August 25, 2020 -A newIRONSCALESreportfound a drastic increase in successful credential theft attempts sent through spoofed login pages and social engineering attacksduring the first half of 2020. And themost common recipients targeted with these attacks were those in the healthcare sector.
Researchers identified and analyzed fake login pages sent during the first half of the year, which are commonly used in support of spear-phishing campaigns and other hacks. Intotal, they identified more than 50,000 fake login pages, which spoofed login pages from over 200 prominent global brands.
Outside of healthcare, other leading recipients were those in financial services, government agencies, and technology industries.
The growing cyber threat of fake login pages [are] nefarious, yet often highly realistic looking pages [and] now a common tactic deployedby attackers seeking to obtain a persons login credentials to a legitimate website, such as a bank, email client, or social media site, among many other popular services, researchers explained.
The operation, commonly known as credential theft, is simple: target unsuspecting recipients with an email spoofing a trusted brand and persuade them via social engineering to insert their legitimate credentials, such asa username and password, into a fake login page either embedded within the body of an email or built into a phishing website, they added.
Once the victim has inputted their credentials, the hacker harvests the data to loginto real accounts and commence further illegal activities.
Just thisweek, the FBI and the Department of Homeland Security warned hackers were using voice phishing, or vishing, campaigns to build trust with victims, later duping them into logging intomaliciouswebsites made to appear astheir employers webpages.
Previous campaigns have spoofedZoom,Google,and MicrosoftOffice 365executive accounts, among others.
The IRONSCALES report found the top five brands with the most fake login pages are nearly identical to those that frequently have the most active phishing websites.
PayPal was the leading brand with 11,000 fake login pages, or 22 percent, closely followed by Microsoft with 9,500, or 19 percent and Facebook with 7,500, or 15 percent.eBaywas listed in fourth with 3,000pages, or 6 percent, with Amazon in last, with 1,500 pages, or 3 percent.
Other top brands with spoofed login pages included Aetna, Wells Fargo, Adobe, Apple, Tesco, and JP Morgan Chase, along with a host of others.
Although PayPal sits atop the list, the greatest risk may derive from the 9,500 Microsoft spoofs, as malicious Office 365, SharePoint and One Drive login pages put not just people but entire businesses a risk, researchers warned.
The researchers said its believed fake login pages are successful for two reasons. To start,malicious phishing emails containing spoofed logins often bypass technical controls like secure email gateways andSPAM filters, without requiring much investment in time, funds, or resources by the hacker.
Secondly, the attack's success may be due towhat is known as inattentional blindness or when an individual does not perceive the unexpected change hiding in plain sight.
Inattentional blindness became an internet sensation in 2012 when a video posted asking viewers how many white shirted players passed a ball. Intently focused on the task at hand, more than 50 percent of the viewers failed to recognize a woman in a gorilla suit in the middle of the picture, researchers wrote. Even people with phishing awareness training are susceptible to inattentional blindness.
Notably, about 5 percent of these attacks leveraging fake login pages were polymorphic in nature, where a hacker implements light but significant and often random change to an emails artifacts, such as its content, copy, subject line, sender name or template in conjunction with or after an initial attack has deployed.
An earlier IRONSCALES report showed 42percentof phishing attacks are polymorphic.The technique allows for the quick development of phishing attacks able to dupe signature-based email security tools that arent designed to recognize the modifications. As a result, a targeted victim could receive different versions of the same attack in their email account without being detected.
About 24 percent of the attacks spoofing Microsoft were polymorphic, with 314 permutations, followed by Facebook with 13 percent of permutation attacks or 160 permutations in total.
While we cannot say for certain why these brands have more permutations than others, we can make an educated guess that this occurred for one of two reasons:The security teams associated with these brands are actively looking to take down fake login pages, so attackers are forced to more frequently evolve the attack ever so slightly so to defeat human and technical controls, researchers mused.
These brands are a priority and or easy target for a certain hacking group(s), so there is more activity and therefore a need to constantly evolve in order to stay one step ahead of security teams, they added.
Microsoft has previously shared spear-phishing insights, which may help healthcare organizations better understand how these attacks work and mitigation techniques to harden enterprisedefenses.
Original post:
Credential Theft Via Spoofed Login Pages Increase, Healthcare Top Target - HealthITSecurity.com
- WHO launches new initiative to tackle the main cause of vision impairment - December 19th, 2024
- Blindness Advocates on Why There Should Be Audio Description Oscars - Variety - December 19th, 2024
- Diabetic retinopathy is treatable and preventable but only if you catch it in time - USA TODAY - December 19th, 2024
- AI: Could it help prevent blindness in diabetics? - BBC.com - December 19th, 2024
- Health Officials Investigate Rare Form of Blindness Tied to Ozempic - Gizmodo - December 19th, 2024
- Ozempic Could Be Blinding People Trying to Lose Weight - VICE - December 19th, 2024
- What is retinitis pigmentosathe vision disorder in the movie Blink? - National Geographic - December 19th, 2024
- VR shows promise in aiding navigation of people with blindness or low vision - Health Tech World - December 19th, 2024
- Ozempic could be linked to a common cause of sudden blindness, study finds - Quartz - December 19th, 2024
- New virtual realitytested system shows promise in aiding navigation of people with blindness or low vision - Tech Xplore - December 19th, 2024
- Ex-meth user who gouged her own eyeballs out while high says she is happier years after nightmarish episode - New York Post - December 19th, 2024
- Officials investigating link between Ozempic and eye-rotting disease that makes people blind - Daily Mail - December 19th, 2024
- Youngster to 'have eye removed' after minor fall - but NHS waitlist 'over 3 years' - NationalWorld - December 19th, 2024
- Restoring Vision: The Promise of Stem Cells in Healing Blindness - This is Local London - December 19th, 2024
- COAVS and Fred Hollows Foundation strengthen efforts to combat blindness in Pakistan - 24newshd - December 19th, 2024
- Study finds link between Ozempic and increased risk of vision loss - The Express Tribune - December 19th, 2024
- Going blind at 33 is devastating I wont see my childrens faces as they grow up - The Telegraph - December 19th, 2024
- Europol terror report reveals stark blindness about where the danger lies - Gript - December 19th, 2024
- Elton John lost his vision; signs and symptoms of eye infections that can cause blindness - The Times of India - December 6th, 2024
- Elton John's battle with blindness: How 77-year-old star's husband David Furnish guided him around premiere as - Daily Mail - December 6th, 2024
- Experimental study shows connection between COVID infection and age-related blindness - Medical Xpress - December 6th, 2024
- Elton John confirms shocking blindness after severe infection fight: I havent been able to see.. - Hindustan Times - December 6th, 2024
- Yes, an Eye Infection *Can* Lead To Vision Loss Heres How - Katie Couric Media - December 6th, 2024
- Elton John Battling Partial Blindness After Serious Eye Infection - Digital Music News - December 6th, 2024
- CU Anschutz researchers working to cure blindness through total eye transplantation - 9News.com KUSA - December 6th, 2024
- Elton John lost his vision from an eye infection. Here's why that might happenand how to prevent it - Fortune - December 6th, 2024
- Elton John announces blindness due to infection - CBS19.tv KYTX - December 6th, 2024
- David Frost: I suffer from face blindness. As a politician, being unable to identify people is agony - The Telegraph - December 6th, 2024
- Hes still standing how Elton John has survived far worse than blindness - The Telegraph - December 6th, 2024
- Foundation Fighting Blindness Partners with University of Colorado Anschutz Medical Campus and Other Leading Institutions to Secure Up to $46 Million... - December 6th, 2024
- Walmart helping low vison and blind customers shop with new app - KSLA - December 6th, 2024
- Elton John Says He Is Blind In The Right Eye Due to An Infection; What Is It All About? - Times Now - December 6th, 2024
- Trumps Win: The Blindness of Republicans and Democrats - The Times of Israel - December 6th, 2024
- Heres every song on The Agency soundtrack - NME - December 6th, 2024
- Elton John's worrying health battles in full as he confirms blindness - The Mirror - December 6th, 2024
- Symptoms of serious eye infections after Elton John says he is now blind - LADbible - December 6th, 2024
- Shocking! Elton John Reveals Blindness After Severe Eye Infection: Havent Been Able To... - Republic World - December 6th, 2024
- Face blindness will be examined as part of new project - BBC - December 6th, 2024
- Make your Word documents accessible to people with disabilities - November 27th, 2024
- Make your Word documents accessible to everyone with Accessibility ... - November 27th, 2024
- Use color and contrast for accessibility in Microsoft 365 - Microsoft ... - November 27th, 2024
- Accessibility tools for Word - Microsoft Support - November 27th, 2024
- Rules for the Accessibility Checker - Microsoft Support - November 27th, 2024
- Everything you need to know to write effective alt text - November 27th, 2024
- Create or edit a hyperlink - Microsoft Support - November 27th, 2024
- Video: Check the accessibility of your document - Microsoft Support - November 27th, 2024
- Woman lives with unique condition that means she can still see where things are despite being blind - LADbible - November 27th, 2024
- Arrogance and inherent blindness: Civil probe slams Netanyahu for Oct. 7 failures - The Times of Israel - November 27th, 2024
- Are pistachios the secret to preventing blindness as you age? - The Times of India - November 27th, 2024
- AI is helping people with blindness navigate the world around them - Spectrum News 1 - November 27th, 2024
- Unraveling the Mysteries of Cerebral/Cortical Visual Impairment | Newswise - Newswise - November 27th, 2024
- The silent struggles of color blind students in the UK - News-Medical.Net - November 27th, 2024
- An ideal way to treat Indias corneal blindness problem - The Hindu - November 27th, 2024
- Elle Fanning Has Blush Blindness (and She's Not Afraid to Say It!)This $13 Product Is Key - Who What Wear - November 27th, 2024
- This simple nut is the key to fighting age-related blindness - The Economic Times - November 27th, 2024
- Morning Open Thread: To Lose in Ignorant Blindness What We Might Hold Fast - Daily Kos - November 27th, 2024
- The Murder Capital confirm details of third album Blindness - DIY Magazine - November 27th, 2024
- World report on vision - World Health Organization (WHO) - November 16th, 2024
- Eye care, vision impairment and blindness programme - November 16th, 2024
- $45,000 Raised to benefit SGML Eye Hospital near Ujjain, India for rural and underserved population to prevent blindness - The Indian Panorama - November 16th, 2024
- Foundation Fighting Blindness Funds 35 New Research Grants in FY2024, Renames Key Program to Honor Former Board Chair - PR Newswire - November 16th, 2024
- Fighting blindness with Love Tags - WFLA - November 16th, 2024
- Woman With Rare Disease Waiting For Blindness To 'Cure' Hallucinations - News18 - November 16th, 2024
- Color Blindness Market Is Anticipated To Grow In A Promising - openPR - November 16th, 2024
- Towards a truer vision of broader inclusivity - The New Indian Express - November 16th, 2024
- WHO launches first World report on vision - October 22nd, 2024
- Eye health, vision impairment and blindness - World Health Organization ... - October 22nd, 2024
- Onchocerciasis - World Health Organization (WHO) - October 22nd, 2024
- Eye care, vision impairment and blindness: Refractive errors - October 22nd, 2024
- Blindness Prevention and Control - World Health Organization (WHO) - October 22nd, 2024
- Onchocerciasis (river blindness) - World Health Organization (WHO) - October 22nd, 2024
- Trachoma - World Health Organization (WHO) - October 22nd, 2024
- Blindness is not a curse to be broken - America: The Jesuit Review - October 22nd, 2024
- Alfred University gives away two pairs of EnChroma glasses for color blindness - www.alfred.edu - October 22nd, 2024
- All the Plants We Cannot See - The Revelator - October 22nd, 2024
- ASI Power Summit 2024: How Blindness Helped Michael Hingson Survive the 9/11 Attacks - ASI - October 22nd, 2024
- People with blindness and their allies rally outside Uber and Lyft over ride denials - The Mercury News - October 22nd, 2024
- New Study Links Ozempic to BlindnessBut They Can Actually Protect Your Eyes - First For Women - October 22nd, 2024
- Conservatives Use Trump Assassination Attempt to Target Women in Anti-Diversity War - The American Prospect - October 22nd, 2024
- Google AI to help detect preventable blindness in India and Thailand - Techloy - October 22nd, 2024