I. Targeted Entities
- Microsoft, Facebook, and other large tech brands
II. Introduction
Phishing attacks exploiting the Microsoft and Facebook brands, among others, have increased between 2021 and 2022.
III. Background Information
According to researchers at Vade, Microsoft, Facebook, and the French bank Crédit Agricole are the top abused brands.[1] The report also says that phishing attacks exploiting the Microsoft brand increased 266% in the first quarter of 2022 compared to 2021. Phony Facebook messages are up 177% in the second quarter of 2022, also compared to 2021.[1]
The research done by Vade analyzed unique instances of phishing URLs used by threat actors carrying out phishing attacks and not the number of phishing emails associated with the URLs. Their report listed the 25 most commonly phished companies, along with the most targeted industries and days of the week for phishing emails.[1] Other brands at the top of the list include Crédit Agricole, WhatsApp, and French telecommunications company Orange. PayPal, Google, and Apple also made the list.[1]
The report by Vade found that through the first half of 2022, 34% of all unique phishing attacks, that were tracked by the researchers at Vade, impersonated financial services brands. The next most popular sector was cloud service providers, with Microsoft, Google, and Adobe being prime targets. The social media sector was also popular with Facebook, WhatsApp, and Instagram at the top of the list of brands exploited in the attacks.[1] The researchers also found that the most popular days for sending phishing emails were Monday through Wednesday. The weekend did not see a lot of phishing emails sent with only 20% of the phishing emails being sent during the weekend.[1]
IV. MITRE ATT&CK
- T1566 – Phishing
Adversaries will send phishing messages to gain access to a victim’s machine. These phishing attempts may come via link or attachment, and typically execute malicious code on victim machines.
V. Recommendations
- Phishing Awareness Training
Users should be informed and educated about new kinds of phishing scams currently being used and ones that have been used in the past. Awareness training should instruct users to avoid suspicious emails, links, websites, attachments, etc. Users should also be educated about new types of attacks and schemes to mitigate risk. Recommended link: https://www.us-cert.gov/ncas/tips/ST04-014 - Set Antivirus Programs to Conduct Regular Scans
Ensure that antivirus and antimalware programs are scanning assets using up-to-date signatures. - Strong Cyber Hygiene
Enforce a strong password policy across all networks and subsystems. Remind users to be wary of any messages asking for immediate attention, links, downloads, etc. All sources should be verified. Recommended link: https://us-cert.cisa.gov/ncas/alerts/aa21-131a - Turn on Endpoint Protection
Enable endpoint detection and response (EDR) to stop unknown malware in the product you’re using. - Malware Monitoring
Continuously monitor current and new types of malware. Stay up to date on intel and advancements to prevent, defend, and mitigate these types of threats.
VI. Indicators of Compromise (IOCs)
This threat advisory has no indicators of compromise, but it is recommended that readers be aware of the links and attachments that they are sent to ensure their safety.
VII. References
(1) Nelson, Nate. “Phishing Attacks Skyrocket with Microsoft and Facebook as Most Abused Brands.” Threatpost English Global, July 26, 2022. https://threatpost.com/popular-bait-in-phishing-attacks/180281/.
(2) Petitto, Natalie. “Phishers’ Favorites Top 25, H1 2022: Microsoft Is the Most Impersonated Brand in Phishing Attacks.” Vade, July 26, 2022. https://www.vadesecure.com/en/blog/phishers-favorites-top-25-h1-2022.
Threat Advisory created by The Cyber Florida Security Operations Center. Contributing Security Analysts: Dorian Pope, Sreten Dedic, EJ Bulut, and Tural Hagverdiyev