Cyber criminals are getting smarter every day, to the point they now can mirror most major websites without restraint. In a recent report, it was revealed over 8000 companies had been spoofed to send massive spam and false emails to attempt to steal people data.
These attacks are part of a new way of hacking that doesn’t even need your email to fool you. Dubbed Adversary-in-The-Middle attacks (AiTM), or Man-in-the Middle (MITM) these hackers start their attack like most cyber scams. By phishing for your social feeds and other sites their victims use, hackers can produce a plan of attack to get you to let your guard down.
In an AiTM attack, once in hackers execute more sophisticated and more lucrative attacks, ranging from ransomware deployment to Business Email Compromise (BEC) scams. AiTM adversaries may also use the AiTM position for purposes of monitoring or modifying traffic, such as in Transmitted Data Manipulation. Further, attackers can set up a position like AiTM in order to impede traffic flows to intended destinations. This can impair defenses and/or support network denials of service.(1)
In a recent report by the Israeli company Gaurdio Labs, they have determined over 8,000 domains of popular and common companies had been compromised in this manner, with over 13,000 subdomains on top of this. They believe that a group of actors calling themselves RessurecAds is behind these attacks. In a report shared to Hacker in news, “ResurrecAds' manages an extensive infrastructure encompassing a wide array of hosts, SMTP servers, IP addresses, and even private residential ISP connections, alongside many additional owned domain names.
Perhaps the biggest thing in the report is that this group is able to use old or outdated domain links of various well-known brands, with companies such as eBay, Marvel, UNICEF and other brands.
What this campaign does is ingenious and worrying. Instead of using standard phishing scams, they instead imbed their tricks in an image, which bypasses any security measure. The campaign is notable for its ability to bypass standard security blocks, with the entire body conceived as an image to evade text-based spam filters, clicking which initiates a series of redirections through different domains.
"These redirects check your device type and geographic location, leading to content tailored to maximize profit," the researchers explained.
"This could be anything from an annoying ad or affiliate link to more deceptive tactics like quiz scams, phishing sites, or even a malware download aimed at swindling you out of your money more directly.” (2)
The ability for phishers to bypass people security features and be able to spam them via using trusted names is a worrying trend. The fact that this one company was able to get 8000 domains potentially compromised via other methods shows that other malicious actors can easily do this, opening a new wave of attacks using old domains to spoof legitimate websites.
There are many steps you can take to mitigate your risk. These steps include:
- Never log onto websites that include banking, retail or sensitive information directly from an email. You should go directly to the website and type in the domain name.
- When conducting business and/or using credit card information, make sure the website has a secure connection.
- Use and set up multifactor authentication.
- Be wary of clicking onto icons embedded in websites and email. You should hover over them with your mouse first and see what the actual link is to before clicking.
Despite the implications that hackers have found a way around your security to get spams into your inbox, it does not mean your measures don’t work. It means vigilance is more important than ever. Emails should continue to be double check and verified. If you’re getting constant spam, it might be best to examine whether your information could be out there.
About Axis
Formed in 1999, Axis Insurance Services, LLC is a nationwide leader in the professional and management liability insurance industry, developing innovative risk management solutions for today’s evolving businesses. We offer insurance programs to a broad array of professionals and industries, including insurance agents/brokers, attorneys, commercial real estate firms, technology, healthcare/medical, financial institutions, architects/engineers, consulting firms, media and many others.
Given our strong presence among insurance agents and brokers, it only made sense to create a wholesale division: We launched PLRisk in 2014 and today the two firms provide retail and wholesale coverage solutions for Cyber Liability & Privacy/Network Security, Errors and Omissions, Directors and Officers, Employment Practices Liability, Commercial Crime and Fiduciary coverage.
For more information about our company, please click here.
