According to Akamai analysts, the attacks have been running since mid-September and have focused on Halloween and labor day.
The phishing kit uses a bypassing approach and avoids targeting non-targets by using systems. ..
The kit uses a token-based system that makes sure that each target is re-directed to a new phishing page URL. To add to this, the basic idea around these phishing e-mails to potential victims is the chance to win a gift from a trusted brand.
The links in the email don’t give any warning signs as they take to the phishing websites several redirections, and at the same time, URL shorteners hide most URLs.
The perpetrators exploit cloud services to access sensitive data, bypassing security systems.
The website promises a prize to anyone who completes a short survey after visiting the phishing website. The timer ensures that those taking the survey are motivated to finish it quickly. ..
A Mirai RapperBot malware attack has been reported against online game servers, resulting in the infiltration of the systems with a DDoS attack. This malicious software is capable of taking over a server and causing it to crash, leading to the theft of user data and money.
Some of the brands that the attackers imitate include Delta airlines, Sports goods company Dick’s, Tumi (which makes luggage), and wholesale clubs Costo and Sam’s club. To make the phishing attack more successful, the attackers used fake people reviews showing off the received prizes. ..
The attackers used fake reviews to make the phishing attack more successful.
The winners of the prize are then asked to pay for shipping, and for that, they need to fill in their card details naturally. There are no prizes to be shipped, but rather the payment card details are stolen by malicious actors.
According to security firm Akamai, 89% of users visiting phishing domains are from the United States and Canada. Additionally, based on the user’s location, the phishing domain takes them to a different phishing website which imitates the local brand available there. ..
The attacker used a different anchor tag in each of the emails to create a unique URL that was used to redirect the user to a phishing page.
Russian hackers have attacked Ukrainian organizations with a ransomware virus, causing widespread damage. The virus encrypts files and demands a ransom in order to free them. If not paid, the files can be lost forever.
Akamai has warned that values after the HTML anchor in a web page will not be sent to the servers, yet this value is still accessible by JavaScript code running on the victim’s browser. ..
The problem with the Phishing scam is that the values placed after the HTML anchor might be disregarded or missed by security systems that are verifying whether these are malicious or not. Similarly, the value will also be missed by traffic inspection tool.
The security tools and inspection systems miss this token, so this does not create any risks for the attacker. Instead, it helps to keep away researchers, analysts, unwanted traffic, and random people from the phishing landing page. ..
The tokens can be used to track victims, attack performance, etc.
The threat posed by the North Korean government is very real and it is important that we take all possible measures to protect ourselves from its threats.
Qualcomm today announced its latest flagship SoC, the Snapdragon 8 Gen 2. The new chip is designed to deliver improved performance and battery life in a variety of devices. The Snapdragon 8 Gen 2 is based on the latest 10nm manufacturing process and features an upgraded Kryo 280 CPU and Adreno 630 GPU. It also supports Quick Charge 4+ and has support for both 5G and AI capabilities. The Snapdragon 8 Gen 2 is expected to be available in early 2019. ..