Phishing has been one of the more profitable ventures for
attackers. This is especially true when phishing is coupled with other attacks,
such as ransomware. Since phishing is so useful and potentially a revenue-producing
activity, it is no wonder a new method has been devised to further the reach.
One well-used method to lure the unsuspecting victim has been the landing page
which looks to be perfectly legitimate, however, is full of malware and/or
malicious links. This spoofing may also include a login page, to further gather
data. With the latest tools in place, the malicious website closed, are easier
to find. As this has been known, the attackers have thought through a nuance to
the age-old attack-creating a landing page for AV and an alternative, malicious
version for the unsuspecting user. The AV version has the appropriate
background image. The primary difference is the colors are inverted. This is
done due to the AV coded to focus on the landing page’s shapes, not colors. The
second step involves the user. The user sees the odd coloration and moves on to the alternative version of the landing page. The other landing page has the
correct colors with a little something added for the attacker’s benefit. This
attack continues to show the need for user vigilance. If something looks odd,
don’t keep clicking. If you click something once that doesn’t look right, don’t
click the same thing three times. There probably is a problem. Advise your
users not to click on provided links, but type them in.
PLEASE contact us when we may be
of assistance with embedded systems cybersecurity architecture, validation, and
penetration testing. We have a full lab ready to perform.
Charles Parker, II; Principal
Scientist; MBA/MSA/JD/LLM/PhD/DCS (IP)
810-701-5511
No comments:
Post a Comment