Spoofed CIO ‘pandemic guideline’ emails being used to steal credentials.
With COVID-19 restrictions lifting & workers trickling back to offices, threat players are ‘sharpening their spears’ to go phishing. The newest scam includes sending recipients emails purportedly from their CIOs welcoming employees back into offices.
The emails outline a company’s post-pandemic protocols, at the same time attempt to steal company & personal credentials.
Company’s Logo
“The body of the email appears to have been sent from a sou & rce within the company, giving the company’s logo in the header, as well as being signed spoofing the CIO,” Cofense outlined in a Thurs. report.
The fake newsletter explains return-to-work procedures are forcing employees to take new precautions relative to the pandemic, according to researchers.
Targets Credentials
The spoofed CIO email prompts victims to link to a fake Microsoft SharePoint page with two company-branded documents, both outlining new business operations. In this step the victim is not prompted to input any credentials.
“Instead of simply redirecting [victims] to a login page, this additional step adds more depth to the attack & gives the impression that they are actual documents from within the company,” states the report.
If a victim decides to interact (click) on either document a login panel appears & prompts the recipient to provide login credentials to access the files.
Phishing Pages
“This is uncommon among most Microsoft phishing pages where the tactic of spoofing the Microsoft login screen opens an authenticator panel,” the report observed. “By giving the files the appearance of being real & not redirecting to another login page, the user may be more likely to supply their credentials in order to view the updates.”
Another twist on the tactic serves up the message “Your account or password is incorrect” several times before taking the victim to an authentic Microsoft page, making them think they have successfully accessed the files.
Exploitation
With over half of US & UK adults now having received at least 1 vaccine shot, more employees are going back to work. HR consultancy Mercer reports 61% of enterprise employers hope to have half or more of their workforce back in the office by the end of the 3rd quarter 2021. Bellwether firms Microsoft & Google, for example, have already begun a measured process of re-populating their office cubicles with on premises staff.
This certainly is not the 1st time attackers have used COVID-19 to their advantage.
Vaccine-related spear phishing attacks grew 26% between Oct. 2020 & Jan. 2021, just as the life-saving drugs were being rolled out. Healthcare organisations & hospitals have been specifically targeted as they have been crushed under the weight of the pandemic. Between Jan. 2020 -Sept. 2020 10% of all organisations targeted by ransomware were hospitals or medical organisations.
Pandemic Relief Payments
Just last month, as govts. rolled out pandemic relief payments, attackers used fake US aid payments to deliver Dridex Malware.
“COVID-19 has given us a window into how hackers can exploit human vulnerabilities during a crisis, with healthcare & pandemic-related attacks prevalent in 2020,” Sivan Tehila with Perimeter 81 wrote recently.
Cyber-criminals thrive on change & only become emboldened by it, rolling out new cyber-crime offenses to exploit trending news events, she concluded.
https://www.cybernewsgroup.co.uk/virtual-conference-june-2021/