LONDON, UK / ACCESSWIRE / May 18, 2022 /Egress, the leading provider of intelligent email security, today issued its mid-year 2022 threat report offering details of emerging vulnerabilities along with insights, from the Egress threat intelligence team, about protecting employees, customers, and businesses from these specific cyberattacks.
The full report, available here, provides comprehensive details about threats associated with scam cryptocurrency donations to war-torn Ukraine, email phishing attacks using LinkedIn to target jobseekers, a rise in sextortion phishing emails and zero-day exploits circulating on the dark web, targeting electronic voters as well as Facebook and Gmail users.
Scams Exploit Cryptocurrency-Based Ukraine Donations
Egress analysts have observed a surge in phishing attacks exploiting the war in Ukraine. Targeting individuals and organizations across the U.S. and the U.K., the emails impersonate display names and email addresses of well-known Ukrainian bodies. Examples include emails impersonating the Ukrainian Government asking for cryptocurrency donations to assist their war effort. Egress has located other emails impersonating the Ukrainian Ministry of Defence, the Aid for Ukraine charity, The United Nations, and Ukrainian President Volodymyr Zelenskyy.
"To succeed, these attacks must bypass email defenses and get a person to act, which relies on engendering emotional reactions to the needs of refugees and children," explained Jack Chapman, Vice President of Threat Intelligence at Egress. "If you choose to donate cryptocurrency to a cause, use a reputable source to verify its authenticity and only use publicly available cryptocurrency addresses."
LinkedIn Impersonation Targets Jobseekers
This email attack targets individuals and organizations in the U.S. and the U.K. using spoofed LinkedIn branding. It encourages targets to click on phishing links and enter credentials onto fraudulent websites, which are scraped when the victim believes they are logging in. Once the scam is completed, the victim is redirected to the real LinkedIn site, so they have no idea their credentials have been stolen and do not take remedial action such as changing their password.
"Current employment trends such as The Great Resignation help to make this attack more convincing by flattering jobseekers into believing their profile is being viewed and expertise is needed," said Chapman. "We advise organizations to examine their current anti-phishing security stack to ensure they have intelligent controls that engage and warn the user of the threat. Meanwhile, individuals should take extreme caution when reading notification emails that request them to click on a hyperlink, particularly on mobile devices."
Sextortion Phishing on the Rise
Egress researchers observed a 334% increase in sextortion attacks since March 2022. In these cases, sextortion-oriented phishing emails are targeting individuals and organizations across the U.S. and the U.K. through a variety of subject lines coercing victims to panic and click through for more information. Emails use emotive, threatening language to socially engineer their victim to extort payment. For example, one email states "I don't think this kind of content would be very good for your reputation". The attacks follow a similar format by stating the problem, threat, ‘solution', the deadline to comply, and futility of reporting the incident.
"Phishing attacks like these try to use our own psychology – especially shame, panic, and fear – against us," explained Chapman. "By providing a specific deadline, cybercriminals apply pressure on victims to comply quickly. Related to these scams our advice is simple – don't pay the ransom."
New Threats Target Electronic Voters, Facebook, and Gmail Users
This threat is targeting electronic voters as well as Facebook and Gmail users through zero-day exploits posted to Empire Market, a DarkWeb marketplace where exploits, phishing tools, and templates are available to purchase. Egress analysts found an electronic voting exploit for sale, which allows malicious software to be loaded onto voting machines. Another offers a way to take over a Facebook account through a password reset vulnerability to harvest victim information and make further phishing attacks more believable. A third exploit targets Gmail accounts remotely via a code injection allowing attackers to access accounts, regardless of two-factor authentication.
"New zero-day exploits are being discovered all the time," added Chapman. "Social media accounts contain a host of information about people, such as date of birth, geographic locations, mother's surname, and more. Our advice is to stay on top of the latest threats by keeping up with advice from your threat intelligence network."
The complete Egress Software Mid-Year 2022 Threat Report is available for download here. For further information and interview requests, please contact PR@egress.com.
Our mission is to eliminate the most complex cybersecurity challenge every organization faces: insider risk. We understand that people get hacked, make mistakes, and break the rules. To prevent these human-activated breaches, we have built the only Human Layer Security platform that defends against inbound and outbound threats. Using patented contextual machine learning we detect and prevent abnormal human behavior such as misdirected emails, data exfiltration, and targeted spear-phishing attacks.
Used by the world's biggest brands, Egress is private equity backed and has offices in London, New York, and Boston.
View source version on accesswire.com:
Shareholders in Vecima Networks Inc. ( TSE:VCM ) may be thrilled to learn that the analysts have just delivered a major…
Usually, when one insider buys stock, it might not be a monumental event. But when multiple insiders are buying like…
Investors who take an interest in Interfor Corporation ( TSE:IFP ) should definitely note that the Senior VP & CFO…
Yara International ASA Chief Executive Officer Svein Tore Holsether discusses food supply chain disruptions and the impact of higher gas prices. The CEO told Bloomberg's Anna Edwards we need "much more regional models to avoid these kinds of disruptions." He speaks on "Bloomberg Markets: Europe."
WASHINGTON (Reuters) -Federal prosecutors on Tuesday sought to portray an attorney who formerly worked for Hillary Clinton's 2016 presidential campaign as a privileged, high-powered person who abused his connections with the FBI in a bid to harm former President Donald Trump's campaign just weeks before the election. In opening arguments in a federal court in Washington, prosecutor Brittain Shaw told a jury that attorney Michael Sussmann misled the FBI about who he represented when he met with the bureau's top lawyer on Sept. 19, 2016, to provide a tip alleging internet communications between Trump's business and a Russian bank. "The evidence will show that this is a case about privilege – the privilege of a well-connected D.C. lawyer with access to the highest levels of the FBI," Shaw said, adding that Sussmann abused his connections to "use the FBI as a political tool."
Investing in stocks comes with the risk that the share price will fall. And there's no doubt that Bitfarms Ltd…
For beginners, it can seem like a good idea (and an exciting prospect) to buy a company that tells a good story to…
Skyworks Solutions, Inc. ( NASDAQ:SWKS ) stock is about to trade ex-dividend in 4 days. The ex-dividend date is usually…
Worried about the privacy of your health data? It's a pressing question, especially for a post-Roe world.
Today is shaping up negative for Auxly Cannabis Group Inc. ( TSE:XLY ) shareholders, with the analysts delivering a…
(Bloomberg) — Buyout firm KKR & Co. has acquired a majority stake in Alchemer, a provider of customer experience and consumer data collection services, with money from its recently launched Ascendant fund focused on midsize companies.Most Read from BloombergWalmart Flashes a Warning Sign to the Entire Consumer EconomyStocks Sink on Earnings, Growth Fears; Bonds Gain: Markets WrapElon Musk Has a Bigger Problem Than Twitter Bots: A Huge Debt BurdenOnetime Richest Singapore Tycoon Has Lost 80% of
Last week, Tommy Hilfiger introduced its "Classics Reborn" Summer 2022 global campaign, photographed by Craig McDean, and tapped Shawn Mendes to model the 1985 Program collection
The Tesla chief executive’s comments followed the removal of his company’s stock from an index that tracks environmental, social and governance principles.
Biggest ever crypto collapse attracts conspiracy theories
This makes Dogecoin a top-10 cryptocurrency by market cap, despite the fact that the meme coin offers little in the way of utility. Here are three cryptocurrencies that currently have just a fraction of the valuation of Dogecoin, but that could far surpass it one day based on their growth prospects and the exciting ecosystems they are building on their platforms. While Hedera may not have the valuation or the notoriety of Dogecoin, it is quietly building up its use cases and applications.
The mental-health startup said it named David Mou as its new chief executive officer, as the company faces a federal probe of its prescribing practices.
The use of exchanges doesn’t change the brute fact.
(Bloomberg) — A group of Democratic senators has asked the Federal Trade Commission to investigate whether identity verification company ID.me illegally misled consumers and government agencies over its use of controversial facial recognition software.Most Read from BloombergWalmart Flashes a Warning Sign to the Entire Consumer EconomyStocks Suffer Steepest Rout in Almost Two Years: Markets WrapPlotkin Shuts Melvin Hedge Fund Left Reeling by Redditor AttackTarget and Walmart’s Deep Pain Could B
The remote workers allegedly aim to help fund Pyongyang's advanced weapons programmes.
Unable to displace the dollar, crypto became just another asset without traditional asset markets’ guardrails.