Blog categories
Weekly newsletter
No spam. Just the latest releases and tips, interesting articles, and exclusive interviews in your inbox every week.
Latest from the blog
New Phishing Tactics: Cloudflare Workers, HTML Smuggling, and GenAI
Posted on: 05 Jun 2024 | Author: Foresiet
Introduction
Cybersecurity researchers are ringing the alarm on new phishing campaigns exploiting Cloudflare Workers, HTML smuggling, and generative AI (GenAI) to target user credentials. These innovative techniques highlight the sophisticated strategies cybercriminals are deploying to bypass security measures and harvest sensitive information. To combat these threats, services like phishing takedown, online risk evaluation, stolen credentials detection, and darknet monitoring are essential in protecting against these advanced attacks.
Transparent Phishing with Cloudflare Workers
A novel phishing method, known as transparent phishing or adversary-in-the-middle (AitM) phishing, leverages Cloudflare Workers to serve as reverse proxy servers. This technique intercepts traffic between victims and legitimate login pages, capturing credentials, cookies, and tokens. According to Netskope researcher Jan Michael Alcantara, this approach enables attackers to collect web request metadata, credentials, and even tokens used for multi-factor authentication (MFA).
In recent months, phishing campaigns hosted on Cloudflare Workers have surged, particularly targeting victims in Asia, North America, and Southern Europe across sectors such as technology, financial services, and banking. The number of distinct domains used in these campaigns jumped from just over 1,000 in Q4 2023 to nearly 1,300 in Q1 2024. Phishing takedown services are becoming increasingly crucial to mitigate the impact of these sophisticated attacks.
HTML Smuggling: A Sophisticated Payload Delivery
Vasiliev, also 34 and a dual Canadian-Russian national, pleaded guilty to four counts, including intentional damage to a protected computer and conspiracy to commit wire fraud. He faces up to 45 years in prison. Vasiliev’s attacks targeted at least 12 organizations, including educational institutions in the UK and Switzerland, causing at least $500,000 in damage.
Evolution of Phishing Techniques
One notable campaign involves invoice-themed phishing emails containing HTML attachments that masquerade as PDF viewer login pages. These pages steal users’ email credentials before redirecting them to a URL hosting a fake “proof of payment.”
Phishing-as-a-service (PhaaS) toolkits, such as Greatness, have also been employed to steal Microsoft 365 credentials and bypass MFA using AitM techniques. Attackers have incorporated QR codes within PDF files and utilized CAPTCHA checks to lure victims into providing their login details. Employing stolen credentials detection services can help organizations quickly identify and respond to compromised accounts.
Leveraging GenAI for Phishing
Threat actors are increasingly using generative AI to craft convincing phishing emails and deliver oversized malware payloads. These large files, often exceeding 100 MB, are designed to evade antivirus analysis by exploiting the size limits of scanning engines. Common malware delivered through this method includes Agent Tesla, AsyncRAT, Quasar RAT, and Remcos RAT. Implementing darknet monitoring services can provide early warning signs of stolen credentials being sold or traded, allowing for swift action to mitigate potential breaches.
DNS Tunneling and Malvertising
Campaigns like TrkCdn, SpamTracker, and SecShow have adopted DNS tunneling to monitor when victims interact with phishing emails and click on malicious links. This technique involves embedding content in emails that perform DNS queries to attacker-controlled subdomains upon opening.
Additionally, malvertising campaigns have been observed using malicious ads in search engine results to distribute information stealers and remote access trojans such as SectopRAT. Fake pages mimicking financial institutions, like Barclays, have also been set up to deliver legitimate remote desktop software, allowing attackers to gain remote access under the guise of live chat support. Regular online risk evaluation can help organizations identify such deceptive tactics and protect against them.
Conclusion
The ever-evolving landscape of phishing attacks demands robust security measures and continuous vigilance. From the use of Cloudflare Workers and HTML smuggling to the exploitation of GenAI and DNS tunneling, cybercriminals are constantly finding new ways to outsmart security systems. As these sophisticated techniques become more prevalent, it is crucial to stay informed and implement comprehensive cybersecurity strategies. Phishing takedown services, online risk evaluation, stolen credentials detection, and darknet monitoring services are vital components in safeguarding sensitive information against these advanced phishing threats.
About Foresiet!
Foresiet is the pioneering force in digital security solutions, offering the first integrated Digital Risk Protection SaaS platform. With 24x7x365 dark web monitoring and proactive threat intelligence, Foresiet safeguards against data breaches and intellectual property theft. Our robust suite includes brand protection, takedown services, and supply chain assessment, enhancing your organization’s defense mechanisms. Attack surface management is a key component of our approach, ensuring comprehensive protection across all vulnerable points. Compliance is assured through adherence to ISO27001, NIST, GDPR, PCI, SOX, HIPAA, SAMA, CITC, and Third Party regulations. Additionally, our advanced antiphishing shield provides unparalleled protection against malicious emails. Trust Foresiet to empower your organization to navigate the digital landscape securely and confidently.
Latest
From the blog
The latest industry news, interviews, technologies, and resources.