The Indian Computer Emergency Response Team recently warned citizens about a new email extortion campaign scaring email recipients into thinking they’ve been hacked and their personal information withheld unless payment is made through bitcoin.
Adam Palmer, Chief Security Strategist at Tenable, comments, “Phishing emails that are intended to scare email recipients into believing that a bad actor holds personal information about them are one of the oldest “tricks in the book”. However, these types of attacks still have the potential to threaten a corporate environment if a bad actor attempts to extort data about an organization from an employee or infect a network with malicious links in the phishing message. The good news is that typically, the malware delivered by phishing messages will try to exploit well-known common vulnerabilities. Criminals like easy ‘low hanging fruit.’
“The best way for an organization to defend against this type of attack, in addition to user awareness, is to practice good cyber hygiene – such as by identifying critical risks and patching systems with common vulnerabilities favored by criminals, blocking malicious sites and IP addresses, enforcing multi-factor authentication and using encryption for sensitive data. These recommendations make it far harder for criminals to be successful,” Adam Palmer, Chief Security Strategist at Tenable.
Researchers report malicious use of reCaptcha walls in 1,28, 000 emails as part of a multi-phishing campaign: Barracuda
Barracuda Networks, the trusted partner and leading provider for cloud-enabled security solutions, announced the April Threat spotlight. The researchers have noticed the frequent use of fake Microsoft reCaptcha walls in phishing campaigns to block URL scanning services from accessing the actual content of phishing pages.
The battle between cybersecurity and cybercrime is never-ending where criminals continue to find new techniques to evade detection. Recaptcha walls are commonly used by legitimate companies to deter bots from scraping content. Considering that the end-users are familiar with being asked to solve a reCaptcha and prove they aren’t a robot, malicious use of a real reCaptcha wall also lends more credibility to the phishing site, making users more likely to be tricked.
In the samples examined, Barracuda researchers have observed multiple email credential phishing campaigns using reCaptcha walls on links in phishing emails. The campaign had more than 128,000 emails using this technique to obscure fake Microsoft login pages.
The phishing emails contain an HTML attachment that redirects to a page with just a reCaptcha wall. Once the user solves the reCaptcha in this campaign, they are redirected to the actual phishing page, which spoofs the appearance of a common Microsoft login page. While some campaigns simply spoof the reCaptcha box and contain just a checkbox and a form, the use of the actual reCaptcha API is becoming increasingly common. This approach is undoubtedly more effective in deterring automated scanners because a fake reCaptcha box could easily be programmatically bypassed by simply submitting the form.
Speaking on the threat highlight, Mr. Murali Urs, Country Manager, India of Barracuda Networks, commented, “Since the beginning of the global COVID-19 pandemic, we began observing a shift in the attack tactics deployed by cybercriminals. While this attack method is not new anymore, mal-actors can still succeed in deceiving the end-users into installing malware on their devices as this is a common format for legitimate Recaptcha as well. Clearly, the most important step in this situation is to educate users about the threat so they know when to be cautious instead of assuming reCaptcha as a safe sign to visit a page. While the malicious use of reCaptcha may make it harder for automated URL analysis to spot an attack, our email protection solutions can detect the same. Regardless, it is the ability of the users to spot suspicious emails and websites that can reduce the occurrence of such attacks.”
Users should exercise scrutiny by checking for suspicious senders, URLs, and attachments. This can help them in spotting the attack before they get to the reCaptcha. Barracuda Networks aims to provide security awareness training to users to establish a solid foundation in recognizing and reporting any kind of phishing attacks., the email itself still a phishing attack and may be detected by email protection solutions.
