[ad_1]
phishing campaign found in july Seeing a threat actor posing as the UAE government’s Ministry of Human Resources may be on a larger scale than previously thought.
These findings come from security researchers at CloudSEK, who released a new report on the threat earlier today.
The tech report says the company discovered another set of phishing domains registered using a similar naming scheme to July to target contractors in the UAE through vendor registrations, contract bids, and other types of lures.
“The threat actors behind this campaign are strategically buying/registering domains with similar keywords to the victim domains and targeting multiple industries such as travel and tourism, oil and gas, real estate and investments across the Middle East,” the advisory wrote in.
The company also warned that it had spotted some scams being used to lure users.
“In addition to vendor registration and contract bidding, they hoodwink victims with false job offers and investment opportunities.”
In all domains mined Cloud SEKsome only have email servers enabled, while others set up websites to trick users into thinking they are legitimate businesses.
“Some scam domains redirect to legitimate domains to trick victims into trusting the phishing email,” CloudSEK explained. “The campaign was resilient to removal or hosting bans because it used pre-stored static web pages with similar templates. These were uploaded from one domain to another in the event of a ban.”
The company said it analyzed 35 phishing domains, 90 percent of which targeted Abu Dhabi National Oil Company (ADNOC), Sharjah National Oil Company (SNOC) and Emirates National Oil Company (ENOC), and were hosted in North America .
“This preference is due to the fact that there are several affordable suppliers to choose from in the region,” CloudSEK wrote“Additionally, it takes time for service providers to process removal requests.”
From a technical standpoint, the security firm said Business Email Compromise (BEC) is cost-effective because it doesn’t require complex infrastructure like malware campaigns.
“Domains with email servers, and domains from third parties, are sufficient for these attacks.”
Going after the attackers legally could hamper their operations, CloudSEK said, but given that some domain name providers may be in one country and mail servers in another, this is a challenging task.
“The best solution, therefore, is to take preventive measures to avoid them in the first place. Such as training employees on BEC scams and developing multi-level authentication and identification mechanisms for payments.”
CloudSEK Advisory Published Weeks After Abnormal 92 malicious domains found Associated with BEC Group Crimson Kingsnake.
[ad_2]
Source link