Get In Touch
Recently by Or Katz
On 14 July, 2020, Oliver Hough, a security researcher from Cyjax, published a report centered on a phishing campaign targeting banking customers in the United Kingdom, which evades two-factor authentication (2FA). On 16 December, 2020, researchers from the Global Threat Intelligence Team at WMC disclosed that they were tracking a threat actor who goes by the alias "Kr3pto".
A few years ago, I wrote a blog post trying to explain, with humor, why choosing application security as a career path is destiny derived by my parents calling me "Or", and why a personal name that is a conditional word can sometimes be challenging in daily routines, since some attack payloads contain conditional words.
2020 was a challenging year for many of us, as the COVID-19 pandemic disrupted life and introduced challenges in almost all elements of living. 2020 was also challenging from a cybersecurity point of view, as nearly the entire workforce moved to remote working and enterprise boundaries were never so vague, which introduced complexities on that end. As this year comes to an end, it's time to look back and highlight
Overview The phishing landscape is constantly evolving. Over the years, it has evolved into a more scalable threat, with an overwhelming amount of campaigns being launched daily. Phishing also changed when criminals started adding more capabilities and features to their toolkits, which make the phishing websites long lived and difficult to detect.
Overview Over a year ago, Akamai's threat research team published research regarding a widely-used phishing toolkit we referred to as the "Three Question Quiz". It's now time to review the evolution of the toolkit, the associated campaigns that we tracked in the wild, and the potential damage caused by those campaigns in the past year.
Researchers at Akamai have identified a new phishing campaign targeting users in Brazil who are worried about their finances during the COVID-19 epidemic. Over two weeks, we identified that the three-question quiz campaign successfully targeted more than 850,000 victims, scamming them out of personal information, and in some cases, convincing them to install Adware on their computer.
Recently, researchers at Akamai observed phishing attacks leveraging recycled kits in a series of campaigns taking advantage of the Coronavirus (COVID-19) health crisis. Phishing kits that have been previously deployed over the last several months are now being used again in order to reach a new pool of potential victims: those working from home due to self-isolation, mandated quarantine, or corporate policy during the pandemic.