Cybercriminals Double Size of Large-Scale Phishing Campaign with SuperMailer
The use of legitimate tools for nefarious purposes is an age-old problem in cybersecurity. Recently, cybercriminals have been abusing the SuperMailer newsletter distribution app to launch a large-scale credential phishing campaign since January 2023, which has doubled in size each passing month. As per Cofense, this campaign began with only a handful of emails in January but has now reached thousands of inboxes.
How The Campaign Works
The main element that makes this campaign different is the unique string included in an embedded URL within phishing emails that is only visible to the email recipient by hovering the cursor over the link. The string links multiple different phish emails to the same campaign. Along with open redirects, varied senders, URL randomization, and reply chains, these techniques are used to penetrate technological phishing defenses. Even secure email gateways, such as those from Proofpoint, Microsoft ATP, Cisco Ironport, Mimecast, Fortinet, and TrendMicro, are failing to stop the phishing campaign.
The phishing emails reach the inboxes of users in different industries, including government, healthcare, financial services, media, technology, retail, transportation, and utilities. Cybercrime groups cast a wide net with this massive phishing campaign, seeking a large volume of targets to send thousands of emails. Even though the campaign uses basic content templates and randomization of very small portions of the email, it is still successful in obtaining password details from unsuspecting victims.
Combating Phishing Campaigns
The campaign raises questions about how to detect and prevent phishing attacks. Brad Haas, a cyber threat intelligence analyst at Cofense, believes that despite all efforts to educate organizations and individuals, phishing and socially engineered attacks will never be defeated. Although well-trained persons can identify threats and technology can detect known threats, detecting and preventing new and sophisticated phishing campaigns require sound intelligence and human intuition. Haas suggests deploying an IT security solution that incorporates both technology and human instinct.
Editorial
The abuse of legitimate tools and services for illegal purposes is not new. The use of SuperMailer, which is usually employed for legitimate purposes, and many other software tools to launch phishing attacks exposes shortcomings in technology. By findings its way into legitimate software, new and sophisticated phishing attacks continue to succeed and challenge cybersecurity technology, widening the gap between vulnerability and defense. Proper education and training of personnel within organizations in detecting and reporting potential cyber threats are still crucial for identifying and containing new campaigns.
Advice
It is essential to tackle the increasing threat of phishing attacks that exploit legitimate software using a multi-layered solution, combining technology, management, and both reactive and preventative measures. Organizations need to develop a capability to manage security risks and security choices, making the most use out of cutting edge solutions and human insight, incorporating the latest technological advancements to detect these attacks.
<< photo by Pascal Müller >>
You might want to read !
- A Deeper Look at the Surge in Malicious HTML Attachments: Threat Spotlight
- Hacking Campaign Expands to More Regions Within Ukraine, Experts Warn of Cyber Threats
- The Ongoing Threat of Rebinding Attacks on Web Browsers
- Uncovering the New Wave of Cyber Threats by Houthi-Linked Groups Targeting Android Users in the Arabian Peninsula
- Secrets Sprawl: The Urgent Need for Action in the Face of a Rising Threat
- The Importance of Understanding the Motivations Behind Data Breaches
