Weekly Email Security News Recap #3 [November 2022]

November 21, 2022

3 Min Read

Last year, email-based attacks grew by over 7% from May to August 2021. In 2022’s Q1, the Anti-Phishing Working Group (APWG) observed 1,025,968 phishing attacks—the highest number the APWG ever recorded in one quarter.

Phishing is growing every year and is a considerable threat. Some researchers discovered that workers get an average of 14 malicious emails annually. Some industries, like retail, were especially hit hard, receiving an average of 49.

This month, there was a boom in cybersecurity news and email security news. Google agreed to a $391.5 million historic privacy settlement, while Meta fired employees for accessing users’ accounts and selling them to hackers.

Here are some cybersecurity news and email security news stories making headlines this week.

Massive Phishing Attack Campaign Through 42,000 Imposter Domains

Since 2019, a large-scale phishing campaign has been exploiting the popularity and trust of famous international brands. The group is said to originate from China and is financially motivated. The cybercriminals, dubbed “Fangxiao” by Cyjax, have registered over 42,000 imposter domains since 2017.

The threat actors target businesses across various industries, including banking, travel, retail, and energy.

Victims are tricked into spreading the campaign via Whatsapp by financial motivations as follows:

Users click on a link sent through a messaging app.
They’re then directed to an actor-controlled website.
The website sends them to a landing domain impersonating a famous brand.
The victims are taken to websites distributing fraudulent apps and fake rewards.

These websites encourage visitors to complete a survey to claim cash prizes if they forward the message to 20 friends or five groups.

The final redirect depends on the IP address of the victim and the browser’s User-Agent string.

More than 400 organizations are being imitated because of the criminal scheme. These organizations include:

Coca-Cola
McDonald’s
Shopee
Emirates
Indomie
Unilever
Knorr

Large organizations like the ones mentioned above are impersonated daily, making this campaign an effective method to lure victims to various domains, implant malware, use referral links, and become exposed to ads and adware.

This kind of cybersecurity news story proves how crucial domain security is to all organizations — no matter their size.

Over 1,300 Companies Worldwide Targeted by Hive Ransomware Attackers

Over 1,300 companies worldwide have been attacked by a Hive ransomware-as-a-service (RaaS) scheme, which earned the gang $100 million in illegal payments as of November 2022.

A wide range of business infrastructure sectors has been damaged by the ransomware, including:

Communications
Government facilities
Critical manufacturing
Information technology

The U.S. cybersecurity and intelligence authorities said in an alert that healthcare and Public Health (HPH) had also been targeted.

Since June 2021, Hive’s RaaS operation has involved developers who make and control the malware and affiliates responsible for leading the attacks on target networks by buying initial access from brokers.

The cybercriminal recently upgraded its malware to Rust as a detection evasion measure.

The CISA stated that Hive actors had been known to reinfect (with either Hive or another ransomware variant) the networks of targeted organizations who have fixed their network without providing a ransom payment.

Malwarebytes, a cybersecurity company, shared data which confirms Hive compromised about seven victims in August 2022, 14 in September, and two other entities in October. It also recorded a decrease in activity from July, when the group targeted 26 victims.