Proofpoint closes acquisition of Tessian. Read More ->

Request a demo
Request a demo
Request a demo
Request a demo
Request a demo

Tessian Threat Intel Roundup for June

Charles Brook • Tuesday, July 5th 2022
Tessian Threat Intel Roundup for June

Tessian Cloud Email Security intelligently prevents advanced email threats and protects against data loss, to strengthen email security and build smarter security cultures in modern enterprises.

The Tessian Threat Intel team continues its focus on business email compromise (BEC) campaigns. We issued a Threat Advisory for a PayPal themed campaign we have been tracking since January.

 

The threat actors in this campaign are seeking to illicit payment fraud and potentially compromise credentials. Other key threats that we are focussing on include increasingly advanced methods for Account Takeover (ATO) and the persistent threat of email-delivered ransomware, including a spike of wiper-malware.

Sign-up for our Threat Intel update to get this monthly update straight to your inbox.

Tessian's Threat Intel

 

Tessian Threat Intelligence has recently tracked and observed scammers, on numerous occasions sending emails with fake invoice payment requests from payment service providers such as PayPal.

From early evidence we are seeing, online fraud campaigns are on the rise, with the potential to evolve to ATO based attacks.

Although the primary targets are private consumers, we are likely to see similar attacks targeting vendors and suppliers in the enterprise.

The increasing sophistication and targeted nature of attacks observed across the cybercrime landscape represent the maturation of cyber crime, with threat actors targeting specific entities rather than random targets.

A number of these phishing attacks are leveraging open source information, as well as relying on information gathered from previous data breaches to identify high yield targets.

Tessian's Threat Intel

 

Tessian Threat Intel continues to track BEC and payment fraud campaigns with executive impersonation observed as a consistent theme. 

Cryptocurrency payment fraud has already resulted in over $1billion in losses according to the FTC and is up 60x in 2021 compared to 2018.

Ransomware-as-a-Service gang activity emanating from Russia is on the rise once again, with REvil re-emerging after an initial law enforcement crackdown.

Wiper-malware is surging in 2022, first seen in Russian cyber attacks against Ukraine.

Russian APT groups have been observed exploiting the Follina vulnerability. 

Microsoft released a patch for Follina in June but we may see a spike in attachment-themed phishing abusing the vulnerability before the fix is widely implemented.

Chinese APT groups have been using ransomware as a decoy to carry out espionage campaigns.

Other attack campaigns that have captured our attention include the increasing phenomenon of voicemail themed phishing campaigns observed by Zscaler.

We expect email delivered ransomware, including the growing prominence of wiper-malware to remain leading threats in 2022.

A recently launched carding site ‘BidenCash’ gave away a list of stolen card details for free across darkweb forums to promote their store.

Tessian's Threat Intel

 

Having intelligent and layered cybersecurity defenses in place, particularly securing email and the endpoint, are critical for staying safe.

Leveraging behavioral cybersecurity solutions that can detect sophisticated social engineering attempts is essential, as threat actors continually develop intelligent methods to bypass rule-based security controls.

Practicing good cybersecurity hygiene and regularly testing your security controls, including business continuity and disaster resilience capabilities, are of fundamental importance to cyber resilience.

Conducting in-the-moment and contextual cybersecurity awareness training on advanced email threats for your employees should be prioritized  – end-users are your first line of defense.

To see how Tessian prevents ransomware attacks, and protects against DLP, watch a product overview video or book a demo.

For the latest cybersecurity news and articles, sign up for our newsletter, and follow us on Twitter and LinkedIn

Charles Brook Threat Intelligence Specialist