Email
Password
Remember meForgot password?
    Log in with Twitter

article imageNew phishing worm account takeover threat Special

By Tim Sandle     Oct 3, 2020 in Technology
Researchers have alerted businesses about a recent phishing attempt which goes beyond the usual tactics and basic attempts to compromise a network. The risk is with a major theft that it could become a major password theft across systems.
The new threat relates to a new worm phishing tactic that has caused a wave of account takeovers, as reported by ZDNet. The virus results in phishing emails being sent as replies to genuine emails.
To understand more about the threat, Digital Journal spoke with Will LaSala, Security Evangelist and Senior Director of Global Security Solutions, OneSpan.
LaSala begins by looking at the specific threat posed by the virus: “Worms are always difficult to mitigate because they gain access to accounts and then automate their way to create duplicates of themselves. As with any automated attack, they are built around performing the same function every time they infect a new host or find a new set of credentials. This can actually help back-end fraud systems used by financial institutions and other organizations because it creates a pattern that can be quickly and easily picked up by anti-fraud systems that leverage artificial intelligence and machine learning technologies."
In terms of preventative actions, LaSala recommends: "To stop the attack in the first place, email users must enable more secure forms of authentication, such as multi-factor authentication (MFA) with push technology. Username and static password or even username and SMS OTP are not strong enough today. People should use secure push or secure external OTP via an app to protect their email accounts. If possible, they should use push OTP with context, so they know exactly what the authentication request will be used for."
The expert concludes that: "The key takeaway for organizations and security professionals is that by combining stronger authentication with the ability to automatically detect attack patterns using AI-powered fraud systems, worms are less likely to be successful."
More about Phishing, Cybersecurity, Worm
 
Latest News
Top News