While there has been a slight increase in the traditional email phishing attack, the other trends include social media impersonation scams, dark web threats, hybrid vishing attacks, and BEC attacks.
The scams work in a similar manner as on other platforms. Scammers create professional-looking fake profiles and attempt to strike up conversations with users using the in-built messaging feature.
According to Bitdefender researchers, the operators behind the RIG exploit kit have swapped the Raccoon Stealer malware with Dridex trojan as part of an ongoing campaign that commenced in January 2021.
Affected vendors include Baker Hughes (Bentley Nevada), Emerson, Honeywell, JTEKT, Motorola, Omron, Phoenix Contact, Siemens, and Yokogawa. One of the impacted vendors has not been named as the disclosure process is still ongoing.
According to Secureworks’ Counter Threat Unit (CTU) research team, two activity clusters related to HUI Loader have been connected to Chinese-speaking threat actors, namely Bronze Riverside and Bronze Starlight.
On June 10, the company started to inform potentially impacted individuals of a data breach that occurred on March 25, and which might have resulted in their personal information being accessed by a third-party.
While the real MetaMask doesn’t require its users to verify or provide KYC details, dealing with verification requests can be a frustrating experience, possibly causing recipients to be less cautious.
Malware delivered to email accounts rose 196% in 2021 year-on-year, according to Trend Micro, which warns that email remains a major avenue for criminals looking to deliver malware and phish account credentials.
Tracked as CVE-2022-31083 and issued a CVSS severity score of 8.6, the security issue is described as a scenario in which the authentication adapter for Apple Game Center’s security certificate is not validated.
CERT-UA issued two separate alerts unveiling the malicious activity by APT28 and UAC-0098 hacker groups as they weaponized Follina to deploy Cobalt Strike beacon and CredoMap malware, respectively. APT28 is sending emails laden with a malicious document that tries to exploit the fear among Ukrainians about a potential nuclear attack.