The InterPlanetary File System (IPFS), a distributed file-sharing system that represents an alternative to the more familiar location-based hypermedia server protocols (like HTTPS), is seeing more use in file-storage, web-hosting, and cloud services. As might be expected, more use is accompanied by more abuse via phishing attacks.
The evidence is clear – there is nothing most people and organizations can do to vastly lower cybersecurity risk than to mitigate social engineering attacks. Social engineering is involved in 70%-90% of all successful attacks. No other root cause of initial breach comes close (unpatched software is involved in 20% to 40% of attacks and everything else is in the single digits). Every person and organization should create their best possible defense-in-depth plan to fight social engineering.
The Cyberwire reported: "Barracuda released a study this morning indicating that HTML attacks have doubled since last year. The researchers note that not only is the total number of attacks increasing, but the number of unique attacks seems to be increasing as well.
Walmart’s rise to become the brand most likely to be impersonated in Q1 of this year is a real problem. If you’ve been paying attention to brand impersonation in phishing attacks, you know the premise is to use a brand that a large number of potential victims do business with as a means of both establishing credibility. For many quarters, we continually saw Microsoft and/or Microsoft 365 as the brand of choice due to its wide use.
The malwareless and seemingly benign nature of business email compromise emails, mixed with impersonation techniques, are difficult to spot as being malicious, making them even more dangerous. I’ve covered both the threat of business email compromise and response-based email attacks before. How can I not? They are prominent techniques used by phishing scammers everywhere. But it’s the reported combination of the two by Phish Labs that has me concerned.
Communications company AT&T offers email services to many of its customers. Those emails have recently been compromised by way of an interesting exploit that is costing customers millions of dollars in stolen cryptocurrency. AT&T customers are having their email accounts attacked, and those exploited email accounts are being used to steal additional data and to access cryptocurrency exchange accounts, which is a very serious issue for the impacted users.
New data provides a multi-faceted look at the changing face of phishing attacks. This data includes who’s being targeted, the tactics being used, and why phishing attacks continue to work. If 2022 is any indication of what the remainder of this year will hold for organizations fending off cyber attacks, cybersecurity efforts are going to need a whole lot more emphasis.
Netskope Threat Labs is tracking a phishing campaign that mimics a FedEx package delivery as bait to steal credit card data. This type of social engineering attack is commonly found in phishing pages, emails, and other scams, where a false sense of urgency is created to urge the victim into doing an action that eventually leads to personal data theft.
