All posts tagged: social engineering

Generative AI Powers Social Engineering Attacks

Generative AI Powers Social Engineering Attacks

Phishing was no longer as common in 2024 as before, according to CrowdStrike’s 2025 Global Threat Report. Threat actors trend toward accessing legitimate accounts through social engineering techniques like voice phishing (vishing), callback phishing, and help desk social engineering attacks. We’re well within the era of what cybersecurity technology CrowdStrike called “the enterprising adversary,” with malware-as-a-service and criminal ecosystems replacing the old-fashioned image of the lone threat actor. Attackers are also using legitimate remote management and monitoring tools where they might once have chosen malware. Threat actors take advantage of generative AI Threat actors are using generative AI to craft phishing emails and carry out other social engineering attacks. CrowdStrike found threat actors using generative AI to: Create fictitious LinkedIn profiles in hiring schemes such as those carried out by North Korea. Create deepfake video and voice clones to commit fraud. Spread disinformation on social media. Create spam email campaigns. Write code and shell commands. Write exploits. Some threat actors pursued gaining access to the LLMs themselves, particularly models hosted on Amazon Bedrock. Must-read security …

Sneaky Log Phishing Scheme Targets Two-Factor Security

Sneaky Log Phishing Scheme Targets Two-Factor Security

Security researchers at French firm Sekoia detected a new phishing-as-a-service kit targeting Microsoft 365 accounts in December 2024, the company announced on Jan. 16. The kit, called Sneaky 2FA, was distributed through Telegram by the threat actor service Sneaky Log. It is associated with about 100 domains and has been active since at least October 2024. Sneaky 2FA is an adversary-in-the-middle attack, meaning it intercepts information sent between two devices: in this case, a device with Microsoft 365 and a phishing server. Sneaky 2FA falls under the class of business email compromise attacks. “The cybercriminal ecosystem associated with AiTM phishing and Business Email Compromise (BEC) attacks is continuously evolving, with threat actors opportunistically migrating from one PhaaS platform to another, supposedly based on the quality of the phishing service and the competitive price,” Sekoia analysts Quentin Bourgue and Grégoire Clermont wrote in the firm’s analysis of the attack. Must-read security coverage How does the Sneaky 2FA phishing-as-a-service kit work? Sneaky Log sells access to the phishing kit through a chatbot on Telegram. Once the customer …

Nitish casts a long shadow

Having delivered on the promise of a caste-based survey in his state and proportional quota, the Bihar chief minister proceeds to make some electoral capital out of it THE NITISH WAVE: The Bihar CM leaving after the conclusion of the winter session of the assembly in Patna, Nov. 10 (Photo: ANI) ISSUE DATE: Dec 4, 2023 | UPDATED: Nov 24, 2023 16:12 IST Nitish Kumar ko gussa kyon aata hai? The Bihar chief minister and patriarch of the Janata Dal-United (JD-U) has been venting his frustration quite openly of late. If, on November 3, he appeared to censure the Congress for being too preoccupied with the assembly elections to pay attention to the newly-formed Indian National Developmental Inclusive Alliance (INDIA), a week later, he took on erstwhile protege, Hindustani Awam Morcha (Secular) founder and NDA ally Jitan Ram Manjhi for daring to question his government’s caste survey, saying it was a foolish move on his part to have made Manjhi the chief minister in 2014. Source link