By Jindrich Karasek (Threat Researcher)
Despite having an apparent lull in the first half of 2019, phishing will remain a staple in a cybercriminal’s arsenal, and they’re not going to stop using it. The latest example is a phishing campaign dubbed Heatstroke, based on a variable found in their phishing kit code. Heatstroke demonstrates how far phishing techniques have evolved — from merely mimicking legitimate websites and using diversified social engineering tactics — with its use of more sophisticated techniques such as steganography.
The way Heatstroke’s operators do research on their potential victims is notable. They aim for their victim’s private email addresses, which they most likely collected from the victim’s own address list, which also includes managers and employees in the technology industry. Private email addresses are more likely to be hosted on free email services with lax security and spam filtering. They’re also usually used as verification for social media and e-commerce websites, as well as backups for Gmail and business accounts. Gmail accounts are particularly interesting; attackers that gain access to these accounts can also access the victim’s Google Drive, and, under certain circumstances, potentially compromise the Android device linked to the account. These free email accounts could thus serve as better starting points for attackers to reconnoiter and gather intelligence on their targets compared to business emails, which are typically more secure.
Heatstroke’s attack chain
Heatstroke’s operators appear to have used these countermeasures to hide their trails:
Multistage phishing attack. To avoid suspicion, the attackers ..
Support the originator by clicking the read the rest link below.
