Page 9 - Threat Intelligence 9-24-2019
P. 9

Social Engineering













        Microsoft Phishing Page Sends Stolen Logins Using JavaScript. A new landing page for a Microsoft account
        phishing scam has been discovered that utilizes the SmtpJS service to send stolen credentials via email to the
        attacker. There is nothing special about the appearance of the Microsoft account phishing page shown below
        that was discovered by MalwareHunterTeam. It’s your standard Microsoft login template that will ask you for
        your Microsoft credentials and then tell you that the submitted credentials are incorrect. When users submit
        their credentials in phishing scams like this, the page typically saves them to a database for retrieval later or
        uses a backend script to send them off to the attacker.
                Source:  https://www.bleepingcomputer.com/news/security/microsoft-phishing-page-sends-stolen-
                logins-using-javascript/



        Governments still struggling to contend with weaponized social media platforms. A report from a former
        NSA operative says countries across the world are still adjusting to the new reality of sophisticated
        cyberwarfare. Since the 2016 US Presidential Election, social media platforms have been more proactive about
        addressing security gaps and stopping the kind of state-run psychological operations that were endemic over
        the last decade. Despite their efforts to focus on security, experts say these kinds of digital psychological
        operations by governments are evolving in ways that will require sophisticated, multi-pronged security efforts.

                Source: https://www.techrepublic.com/article/governments-still-struggling-to-contend-with-
                weaponized-social-media-platforms/



        U.S. taxpayers hit by a phishing campaign delivering the Amadey bot. Security experts at Cofense uncovered
        a phishing campaign that is targeting taxpayers in the United States attempting to infect them with a new
        piece of malware named Amadey. The Amadey bot is a quite simple piece of malware that is available for hire
        for cybercriminals. Experts revealed that the botnet was used by the TA505 cybercrime gang to distribute the
        FlawedAmmy RAT and some email stealers. The phishing messages used in this campaign purport to be from
        the Internal Revenue Service (IRS), they claim that the recipient is eligible for a tax refund. In classic social
        engineering attack, the phishing message presents a “one time username and password” to the victims and
        urges the user to click the “Login Right Here” button.

                Source: https://securityaffairs.co/wordpress/91532/malware/amadey-irs-phishing.html





















                                                    www.accumepartners.com
                                                                                                                     9
   4   5   6   7   8   9   10   11   12   13   14