Page 9 - Threat Intelligence - 8-21-2019
P. 9

Social Engineering










              How phishing attacks trick our brains - It’s simple and effective: getting someone to click a
              malicious link in an email and enter private information such as a password is the most important
              skill in many hackers’ toolkits. Phishing is the most common form of cyberattack and still
              growing.And the reason it’s so effective, according to research being done at Google and the
              University of Florida, is that it takes advantage of how the human brain works—and, crucially, how
              people fail to detect deception, depending on factors like emotional intelligence, cognitive
              motivation, mood, hormones, and even the victim’s personality.

                      Source: https://www.technologyreview.com/s/614095/how-phishing-attacks-trick-our-
                      brains/



              These Legit-Looking iPhone Lightning Cables Will Hijack Your Computer - I plugged the Apple
              lightning cable into my iPod and connected it to my Mac, just as I normally would. My iPod started
              charging, iTunes detected the device, and my iPod produced the pop-up asking if I wanted to trust
              this computer. All expected behaviour.But this cable was hiding a secret. A short while later, a
              hacker remotely opened a terminal on my Mac's screen, letting them run commands on my
              computer as they saw fit. This is because this wasn't a regular cable. Instead, it had been modified
              to include an implant; extra components placed inside the cable letting the hacker remotely
              connect to the computer.

                      Source: https://www.vice.com/en_us/article/evj4qw/these-iphone-lightning-cables-will-
                      hack-your-computer



              New Phishing Campaign Bypasses Microsoft ATP to Deliver Adwind to Utilities Industry - The
              CofenseTM Phishing Defense CenterTM has observed a new phishing campaign that spoofs a PDF
              attachment to deliver the notorious Adwind malware. This campaign was found explicitly in
              national grid utilities infrastructure. Adwind, aka JRAT or SockRat, is sold as a malware-as-a-service
              where users can purchase access to the software for a small subscription-based fee.
                      Source: https://cofense.com/new-phishing-campaign-bypasses-microsoft-atp-deliver-
                      adwind-utilities-industry/



              Microsoft Warns of Phishing Attacks Using Custom 404 Pages - Microsoft security researchers
              discovered an unusual phishing campaign which employs custom 404 error pages to trick potential
              victims into handing out their Microsoft credentials.To do this, the attackers register a domain and
              instead of creating a single phishing landing page to redirect their victims to, they configure a
              custom 404 page which shows the fake login form.This allows the phishers to have an infinite
              amount of phishing landing pages URLs generated with the help of a single registered domain.

                      Source: https://www.bleepingcomputer.com/news/security/microsoft-warns-of-phishing-
                      attacks-using-custom-404-pages/






                                                    www.accumepartners.com
                                                                                                                     9
   4   5   6   7   8   9   10   11   12   13   14