SEARCH
 
Home   Suggestions   Enquiry   Advertise with us
Thursday, June 1, 2023
 
NEWS SCIENCE
Read News in
 


Cybercriminals use 3 new novel tactics in phishing in Jan: Report
New Delhi |Saturday, 2023 1:15:08 AM IST

Post Comment Read Comments
 

Cybercriminals used three new novel tactics such as misuse of web translation, image-only emails, and the insertion of special characters in phishing attacks during January 2023, a new report has shown.

While the overall volume of attacks using these tactics is currently low (each tactic accounts for less than 1 per cent of attempted phishing attacks), they are widespread, affecting between 11 per cent and 15 per cent of organisations, often with multiple attacks, according to IT security firm Barracuda Networks.

"With cyberattack rising rampantly in India in recent times, cybercriminals continue to develop their phishing approaches to trap unwary recipients and avoid being spotted and blocked. To defend your organisation, one needs the latest AI-enhanced email protection that can effectively inspect the context, subject, sender, and more to determine whether a benign-looking email is in fact a well-disguised attack," said Parag Khurana, Country Manager, Barracuda Networks India.

The first tactic involves using Google Translate web links.

The attackers use poorly-formed HTML pages or a non-supported language to prevent Google from translating the webpage. Google responds by providing a link to the original URL stating that it cannot translate the underlying website.

The attackers embed that URL link in an email, and if a recipient clicks on it, they are taken to a fake but authentic-looking website that is in fact, a phishing website controlled by the attackers.

The second tactic involves using Image-based attacks by spammers, and the researchers have found that attackers are now increasingly using images, without any text, in their phishing attacks.

These images, which can be fake forms such as invoices, include a link or a callback phone number that, when followed up, leads to phishing.

As these attacks do not include any text, traditional email security can struggle to detect them, said the report.

Data shows that around one-in-10 (11 per cent) organisations were targeted with this type of phishing email in January 2023, each receiving on average around two such emails during the month.

The third tactic involves using special characters by hackers, such as zero-width Unicode code points, punctuation, non-Latin script, or spaces, to evade detection.

This tactic is also used in "typo-squatting" web address attacks, which mimic the genuine site but with a slight misspelling.

However, when used in a phishing email, the special characters are not visible to the recipient.

Such attacks can also be difficult to detect because special characters can be used for legitimate purposes, such as in email signatures, the report mentioned.

In January 2023, more than one-in-seven (15 per cent) organisations received phishing emails that use special characters in this way, each receiving on average around four such emails during the month.

--IANS shs/vd

( 463 Words)

2023-03-17-19:08:01 (IANS)


 

 
 
 
 
SocialTwist Tell-a-Friend
 
 
MORE SCIENCE NEWS
Researchers give more insight into assoc...
Study reveals risk of cardiovascular dis...
Study finds ways to advance goals of equ...
Active ionisation of air noise reduction...
More...
 
TOP NEWS WORLD ASIA
Delhi Finance Minister Kailash Gahlot ch...
"Absolutely no cause for cheer in today'...
Ahmednagar district to be named after Ah...
Will support victim's family in every po...
More...    
 
 
 
TRENDING TOPICS
 
 
CITY NEWS
     
 
 
 ARCHIVES
 
News:
 
 

Copyright 2000 - 2023 Suni System (P) Ltd. All rights reserved