August 25, 2020 -A newIRONSCALESreportfound a drastic increase in successful credential theft attempts sent through spoofed login pages and social engineering attacksduring the first half of 2020. And themost common recipients targeted with these attacks were those in the healthcare sector.
Researchers identified and analyzed fake login pages sent during the first half of the year, which are commonly used in support of spear-phishing campaigns and other hacks. Intotal, they identified more than 50,000 fake login pages, which spoofed login pages from over 200 prominent global brands.
Outside of healthcare, other leading recipients were those in financial services, government agencies, and technology industries.
The growing cyber threat of fake login pages [are] nefarious, yet often highly realistic looking pages [and] now a common tactic deployedby attackers seeking to obtain a persons login credentials to a legitimate website, such as a bank, email client, or social media site, among many other popular services, researchers explained.
The operation, commonly known as credential theft, is simple: target unsuspecting recipients with an email spoofing a trusted brand and persuade them via social engineering to insert their legitimate credentials, such asa username and password, into a fake login page either embedded within the body of an email or built into a phishing website, they added.
Once the victim has inputted their credentials, the hacker harvests the data to loginto real accounts and commence further illegal activities.
Just thisweek, the FBI and the Department of Homeland Security warned hackers were using voice phishing, or vishing, campaigns to build trust with victims, later duping them into logging intomaliciouswebsites made to appear astheir employers webpages.
Previous campaigns have spoofedZoom,Google,and MicrosoftOffice 365executive accounts, among others.
The IRONSCALES report found the top five brands with the most fake login pages are nearly identical to those that frequently have the most active phishing websites.
PayPal was the leading brand with 11,000 fake login pages, or 22 percent, closely followed by Microsoft with 9,500, or 19 percent and Facebook with 7,500, or 15 percent.eBaywas listed in fourth with 3,000pages, or 6 percent, with Amazon in last, with 1,500 pages, or 3 percent.
Other top brands with spoofed login pages included Aetna, Wells Fargo, Adobe, Apple, Tesco, and JP Morgan Chase, along with a host of others.
Although PayPal sits atop the list, the greatest risk may derive from the 9,500 Microsoft spoofs, as malicious Office 365, SharePoint and One Drive login pages put not just people but entire businesses a risk, researchers warned.
The researchers said its believed fake login pages are successful for two reasons. To start,malicious phishing emails containing spoofed logins often bypass technical controls like secure email gateways andSPAM filters, without requiring much investment in time, funds, or resources by the hacker.
Secondly, the attack's success may be due towhat is known as inattentional blindness or when an individual does not perceive the unexpected change hiding in plain sight.
Inattentional blindness became an internet sensation in 2012 when a video posted asking viewers how many white shirted players passed a ball. Intently focused on the task at hand, more than 50 percent of the viewers failed to recognize a woman in a gorilla suit in the middle of the picture, researchers wrote. Even people with phishing awareness training are susceptible to inattentional blindness.
Notably, about 5 percent of these attacks leveraging fake login pages were polymorphic in nature, where a hacker implements light but significant and often random change to an emails artifacts, such as its content, copy, subject line, sender name or template in conjunction with or after an initial attack has deployed.
An earlier IRONSCALES report showed 42percentof phishing attacks are polymorphic.The technique allows for the quick development of phishing attacks able to dupe signature-based email security tools that arent designed to recognize the modifications. As a result, a targeted victim could receive different versions of the same attack in their email account without being detected.
About 24 percent of the attacks spoofing Microsoft were polymorphic, with 314 permutations, followed by Facebook with 13 percent of permutation attacks or 160 permutations in total.
While we cannot say for certain why these brands have more permutations than others, we can make an educated guess that this occurred for one of two reasons:The security teams associated with these brands are actively looking to take down fake login pages, so attackers are forced to more frequently evolve the attack ever so slightly so to defeat human and technical controls, researchers mused.
These brands are a priority and or easy target for a certain hacking group(s), so there is more activity and therefore a need to constantly evolve in order to stay one step ahead of security teams, they added.
Microsoft has previously shared spear-phishing insights, which may help healthcare organizations better understand how these attacks work and mitigation techniques to harden enterprisedefenses.
Original post:
Credential Theft Via Spoofed Login Pages Increase, Healthcare Top Target - HealthITSecurity.com
- World report on vision - World Health Organization (WHO) - November 16th, 2024
- Eye care, vision impairment and blindness programme - November 16th, 2024
- $45,000 Raised to benefit SGML Eye Hospital near Ujjain, India for rural and underserved population to prevent blindness - The Indian Panorama - November 16th, 2024
- Foundation Fighting Blindness Funds 35 New Research Grants in FY2024, Renames Key Program to Honor Former Board Chair - PR Newswire - November 16th, 2024
- Fighting blindness with Love Tags - WFLA - November 16th, 2024
- Woman With Rare Disease Waiting For Blindness To 'Cure' Hallucinations - News18 - November 16th, 2024
- Color Blindness Market Is Anticipated To Grow In A Promising - openPR - November 16th, 2024
- Towards a truer vision of broader inclusivity - The New Indian Express - November 16th, 2024
- WHO launches first World report on vision - October 22nd, 2024
- Eye health, vision impairment and blindness - World Health Organization ... - October 22nd, 2024
- Onchocerciasis - World Health Organization (WHO) - October 22nd, 2024
- Eye care, vision impairment and blindness: Refractive errors - October 22nd, 2024
- Blindness Prevention and Control - World Health Organization (WHO) - October 22nd, 2024
- Onchocerciasis (river blindness) - World Health Organization (WHO) - October 22nd, 2024
- Trachoma - World Health Organization (WHO) - October 22nd, 2024
- Blindness is not a curse to be broken - America: The Jesuit Review - October 22nd, 2024
- Alfred University gives away two pairs of EnChroma glasses for color blindness - www.alfred.edu - October 22nd, 2024
- All the Plants We Cannot See - The Revelator - October 22nd, 2024
- ASI Power Summit 2024: How Blindness Helped Michael Hingson Survive the 9/11 Attacks - ASI - October 22nd, 2024
- People with blindness and their allies rally outside Uber and Lyft over ride denials - The Mercury News - October 22nd, 2024
- New Study Links Ozempic to BlindnessBut They Can Actually Protect Your Eyes - First For Women - October 22nd, 2024
- Conservatives Use Trump Assassination Attempt to Target Women in Anti-Diversity War - The American Prospect - October 22nd, 2024
- Google AI to help detect preventable blindness in India and Thailand - Techloy - October 22nd, 2024
- How blindness drove man to seek, spread solutions - The Star Kenya - October 22nd, 2024
- As Glaucoma Rates Soar, Heres What to Know About This Progressive Condition - News Reports - October 22nd, 2024
- Heres how you can spot and prevent cataracts from causing blindness - SNL24 - October 22nd, 2024
- What Are the 7 Causes of Blindness? - Healthline - June 2nd, 2024
- Blindness and Low Vision | American Foundation for the Blind - June 2nd, 2024
- Eye care, vision impairment and blindness - World Health Organization (WHO) - October 27th, 2023
- CHOROIDEREMIA RESEARCH FOUNDATION EXPANDS RESEARCH SUPPORT INTO NONSENSE MUTATIONS OF A RARE INHERITED RETINAL - EIN News - May 1st, 2023
- Chennai eye hospital ties up with Iceland firm to adopt mathematical algorithm to predict diabetic retinopathy - The Hindu - April 23rd, 2023
- Drug-Resistant Bacteria Tied to Eyedrops Can Spread Person to Person ... - April 7th, 2023
- Prevention of Blindness Week 2023: Mumbai experts explain why you should be concerned about glaucoma and the need for regular eye checkups -... - April 7th, 2023
- Childhood blindness - Wikipedia - February 24th, 2023
- FDA Approves Syfovre (pegcetacoplan injection) for the Treatment of ... - February 24th, 2023
- Human mini brains illuminate path to curing blindness - February 16th, 2023
- Raymond V. Gilmartin: Man with a global vision - February 16th, 2023
- Why Are People So Mad About MrBeast's Blindness Video? - February 16th, 2023
- This heartwarming video of a colorblind boy seeing color for the first time will make you cry - Indiatimes.com - February 16th, 2023
- Blindness (Vision Impairment): Types, Causes and Treatment - February 8th, 2023
- CDC urges people to stop using brand of artificial tears linked to ... - February 8th, 2023
- Health News Roundup: U.S. FDA says India-made eye drop linked to some infections, blindness and one death; China records 3,278 COVID-related deaths... - February 8th, 2023
- I had two strokes at 29 and gone blind -I've been accused of faking my sight loss - Daily Mail - February 8th, 2023
- Blindness and vision impairment - World Health Organization - January 23rd, 2023
- Recovery from blindness - Wikipedia - January 23rd, 2023
- Colour blindness tests, juggling, avoiding glare: A hockey goalkeepeers quest to train his biggest weapon, eyes - The Indian Express - January 23rd, 2023
- But Did You See the Gorilla? The Problem With Inattentional Blindness ... - October 15th, 2022
- Canadians unaware of diseases that lead to blindness, survey says - CTV News Northern Ontario - October 15th, 2022
- A Review of Corneal Blindness: Causes and Management - Cureus - October 15th, 2022
- A cure for blindness may be first product made in space - Freethink - October 15th, 2022
- Is MrBeast trying to cure 1000 people's blindness? - indy100 - October 15th, 2022
- Early detection and management is the key to prevent glaucoma related blindness: Experts - Express Healthcare - October 15th, 2022
- As World Sight Day Nears, River Blindness is Fading - SaportaReport - October 15th, 2022
- Tears of happiness: How curing blindness in Dolakha saved a girls future - City A.M. - October 15th, 2022
- World Sight Day: Orbis, UC Davis team up to train eye care teams from Latin America to fight avoidable blindness - Ophthalmology Times - October 15th, 2022
- Juan Williams: The GOPs epidemic of intentional blindness - The Hill - October 15th, 2022
- Charles pays tribute to Malawi's elimination of disease causing blindness - Express & Star - October 15th, 2022
- Coping with calamity: Former NYT columnist Frank Bruni on blindness and vision, at Morristown book fest keynote - Morristown Green - October 15th, 2022
- Sighting solutions in a world of vision for weavers - The New Indian Express - October 15th, 2022
- Blindfold run raises $40,000 for the MUHC Foundation to support glaucoma care at the MUHC - StreetInsider.com - October 15th, 2022
- MacKenzie Scott Donates $15M to Address the Eyecare Needs of the Impoverished - InvisionMag - October 15th, 2022
- Astellas and MBC BioLabs Announce Astellas Future Innovator Prize to Help Biotech Start-ups Accelerate Early Drug Discovery and Research Efforts -... - September 20th, 2022
- Treating cataracts before 'critical age' imperative FBC News - FBC News - September 20th, 2022
- GenSight Biologics to Present at Upcoming Industry and Investor Conferences - Business Wire - September 20th, 2022
- Ashton Kutcher battled vasculitis causing blindness, loss of hearing. Know all about the rare condition - India TV News - August 11th, 2022
- Prevent Blindness Is Recognized as a Healthy People 2030 Champion for Supporting the Initiative's Vision - Vision Monday - August 11th, 2022
- Researchers make progress toward a stem cellbased therapy for blindness - Ophthalmology Times - August 11th, 2022
- The strategic blindness of Israel's caretaker government - JNS.org - August 11th, 2022
- UND professor carries the torch for UND studies of visual impairment and blindness - Grand Forks Herald - August 11th, 2022
- Karan Nagrani is using social media to raise awareness about the 'spectrum of blindness' - ABC News - August 11th, 2022
- Vision impairment and blindness related to NCDs: Fong - FBC News - August 11th, 2022
- Strategic blindness of caretaker government - The Jewish Star - August 11th, 2022
- Massachusetts woman blinded by attack working to help others regain sight - WCVB Boston - August 11th, 2022
- Persuasion Film Review: Is Heterogeneous Casting Race-Inclusionary Or Escapist? - Feminism In India - August 11th, 2022
- Is It Time To Start Using Race And Gender To Combat Bias In Lending? - Forbes - August 11th, 2022
- The journey of Kali Yugi started with the mistake of objectives! - Youthistaan - August 11th, 2022
- A 50-State Review of Access to State Medicaid Program Information for People with Limited English Proficiency and/or Disabilities Ahead of the PHE... - August 11th, 2022
- iHealthScreen Completed Prospective Trial of AI-Based Tool for Age-Related Macular Degeneration (AMD) Screening and Submitting the Results to FDA for... - August 11th, 2022
- Vitamin B12: Why You Need It & Foods To Increase Your Vitamin B12 Intake - NDTV - August 11th, 2022
- Jack Levine: Remembering a dad who proved that even in blindness, there can be vision - The Florida Times-Union - June 26th, 2022