Cyberattacks increase exploitation of trust in Microsoft, Adobe: report
source link: https://itwire.com/business-it-news/security/cyberattacks-increase-exploitation-of-trust-in-microsoft,-adobe-report.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Monday, 08 May 2023 10:54
Cyberattacks increase exploitation of trust in Microsoft, Adobe: report Featured
By Gordon Peters
In the first quarter of 2023 there was a significant increase in cyberattacks exploiting trust in established tech brands Microsoft and Adobe, according to a new report from global digital security and privacy company Avast.
Avast also reveals that there was a 40% rise in the share of phishing and smishing attacks over the previous year, while overall, two out of three threats people encounter online today use social engineering techniques, taking advantage of human weaknesses.
Accorrding to Avast, malware, scams, and phishing attacks attempt to steal consumers’ sensitive data, like passwords, Tax File Numbers, and other personal identifiable information - and when this data gets into the wrong hands, cybercriminals have the arsenal to easily steal someone’s identity.
“Identity theft can lead to a nightmare of events, from scammers ruining people’s credit score, to selling their information on the dark web, and even impersonating people to pass background checks,” notes Avast.
“If you think your data has no value then why would scammers spend so much time trying to steal your data if it’s worthless? The truth is that anyone can be affected, and it is important to stay vigilant and use proper protection,” said Jakub Kroustek, Avast Malware Research Director.
“Unfortunately, scammers have made it nearly impossible to take any message at face value – all communications, whether seemingly from a friend, boss, or household brand, have potential to be fraudulent.”
Avast warns that cybercriminals know they can lure victims by using the names and likeness of well-known brands that consumers already trust - and it has observed this trend among two popular applications commonly used for work - Microsoft OneNote and Adobe Acrobat Sign.
“Scammers are sending out Microsoft OneNote files as email attachments to victims. When someone opens the attachment, it triggers the download of malware onto a device. Avast has spotted malware such as Qbot and Raccoon using this distribution technique to steal information, and has also observed IcedID, a banking Trojan, using OneNote attachments to steal money. During Q1 of 2023, Avast protected more than 47,000 global customers, including 940 in Australia from these types of attacks,” thew security firm further warns.
“In some cases, Avast researchers also observed cybercriminals exploit Adobe Acrobat Sign by adding malicious links into documents that are sent from legitimate Adobe email addresses. These links prompt victims to download .ZIP files, which contain a variant of the Redline Trojan that can steal passwords, crypto wallets, and more.”
“My advice is to take extra caution with any email asking you to download files or click on a link, even those that appear to be from reputable brands,” advises Kroustek.
“Cyber Safety software can act as a safety net for providing an extra layer of security to these types of savvy attacks that are increasingly targeting people.”
Avast says Web Shield technology, part of all Avast Antivirus versions, is capable of scanning and unpacking OneNote files to detect malware - and the threat research team has also developed specific heuristics and Yara rules to keep people safe from these threats.
“Phishing continues to be another way scammers take advantage of trust, posing a significant and rising threat to consumers. The Avast team found that the share of global phishing attempts among all threats blocked in Q1 was up 40% compared to the same quarter in 2022,” Avast reports.
“One type of phishing scam on the rise is refund and invoice scams, which happen when fraudsters send false bills or invoices for goods or services that were never ordered or received. Scammers often use household names with recognisable branding and logos to make these scams appear legitimate. Invoice scams also had a sharp uptick in Q1 2023.
“The pervasiveness of attacks via mobile text messages, called smishing attacks, has also contributed to the rising rate of phishing incidents. The issue has become so severe that the Federal Government has announced the allocation of $10 million over four years from the upcoming budget to establish a new SMS sender ID registry, that will act as a blocking list and stop scammers from impersonating trusted contacts. Common smishing attack themes include financial alerts, package delivery notifications, tax alerts, charity scams and lottery scams.”
“Scammers often play off victims’ emotions by creating a sense of urgency in their messages. If you receive an email or text out of the blue with an urgent request, or a message that seems too good to be true, take a few extra moments to verify it before acting,” says Kroustek.
“Always take a close look to confirm that an email or text is coming from a trusted sender, and if you have any doubt, go directly to the source, whether that be a person you know or a company’s help portal.”
The full Avast Q1/2023 Threat Report can be found here.
Read 267 times
Please join our community here and become a VIP.
Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here
GARTNER MARKET GUIDE FOR NDR 2022
You probably know that we are big believers in Network Detection and Response (NDR).Did you realise that Gartner also recommends that security teams prioritise NDR solutions to enhance their detection and response?
Picking the right NDR for your team and process can sometimes be the biggest challenge.
If you want to try out a Network Detection and Response tool, why not start with the best?
Vectra Network Detection and Response is the industry's most advanced AI-driven attack defence for identifying and stopping malicious tactics in your network without noise or the need for decryption.
Download the 2022 Gartner Market Guide for Network Detection and Response (NDR) for recommendations on how Network Detection and Response solutions can expand deeper into existing on-premises networks, and new cloud environments.
PROMOTE YOUR WEBINAR ON ITWIRE
It's all about Webinars.Marketing budgets are now focused on Webinars combined with Lead Generation.
If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.
The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.
Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.
We look forward to discussing your campaign goals with you. Please click the button below.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK