Disguised Cyberattacks Target Government, Business Sites Worldwide

Despite repeated data breaches hitting government entities and businesses, they remain vulnerable and continue to pay the price for not making cybersecurity a priority, as demonstrated in a recent mysterious phishing campaign.

The hackers have targeted at least 22 different potential victim organisations in countries including the United States, Canada, China, Australia, Sweden and more. All of the attacks involve emails claiming to be related to the targeted government agencies and all of them attempt to trick victims into clicking an email link that asks for their username and password.

Unknowing victims who put their login credentials into a spoofed government agency website designed to look genuine will give cyber criminals access to their account, said ZD Net in a report on the cybertrickery.
Researchers at Anomali discovered the scheme and said while the attacks were persistent that it’s still unclear who’s behind them. They pointed the incident out to be another example of lax security even at high-level government agencies or businesses.

“It could be that the adversaries are trying to gain access to potential bidders to undercut the competition or to compromise government suppliers for more long-term gain,” Sara Moore, cyber-threat intelligence analyst at Anomali, told ZDNet.

Most of the attacks were directed at government agencies – in an apparently unrelated attack, the city of New Orleans had to shut down servers after being compromised – but some go after procurement and logistics firms tied to the primary targets.

The US has seen the largest number of attempted breaches and successful attacks, chief among the targets the Department of Energy, Department of Commerce and Department of Veterans Affairs on the cyber firing line.
The attacks are sophisticated and masked to deceive even those cautious about revealing information, some fooled into thinking the spoof sites are real, the hackers phishing with unique lures with a large document attachment looking like a procurement, the site also said.

The document contains an embedded link, which the target is encouraged to click through to – and it’s this that leads to one of the phishing websites although it wasn’t reported if government employees are warned not to open any links from potentially suspicious contacts.

The websites have legitimate names, information and documents used by the target in an effort to appear more authentic and make a target drop their guard, with the domains said to be hosted in Turkey and Romania, although phishers could be using those countries as decoys.

Anomali found 62 domains and 122 phishing websites were uncovered and notified the targeted CERTs (Computer Emergency Response Teams), informing them about the attacks – although it’s currently unknown if the attackers have managed to make away with any stolen credentials.