{"id":77982,"date":"2024-04-26T12:05:54","date_gmt":"2024-04-26T04:05:54","guid":{"rendered":"https:\/\/version-2.com\/?p=77982"},"modified":"2024-04-24T12:12:18","modified_gmt":"2024-04-24T04:12:18","slug":"spray-and-pray-tactics-get-an-upgrade-msps-face-advanced-phishing","status":"publish","type":"post","link":"https:\/\/version-2.com\/en\/2024\/04\/spray-and-pray-tactics-get-an-upgrade-msps-face-advanced-phishing\/","title":{"rendered":"Spray-and-pray tactics get an upgrade. MSPs face advanced phishing"},"content":{"rendered":"
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

\"\"<\/p>

Cybercriminals leverage AceCryptor and Rescoms (RAT) to upgrade spam phishing messages difficult to recognize by both humans and machines. To defend, MSPs automate protection.\u00a0<\/span><\/em><\/p>

When cybersecurity experts and vendors describe phishing attacks<\/a>, they usually split them into two big groups.<\/p>

The first group consists of spam campaigns targeting a broad general audience with simple fraudulent messages. This approach has a low success rate but can be easily deployed en masse. The second group involves sophisticated attacks tailored for a specific person or group of people. This requires more time and planning; however, this effort pays off with higher success rates and\/or other value that attackers derive.<\/p>

But there are also attacks that stand somewhere in the middle and benefit from both approaches. For example, their fraudulent messaging is simple and can target broader audiences, but at the same time they are able to avoid the usual phishing red flags<\/a>, largely because malicious email attachments are obfuscated with specialized tools.<\/p>

ESET researchers documented<\/a> such an attack when they discovered an email phishing campaign targeting European businesses.<\/p>

Advanced phishing campaigns using AI and various evasion techniques are on the rise<\/a> and can pose a challenge even for managed service providers (MSPs), which aim to deliver seamless IT services, including cybersecurity, to their customers while also keeping in mind their own protection. Risk from these types of campaigns are mounting because even the most focused employees may fall victim to malicious emails despite previous awareness training. Moreover, basic types of anti-phishing protection may be unable to detect these threats.<\/p>

To address these risks, ESET has beefed up the prevention capabilities, incorporating advanced Anti-Malware, Antispam, and Anti-Phishing<\/a> protection into ESET PROTECT, a formidable cyber threat prevention, detection, and response platform that MSPs can utilize. Having all these automated layers of protection in one service, ESET PROTECT minimizes the email attack surface, simultaneously reducing the complexity of subsequent security processes.<\/p><\/div>

The most prevalent attack<\/h3><\/header>

Year after year, numerous surveys and reports confirm that phishing is the most prevalent attack vector.<\/p>

The latest ESET H2 2023 Threat Report<\/a> shows that malicious HTML files sending victims to phishing websites (HTML\/Phishing.Agent trojan) remain by far the most numerous type of email threat. Overall, these attacks comprise almost a quarter (23.4 percent) of all cyber threats detected by ESET.<\/p>

When it comes to the business sector, one in four U.S. companies<\/a> that faced a cyberattack noticed that the initial vector was phishing in 2022.<\/p>

Between 2017 and 2023, the proportion of phishing attacks among all cyberattacks reported by U.K. organizations (businesses and charities) rose from 72% to 79%, according to a survey<\/a> conducted by the U.K. Department for Science, Innovation and Technology. Also, 56% of the surveyed businesses responded that they consider phishing attacks as the most disruptive that businesses face.<\/p><\/div>

Phishing doesn\u2019t have to be simple<\/h3><\/header>

Many of these phishing campaigns can be easily dodged by following simple awareness <\/a>advice. However, as with most things in the world of IT, things are getting more complex and sophisticated \u2014 so is phishing<\/a>.<\/p>

ESET researchers spotted one of the latest examples of this trend just recently when monitoring the Remote Access Trojan (RAT) Rescoms, also known as Remcos.<\/p>

RATs are malware that allows attackers to remotely control an infected computer, and ESET researchers discovered several recent email phishing campaigns using Rescoms and targeting businesses in European countries, including Spain, Poland, Slovakia, Bulgaria, and Serbia.<\/p>

The goal of those campaigns of an unknown actor was to obtain credentials stored in browsers or email clients, which in case of a successful compromise would open the possibility for further attacks.<\/p>

What makes these Rescoms campaigns special is that they use AceCryptor, a cryptor-as-a-service malware that is designed to hide other malware from cybersecurity tools.<\/p>

In H2 2023, ESET detection engines saw and blocked over double the attacks using AceCryptor in comparison with H1 2023.<\/p>

Moreover, this cryptor wasn\u2019t the only tool that did its bit. In order to make phishing emails look as credible as possible, the threat actor deployed several strategies:<\/p>