Hackers are relying on a growing range or methods, techniques and processes to trick the unwary into sharing their private details or downloadling malware, which is making it more difficult for end users to distinguish between authentic and malicious messages.
It is typical for hackers to buy lookalike domains for use in phishing scams and for distributing malware. A lot of the time the domains bought are very similar to the domains they impersonate, aside from one or two changed characters.
FBI Issues Alert of Use of Spoofed FBI Domains
Recently the Federal Bureau of Investigation (FBI) released an alert after the discovery that many FBI-related domain names have been bought that look like official FBI websites. While these domains are not believed to have been used for malicious reasons so far, it is likely that the individuals registering these domains were planning to use them in phishing attacks, for distributing malware, or for disinformation campaigns. The domains spotted include fbidefense.com, fbimaryland, fbi-ny, fib.ca, fbi-intel.com, fbi.systems, and fbi.health.
These domains can be used to launch phishing kits or exploit kits, but the domains can be used to set up official-looking email addresses. An email from one of these spoofed domains, that has the FBI in the name, could simply trick someone into taking an action demand in the email, such as disclosing their login details or opening a malicious email attachment.
Authentic Cloud Services Leveraged in Sophisticated Phishing Campaigns
There have also been phishing attacks detected in recent times that use legitimate cloud services to mask the malicious manner of the emails. Campaigns have been discovered that use links to Google Forms, Google Docs, Dropbox, and cloud services from Amazon and Oracle. Emails are sent that include fake alerts with links to these cloud services; however, once the link is clicked, the user is taken through a range of redirects to a malicious website hosting fake Office 365 login prompts that steal details.
Many of these campaigns involved checks to make sure the recipient is an actual person, with automated responses sent to official domains to prevent analysis. Phishers are still typosquatting – the name given to the use of domains with natural typographical mistakes – to catch out careless typists.
Sophisticated Campaigns Call for Complex Sophisticated Cybersecurity Measures
The complex nature of today’s phishing and malware attacks, together with hackers’ constantly changing tactics, techniques, and procedures, mean it is becoming more and more difficult for end users to spot the difference between genuine and malicious emails. End user security awareness training is still crucial, but it has never been more important to have strong technical solutions in place to ensure that these threats are identified and blocked before any harm is inflicted.
The first line of defense against phishing is an email security gateway solution via which all emails need to pass before they land in inboxes. These solutions must employ a variety of advanced mechanisms for spotting malicious and suspicious emails, so should one mechanism fail to identify a malicious email, others are in place to provide security.
SpamTitan from TitanHQ is one such solution that links many tiers of protection to spot and block phishing and malware attacks via email. Checks are carried out on the message headers, content is analyzed, and machine learning is included to identify never before seen attacks, along with blacklisting of known malicious email addresses and domains. To block malware threats, SpamTitan employs dual anti-virus engines to prevent known threats and sandboxing to identify and block zero-day malware threats. Working seamlessly together, these mechanisms will block 99.97% of malicious emails.
An extra anti-phishing solution that you may not have thought about is a web filtering solution. Web filters are crucial for preventing the web-based component of phishing attacks and preventing individuals from visiting sites used for malware transmission. A web filter can also prevent redirects to malicious websites that hide behind links to genuine cloud services.
WebTitan from TitanHQ is an intelligent, DNS-based web filtering solution that employs automation and advanced analytics to prevent emerging phishing and other malicious URLs, not just those that have been already used in attacks and have been placed on blacklists. Through the use of AI-based technology, WebTitan can provide protection from zero-minute attacks.