The tool's latest features focus on proactive prevention of account compromise and enhanced threat response capabilities, as well ways to make these capabilities available to a broader range of customers.
According to a report by Cisco Talos, the attackers use phishing emails disguised as financial transactions or order confirmations, often impersonating banks and logistics companies.
Hidden text salting has not only been used to evade spam filters' keyword detection capabilities as shown in separate phishing attacks impersonating Wells Fargo and Norton LifeLock but also to dupe the language detection module of Microsoft and circumvent security filters.
Oil and gas, electricity, and legal services organizations in the U.S. and Europe have been targeted with spam emails containing links that download MintsLoader either through a JavaScript file or Windows Run prompt as part of a campaign underway since earlier this month, a report from eSentire showed.
Both campaigns involved the distribution of malicious emails purporting to be invoices, purchase orders, or quotation requests with attachments, which when opened triggers a PowerShell script fetching the trojanized image and executing a .NET-based loader to launch the payloads.
Most phishing clicks have been aimed at cloud apps, the most targeted of which were those made by Microsoft as threat actors sought to compromise Microsoft 365 and Microsoft Live credentials, according to a report from Netskope.
"This means that passwords used for mail access may be intercepted by a network sniffer. Additionally, service exposure may enable password guessing attacks against the server," said Shadowserver.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.
