AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

New attack strategies in Italy: the adaptability of phishing

Evolution of cyber attacks: discovering personalized phishing tactics

CERT-AgID reported an evolution in phishing methods called "adaptive phishing", which customizes email attacks to increase their effectiveness, using authentic victim logos and websites.

This pill is also available in Italian language

“Adaptive phishing” emerges as a sophisticated evolution of phishing attacks, reported by CERT-AgID. This method is characterized by the ability to dynamically modify the contents of fraudulent pages, depending on the target organization, exploiting the particular email domain. This allows attackers to increase the effectiveness of their deception, making it personalized and therefore potentially more insidious.

Innovations in the practice of adaptive phishing

Initial use of this technique included the creation of fake authentication forms enriched with a company logo and name, obtained via the Clearbit Logo API. Progressive refinement has led to the deployment of additional services such as thum.io, which takes authentic screenshots of victim sites, using the domain name. These screenshots are then displayed as wallpaper, increasing the realism of the attack and making it difficult for users to detect.

Telegram as a tool for cybercriminals

An in-depth analysis revealed that the credentials obtained through the fake login pages are stored on the server hosting the fraud and simultaneously sent to a bot on Telegram. This detail highlights the versatility and danger of adaptive phishing attacks, as they can exploit legitimate platforms for the management and transfer of stolen information.

Importance of prevention in combating adaptive phishing

Adaptive phishing poses a significant threat to the integrity of corporate information, as it aims to obtain sensitive data, such as login credentials. It is therefore crucial for business entities and users to adopt preventive strategies and maintain a high guard. In the meantime, CERT-AgID has taken proactive measures, requesting the deactivation of malicious domains and communicating the Indicators of Compromise to the assisted public administrations through the IoC Flow channel.

Follow us on Facebook for more pills like this

03/06/2024 19:59

Marco Verro

Last pills

Serious vulnerability discovered in AMD CPUs: invisible malware riskCritical flaws put AMD CPUs at risk: how hackers can gain stealth, persistent access to your systems

Shocking discovery in the world of browsers: a backdoor that has been exploited for 18 yearsHackers able to access private networks via backdoors in major web browsers

AI Act: new rules that will change the future of technologyNew rules for artificial intelligence: how the AI Act will change the technological and industrial landscape in Europe. Discover the challenges, opportunities and importance of international cooper...

Digital chaos: global connection issues hit Azure and Microsoft 365Microsoft's cloud services in haywire: here's what's happening and how the company is responding