Enterprises throughout Australia and the APAC area have been warned that cyber criminals are exploiting fashionable platforms like Atlassian to launch extra convincing phishing assaults on regulation corporations and different firms. These assaults intention to steal worker credentials and breach firm cyber safety defences.
Ryan Economos, APAC subject chief know-how officer at e mail safety agency Mimecast, informed TechRepublic that such phishing assaults are uncommon of their use of Atlassian as a canopy. However he famous that phishing assaults have gotten more and more subtle, due to phishing kits and AI, which make it simpler for cyber criminals to execute their actions.
Atlassian workspaces, Japanese ISPs, and a compliance cowl story
Mimecast’s World Risk Intelligence Report 2024 H1 reported on the emergence of a brand new phishing tactic that used a compliance replace cowl story to focus on regulation agency staff. The phishing assaults:
Leveraged fashionable native model Atlassian’s workspaces, in addition to different unified workspace platforms, together with Archbee and Nuclino, to ship staff dangerous emails that regarded acquainted and bonafide.
Used system compliance updates as a canopy, instructing staff by way of e mail that they wanted to replace their gadgets to stay compliant with firm coverage.
Have been designed to redirect those that clicked the hyperlink to a faux firm portal, the place attackers may harvest credentials and different delicate data.
Embedded the phishing hyperlink in an e mail despatched from addresses related to Japanese ISPs.
“There’s numerous personalisation within the emails equivalent to particulars of a ‘system’ and a number of other references to the corporate area they’re sending these campaigns to extend validity,” Mimecast’s report mentioned.
SEE: Australia’s authorized career is speeding to undertake AI
“The sender deal with title all the time refers back to the goal organisation’s area title with the intention of fooling finish customers into considering it’s from their inside division.”
Extra Australia protection
The rising sophistication of phishing assaults
Economos famous that whereas the marketing campaign initially focused Australian regulation corporations, it has since expanded to different industries and is not confined to the authorized sector. He highlighted a number of features of the marketing campaign that point out rising sophistication amongst menace actors.
Use of Atlassian and different workspaces
Economos mentioned the rising use of Atlassian workspaces was a more moderen growth for the market.
“Mimecast continues to see menace actors making use of providers equivalent to OneDrive and Google Docs to host information or hyperlinks of their campaigns, however the usage of workspaces equivalent to Atlassian has not been closely abused beforehand,” he mentioned.
A part of the marketing campaign was an e mail that gave the impression to be from Atlassian’s Confluence product. Mimecast referred to a “noticeable enhance in the usage of Atlassian” to evade detection in current instances.
“Abuse of respectable providers is an ongoing and evolving problem,” Economos mentioned. “Attackers will proceed to leverage respected sources to launch and host their campaigns, in an try to evade detection.”
SEE: The alarming state of knowledge breaches in Australia in 2024
Harvesting of tracker information intelligence
The marketing campaign used postmark URLs to redirect customers to the unified workspace options. Postmark URLs permit attackers to collect information equivalent to location, browser particulars, and which a part of the e-mail was clicked, enabling them to leverage this intelligence to make the phishing lure extra convincing.
A number of URL obfuscation strategies
Making it harder for customers to establish the true vacation spot of the URL, the phishing marketing campaign used “a number of obfuscation strategies,” Mimecast mentioned. This contains a number of redirections inside the URL, encoded characters, and the insertion of monitoring parameters.
Enlisting unsuspecting Japanese ISPs
Though the usage of Japanese ISPs just isn’t distinctive to this phishing marketing campaign, Economos famous that they had been exploited as soon as once more, as that they had in a number of earlier assaults.
“It continues to reveal the lengths that menace actors will go to as a way to efficiently generate assaults on organisations,” he commented.
Phishing assaults will get simpler to mount — and extra convincing
Phishing remains to be among the many commonest cyber threats amongst organisations, Economos mentioned.
Generative AI and machine studying, whereas additionally serving to defenders cease assaults, is predicted to extend the sophistication and enhance the concentrating on and content material of phishing campaigns. This may drive defenders’ must detect and rapidly reply to new and novel assault strategies.
SEE: APAC staff are selecting comfort over cyber safety
“The largest evolution has been the speed and accuracy of phishing threats, via the usage of phishing kits, automation, and AI-based applied sciences,” Economos mentioned. “These platforms permit even low-skill-level attackers to launch large-scale campaigns and a capability to rapidly craft extra convincing phishing emails to evade detection by conventional safety instruments.”
Economos additionally famous the rise of pretexting — the place a cyber prison will analysis and pose as a personality to offer a convincing story or “pretext” to trick the phishing sufferer — in addition to Enterprise E mail Compromise, as important elements within the evolution within the phishing menace panorama.
“As our work surfaces proceed to diversify, menace actors are diversifying the vectors they exploit past e mail, concentrating on social media platforms, collaboration instruments like Microsoft Groups, Slack, and OneDrive proper via to vishing and smishing assaults utilizing telephone calls or textual content messages to deceive victims,” he mentioned.