Phishing forecast warns of future OS X attacks, fake https

The idea that it takes an average of 191 days to detect a data breach is quite astonishing. And yet this is the reality of how long a cybercriminal can potentially have access to an organisation’s network resources and sensitive data.

This is according to Anton Jacobsz, managing director at value-added distributor Networks Unlimited Africa. He was referring to information shared by Cofense (formerly PhishMe). Jacobsz comments: “Earlier this year, the release of the South Africa Phishing Response Trends Report by Cofense (then PhishMe) showed very clearly that South African organisations are at a higher risk for data breaches than their counterparts across the globe, and that these incidents have cost local companies $2.53 million. The report outlined how some 90 percent of respondents have dealt with security incidents originating from deceptive e-mails. Therefore, a change of focus – from relying on technology alone, to engaging employees in addition to implementing the use of state of the art technology – makes sound strategic sense.

“The company has also made predictions on the subversive world of phishing targeting with its document, ‘Five Phishing Predictions 2018’. These forecasts show just how the world of phishing is evolving, and include the following scenarios: that more malware will target OSX operating systems; that attackers will send more victims to ‘secure’ https sites; that social engineering attacks will get even more sophisticated; that phishing for cloud access will become necessary, and that phishing will drive a growth in cryptocurrency mining bots.”

More malware will target OS X operating systems

Jacobsz clarifies, “It is true that historically, Mac users have been less vulnerable to malware. This is partly because the ratio of Macs to PCs was lower, making the latter a more lucrative target. The fact that the Mac operating system is Unix-based, with Unix offering a number of built-in security features, and of course there are Apple’s own security measures, has made targeting a Mac arguably more challenging. However, Mac consumers, users and creators cannot be complacent.”

Cofense points out that, “2017 saw the appearance of OSX/Dok, a new malware attack that can monitor traffic to and from an infected Mac. And earlier in 2018, the OSX Ma/Mi malware, similar to the DNSChanger malware circa 2012, reared its head to steal the personal information of victims.  

Attackers will send more victims to “secure” https sites

Certain businesses, which have made it easier to host secure content, have also made it easier for phishing attackers to obtain TLS certificates, allowing them to create sites that appear legitimate, according to Cofense. The company believes that phishers will use this to their advantage to create secure-looking websites that are intended to harvest credentials, and other private information unwitting victims may supply, or to deliver malware without raising suspicion. This will make real-time inspection of traffic harder for network defence technologies, and it will further make it more difficult for victims to identify malicious sites. User education around phishing is critically important.

Social engineering attacks will get even more sophisticated

 “Phishing is itself a form of social engineering, in other words the exploitation of human psychology in order to trick people into giving someone of ill intent access to sensitive and personal information,” Jacobsz says. “Hackers can use a variety of media, including phone calls and social media, to trick people into offering up the data they are after. According to Cofense, the psychological trickery of social engineering is just going to get more and more sophisticated. Down the decades, parents have always taught their children not to trust strangers. They will say things like: ‘Don’t accept sweets from strangers!’ or ‘Don’t go anywhere with a stranger!’ Cofense reminds us not to blindly trust e-mails from strangers, and in fact to go one step further and ask whether an e-mail from someone who looks to be a legitimate friend or business colleague isn’t actually a stranger in disguise, with mal-intent.”

In this regard, the Cofense Phishing Defense Center has noted that: “…building rapport through social engineering is useful to attackers in creating credential theft or malware delivery phish. Attackers are luring users to engage in conversation and develop trust prior to compromising their device or harvesting the target’s login credentials for account access. Once compromised, the attacker exploits that advantage for financial gain.”

Phishing for cloud access will become commonplace

 “Attackers are trying to obtain account login credentials, or else deliver malicious plugins and cloud applications that connect to your legitimate cloud accounts,” explains Jacobsz. “Remember last year’s Google Docs worm? It sent an e-mail claiming to be from a friend or relative who wanted to share a document with the recipient. The worm was very convincing – the only clue came towards the end of the authorisation process, when clicking a down arrow showed that what should have been the developer’s Google e-mail address was in fact very different. In addition, rather than directing people who took the bait to a Google page, the phishing worm tried to load a few other URLs that looked Google-affiliated, but weren’t.”

As businesses and individuals increasingly move to the cloud, malicious actors are following, notes Cofense: “We expect adversaries to increasingly target your business enterprise and individual cloud accounts. Beware, access to your personal cloud accounts at work could compromise your business networks!”

Phishing will drive a growth in cryptocurrency mining bots

Cofense observes that the software of cryptocurrency mining applications distributed by phishing e-mails isn’t new, but that previously, its profitability was reduced by low cryptocurrency values and an insignificant uptake among larger retailers and distributors. This being said, we should therefore: “Expect to see aggressive distribution of cryptocurrency miners and more sophisticated mining software. Phishing remains the most effective way to distribute both malware and repurposed, legitimate software.”

 “The predictions outlined above remind us that phishing is a real threat and a significant weapon in a hacker’s armoury. The Ponemon Institute has also reported previously that South African organisations are more exposed to data breach incidents than their counterparts across the globe, having scored the highest probability of experiencing a data breach in the next 24 months - at the time of the release of the report. The Cofense ethos hinges on empowering an organisation’s employees to heighten their awareness of the thinking and methodology that cyber attackers use, so that they are able to recognise a phishing e-mail when it lands in their mailbox and stop the threat in its tracks,” concludes Jacobsz.

Earlier this year, Cofense released its ‘South Africa Phishing Response Trends Report’, which showed some alarming findings in terms of security incidents stemming from deceptive e-mails. The report looked at the phishing response strategies of IT security decision-makers across a variety of industries in the South African region. Key findings from the survey included the following: 90 percent of correspondents have dealt with security incidents originating with a deceptive e-mail; nearly 20 percent of respondents had seen more than 500 suspicious e-mails weekly; and e-mail-related threats are South Africa’s biggest security concern.

To learn more about Cofense’s phishing incident solutions, please visit:


Share this News
Share |
Subscribe to our Daily Newsletter here