Business Daily Media

Men's Weekly

.

Cybercriminals using Microsoft and Adobe to Lure Victims according to Avast

Latest Avast Threat Report Discovers Cybercriminals Using Common Applications from Microsoft and Adobe to Lure Victims

Report shows two out of three cyber threats now leverage social engineering, driving phishing and scam attacks

In the first quarter of 2023 there was a significant increase in cyberattacks exploiting trust in established tech brands Microsoft and Adobe, according to Avast, a leader in digital security and privacy, and a brand of Gen™ (NASDAQ: GEN). The Avast Q1 2023 Threat Report, released today, also found a 40 percent rise in the share of phishing and smishing attacks over the previous year. Overall, two out of three threats people encounter online today use social engineering techniques, taking advantage of human weaknesses.

Malware, scams, and phishing attacks attempt to steal consumers’ sensitive data, like passwords, Tax File Numbers, and other personal identifiable information. When this data gets into the wrong hands, cybercriminals have the arsenal to easily steal someone’s identity. Identity theft can lead to a nightmare of events, from scammers ruining people’s credit score, to selling their information on the dark web, and even impersonating people to pass background checks.

“If you think your data has no value then why would scammers spend so much time trying to steal your data if it’s worthless? The truth is that anyone can be affected, and it is important to stay vigilant and use proper protection,” said Jakub Kroustek, Avast Malware Research Director.

“Unfortunately, scammers have made it nearly impossible to take any message at face value – all communications, whether seemingly from a friend, boss, or household brand, have potential to be fraudulent.”

New Malware Distribution Tactics Abusing Microsoft OneNote & Adobe Acrobat Sign

Cybercriminals know they can lure victims by using the names and likeness of well-known brands that consumers already trust. Avast has observed this trend among two popular applications commonly used for work: Microsoft OneNote and Adobe Acrobat Sign.

Scammers are sending out Microsoft OneNote files as email attachments to victims. When someone opens the attachment, it triggers the download of malware onto a device. Avast has spotted malware such as Qbot and Raccoon using this distribution technique to steal information, and has also observed IcedID, a banking Trojan, using OneNote attachments to steal money. During Q1 of 2023, Avast protected more than 47,000 global customers, including 940 in Australia from these types of attacks.

In some cases, Avast researchers also observed cybercriminals exploit Adobe Acrobat Sign by adding malicious links into documents that are sent from legitimate Adobe email addresses. These links prompt victims to download .ZIP files, which contain a variant of the Redline Trojan that can steal passwords, crypto wallets, and more.

“My advice is to take extra caution with any email asking you to download files or click on a link, even those that appear to be from reputable brands,” advises Jakub Kroustek.

“Cyber Safety software can act as a safety net for providing an extra layer of security to these types of savvy attacks that are increasingly targeting people.”

Avast’s Web Shield technology, part of all Avast Antivirus versions, is capable of scanning and unpacking OneNote files to detect malware. The threat research team has also developed specific heuristics and Yara rules to keep people safe from these threats.

Scammers are Casting More Lures as the Share of Phishing Attacks Increases 40% YoY

Phishing continues to be another way scammers take advantage of trust, posing a significant and rising threat to consumers. The Avast team found that the share of global phishing attempts among all threats blocked in Q1 was up 40% compared to the same quarter in 2022.

One type of phishing scam on the rise is refund and invoice scams, which happen when fraudsters send false bills or invoices for goods or services that were never ordered or received. Scammers often use household names with recognisable branding and logos to make these scams appear legitimate. Invoice scams also had a sharp uptick in Q1 2023.

The pervasiveness of attacks via mobile text messages, called smishing attacks, has also contributed to the rising rate of phishing incidents. The issue has become so severe that the Federal Government has announced the allocation of $10 million over four years from the upcoming budget to establish a new SMS sender ID registry, that will act as a blocking list and stop scammers from impersonating trusted contacts. Common smishing attack themes include financial alerts, package delivery notifications, tax alerts, charity scams and lottery scams.

“Scammers often play off victims’ emotions by creating a sense of urgency in their messages. If you receive an email or text out of the blue with an urgent request, or a message that seems too good to be true, take a few extra moments to verify it before acting,” says Jakub Kroustek.

“Always take a close look to confirm that an email or text is coming from a trusted sender, and if you have any doubt, go directly to the source, whether that be a person you know or a company’s help portal.”

Avast Free Antivirus, all Avast’s premium versions, and Avast Secure Browser provide top protection against phishing attacks, which is verified in quarterly tests by independent testing organisation AV-Comparatives.

The Avast Q1 2023 Threat Report can be found here: https://decoded.avast.io/threatresearch/avast-q1-2023-threat-report/

Workplace DMs, Reinvented: Deputy Messaging, Purpose-Built For Shift-Based Teams

Deputy, the global people platform for shift-based businesses, has launched Deputy Messaging, a fully integrated, real-time communication tool designe...

Revolutionizing Fulfillment: How Virtual Warehousing is Changing the Game?

The e-commerce landscape is evolving more rapidly than ever, and the way businesses are managing their fulfillment is also revolutionizing. At the...

SME lender Dynamoney welcomes new CEO, Brett Thomas

Strengthens growth ambitions and signals expanded offering Dynamoney, a leading commercial finance provider for Australian SMEs,  has today appoint...

The cost of ignoring AI governance in business

Artificial intelligence (AI) is no longer the promise of a distant future: it's active, embedded, and already shaping decisions across industries. H...

Quickli launches new SMSF product as free beta for limited time only

The leading technology provider for Australian mortgage brokers, Quickli, has answered the prayers of brokers yet again with the launch of a stand...

Portable Monitors for Coding and Programming Students

Today, coding and programming require more focus and efficiency. But, the most essential thing it demands is ample screen space. Students can stru...

Sell by LayBy