Cybercriminals Disguised as MFA Vendors
Cybercriminals Disguised as MFA Vendors

Image: Artem Sapegin (unsplash)

VIPRE reports a growing trend of cybercriminals masquerading as multi-factor authentication vendors, with small businesses seeing a heightened risk.

An increase in attachment-based malspam has been observed, with financial institutions (48%) remaining the most targeted sector by a considerable margin. The average time taken to contain insider attacks has risen to 85 days from the previous year’s average of 77 days. Phishing links most commonly lead to compromised websites (52%), newly registered domains (39%), and incidents of subdomain cybersquatting (9%).

Attachment-based malspam shows an upward trend, with a 22% increase compared to malspam that contain links. VIPRE’s report notes the continued popularity of attachments as a carrier for malicious scripts and macros. The report also indicates a shift in the geographical origin of spam with the US overtaking Russia. It is, however, critical to note that the majority of the world’s servers are located in North America, meaning a US IP doesn’t always represent the source of spam.

Usman Choudhary, VIPRE’s chief product and technology officer, emphasized the difference between data from a single customer and a year’s worth of data from thousands of email clients worldwide. According to Choudhary, real data reveals more reliable insights about emerging threats than speculation.

Choudhary further underscored the need for international resources, experienced analysis, and enterprise-level technology to create reports like this one. He acknowledged VIPRE’s unique position and expressed his pleasure in sharing such valuable information with the SME community.

The report outlines four strategies to help businesses and their employees fortify against opportunistic email attacks in light of emerging email-based threats:

  • The report alerts about criminals impersonating MFA vendors, advising caution when dealing with push notifications. It warns against the Black Hats posing as White Hat technologies and advises to accept a push notification only from the app, while remaining vigilant about texts and pop-ups.
  • A surge in job-related spam has been noted. Cybercriminals are exploiting the current trend of remote jobs and online interviews. The report encourages awareness of fraudulent signs to maintain professional interactions on platforms.
  • In an unexpected turn, Spotify has surpassed Microsoft as the most spoofed brand. VIPRE’s report advises caution during subscription renewals. Cybercriminals are capitalizing on subscription-based models, even though the financial gains may not be significant.
  • The report concludes with a warning about out-of-control As-a-Service models. It anticipates more indiscriminate attacks due to the ease of access for beginners to the underground As-a-Service economy. As a result, the report warns SMBs to be prepared as they are likely to be prime targets for novice cybercriminals.