Latest news with #AgentTesla
Business Mayor
01-05-2025
- Business Mayor
Low-tech phishing attacks are gaining ground
Cybercriminals are increasingly favoring low-tech, human-centric attacks to bypass email scanning technologies, according to VIPRE Security. The report is based on an analysis of global real-world data and highlights the most significant email security trends from the first quarter of 2025. Callback phishing Cybercriminals are taking the sentiment 'work smarter, not harder' to a whole other level with callback phishing scams, a vector that wasn't even part of the equation last year In Q1 2025, it accounts for 16% of phishing attempts. This is pertinent because link usage, which accounted for 75% of phishing attempts in Q1 2024, dropped by 42% in Q1 2025, making room for callbacks, which now account for nearly one in five attempts. Callback phishing is a social engineering attack where victims are tricked into calling a seemingly legitimate phone number through emails or texts to reveal sensitive information or download malware. With email scanning technology now adept at spotting compromised links, cybercriminals are resorting to callback scams via emails that leave no trace at all. SVG files are fast becoming cybercriminals' favoured types of attachments (34%) for phishing attacks, coming a close second to PDF attachments (36%). By embedding the script tag of an SVG file with a malicious URL, attackers execute JavaScript when the link is opened in a web browser, redirecting the user to a compromised website. In doing so, they bypass anti-phishing defenses. The US is the most targeted region for such attacks, followed by Europe. The backdoor-type malware, XRed, was responsible for the most malware attacks in Q1 2025, surpassing the second-most prominent malware family (Lumma) by a factor of three. StealC, AgentTesla, and Redline followed. Cybercriminals shift from HTML to PDF In Q1 2025, not only were 92% of all emails classified as spam, but 67% of those were categorised as malicious. The US is the leading source of spam emails, generating 57% of all spam sent, and receiving 75% of malicious emails. The UK and Ireland stand at 8% each for sending and receiving bad emails. HTML attachments took up no more than 12% share of cybercriminals' overall malspam strategy. With heightened awareness about the use of malicious HTML attachments, attackers are looking for less obvious methods, preferring PDFs and SVG files instead. In Q1, Business Email Compromise (BEC) accounted for 37% of all email scam attacks. 73% of all BEC impersonation cases were instances of the CEO or other C-suite players being imitated. Because of the employee-employer power dynamic, making urgent, unexplained requests may be more plausible coming from higher up the hierarchy, as opposed to from a direct supervisor (9%) or even HR (4%). The manufacturing sector remains the most targeted sector in the email threat landscape, holding its lead at 36% vis-à-vis the retail and financial sectors, which tie at second place, with each receiving 15% of attackers' attention. 'There's a clear shift in cybercriminals' preference towards low-tech, high-impact, human-centric tactics. This demands a fundamental rethink of email security,' said Usman Choudhary, Chief Product and Technology Officer, VIPRE Security Group.
Forbes
20-04-2025
- Forbes
This Tesla Attack Wants Your Data — What You Need To Know
Beware this new Agent Tesla threat. Tesla has undoubtedly been in the news a lot since Elon Musk started implementing the whole DOGE thing, leading to protests against the electric vehicle giant, including some that have been branded as acts of domestic terrorism by the Trump administration. This latest Tesla attack, however, has nothing to do with Musk or his cars, although it does bear some comparison with DOGE, as it does want information. Here's everything you need to know about the new Agent Tesla malware attacks. The primary goal of any threat campaign is to deploy whatever the payload might be, from infostealer malware, ransomware, to flash drive compromise. The secondary goal, I guess, is to do so without anyone being able to detect the attack and intervening to stop it. There is a case for switching those priorities around, as without the latter, the former isn't possible. But that is by the by. Sophisticated multi-stage attack campaigns are fast becoming the norm, not least as they will often use complex delivery mechanisms in the delivery of their payloads in order to evade detection and bypass traditional security protections. One such campaign has been reported by threat intelligence analysts from the Unit 42 research labs at Palo Alto Networks, and it delivers Agent Tesla malware to steal your sensitive information. The campaign begins with victims being sent emails with attached archives. 'These archives contain script-based malware that ultimately infects a host with the final malware,' Unit 42 said, with the phishing lure apparently involving that old chestnut of reviewing an attached order document or invoice for a payment that had supposedly been made. Opening this attachment executes a JavaScript-encoded file that downloads and launches a PowerShell script, executed from the system temp directory to increase stealthiness. There are then two distinct routes that the threat can follow: either a .NET executable or an AutoIt dropper. The type of malware that the user gets infected with will depend on which is used. 'By stacking simple stages instead of focusing on highly sophisticated techniques,' Unit 42 warned, 'attackers can create resilient attack chains that complicate analysis and detection.' The Unit 42 threat intelligence researchers observed Remcos RAT and XLoader being deployed by this particular campaign, but said that multiple Agent Tesla malware family variants were also used. Agent Tesla is a remote access trojan that is capable of harvesting all sorts of sensitive data, making it an extremely effective infostealer tool. The malware has been known to grab everything from usernames and password credentials to contact information and financial data, along with browser history, screenshot captures, data from email clients, and even keystroke recordings. Agent Tessa is also adept at intercepting communications, including email and chat messages. According to Kriti Awasthi at Fidelis Security, you can mitigate Agent Tesla attacks by ensuring email security and phishing awareness, employing multi-layer security, regularly updating software and firmware against known vulnerabilities and using strong authentication and access controls.
