Exploring Information Security

View Original

Phishing Threat Intelligence March 2024

Timothy De Block

Exploring phishing March 2024

Tax Season Phishing Campaigns - Targeting New Tactics 

Microsoft Threat Intelligence (MSTI) has uncovered a rise in phishing campaigns targeting taxpayers during the tax season. These campaigns leverage social engineering tactics to trick victims into revealing sensitive information or clicking on malicious links. 

Targets and Techniques: 

  • High-Risk Groups: New taxpayers, small business owners, and older adults are identified as the most vulnerable demographics. 

  • Phishing Methods: Emails disguised as legitimate tax documents or communications from employers are common methods. The emails may contain urgency or use scare tactics to pressure recipients into clicking malicious links or opening attachments containing malware. 

 

Iranian Threat Actor TA450 Shifts Tactics in Latest Campaign 

Summary: A recent campaign by Iranian threat actor TA450 has been detected leveraging a new technique. 

Previous Tactics: Historically, TA450 has targeted Israeli users via email campaigns containing malicious links directly embedded within the email body. These links typically led to file-sharing sites that, when clicked, downloaded remote access trojans (RATs). 

New Development: Proofpoint researchers observed a shift in TA450's tactics. The latest campaign utilizes PDF attachments containing malicious links. The social engineering lure involves emails disguised as pay slips, likely designed to trick victims into opening the attachments. 

Security Implications: This new delivery method makes TA450's emails appear more legitimate, potentially increasing the success rate of these phishing attacks. Security professionals should be aware of this evolving technique and update email security filters accordingly. 

 

New Trojan: VCURMS Discovered by Fortinet 

Fortinet researchers have uncovered a new trojan named VCURMS. This trojan leverages obfuscation techniques to bypass traditional antivirus detection and establish persistence on compromised systems. 

VCURMS Capabilities: 

  • Information Theft: VCURMS can steal sensitive information from infected devices. 

  • Remote Access: The trojan grants remote access to attackers, enabling them to control the compromised system. 

 

Delivery Method: 

VCURMS primarily spreads through phishing campaigns. Attackers target victims with emails containing malicious attachments. Once a user opens the attachment, the trojan infects the system. 

 

 

Zscaler ThreatLabz Releases New Report on AI Security Trends and Risks 

A recent Zscaler report, "New AI Insights: Exploring Key AI Trends and Risks ThreatLabz 2024 AI Security Report," delves into the evolving landscape of AI security. Key takeaways for security professionals include: 

  • Soaring Enterprise AI Adoption: The report highlights a significant increase (595%) in enterprise adoption of AI technologies. This presents both opportunities and challenges for security teams. 

  • Balancing Benefits and Risks: While AI offers significant advantages, it also introduces new security risks. The report emphasizes the need for a well-defined security posture to mitigate these risks. 

  • Heightened AI-Driven Threats: Zscaler ThreatLabz observed an 18.5% rise in blocked AI traffic, indicating a rise in malicious actors leveraging AI. 

  • Security Best Practices: The report outlines essential security practices for securing AI deployments. These include data loss prevention (DLP) controls and granular access controls to safeguard sensitive data and prevent unauthorized access.