QR codes used to phish for Microsoft credentials
The latest biannual Cyber Threat Intelligence Report from Critical Start reveals the top 10 cyber threats, including a rise in phishing attacks using QR codes are on the rise with bad actors masquerading as Microsoft security notifications.
Since May this year a major campaign has seen emails with a QR code embedded inside a PNG image or a PDF attachment. This has been aimed across industries with the energy sector being hardest hit -- one US energy company received 29 percent of all emails in the campaign.
The education sector also remains vulnerable, though there is more diversity in the types of threat. Vulnerability exploitation accounted for 29 percent of attacks, while phishing campaigns constituted 30 percent of incidents.
The report also looks at the wider cybercrime economy. It finds several known ransomware groups are sharing tactics, techniques, and procedures at a granular level suggesting that threat actors are much more reliant on affiliates than previously thought and highlighting the complex and ever-changing nature of cybercrime operations.
Among the other top threats of the year is Volt Typhoon, a threat actor sponsored by the Chinese state. It employs stealth techniques in its cyber espionage operations targeting government and critical infrastructure entities. Recent attacks by Volt Typhoon have involved application and server-side exploits to gain initial entry into victims' networks.
Other threats include a crypto mining campaign aimed at Kubernetes clusters, the MOVEit ransomware targeting software supply chains, and exploitation of a Microsoft Teams bug that allows external accounts to deliver potentially malicious files to an organization’s employees.
"The volume and sophistication of cyberattacks is continuously growing and evolving making it impossible for organizations to feel on-top of internal vulnerabilities and remain cognizant of every external threat," says Callie Guenther, senior manager of cyber threat research at Critical Start. "In an effort to democratize cyber threat intelligence, this report highlights the most prominent security-related issues plaguing business and how they can proactively reduce cyber risk."
The full report is available from the Critical Start site.
Image credit: bloomua/depositphotos.com