Wetransfer hack1/31/2024 WeTransfer, as a somewhat-reputable, genuine service, and seemingly-generic AWS-hosted addresses may not necessarily sound off any alarms at least reputationally on most, if not all, vendor reputation databases.įor this reason, a different, more innovative approach must be considered. (Source: Cofense)Īnother difficulty lies in the fact that conventional reputational checks performed by security tools may not always be prove to be effective. What’s more, WeTransfer is not the only legitimate service the attackers are using/abusing – they’re also leveraging Amazon Web Services (AWS) resources to host payloads. This form of malware is particularly challenging for banking security teams, as the accessing of malicious links are performed through the victim’s system - a trusted device. Verizon recently backed this trend in their 2022 Data Breach Investigations Report, stating that 82% of breaches are at the hands of humans. We, humans, continue to be considered “the weakest links” in cybersecurity, falling for convincing decoys and social engineering lures. Then there’s, of course, phishing in its own right as a tactic, technique, and procedure. With email continuing to be such a vital artery for business operations, it’s no wonder why threat actors apply much of their attention there as one of the most successful vectors for payload delivery. When users enter their credentials, these fake login forms will be stolen and sent back to the attacker. The payload overlays its own login forms onto banking login pages. Its primary objective is to extract bank account details from the system. The threat actors behind the Lampion malware campaign send phishing emails using hacked business accounts, encouraging end-users to download a ‘Proof of Payment’ mock file hosted on WeTransfer. In 2022, however, researchers have noted an increase in circulation, with some detections exhibiting links to Bazaar and LockBit ransomware campaign hostnames. In its infancy, it predominantly targeted Spanish demographics, but has since expanded operations across the globe. Lampion is a known threat strain, first observed back in 2019. For the unaware, WeTransfer offers free online file sharing services for users to upload/download content. What makes this certain phishing campaign more threatening than most, is the use of a legitimate, and in most cases, implicitly trusted service named “WeTransfer”. In this instance, we focus on the Lampion malware campaign, first reported by researchers at Cofense. Today, threat actors leverage free cloud tools, such as hosting providers, file transfer services, collaboration platforms, calendar organizers, or a combination of each, to bypass security measures and disseminate malicious payloads around the world. This is despite the fact that email protection tools have improved and advanced over time. Email, however, is also still one of the most effective ways to distribute malware or ransomware, responsible for over 90% of malware deliveries and infections. Email has been the lifeblood of enterprise communication and collaboration for decades there’s simply no doubt about it.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |