Unlike malware and exploits, Phishing represent a much broader category of the threat landscape. They are not bound by a fixed set of rules and thus cannot be identified by a simple signature or static set of if-then-else sandbox rules. The end goal of a Phishing attack is to trick the target into clicking on …
Read More
With cybersecurity defenses improving, threat actors are turning to socially engineered attacks to exploit human vulnerabilities with phishing. A phishing technique gaining popularity is the use of a “Replica Sign-in Page” for federated account logins. This tactic works by playing into the human brain’s characteristic (which gives priority to known visuals; meaning that the mind …
Read More
SlashNext Labs recently discovered a new trend of injecting obfuscated malicious JavaScript code into compromised websites. These compromised websites then redirect visitors to dangerous Tech Support Scams. The methods used to compromise the site make it difficult for experts to identify the JavaScript injection hack because its tracks are hidden with several layers of JavaScript …
Read More
A new ransomware is being spread, aptly named “Rapid” Ransomware, which mostly leverages a social engineering attack vector using spam emails with malicious attachments. Rapid encrypted files are renamed with a .rapid extension. A ransom note is dropped in a form of a text file which instructs the victim to email the attacker to restore the …
Read More
To say hackers are becoming confident is an understatement. Recently SlashNext’s Threat Intelligence Lab uncovered a series of Phishing web sites that were set up to promote a variety of Global Events and luring victims to these web sites in that process. Some of notable events currently being targeted by these scammers are as follows: …
Read More
