The IT Nerd

Avanan has released its newest attack brief that reveals its cybersecurity researchers have observed a new phishing campaign in which hackers are creating email accounts using legitimate QuickBooks domains to send malicious invoices via requesting payments directly from the service. 

In this attack, the hacker spoofed brands including Norton and Office 365 in the body of the message. Between built-in legitimacy of actual Quickbooks email to what hackers on the dark web call a double spear, this new attack represents a particularly deceptive and compelling phishing campaign by manipulating the victims into calling a number and paying an invoice to harvest not only credentials but also their telephone numbers for future attacks, whether it’s via text message or WhatsApp.   

Avanan’s new research analyzes how hackers leverage legitimate and popular websites to get into inboxes and steal credentials and money. You can read the report here.

Avanan researchers have seen an uptick in attacks spoofing PayPal in an attempt to steal banking information utilizing an order confirmation letter to induce end-users to call a customer support number. Previously, Avanan discovered a similar attack that spoofs an Amazon order notification to obtain payment information.

Avanan’s cybersecurity research uncovered a new email campaign leveraging PayPal like the Amazon email. In this attack, threat actors send what looks like a PayPal confirmation notice, notifying the user that they bought hundreds of dollars of cryptocurrency. The only recourse to cancel the order is to reach customer service by phone.

The number listed on the email is a Hawaii-based number linked to scams asking for a credit card number and CVV to cancel the charge. This attack also works because there are no links in the email body. When there is a link, the email security solution can check whether it’s malicious. Without connections, it becomes more complicated.

With the combination of social engineering in the form of what looks like a fraudulent payment, and no malicious links or otherwise malicious text, this is a tricky attack that has proven hard to stop.

You can review the report by Avanan here so that you can protect yourself from this novel attack.

Avanan, a Check Point Company, has revealed its latest analysis in which hackers spoof legitimate popular community and school meetings to trick users to click and download fake Zoom invitations, executing malware in the process.

In this attack, hackers gather public records to send out email reminders of upcoming community and school board invitations. These emails contain a PDF of what looks like and is expected to be a Zoom invitation. Clicking on the PDF attachment doesn’t open a Zoom invite; rather, links to a downloadable malware.

You can read the report here. It has valuable suggestions as to how to protect yourself from this attack.

Avanan, a Check Point Company, have taken a deep dive into hackers installing a self-executing program in Windows via a legitimate scripting engine in Roblox, one of the world’s most popular game systems with millions of daily active users.

In this attack, hackers exploit Roblox’s scripting engine to insert three malicious files: a backdoor trojan to potentially break applications, corrupt or remove data, or send information back to the hacker. The report goes into a lot of detail and offers some recommendations to allow you to protect yourself.

The report can be found here and it’s very much worth a read.

Avanan, A Check Point Company, has published its latest research report in which it describes how hackers strategically send out phishing emails using Google’s Simple Mail Transfer Protocol (SMTP) Relay service, a common service used to send out mass emails, while ensuring delivery. 

Hackers manipulate this service by spoofing reputable brands, like Venmo and Trello, to send out thousands of emails that bypass security tools and land directly inside users’ inboxes. These emails contain a malicious link or a document that leads users to give up their credentials. 

In this attack, hackers are taking advantage of a flaw in Google’s SMTP Relay service to send spoofed emails.

Hackers can utilize any Gmail tenant, from small companies to large, popular corporations. 

Once spoofed, they can send out phishing emails that are more likely to get into the inbox, as it leverages the inherent trust of legitimate brands.  

Once in the inbox, hackers hope that end-users will click on a malicious link or download a malicious document, to steal credentials. 

The full report can be found here and there are some mitigation strategies in the report that you can use to protect yourself. I also have a video which I have embedded below that shows a demonstration of the attack.

In February, the National Credit Union Administration (NCUA) put out a statement noting that, due to the geopolitical climate, credit unions should “adopt a heightened state of awareness and to conduct proactive threat hunting.” Studies showed that 66% of credit unions lack proper email security to protect against phishing and 92% of credit unions don’t have strong enough email security. Avanan researchers have seen a significant uptick in spoofs of local credit unions, all with the goal of taking funds and credentials from end-users.

With that said Avanan, A Check Point Company published a new attack brief that analyzes how threat actors are impersonating local credit unions to get into inboxes. Hackers presented victims with a variation of attack strategies, ranging from wire transfer codes to incoming payment notifications to document alerts. 

I would recommend giving this report a look as it not only details the attack strategies, but it also makes suggestions as to how to mitigate these attacks.