Reports show cybercriminals continuing to push boundaries
For instance, Armorblox researchers found cybernasties exploiting legitimate services from hosting site GoDaddy in a credential phishing attack. Fraudsters used a loophole to sneak their attack past Google Workspace security, telling consumers that their Paypal profile was incomplete and offering a spoofed link to gain their financial information.
The attack used brand impersonation and social engineering to sneak past existing workflows in their attempt to fool people.
Meanwhile, data out from Akamai indicates gamers, developers, and gaming platforms are high on fraudsters’ lists of attack destinations. According to their latest Gaming State of the Internet report gaming sites saw a 340% increase in web application attacks from 2019 through 2020. This includes mobile games.
“Criminals are relentless, and we have the data to show it,” said Steve Ragan, Akamai security researcher and author of the State of the Internet / Security report. “We’re observing a remarkable persistence in video game industry defenses being tested on a daily – and often hourly – basis by criminals probing for vulnerabilities through which to breach servers and expose information. We’re also seeing numerous group chats forming on popular social networks that are dedicated to sharing attack techniques and best practices.”
In addition to the web application attacks, the gaming industry saw an increase in credential stuffing attacks (224%); just over half (59%) of attacks were SQL injection attacks, targeting login credentials.
To better protect, especially as many organization still have many employees working remotely, Armorblox suggests augmenting native email security with additional controls to protect user information, and to update employees’ knowledge of cyber attacks, including how fraudsters use social engineering to sneak past defenses.