Public cloud infrastructure has become cybercriminals’ one of the favorite attack surfaces, due to the convergence of technology and tech-enabled devices. Researchers have recently warned about a minimum of three massive phishing campaigns targeting the users in public cloud servers.
The Campaigns
Cybercriminals have managed to hog the headlines on numerous occasions using various innovative tactics, involving comprehensive and multi-pronged attacks.
- Cybercriminals were using open redirector domains and subsidiary domains belonging to multiple global brands in recent phishing campaigns. Brands such as Microsoft and Google were used to target users by hosting fake Office 365 login pages.
- Phishers were tricking individuals into clicking malicious links in another campaign that was related to the U.S. President’s Covid-19 illness to download loaders (such as BazarLoader backdoor trojan) associated with ransomware attacks.
- In another wave of attacks, threat actors were seen deploying socially engineered landing pages with layers of CAPTCHA-based verification to trick the victims.
Some other threats
In the month of October, several cybercriminals were observed executing sophisticated phishing campaigns.
- Muddywater, an Iranian APT group, was identified using phishing emails as a primary vector to carry malicious decoy documents (Excel or PDF) that, when opened, would download and install PowGoop malware from the hackers’ servers.
- Trickbot operators were also seen executing phishing attacks that would utilize the BazarLoader Trojan to deploy the Ryuk ransomware on high-value targets.
The evolving, sophisticated, and destructive strategies of cybercriminals prove to be a hindrance to the growth of an organization. Our internal experts recommend organizations and individuals to pay close attention to the red flags, deploy spam filters, antivirus, web filters, encryption, and monitoring tools.
To read more, please check eScan Blog
