New Phishing attack through GenAI
2024-06-07Phishing attacks are constantly evolving, and researchers have identified some new methods being used by cybercriminals. Cybersecurity researchers have recently raised alarms about phishing campaigns that exploit Cloudflare Workers to host and distribute phishing websites.
Phishing emails are becoming more sophisticated with the use of generative artificial intelligence. This allows attackers to create emails that are more likely to be convincing to the recipient.
These malicious sites aim to steal users' credentials for popular services, including Microsoft, Gmail, Yahoo!, and cPanel Webmail. This technique involves using malicious JavaScript to build the phishing page on the victim's device. This bypasses security checks that might happen on the server side.
There is increasing HTML smuggling, it is a technique where malicious payloads are constructed within a victim’s browser using HTML5 and JavaScript. Instead of sending a malicious file directly, attackers deliver a seemingly harmless HTML file that, when opened, constructs the malicious payload on the client side.
This can bypass network security solutions that scan for malicious attachments. This method is particularly effective in evading email security gateways and web proxies, making it a stealthy way to deliver malware.
Secondly, by using AI, attackers can generate highly convincing phishing emails and messages that are tailored to individual targets, improving the likelihood of success. AI can also be used to automate the creation of phishing sites and manage large-scale phishing campaigns. These campaigns use deceptive tactics to trick users into providing sensitive information by masquerading as legitimate services.
Cloudflare Workers: This platform is being misused by attackers to set up and deliver phishing sites. Cloudflare Workers, typically used for serverless computing tasks, are now being co-opted for malicious purposes.
Targeted Services: The phishing sites are designed to look like login pages for Microsoft, Gmail, Yahoo!, and cPanel Webmail, among others, to lure users into entering their credentials.
Credential Harvesting: Once users enter their credentials on these fake sites, the information is captured and sent to the attackers, who can then use it for various malicious activities, including account takeover and identity theft.
Moving forward, the use of AI makes phishing attacks more believable and harder to detect due to the sophistication and personalization of the content.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.