Attackers are using a new evasion technique that exploits user information included in website address.
Attacks leveraging the BYOB framework for fraudulent activity in the wild has been around for a few years now. We believe that the cyber security community can expect to see much more of this as more “script kiddies” discover the BYOB tool. What is BYOB (Build Your Own Botnet)? In today’s cyber security world, the […]
Attackers are using a Microsoft verified app, abusing OAuth request links in order to gain full control of the victims’ mailbox. The spear phishing attack is specifically targeting CISOs and other administrator-level users in the organization.
Beware of Trending Phishing Attacks Spoofing Financial Institutions that Combine URL Evasion and Geofencing Techniques
Perception Point recently detected multiple high-volume phishing campaigns in which the attackers are using URL evasion and geofencing techniques while spoofing a variety of worldwide banking institutions, notably Standard Bank, Banco Bradesco, and Citizens Financial Group Inc.
In this blog post, our Incident Response Team analyzes the attack chain of a FormBook malware campaign that recently targeted one of our customers by email.
A Spear Phishing Attack Campaign Spoofing Leading Email Clients Including Microsoft, Gmail, WebMail, and WorldClient
In this sophisticated spear phishing campaign, attackers, using social engineering techniques, attempted to lure unsuspecting victims to enter their login credentials to fake login portals impersonating Microsoft, Gmail, WebMail, and WorldClient and were conducted en masse to achieve their goals.
A sophisticated fraud impersonates Geek Squad and convinces victims to phone their “call center” and provide the attackers access to their computers
Why Advanced Phishing Protection is Needed: Attackers Are Using Salesforce’s Mass Email Service to Perpetrate Phishing Attacks
A sophisticated phishing attack spoofing the Israeli Postal Service and leveraging Salesforce mass email service for malicious purposes.
Perception Point’s advanced email security service managed to intercept thousands of attack emails impersonating DocuSign, utilizing the Hancitor Malware. The following blog details this alarming attack.
The Perception Point IR Team found a major increase (250%) in the number of Netflix Phishing scams this quarter compared to last quarter.
A unique example of an Account Takeover (ATO): an “injected” email turns out to be an attempt to insert malware as part of a “normal” email correspondence. This is great evidence for the ultimate social engineering attack, showing how attackers are ever evolving, and that everyone needs account takeover protection.
While it is a known fact that phishing, BEC, and collaboration-tool based attacks are becoming more and more prevalent, it is even more interesting to see all three trends within one attack. In the attack described below, we see BEC, Spear Phishing & Collaboration Examples and how the attacker combines common impersonation techniques with the […]
A detailed, to-the-point analysis of the most phished brands in email attacks and the importance of asset-based protection as c. 50% of attacks are actually related to the targeted company and its stakeholders.
Perception Point has once again discovered a new attack trend hitting our clients. Perception Point intercepted this new attack campaign through its Advanced Cloud Storage Security solution. In this attack, we will show how attackers are leveraging OneDrive in order to evade detection and take advantage of a new attack vector.
In the following incident, it is very interesting to see how the attackers have improved their messaging and framework significantly to try trick the end-users. Just in the design there are several aspects to point out that are used to lure the end-user to follow the path as set by the attacker: Display name spoofing: […]
Perception Point continues to bring you the latest in coronavirus-themed attacks, trying to show you the wide variety that we see daily. In the following update, one can see that attackers have been improving their messaging and are using the pandemic as a “background story” to the ongoing business handled between them and the targets. […]
In this update, we will show how attackers are leveraging Slack referrer URL in order to lead victims to phishing pages, thus evading legacy solutions.
As the Coronavirus continues to keep organizations world wide working remotely, Perception point continues to see more and more “COVID-19” themed attacks. As always, they are improving in their sophistication and evasion. Below is an overview of 2 new attacks caught by our system, with an in-depth malware analysis of one of the campaigns
Today’s blog shows an interesting change in the way attackers act. Unlike previous incidents we published, this report lays out Coronavirus-themes attacks which are not originated from email but though other collaboration channels, such as cloud storage platform and files shared in internal networks. This shift demonstrates how attackers have been evolving and how they look for new ways into their targets.
The following attack presented in this report is only one of many our system has prevented in the last couple of weeks. It is now being used extensively in COVID-19 campaigns. In this example, we show how the malware operates and present the execution chain. We welcome you to contact us to discuss this attack […]
Overview. Due to the sudden remote-work situation, IT teams are deploying VPN’s for all their employees in order to ensure business continuity. VPN is one of the necessities of almost every company, even more so now. Attackers understand this new situation and as a result, are using it to their advantage. The attacker sends an […]
Today’s report includes two attacks – a phishing using a spoofing technique and a malicious archived .exe file. Each of these attacks show how the attacker gathers intelligence on their targets. CISO’s and security experts must always be on top of the recent trends and make sure their security vendor knows how to stop these new attacks.
Perception Point continues to see more coronavirus-themed attacks, which seem to continuously increase by the day. Some of these campaigns have added new levels of complexity, such as the use of evasion techniques, as well as evolving with the attack story line itself. In the following update we collected three new attack campaigns and one […]
Over the last few days, Perception Point’s system has detected an increasing number of incidents that are attempting to steal GitHub user credentials. In this specific attack below, it appears that the attacker acquired a new domain that looks like GitHub: https[:]//glthubs.net. We strongly advise security experts to blacklist this domain as it is currently still active. […]
Perception Point continues to see more coronavirus-themed attacks, which seem to increase in quantities and improve in quality, by the day. In the following update we collected 3 different phishing attacks which demonstrate how attackers have evolved. We would like to highlight the “Key notes” for Phishing Campaign #2. These insights give CISOs and security experts additional […]
In this blog we provide COVID-19-themed cyberattack examples, focusing on COVID-19 malware attacks and phishing attempts.
In this post we provide examples of COVID-19 campaigns, caught by our advanced threat detection platform and analyzed by our IR team.
In this post, we discuss some of the COVID-19 phishing campaigns caught by our anti-phishing engine and analyzed by our IR team.
In this blog, we will show how attackers take their creativeness to the next level by leveraging Google services in order to orchestrate new types of phishing attacks.
Learn about a BEC scam comprised of two layers: spoofing a user’s email address and a phishing attempt to get Office 365 log-in credentials.
Learn how Perception Point detected a widespread phishing attack campaign by noticing the common factor of G Suite account tools usage.
Learn more about BEC (Business Email Compromise), an impersonation-based attack leveraging social engineering techniques.
Learn how we intercepted an email thread that combined popular attack vectors: impersonation, encrypted archive, and a malicious macro.
Learn about the widespread attack in which users first receive an email from an external source requesting an updated Statement of Account.
Learn how attackers take an email address and insert it into the account name so users believes the site is legitimate in a recent campaign.
Learn how we intercepted a RTF document that leverages CVE-2017-8570, the “Composite Moniker”, a document containing an “ole object”.
In this post we discuss how a cyber attack involving malicious macro code was disguised as a CV delivered via email.
Learn how the Fibonacci backdoor infection process grants an attacker control to remotely execute commands through malicious email.
Learn how a fax attack tricks employees into click on a phishing link by leveraging known cybersecurity service, EFax.
In this post we discuss how Perception Point protects against highly advanced threats like APT28 (Fancy Bear).
Learn how Perception Point’s advanced threat detection platform caught an advanced attack (CVE-2017-0199) delivered via a malicious document.
In this post we discuss a phishing technique that tricks users into thinking an image of the attached file can be opened in snapshot mode.
In this post we discuss how the main aspect of hijacking is using a legitimate user’s email account in order to deliver malware.
We discuss how attackers use a legitimate user’s email account and macro code to deliver malware as the response to an existing email thread.
This incident analysis report provides a detailed understanding of an attack and the damage that macro commands could have caused. Read more.