Enterprises throughout Australia and the APAC area have been warned that cyber criminals are exploiting common platforms like Atlassian to launch extra convincing phishing assaults on legislation companies and different firms. These assaults goal to steal worker credentials and breach firm cyber safety defences.
Ryan Economos, APAC discipline chief expertise officer at e mail safety agency Mimecast, informed TechRepublic that such phishing assaults are uncommon of their use of Atlassian as a canopy. However he famous that phishing assaults have gotten more and more subtle, because of phishing kits and AI, which make it simpler for cyber criminals to execute their actions.
Atlassian workspaces, Japanese ISPs, and a compliance cowl story
Mimecast’s World Menace Intelligence Report 2024 H1 reported on the emergence of a brand new phishing tactic that used a compliance replace cowl story to focus on legislation agency workers. The phishing assaults:
- Leveraged common native model Atlassian’s workspaces, in addition to different unified workspace platforms, together with Archbee and Nuclino, to ship workers dangerous emails that seemed acquainted and bonafide.
- Used machine compliance updates as a canopy, instructing workers through e mail that they wanted to replace their units to stay compliant with firm coverage.
- Have been designed to redirect those that clicked the hyperlink to a faux firm portal, the place attackers may harvest credentials and different delicate info.
- Embedded the phishing hyperlink in an e mail despatched from addresses related to Japanese ISPs.
“There’s numerous personalisation within the emails similar to particulars of a ‘machine’ and a number of other references to the corporate area they’re sending these campaigns to extend validity,” Mimecast’s report stated.
SEE: Australia’s authorized occupation is dashing to undertake AI
“The sender deal with identify all the time refers back to the goal organisation’s area identify with the goal of fooling finish customers into pondering it’s from their inner division.”
The rising sophistication of phishing assaults
Economos famous that whereas the marketing campaign initially focused Australian legislation companies, it has since expanded to different industries and is now not confined to the authorized sector. He highlighted a number of points of the marketing campaign that point out growing sophistication amongst risk actors.
Use of Atlassian and different workspaces
Economos stated the rising use of Atlassian workspaces was a more recent improvement for the market.
“Mimecast continues to see risk actors making use of providers similar to OneDrive and Google Docs to host information or hyperlinks of their campaigns, however using workspaces similar to Atlassian has not been closely abused beforehand,” he stated.
A part of the marketing campaign was an e mail that seemed to be from Atlassian’s Confluence product. Mimecast referred to a “noticeable enhance in using Atlassian” to evade detection in current occasions.
“Abuse of authentic providers is an ongoing and evolving problem,” Economos stated. “Attackers will proceed to leverage respected sources to launch and host their campaigns, in an try to evade detection.”
SEE: The alarming state of information breaches in Australia in 2024
Harvesting of tracker knowledge intelligence
The marketing campaign used postmark URLs to redirect customers to the unified workspace options. Postmark URLs enable attackers to collect knowledge similar to location, browser particulars, and which a part of the e-mail was clicked, enabling them to leverage this intelligence to make the phishing lure extra convincing.
A number of URL obfuscation strategies
Making it tougher for customers to determine the true vacation spot of the URL, the phishing marketing campaign used “a number of obfuscation strategies,” Mimecast stated. This contains a number of redirections throughout the URL, encoded characters, and the insertion of monitoring parameters.
Enlisting unsuspecting Japanese ISPs
Though using Japanese ISPs isn’t distinctive to this phishing marketing campaign, Economos famous that they have been exploited as soon as once more, as they’d in a number of earlier assaults.
“It continues to reveal the lengths that risk actors will go to as a way to efficiently generate assaults on organisations,” he commented.
Phishing assaults will get simpler to mount — and extra convincing
Phishing continues to be among the many most typical cyber threats amongst organisations, Economos stated.
Generative AI and machine studying, whereas additionally serving to defenders cease assaults, is anticipated to extend the sophistication and enhance the focusing on and content material of phishing campaigns. It will drive defenders’ must detect and shortly reply to new and novel assault strategies.
SEE: APAC workers are selecting comfort over cyber safety
“The most important evolution has been the rate and accuracy of phishing threats, by using phishing kits, automation, and AI-based applied sciences,” Economos stated. “These platforms enable even low-skill-level attackers to launch large-scale campaigns and a capability to shortly craft extra convincing phishing emails to evade detection by conventional safety instruments.”
Economos additionally famous the rise of pretexting — the place a cyber felony will analysis and pose as a personality to supply a convincing story or “pretext” to trick the phishing sufferer — in addition to Enterprise E-mail Compromise, as important elements within the evolution within the phishing risk panorama.
“As our work surfaces proceed to diversify, risk actors are diversifying the vectors they exploit past e mail, focusing on social media platforms, collaboration instruments like Microsoft Groups, Slack, and OneDrive proper by to vishing and smishing assaults utilizing cellphone calls or textual content messages to deceive victims,” he stated.
