New tricks on phishing websites

18. May, 2022

Many phishing attacks try to lure users to fake websites in order to get them to enter confidential information. The correct URL of the desired website and a valid security certificate provide assistance against these phishing-attempts–and have therefore become the focus of the attackers. Different, but similar approaches have emerged to trick even attentive users.

Trick #1: Fake login websites on Microsoft Azure Static Web Apps

You quickly need a ready-made website that is already hosted for you in the cloud complete with Microsoft domain and Microsoft security certificate? You will find it at MS Azure. Unfortunately, criminals have also discovered the service for static web apps for themselves. The imitated login pages there are difficult to recognise as fake, especially for some widespread Microsoft services. The Microsoft subdomain azurestaticapps.net and the valid TLS certificate can also be deceptive. [1]

Trick #2: Browser in the Browser attack

You want to use a well-known service on the web where a pop-up appears asking you to enter your account data again? Especially with well-known authentication services such as Facebook, Google, Apple or Microsoft, which most users trust, this dialogue is often not questioned and the desired data is entered. However, this “browser in the browser” (BitB) attack does not call the real authentication service, but only simulates a deceptively real-looking login window with the help of various HTML, Java and CSS routines–and finally forwards the entered data to third parties. [2]

What countermeasures can help?

Unfortunately, both tricks have one thing in common: At first glance, the attacks are almost undetectable, even for experienced users. The security certificates of the websites are correct and valid and the URLs can be legitimate in the right context.

However, 2-factor or multifactor authentication remains effective. With the latter, security is further enhanced by the additional possession of security hardware, e.g. a smart card or FIDO security key, as the attacker cannot gain access without possession of this additional token. [3]

The only constant remains change: cyber threats are constantly evolving in different and sometimes unexpected directions. Therefore, you should always check whether the precautions and level of knowledge in your company still correspond to the current state of the art and the possible threats and adjust your strategy at regular intervals.

Read more:

Tricked: Phishing campaigns with hidden fonts and zero text
Targeted attack instead of mass processing: Are you a potential spear phishing victim?

Sources:

Red Teams, Blue Teams, Purple Teaming

Living Off the Land attacks

MSSP of the Year 2024

SIEM

What is a SIEM?

Nozomi Guardian Air
HarfangLab Guard
MITRE ATT&CK Framework
v.l.n.r.: Joe Pichlmayr (CEO IKARUS) – Anouck Teiller (CSO HarfangLab) –Alexander van der Bellen (Bundespräsident Österreich) - Frédéric Joureau (Erster Botschaftsrat der französischen Botschaft in Wien) – Christian Fritz (COO IKARUS)
EDR
Cyber Kill Chain
Business Email Compromise
Prognosen für die zehn größten Cybersecurity-Bedrohungen für 2030
E-Mail Verschlüsselung
Schritt für Schritt zum Notfallplan für IT-Security-Incidents
Account Management
Bedrohung

WE ARE LOOKING FORWARD TO HEARING FROM YOU!

IKARUS Security Software GmbH Blechturmgasse 11
1050 Vienna

Phone: +43 1 58995-0
Sales Hotline:
+43 1 58995-500
sales@ikarus.at

SUPPORT HOTLINE

Support hotline:
+43 1 58995-400
support@ikarus.at

Support hours:
Mon – Thu: 8am – 5pm
Fri: 8am – 3pm
24/7 support by arrangement

Remote maintenance software:
AnyDesk Download