Lord777
Professional
- Messages
- 2,578
- Reaction score
- 1,532
- Points
- 113
Positive Technologies experts analyzed current cybersecurity threats in the third quarter of 2023. They revealed that attackers are complicating social engineering tactics and using new fraudulent schemes to deceive users.
According to the study, this is the main threat to individuals (92%) and one of the main attack vectors on organizations (37%). In the third quarter of 2023, attackers used various social engineering channels in successful attacks on individuals. Most often, criminals used phishing sites (54%) and emails (27%), as well as built fraudulent schemes in social networks (19%) and instant messengers (16%).
Global statistics show that cybercriminals are increasingly using attachments with the .pdf extension to bypass email protection systems. Attackers embedded malicious links in PDF files, and in a number of attacks, they additionally masked them using QR codes.
"In the third quarter of 2023, scammers actively exploited the topics of employment, delivery services, political events and quick earnings for phishing, including with the help of cryptocurrencies," says Roman Reznikov, a specialist in the research group of the Positive Technologies analytics department. "Cybercriminals used platforms that provide tools for conducting phishing attacks."
Using one of these platforms, EvilProxy, a large-scale campaign was conducted targeting the management of more than 100 companies around the world: 65% of victims belonged to the top management level, and the remaining 35% had access to financial assets or confidential company data."
The study also reports on a new fraudulent scheme identified in a bank in South Korea. It includes several methods of deception: for example, the malicious toolset Letscall combines phishing sites and voice fraud-vishing. Cybercriminals used a fraudulent website that mimics Google Play to distribute spyware. It not only collected information about the infected device, but also redirected calls to a fraudulent call center if the victim noticed suspicious activity and called the bank. The false operator, relying on the information collected by the spyware, calmed the victim down and tricked them into receiving additional data or forced them to transfer money to a fraudulent account. If this method is massively adopted by cybercriminals, a verification call to the bank will become almost meaningless, Positive Technologies noted.
Experts recommend staying vigilant on the web, not following suspicious links, and not downloading attachments from unverified sources. They also predict an increase in the number of attacks using neural networks, which are gradually replenishing the attackers arsenal. Cybercriminals not only seek to circumvent ChatGPT's censorship of creating malicious content, but also create their own toolkits. For example, WormGPT-a generative neural network for phishing and BEC attacks-was created by attackers based on the open source JPT-J language model specifically for illegal activities. With its help, even a non-highly qualified attacker can automate the creation of convincing fake emails and conduct long-term attacks with support for meaningful correspondence in any language.
In addition, the study reveals new techniques of ransomware operators: "double listing" and "blackmail in the law".
According to the study, this is the main threat to individuals (92%) and one of the main attack vectors on organizations (37%). In the third quarter of 2023, attackers used various social engineering channels in successful attacks on individuals. Most often, criminals used phishing sites (54%) and emails (27%), as well as built fraudulent schemes in social networks (19%) and instant messengers (16%).
Global statistics show that cybercriminals are increasingly using attachments with the .pdf extension to bypass email protection systems. Attackers embedded malicious links in PDF files, and in a number of attacks, they additionally masked them using QR codes.
"In the third quarter of 2023, scammers actively exploited the topics of employment, delivery services, political events and quick earnings for phishing, including with the help of cryptocurrencies," says Roman Reznikov, a specialist in the research group of the Positive Technologies analytics department. "Cybercriminals used platforms that provide tools for conducting phishing attacks."
Using one of these platforms, EvilProxy, a large-scale campaign was conducted targeting the management of more than 100 companies around the world: 65% of victims belonged to the top management level, and the remaining 35% had access to financial assets or confidential company data."
The study also reports on a new fraudulent scheme identified in a bank in South Korea. It includes several methods of deception: for example, the malicious toolset Letscall combines phishing sites and voice fraud-vishing. Cybercriminals used a fraudulent website that mimics Google Play to distribute spyware. It not only collected information about the infected device, but also redirected calls to a fraudulent call center if the victim noticed suspicious activity and called the bank. The false operator, relying on the information collected by the spyware, calmed the victim down and tricked them into receiving additional data or forced them to transfer money to a fraudulent account. If this method is massively adopted by cybercriminals, a verification call to the bank will become almost meaningless, Positive Technologies noted.
Experts recommend staying vigilant on the web, not following suspicious links, and not downloading attachments from unverified sources. They also predict an increase in the number of attacks using neural networks, which are gradually replenishing the attackers arsenal. Cybercriminals not only seek to circumvent ChatGPT's censorship of creating malicious content, but also create their own toolkits. For example, WormGPT-a generative neural network for phishing and BEC attacks-was created by attackers based on the open source JPT-J language model specifically for illegal activities. With its help, even a non-highly qualified attacker can automate the creation of convincing fake emails and conduct long-term attacks with support for meaningful correspondence in any language.
In addition, the study reveals new techniques of ransomware operators: "double listing" and "blackmail in the law".