The organizations that have been targeted by the phishing attack include UNICEF, UN World Food, the Heritage Foundation, the International Federation of the Red Cross and Red Crescent Societies, and the United States Institute of Peace. The form of the attack is that by luring victims to fake landing pages that impersonates Microsoft Office 365 login pages, attackers hope to steal user credentials. The attack is especially directed towards mobile devices.
The attack was detected by Lookout Phishing AI and it has been running since March 2019. Signs are that the attacks are still continuing. The associated IP network block and Autonomous System Number (ASN) has been known to have hosted malware in the past.
To understand more about the attack, Digital Journal caught up with Alexander García-Tobar, CEO and co-founder of Valimail.
According to García-Tobar, the attacks show a new level of sophistication: “The latest phishing campaign targeting officials from the United Nations, UNICEF, Red Cross and other humanitarian aid organizations demonstrates how sophisticated and highly convincing phishing attacks have become. By using deviously coded phishing sites, hackers are attempting to steal login credentials and ultimately seek monetary gain or insider information.”
He notes that in most cases the attacks will have been thwarted: “It’s worth noting that most of these phishing sites never made it into widely used databases of bad links. As a result, security tools focused on scanning the contents of email messages would not have flagged emails containing links to these sites.”
However, there is more that can done, such as “preventing phishing emails from ever entering inboxes in the first place is a critical step in stopping these types of attacks, and that can be done most effectively by validating the identity of the sender.”
In terms of on-going protection, across all businesses, García-Tobar recommends: “Emails from these attackers could be stopped by flagging the sender as untrusted. Implementing advanced anti-phishing solutions that validate senders’ identities is crucial to keep such attacks at bay.”