two simultaneous V characters as two Vs. But to a skim-reading person, VV looks like W.”
The campaign targeted users primarily in the US and UK.
“The issue concerns organization because if an employee’s credentials are compromised, and they use the same passwords for work accounts, the complete organization can get jeopardized,” Egress concluded.
The vendor further highlighted the requirement for advanced anti-phishing tools.
“These are sophisticated attacks, and you can’t merely rely on training and the human eye,” it added.
Ten Individuals Charged in $11m Healthcare BEC Plots
Ten individuals were charged with money laundering and business email compromise (BEC) offenses. They defrauded Medicare, Medicaid, and private health insurance programs for over $11m. The charges relate to seven Georgia and South Carolina individuals who used stolen credentials to open bank accounts for shell companies.
According to the DoJ (Department of Justice), the fraudsters ran schemes to trick employees working in the private and public health insurance programs into sending funds to these accounts, thinking they were hospitals.
The attackers conned two Medicare administrative contractors, five state Medicaid programs, and two private health insurers in this way. They used some funds to buy automobiles and luxury goods, and the three remaining defendants laundered the remaining through bank accounts registered with fake or stolen identities.
One of the ten convicts, Adewale Adesanya, 39, of Georgia, pleaded guilty in June to using a false passport and conspiracy to commit money laundering. Adesanya received a four-year prison term for laundering over $1.5m from BEC schemes targeting the Small Business Administration (SBA), Medicaid programs, the IRS, and a private company.
Nine individuals await trial and, if found guilty, can face a maximum sentence between 20-30 years. “The allegations depict a brazen effort for siphoning funds, in part, from essential healthcare programs for personal gain,” said Christian Schrank, deputy inspector general for investigations, US Department of Health and Human Services Office of Inspector General (HHS-OIG).
A Cyber-Attack Leaves Canadian Schools Without Access To Emails Or Emergency Contact Information
The Durham District School Board (DDSB) said it was recovering from a ‘cyber-incident’ that left schools without access to email or phone services and emergency contact information.
The school board sent a letter to parents and guardians that they immediately took steps to secure their network as soon as they learned about the incident. The letter further said that in-person schools will remain open, but “all DDSB phone and email services are out of service, and schools may not be able to access emergency contact information.”
The school board asked parents and guardians to share temporary emergency contacts with their children and send them to school.
The letter says that schools will take manual attendance and not contact parents and guardians if their child is absent.
The letter also mentions that it canceled all ‘DDSB@Home’ classes and literacy tests while warning that the student Chromebooks will not work. The DDSB said schools “are taking measures to ensure safe operation,” adding that community and childcare services use of the schools will continue.
There is no further information regarding the apparent cyber-attack’s nature or when the service access will get restored.
Hackers Access Radio Free Asia Email Server, Leak Personal Data of Nearly 4,000 People
A US government-sponsored news outlet Radio Free Asia announced a breach that targeted almost 4,000 people. It leaked troves of personal information, including passport, Social Security numbers, and financial data.
RFA filed documents with Maine’s attorney general, saying the hack occurred on June 17, and RFA discovered it on June 28. The hack affected at least 3,779, which included the theft of driver’s license numbers, addresses, medical information, health insurance information, and “limited financial information.”
“The incident came to light on June 28, 2022, indicating unauthorized access to our email system. Immediately following the detection and responding quickly, we took RFA systems offline and took swift measures to contain and address the incident. It included engaging data security and privacy professionals, launching an investigation, changing passwords, working with law enforcement, and migrating to a cloud-based email environment,” RFA said in a letter to victims.
“According to the investigation, the unauthorized access was from a service provider’s vulnerability exploit, unknown to RFA at the time of compromise.”
Victims were offered Equifax two years of credit monitoring. Although RFA did not respond to queries, spokesperson Rohit Mahajan said hackers never contacted them. He added that RFA notified the US Congress, the United States Agency for Global Media, and the Email security and Infrastructure Security Agency.
RFA covers news on several Asian countries like China, Myanmar, Laos, North Korea, Cambodia, Vietnam, and more. It is among the handful of news outlets attacked this year, including The Wall Street Journal, Fast Company, New York Post, and Nikkei.
While a multi-layer approach to cybersecurity may prove to be most effective, it is not enough to simply rely on one spam filtering tool or an antivirus solution, as evident from the incidents above.
For better security, individuals and organizations must leverage multiple email filtering layers. As a website owner, you must ensure that your customers or visitors only see the emails that you send. Hence, implementing authentication measures such as DMARC is a necessity for all domain owners in today’s times.