WyzGuys Tech Talk

Phishing Email Alerts

Catch of the Day: Top Attack Vector
Chef’s Special:  Speedy Ransomware
Also serving:  Polyglot Phish

Examples of clever phish that made it past my spam filters and into my inbox. Some are sent by clients or readers like you, and other reliable sources on the Internet.

You can send phishing samples to me at phish@wyzguys.com.

My intention is to provide a warning and show current examples of phishing scams, related articles, and education about how these scams and exploits work, and how to detect them in your inbox. If the pictures are too small or extend off the page, double clicking the image will display them in a photo viewer app.

Phishing Tops the List as the Most Costly Initial Attack Vector in Data Breaches

After you come to grips with the massive average cost of a data breach to an enterprise organization measured in the millions, it’s time to look at the factors that increase – and lower – that cost.

According to IBM’s recently-released 18th edition of their Cost of a Data Breach Report, we find that this year’s average cost is $4.45 million. That’s a staggering number, but what about the contributing factors? What can orgs learn beyond “don’t become a victim – it’s expensive”?

Let’s take a look at the initial attack vectors to see how they affect the average cost. According to the report, data breaches that began with phishing – on the average – are more expensive, coming in at $4.76 million. Phishing represented the initial attack vector in 16% of the studied cases for this report, putting it in first place for the most common initial attack vector.

[BLOG POST CONTINUED] with IBM graph showing cost and frequency of data breach by initial attack vector:
https://blog.knowbe4.com/phishing-tops-most-costly-data-breaches

Speed of Ransomware Attacks Increased Significantly in 2023

Sophos’s 2023 Active Adversary report for Tech Leaders has found that the speed of ransomware attacks has increased significantly since the beginning of 2023: “One key finding in the report is that the time available to respond to a ransomware attack has dwindled to nearly half of what it was at the start of the year.

“The median dwell time in ransomware attacks dropped from nine days in 2022 to just five days in the first half of 2023. With adversaries accelerating the execution of their attacks, defenders have less time to detect and stop them before files are encrypted.”

The report also found that in all types of attacks, the average time to gain control of Active Directory is just sixteen hours. OUCH.
https://news.sophos.com/en-us/2023/08/23/ransomware-actors-log-on-when-you-log-off-heres-how-to-stop-them/

Beware of MalDoc in PDF: A New Polyglot Attack Allowing Attackers to Evade Antivirus

Cybersecurity researchers have called attention to a new antivirus evasion technique that involves embedding a malicious Microsoft Word file into a PDF file.

The sneaky method, dubbed MalDoc in PDF by JPCERT/CC, is said to have been employed in an in-the-wild attack in July 2023.

“A file created with MalDoc in PDF can be opened in Word even though it has magic numbers and file structure of PDF,” researchers Yuma Masubuchi and Kota Kino said. “If the file has a configured macro, by opening it in Word, VBS runs and performs malicious behaviors.”

Such specially crafted files are called polyglots as they are a legitimate form of multiple different file types, in this case, both PDF and Word (DOC).