Stay Informed: The Evolving Face of Phishing Attacks! 🔍 

Nov 22 2023

.bh__table, .bh__table_header, .bh__table_cell { border: 1px solid #C0C0C0; }
.bh__table_cell { padding: 5px; background-color: #FFFFFF; }
.bh__table_cell p { color: #2D2D2D; font-family: ‘Helvetica’,Arial,sans-serif !important; overflow-wrap: break-word; }
.bh__table_header { padding: 5px; background-color:#F1F1F1; }
.bh__table_header p { color: #2A2A2A; font-family:’Trebuchet MS’,’Lucida Grande’,Tahoma,sans-serif !important; overflow-wrap: break-word; }

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that thinks it's okay to just let cybercriminals die #Sunak #Cummings 🐵💀😂 

Today’s hottest cybersecurity news stories: 

  • 🎭 CAPTCHA me if you can: Phishing QR and steganography 🎣 

  • 🕵️ Enter Agent Tesla: Hello ZPAQ Compression in email attacks 📧 

  • ▶️ ‘Play’ ransomware is now a RaaS. Hackers: All work and no _ 😈 

What’s the worst thing about multi-stage phishing attacks?

They’re wrong on so many levels 😏 

🔐 Stay Informed: The Evolving Face of Phishing Attacks! 🔍 

Phishing attacks are reaching new heights of sophistication, and it's crucial to stay ahead of the game! 😱 Here's a deeper dive into the latest trends: 

🚫 Quishing – QR Codes Beware:  

Quishing, a blend of "QR" and "phishing," is making waves in 2023. Cybercriminals sneak malicious links into QR codes, avoiding traditional filters that focus on text-based threats. The result? A rising threat that demands our attention! 

🔗 Stay Safe with ANY.RUN:  

Analysing QR codes in a secure environment is key. Use ANY.RUN to dissect QR codes, spot potential threats, and keep your data safe. Knowledge is power—empower yourself against Quishing! 

🤖 CAPTCHA-based Attacks Unveiled:  

CAPTCHAs, designed to block bots, are now being exploited by attackers. Through Randomised Domain Generated Algorithms and CloudFlare's CAPTCHAs, cybercriminals mask phishing forms on fake websites, outsmarting automated security systems. 

👁️ Spotting the Fake: See a real-world example targeting Halliburton employees. First, pass a CAPTCHA check, then encounter a convincing Office 365 login page. Learn to distinguish the real from the fake to protect your credentials! 

🎭 Steganography Unveiled:  

The art of hiding malicious code within images, videos, or files is on the rise. A phishing email tricks users into downloading an innocent-looking file from a fake government organisation email. Inside? A VBS script that unleashes hidden malware upon execution. 

🧐 Stay Vigilant and Cyber Aware:  

Be cautious of emails with attachments or links, even seemingly legitimate ones. Cybersecurity is a shared responsibility—know the threats to stay protected! 🛡️ 

Stay savvy, stay secure! 💻🔒 

Cybersecurity is more important than ever, and your Mac or PC are no exception. Over time, your Mac or PC can accumulate junk files, malware, and other threats that can slow it down and make it vulnerable to attack.

That's where MacPaw comes in. MacPaw offers a suite of easy-to-use apps that can help you clean, optimize, and secure your Mac. With MacPaw, you can:

  • Remove junk files and malware to free up space and improve performance

  • Protect your privacy by erasing sensitive data

  • Optimize your startup settings to speed up boot times

  • Manage your extensions and apps to keep your Mac or PC running smoothly

Since 2008 MacPaw is trusted by over 30 million users worldwide, and it's the perfect solution for keeping your Mac or PC safe and secure.

I’ll Tesla what, this new ZPAQ attack is bloody scary 😬  

🚨 Cybersecurity Alert: New Agent Tesla Malware Variant Emerges! 🤖 

A fresh variant of the notorious Agent Tesla malware has surfaced, employing a sneaky delivery tactic via ZPAQ compression files. 🦠 This new approach aims to harvest data from various email clients and almost 40 web browsers. What you need to know: 

🔄 ZPAQ Compression:  

The malware utilises ZPAQ, a compression format with a superior compression ratio but limited software support. ZPAQ archives may be smaller, saving space and bandwidth, but their uniqueness poses a challenge for security tools. 

💻 Agent Tesla Overview:  

First appearing in 2014, Agent Tesla is a keylogger and remote access trojan (RAT) offered as part of a malware-as-a-service model. It's a go-to for cybercriminals, often serving as a first-stage payload to gain access and download more potent tools like ransomware. 

📧 Delivery Method:  

The malware arrives via phishing emails, with recent campaigns exploiting a six-year-old Microsoft Office vulnerability. The latest twist involves a ZPAQ file posing as a PDF. Opening it extracts a .NET executable, cleverly inflating its size to 1 GB to bypass security measures. 

⚠️ Unusual Tactics:  

The attack aims to infect endpoints with obfuscated Agent Tesla through uncommon file formats, making detection challenging. The endgame is establishing command-and-control via Telegram. 

🤔 Security Implications:  

This development highlights threat actors experimenting with unconventional file formats. Stay vigilant for suspicious emails, keep systems updated, and be cautious of unfamiliar archive tools. 

🛡️ Stay Protected:  

Users must remain alert, as threat actors adapt. Regularly update systems, exercise caution with email attachments, and stay informed about evolving cybersecurity threats. 

Stay safe in the digital realm! 🌐🔒 

🎣 Catch of the Day!! 🌊🐟🦞

🃏 The Motley Fool: “Fool me once, shame on — shame on you. Fool me — you can't get fooled again.” Good ol’ George Dubya 😂 Let us tell who’s not fooling around though; that’s the Crüe 👀 at Motley Fool. You’d be a fool (alright, enough already! 🙈) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! 🐛 Kidding aside, if you check out their website they’ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets 🤑 (LINK)

🚵 Wander: Find your happy place. Cue Happy Gilmore flashback 🏌️⛳🌈🕊️ Mmmm Happy Place… 😇 So, we’ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, it’s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway 🏞️😍 (LINK)

🌊 Digital Ocean: If you build it they will come. Nope, we’re not talking about a baseball field for ghosts 👻🍿 (Great movie, to be fair 🙈). This is the Digital Ocean who’ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website you’ll find yourself catching the buzz even if you can’t code (guilty 😑). But if you can and you’re looking for somewhere to test things out or launch something new or simply enhance what you’ve got, we’d recommend checking out their services fo’ sho 😉 And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! 🌿 (LINK)

Hackers: You gotta Play to win 💀

🚨 Alert: Play Ransomware Evolves into RaaS—What You Need to Know! 🎮 

New evidence from cybersecurity experts Adlumin reveals a concerning development: the Play ransomware is now offered "as a service" to other threat actors. 🔄 This shift marks a significant change in its operations: 

👥 Ransomware-as-a-Service (RaaS):  

Adlumin's report indicates that affiliates are purchasing Play as a service, following step-by-step instructions from playbooks provided. The lack of variations in recent attacks suggests a systematic approach guided by the RaaS model. 

🔍 Consistency in Attacks:  

Various Play ransomware attacks across sectors show uncanny similarities—using the same tactics and sequence. From hiding malicious files in the public music folder to identical passwords for high-privilege accounts, the attacks follow a playbook. 

🌐 Play's Background:  

Initially emerging in June 2022, Play exploited Microsoft Exchange Server vulnerabilities to infiltrate networks. Known for utilising custom tools like Grixba for double extortion, what sets Play apart is that the developers were directly involved in the attacks. 

💼 Transformation into RaaS:  

The Play ransomware's transformation into a RaaS operation makes it an attractive option for cybercriminals. Adlumin warns that the availability of ransomware kits with comprehensive support could entice script kiddies, leading to a potential surge in incidents. 

🛡️ Prepare for Impact:  

As RaaS becomes more accessible, businesses and authorities need to brace for a growing wave of incidents. The all-inclusive nature of RaaS kits, including documentation, forums, technical support, and ransom negotiation assistance, makes it tempting for less experienced hackers. 

Stay vigilant, stay secure! 🔒🛑 

🗞️ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.

  • Libby Copa: The Rebel Newsletter helps writers strengthen their writing and creative practice, navigate the publishing world, and turn their art into an act of rebellion.

  • Techspresso: Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)

Let us know what you think!

So long and thanks for reading all the phish!

Recent articles