Cybersecurity trends that marked July 2023
In our July 2023 report, we take a closer look at the cybersecurity trends that marked July 2023 including a massive increase in PDF malware distribution, Fabricated Microsoft crypto wallet site spreading Infostealer, and other cybersecurity issues that you should be aware of.
Phishing and Malware trends and statistics
Newly registered domains | Confirmed new phishing domains | New potential similar domains | Malware domains |
47k | 22 | 253 | 2.8k |
During the month of July, FYEO discovered a total of 47K (Thousand) newly registered top level domains of which 253 were considered similar domains that are likely squatting domains (e.g when someone registers a domain name that is similar to a well-known brand or organization with the intention of using it for malicious purposes such as phishing attacks).
A further 22 domains out of the newly registered domain were identified as actively serving fake websites and content related to phishing and 2.8K (Thousand) were identified as serving malware related files and content.
Data leaks and credentials statistics
Reported leaked credentials | Reported leak sources | FYEO indexed sources | FYEO indexed credentials |
146M | 87 | 40 | 3.1B |
July also saw 87 security incidents that resulted in the compromise of more than 146M (Million) records. The biggest data breach of the month has more to do with a handful of huge breaches in Asia, reports emerged in July that the video chat platform Tigo leaked more than 700,000 people’s personal data online, where over 100M (Million) records were compromised.
During the month FYEO indexed and gathered a total of 3.1B (Billion) leaked credentials from a total of 40 sources that were gathered through open sources and public releases.
In regards to FYEO’s collection statistics it's worth noting that there is in general a large delay in the time in which the hacked data gets published. Therefore the data collected by FYEO is most likely not the same sources that were reported hacked for the month.
Massive increase in PDF Malware Distribution
The latest edition of the "VirusTotal Malware Trends Report" sheds light on the evolving landscape of malicious attacks. The report, titled "Emerging Formats and Delivery Techniques," analyzed a representative subset of user submissions from January 2021 to June 2023. Attackers are adopting new file types and tactics to avoid detection, and email attachments remain a popular method for propagating malware. Suspicious PDF files have been linked to rising campaigns, with a notable peak in June 2023. In a surprising development, attackers have started using OneNote files as a credible replacement for macros in other Office applications, catching antivirus software off-guard. Another concerning trend is the use of ISO files by hackers to distribute malware, often disguised as compressed files, making them difficult for security software to analyze effectively. The report highlights that PDFs are now being used for various purposes, including exploitation of vulnerabilities or containing links to phishing sites. By 2023, malware sent as email attachments is increasingly in the OneNote format, allowing attackers to embed malicious URLs and scripting languages like JavaScript, PowerShell, and Visual Basic Script. The security industry needs to recognize the significance of alternate file formats for malware transmission and take proactive measures to counter these emerging infection methods. It is crucial to monitor trends in malware distribution, analyze security stack responses, and include all logs from legitimate websites in the analysis to reduce infection risks. Focusing solely on anomalous traffic in anomaly detection may not be sufficient to detect these new threats effectively. Overall, understanding the ever-changing tactics used by cybercriminals and staying vigilant will be essential to protect against emerging malware threats.
FYEO recommendations to Prevent PDF Ransomware:
Keep PDF reader software updated with security patches.
Exercise caution when opening PDF attachments from unknown sources.
Scan email attachments with antivirus software before opening.
Disable macros in PDF reader software.
Invest in a reputable cybersecurity suite with anti-malware and anti-ransomware protection.
Consider using PDF readers with sandboxing features.
Educate yourself and employees about phishing and suspicious attachments.
Regularly backup important files to external devices or cloud storage.
Download PDF files only from trusted sources.
Implement content filtering and email security measures to block malicious PDFs.
Fabricated Microsoft Crypto Wallet Phishing Site Spreading Infostealer Threatens Users
Cyble Research and Intelligence Labs (CRIL) has discovered a deceptive phishing website, "microsoft-en.com/cryptowallet/," posing as the legitimate Microsoft Crypto Wallet platform. The site targets cryptocurrency enthusiasts, offering them a download link for an executable file that claims to be the official Crypto Wallet. However, the website is actually harboring a malicious InfoStealer called "Luca Stealer," which covertly collects sensitive information and personal data from unsuspecting users.
The phishing site takes advantage of the hype surrounding Microsoft's plan to develop a Crypto Wallet for its Edge browser. By referencing a beta version of the application, the threat actor behind the site aims to deceive users into thinking they are accessing a legitimate platform. This deception puts users at risk of downloading malware and compromising their security and privacy.
Additionally, it is worth noting that the domain "microsoft-en.com" has been added to FYEO Agent to protect users from accidentally visiting this malicious site.
By utilizing FYEO Agent, individuals and organizations can significantly enhance their defense against phishing attempts. In an era where online threats continue to evolve, investing in a reliable cybersecurity product is essential. With FYEO Agent, which is completely free to use, users can mitigate the risks posed by phishing attacks, protect their sensitive information, and maintain a secure online presence.