Attackers Hide Behind Trusted Domains To Trick Victims
- With security defenses improving, attackers are finding ways to hide behind trusted domains.
- Hackers are looking to give potential victims a sense of false security to encourage them to click on links.
What is happening?
With cyber awareness spreading, attackers are making use of different ways to trick potential victims.
- This includes using legitimate domains, shortening URLs, and using HTTP or HTTPS.
- When users see the lock icon in the browser, they tend to trust the website to be a legitimate one.
- However, the icon only represents that the transmitted information is encrypted and does not guarantee the legitimacy of the destination site.
- New malware variants are also observed to use various techniques to remain undetected by signature-based scans.
- Attackers have been observed to use legitimate websites to perform malicious activities.
This year saw a number of instances when attackers manipulated victims into thinking they were dealing with legitimate agencies or websites.
- A phishing email that pretended to be from the Internal Revenue Service (IRS) targeted U.S. taxpayers to deliver the Amadey botnet.
- Instagram users were targeted by a scam that accused them of copyright infringement. The phishing email appeared to be from Instagram and warned users that their account may be suspended in 24 hours. To prevent the suspension, users were asked to click a button and provide their credentials to log in. After harvesting the credentials, the phishing page redirected users to Instagram.
- A phishing campaign targeting Brazilians was reported to use Windows services and the Cloudflare Workers to introduce the Astaroth Trojan. This malware further used legitimate applications such as Facebook and YouTube to host and maintain C2 data.
- In another instance, a company’s Salesforce account was compromised to send fake invoices to customer emails. The aim of this campaign was to inject malware in the victims’ systems.
Apart from this, a lot of phishing websites were observed to be hosted on HTTPS says a recent report.