sb-nz logo
Story image

Google most popular brand to impersonate in phishing campaigns - report

It’s no secret that phishing campaigns are now regarded as among the most prevalent cybersecurity threats as COVID-19 strands people at home, but after months of isolation, official data has confirmed it. 

A new report from Barracuda released today shows 100,000 attacks impersonating reputable brands, including Google and Microsoft, have targeted remote workers between January 1 and April 30 2020.

65% of this figure impersonated Google, mostly via file-sharing and storage websites – including (25%) (23%), (13%), and (4%).

More generally, 4% of all spear-phishing attacks in the period between January and April were made up by Google-brand impersonations, with that number expected to climb.

“Brand-impersonation spear-phishing attacks have always been a popular and successful method of harvesting a user’s login credentials, and with more people than ever working from home, it’s no surprise that cyber criminals are taking the opportunity to flood people’s inboxes with these scams,” says Barracuda Networks UK systems engineer manager Steve Peake.

“The sophistication of these attacks has accelerated in recent times: now, hackers can even create an online phishing form or page using the guise of legitimate services, such as, to trick unsuspecting users."

Barracuda reported that Microsoft brands were targeted in 13% of attacks: (6%), (4%), and (3%). 

This comes as Microsoft warned its userbase this week of a new widespread COVID-19 themed phishing campaign that installs the NetSupport Manager remote administration tool to completely take over a user's system and execute commands on it remotely.

Microsoft’s Security Intelligence team claimed the campaign involved the usage of malicious Excel attachments to infect user's devices with a remote access trojan (RAT), with the initial attack beginning with an email impersonating the Johns Hopkins Center, a major source of credible COVID-19 news.

Spear-phishing campaigns like this, which trick victims into sharing login credentials, have enjoyed massive success during the pandemic. This is through a combination of factors, including heightened fears over a globally penetrating issue and the worldwide trend of remote working, which increases risk landscapes generally.

“Fortunately, there are ways to protect oneself against these cyber, such as implementing multi-factor authentication steps on all log-in pages so that hackers will require more than just a password to gain access to your data,” says Peake. 

“Other, more sophisticated methods of cyber protection include using email security software, such as API based inbox defence, which uses artificial intelligence to detect and block attacks.”

Link image
DevOps teams struggling to achieve enterprise scale - tips for enablement
Christian Oestreich, a senior software engineering leader with experience at multiple Fortune 500 companies, shares how a metrics-driven mindset can dramatically improve software quality and enable DevOps at enterprise scale.More
Story image
Why it’s essential to re-write IT security for the cloud era
Key components of network security architecture for the cloud era should be built from the ground up, as opposed to being bolted on to legacy solutions built for organisations functioning only on-premises or from only managed devices.More
Story image
Gartner: By 2023, 65% of the world will have personal data covered under modern privacy regulations
“Security and risk management (SRM) leaders need to help their organisation adapt their personal data handling practices without exposing the business to loss."More
Link image
How to better protect your organisation's most valuable asset - its data.
Data resilience strategies are becoming increasingly critical in relation to the skyrocketing value of data and the proliferation of malicious entities wishing to steal it.More
Link image
Webcast series: The necessary tools to secure a remote workforce
Experts from across the A/NZ region discuss the best security practices in a remote working world - with sessions available on the first Thursday of every month.More
Story image
Netlinkz revenue surges 846% as secure enterprise cloud technology gains traction
Executive chairman James Tsiolis believes this growth is the start of something much bigger.More