Barracuda

Security, Access and Reliability for Cloud-Connected Networks and Applications

Header Right

Main navigation

Barracuda Research

Threat Spotlight: Caught in the Wild—Millions of Phishing Attempts each Month try to Hook your Users

by

When Barracuda first opened shop as an email security company nearly 15 years ago, spam was causing major problems in corporate inboxes. While spam bogged down users, the messages themselves weren’t typically malicious—a lot has changed since then. Today, criminals are using all types of tactics to launch attacks through email, including some clever phishing campaigns where the most effective line of defense is the human firewall.

The human what? You know, in a world where organizations have vendors jumping in front of each other to deploy their “best-of-breed” security solutions at HQ and everywhere else—the only thing between your company and a ransomware attack, could be whether or not your users click, or don’t click on a malicious link.

Let’s take a closer look at the types of phishing emails your users are up against each day, and what they can do to stay safe from creative cybercriminals.

[Read more…] about Threat Spotlight: Caught in the Wild—Millions of Phishing Attempts each Month try to Hook your Users

Jonathan Tanner

Jonathan is a graduate of San Jose State University and a Software Engineer at Barracuda Networks.  Connect with him on LinkedIn here.

https://www.barracuda.com

Barracuda Threat Spotlight: New URL File Outbreak Could be a Ransomware Attempt

by

We’re closely tracking an alarming threat that’s currently aiming to take advantage of careless or untrained users in a possible effort to distribute ransomware and other forms of malware—here’s what we’ve found.

Highlighted Threat: Attackers are using a variety of techniques in an attempt to launch a Quant Loader trojan capable of distributing ransomware and password stealers.

The Details:

In the world of email, an unfamiliar file extension—especially one that is compressed alone in a ZIP file—is often a sure sign of a new malware outbreak. This was no exception when zipped Microsoft internet shortcut files with a “.url” file extension started showing up in emails claiming to be billing documents last month. These shortcut files use a variation on the CVE-2016-3353 proof-of-concept, containing links to JavaScript files (and more recently Windows Script Files). However, in this instance the URL was prefixed with “file://” rather than “http://” which fetches them over Samba rather than through a web browser. This has the benefit of executing the contained code using WScript under the current user's profile rather than requiring browser exploitation, although it does prompt the user before doing so. The remote script files are heavily obfuscated, but all result in downloading and running Quant Loader when allowed to execute.

[Read more…] about Barracuda Threat Spotlight: New URL File Outbreak Could be a Ransomware Attempt

Jonathan Tanner

Jonathan is a graduate of San Jose State University and a Software Engineer at Barracuda Networks.  Connect with him on LinkedIn here.

https://www.barracuda.com

Threat Spotlight: Attached Password Stealer

by

Earlier this month we revealed a new security advisory platform — Barracuda Security Insight, which provides real-time threat intelligence and risk information to help raise awareness about the current IT security threat levels. One of the reasons we’re excited about the platform is because anyone with Internet access can use it as a way to check in on the different threats that might be lurking around the web.

For example, if we’re seeing an uptick in PDFs that contain malware, Barracuda Security Insight will flag this threat as a “critical alert,” with a description of the threat so people know what to avoid as they go about their day. For this month’s Threat Spotlight, we are taking a look at a recent “critical alert” that was flagged by Security Insight for attempting to steal user passwords by using attached Word or Excel documents that claim to be tax forms or other official documents. Cybercriminals regularly go after user passwords and credentials; however, we’re continuing to see criminals come up with clever ways to persuade users into sacrificing their sensitive information. Here’s what we found this time:

Highlighted Threat:

Password Stealers — Cybercriminals are using common attachment file types to steal user passwords.

[Read more…] about Threat Spotlight: Attached Password Stealer

Jonathan Tanner

Jonathan is a graduate of San Jose State University and a Software Engineer at Barracuda Networks.  Connect with him on LinkedIn here.

https://www.barracuda.com

Threat Spotlight: Cybercriminals are Impersonating Google Docs, Outlook and DocuSign to Steal Your Credentials

by

When you receive an email from a trusted web service such as Microsoft Outlook or DocuSign informing you of unread messages, you might blindly follow the directions to retrieve those messages. Unfortunately, cybercriminals are taking advantage of these trusted brands to convince you to log in to fake website portals and give up your login credentials.

In this Threat Spotlight, we will examine how attackers are cunningly impersonating popular web services such as Microsoft Outlook, DocuSign and Google Docs to entice victims into giving away their credentials to these services.   Criminals then use these credentials to either commit fraud or to launch targeted spear phishing campaigns within an organization to steal the crown jewels.

Highlighted Threat: Phishing attack by impersonation of popular web services

[Read more…] about Threat Spotlight: Cybercriminals are Impersonating Google Docs, Outlook and DocuSign to Steal Your Credentials

Asaf Cidon

Asaf Cidon is vice president of content security services at Barracuda Networks. In this role, he is one of the leaders for Barracuda Sentinel, the company's AI solution for real-time spear phishing and cyber fraud defense. Barracuda Sentinel utilizes artificial intelligence to learn the unique communications patterns inside customer organizations to identify anomalies and guard against these personalized attacks. Asaf was previously CEO and co-founder of Sookasa, a cloud storage security startup that was acquired by Barracuda. Prior to that, he completed his PhD at Stanford, where his research focused on cloud storage reliability and performance. He also worked at Google’s web search engineering team. Asaf holds a PhD and MS in Electrical Engineering from Stanford, and BSc in Computer Engineering from the Technion.

Connect with Asaf on LinkedIn.

http://www.barracuda.com

Barracuda Advanced Technology Group monitoring aggressive ransomware threat

by


Barracuda customers are
fully protected from this attack.

Leave us a comment below
or ping us on Twitter @barracuda
if you have any questions.

This blog continues to be updated as more data becomes available.

Jump to section:

The Barracuda Advanced Technology Group is actively monitoring an aggressive ransomware threat that appears to come in the largest volume from Vietnam.  Other significant sources of this attack include India, Columbia, and Turkey and Greece.  Other countries appear to be distributing the same attack in very low volumes.  So far we have seen roughly 20 million of these attacks in the last 24 hours, and that number is growing rapidly.

These attacks are wrapped in either a ‘Herbalife' branded email or a generic email that impersonates a ‘copier' file delivery:

These attacks have been morphing throughout the day, but they all use fake source email addresses.  The earliest examples came from Vietnam and Greece.

[Read more…] about Barracuda Advanced Technology Group monitoring aggressive ransomware threat

Eugene Weiss
http://www.barracuda.com

Active ransomware attack uses impersonation and embedded advanced threats

by

In the last 24 hours, the Barracuda advanced security team has observed about 20 million attempts at a ransomware attack through an email attachment “Payment_201708-6165.7z.”  Here is a screenshot of the email with the addresses redacted:

In this attack, the source of the email is a spoofed address, and the attachment name and number is included in the subject line and body of the message.  The full subject line in this example is “Emailing: Payment_201708-6165” and the number in the attachment name is variable. 

[Read more…] about Active ransomware attack uses impersonation and embedded advanced threats

Eugene Weiss
http://www.barracuda.com

Reconnaissance and impersonation pay off for cyber criminals

by

In this Barracuda Research post, we examine a recent attack against an organization that had no spear phishing protection in place.   This incident demonstrates the dangers of using unauthenticated email for financial transactions.

The PC used by the controller at the company was infected with malware that echoed a copy of every email he received to an email address at a “free email” domain.

The thief at this unauthorized email account watched the controller’s emails for a short period of time before acting on them.  Soon, there was an email concerning a transaction that was big enough to tempt the thief to strike.

[Read more…] about Reconnaissance and impersonation pay off for cyber criminals

Michael Van Pelt

Barracuda Research investigation into the email vector of the NotPetya attack

by

NotPetya, or Netya, appeared to be Petya ransomware when the first attack was reported on June 27. Throughout the next few hours, it became clear to the security industry that malware was not the version of Petya that had been observed in 2016. This new attack was termed Petya.A, and is referred to here as NotPetya.

NotPetya was spread through malicious email attachments and compromised MEDocs software. In this blog post we will take you through our investigation into the email threat.

[Read more…] about Barracuda Research investigation into the email vector of the NotPetya attack

Fleming Shi

Fleming Shi is the senior vice president of technology at Barracuda, where he leads the company’s cloud-enabled microservices technology innovation and integrations across the entire security and data protection portfolio.  Connect with him on LinkedIn.

http://www.barracuda.com

Threat Spotlight: Real-World Spear Phishing, Initiating the Attack and Email Spoofing

by

Countless individuals and organizations have unwittingly wired money, sent W2s, and emailed credentials to cyber criminals who were impersonating their boss, colleague, or a trusted customer. Spear phishing attacks can have devastating results for individuals, businesses, and brands, and unfortunately, they work because they are so simple and believable. A successful attack doesn’t require advanced hacking techniques, but rather gathering information about you that’s already posted online and spending five minutes to write a well-crafted email. The attackers can pick up information about their targets from a variety of sources: whether it’s posted on LinkedIn, Facebook, or on the company blog.

Spear phishing is something we’ve become very familiar with at Barracuda, as we have over a decade-long history of studying email-borne threats and the overall cyber threat landscape. Over the last year, we have spent a lot of time researching and analyzing highly-personalized spear phishing attacks.

This led us to build Barracuda Sentinel — the first comprehensive AI solution for real-time spear phishing and cyber fraud defense. In this month’s Threat Spotlight, we take a look at two recent spear phishing attacks that were caught by Barracuda Sentinel, and demonstrate how simple these attacks are to orchestrate.       

[Read more…] about Threat Spotlight: Real-World Spear Phishing, Initiating the Attack and Email Spoofing

Asaf Cidon

Asaf Cidon is vice president of content security services at Barracuda Networks. In this role, he is one of the leaders for Barracuda Sentinel, the company's AI solution for real-time spear phishing and cyber fraud defense. Barracuda Sentinel utilizes artificial intelligence to learn the unique communications patterns inside customer organizations to identify anomalies and guard against these personalized attacks. Asaf was previously CEO and co-founder of Sookasa, a cloud storage security startup that was acquired by Barracuda. Prior to that, he completed his PhD at Stanford, where his research focused on cloud storage reliability and performance. He also worked at Google’s web search engineering team. Asaf holds a PhD and MS in Electrical Engineering from Stanford, and BSc in Computer Engineering from the Technion.

Connect with Asaf on LinkedIn.

http://www.barracuda.com

Fileception – Malicious Files Embedded in Other Files (Again)

by

Combining file formats is one of many techniques attackers use in an attempt to evade detection. One such instance I've already written about where JavaScript files were embedded into Microsoft Word documents . This previous technique was amidst a long-running and still ongoing campaign of JavaScript malware, simply leveraging the same payload in a new container to throw off detection systems. Shortly after the writing of the previous blog post, Microsoft Word document-based malware (typically with macros rather than JavaScript) was on the rise. Once again the same principle has been leveraged, this time encapsulating the macro-containing Word malware into Adobe Acrobat files (PDFs).

[Read more…] about Fileception – Malicious Files Embedded in Other Files (Again)

Jonathan Tanner

Jonathan is a graduate of San Jose State University and a Software Engineer at Barracuda Networks.  Connect with him on LinkedIn here.

https://www.barracuda.com