Phish of the Week: Hackers Spill the Wine

New Recorded Future & Area 1 Report: Lockdown Led to Rise in Wine Scams

Wine & Phish?

How many invites have you received in the past year to virtual happy hours, wine tastings and other online celebrations? Many companies (yes, Area 1 included!) jumped on this trend to keep people stay connected — but — unfortunately, so did many cyber attackers.

How many invites have you received in the past year to virtual happy hours, wine tastings and other online celebrations? Many companies (yes, Area 1 included!) jumped on this trend to keep people stay connected — but — unfortunately, so did many cyber attackers.

As revealed in our new research report with Recorded Future, since the beginning of the COVID-19 lockdown, the number of new wine-themed registered website domains skyrocketed by 2-3x compared to the year pre-pandemic. Specifically, nearly 5,000 malicious wine-themed domains have been created since April 2020.

While I appreciate tips on great wine and fish pairings, this trend is straight-up phishy:

  • Area 1 caught over 25,000 examples of these wine-themed domains being used to phish companies of all sizes, and across all industries.
  • Over 13% of the emails associated with the identified domains contained suspicious or malicious content.
  • And, nearly 12% of the emails comprised Business Email Compromise (BEC) attacks, which could have led to significant financial losses.

Read the report — including 5 specific tips for protecting your wine-loving users from these scams — here. (5 mins)

Can You Really Tell the Difference Between Compromised Vendors and Insider Threats?

It’s no longer your organization’s credentials that are the linchpin in cyber attackers stealing from you. Today, the bad actor lurks between you and a trusted vendor. No malware is delivered. No network penetration is necessary. Yet the theft succeeds.

Area 1 Security’s CEO, Patrick Sweeney, explains in Dark Reading, the three things to consider in order to block attacks from compromised partners:

  1. Campaign source: Look beyond sender information to inspect the actual sender infrastructure and source of an email
  2. Message sentiment and conversational context: Understand what is actually being expressed within a message, or it’s intent.
  3. Your partner social graph: What is your supply chain partner’s reputation? And what is the reputation of their partners?

Read the full article, “How to Combat the New ‘Insider Threat’: Compromised Partners,” here. (7 mins)

How to Combat New Ransomware Attack TTPs

Today’s ransomware news is beyond mind-boggling. A $40 million demand against a Florida school system? A $50 million demand against Acer? Somewhere soon, some organization will be hit with a $100 million threat.

Attackers have recently evolved their ransomware tactics, techniques and procedures (TTPs) to better elude standard defenses. That means bigger losses for everyone else.

What actions can you take to avoid becoming the next headline-making ransomware victim? View our on-demand webinar (no sign-up necessary) on “Proactive Protection Against Ransomware Attacks,” here. (30 min)

Shalabh