A new level of sophistication has emerged in Business Email Compromise (BEC) campaigns, according to recent reports. These campaigns, which involve impersonating brands to deceive individuals and organizations, continue to rely heavily on masquerading as representatives of Microsoft.
In one such campaign, known as “Muddled Libra,” cybercriminals utilize social engineering techniques to convince victims to transfer funds or disclose sensitive information. Stephanie Ragan, a Senior Consultant at Unit 42, joins David Moulton in a discussion on this particular threat in the latest episode of Threat Vector.
In addition to BEC campaigns, other cybersecurity trends have been observed. The Q2 2023 Threat Landscape Report by Kroll highlights the prevalence of supply chain infiltrations as a significant concern. These attacks target vulnerable points within an organization’s supply chain, allowing threat actors to gain unauthorized access and further compromise the targeted network.
Another prevalent issue is synthetic identity fraud, which has been identified as a growing problem by TransUnion. This form of fraud involves creating fake identities by combining real and fabricated information. This makes it difficult for traditional verification processes to detect and prevent such fraudulent activities.
While cyber threats continue to evolve, so do the strategies employed by those responsible for countering them. Andrea Little Limbago from Interos shares insights on the new cyber workforce strategy, emphasizing the importance of building a diverse and skilled cybersecurity workforce to effectively combat emerging threats.
Meanwhile, the death of Yevgeny Prigozhin, a prominent figure associated with Russian influence operations, has raised questions about the future trajectory of such operations. The Washington Post suggests that while some changes may occur at the edges, the impact of Prigozhin’s absence remains to be seen.
In a shrewd scheme with implications beyond cybercrime, a Russian Duma deputy chair found himself embroiled in controversy after his leaked emails revealed alleged involvement in the sale of counterfeit iPhones. It’s unclear whether these activities were connected to his official position or simply a side hustle, but the incident highlights the risks associated with inappropriate conduct by public officials.
Meanwhile, Microsoft continues to be a favorite target for phishing attacks. Abnormal Security’s research indicates that Microsoft remains the most impersonated brand in phishing attacks, with cybercriminals exploiting its reputation and widespread adoption to trick unsuspecting individuals and organizations.
Furthermore, recent court cases have shed light on the activities of the hacking group Lapsus$. Two teenage members of the group were convicted in the UK for carrying out a hacking spree, targeting multiple tech firms. These cases serve as a reminder of the ongoing challenges posed by young, tech-savvy individuals who exploit vulnerabilities for personal gain.
In the realm of virtual currencies, the US Department of the Treasury has designated Roman Semenov, the co-founder of Tornado Cash, a virtual currency mixer, for alleged involvement in money laundering activities. This move underscores the government’s commitment to combating illegal financial activities facilitated by virtual currencies.
The cybersecurity landscape continues to evolve, with threat actors becoming more sophisticated in their approaches. As organizations and individuals face increasingly complex cyber threats, it is crucial to stay informed about the latest trends and developments to effectively protect against potential attacks.