Subj : Hackers are using Russian domains to launch complex document-base To : All From : TechnologyDaily Date : Wed Dec 25 2024 19:30:04 Hackers are using Russian domains to launch complex document-based phishing attacks Date: Wed, 25 Dec 2024 19:18:00 +0000 Description: Report reveals surge in phishing attacks, with Remote Access Trojans, open redirects, and malicious Office documents increasingly bypassing secure gateways. FULL STORY ======================================================================Data exfiltration tactics are shifting toward Russian domains Remote Access Trojans see a 59% rise in phishing emails Malicious emails now bypass secure gateways every 45 seconds New research has found there is a significant increase in malicious email activity as well as a shift in attack strategies. On average, at least one malicious email bypasses Secure Email Gateways (SEGs), such as Microsoft and Proofpoint, every 45 seconds, marking a notable rise from the previous years rate of one every 57 seconds, the Cofense Intelligence's third-quarter Trends Report showed. There is a sharp increase in the use of Remote Access Trojans (RATs) which allows attackers to gain unauthorized access to a victims system, often leading to data theft or further exploitation. Rise in Remote Access Trojan (RAT) usage Remcos RAT, a widely used tool among cybercriminals is a major culprit in the rise of RAT attacks. It allows remote control of infected systems which enables the attacker to exfiltrate data, deploy additional malware , and gain persistent access to compromised networks. Open redirects as a technique in phishing campaigns are also gaining prominence as the report reveals a 627% increase in its use. These attacks exploit the functionality of legitimate websites to redirect users to malicious URLs, often masking the threat behind well-known and trusted domains. TikTok and Google AMP are often used to carry out these attacks, taking advantage of their global reach and frequent use by unsuspecting individuals. The use of malicious Office documents, especially those in .docx format, rose dramatically by nearly 600%. These documents often contain phishing links or QR codes that direct victims to harmful websites. Microsoft Office documents remain a popular attack vector because of their widespread use in business environments, making them ideal for targeting organizations through spear-phishing campaigns. Furthermore, there is a significant shift in data exfiltration tactics, with increased usage of .ru and .su top-level domains (TLDs). Domains using the ..ru (Russia) and .su (Soviet Union) extensions saw usage spikes of more than fourfold and twelvefold, respectively, indicating cybercriminals are turning to less common and geographically associated domains to evade detection and make it harder for victims and security teams to track data theft activities. You may also like Cyber resilience in the age of AI Researchers discover widespread abuse of free popular VPN alternative for malware delivery These are the best VPNs with antivirus ====================================================================== Link to news story: https://www.techradar.com/pro/Hackers-are-using-Russian-domains-to-launch-comp lex-document-based-phishing-attacks --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .