Massive Phishing Campaign Impacted 75K Email Inboxes

Customers' systems in Office 365, Microsoft Exchange, and Google Workspace were all affected, according to Armorblox security analysts. Threat actors targeted small groups of personnel from several divisions inside a business in many of the attacks, in an apparent attempt to keep their activities under the radar, according to Dark Reading.

Individuals targeted by the initiative include CFOs at companies, wellness firm senior vice presidents, directors, and professors of finance and operations.

Armorblox's head of product marketing, Abhishek Iyer, said the attackers aren't targeting any particular industry. However, the attacks have so far targeted Armorblox customers in a wide range of industries, including local government, higher education, software, energy, and electrical construction, according to the company.

According to Iyer, the attacks appear to be directed at specific individuals within organizations. The victims are a diverse group, including members of the company's senior leadership as well as regular employees from various departments.

To get initial access to a target network, threat actors frequently use phishing. Because individual individuals are still susceptible to phishing emails, companies have had a hard time combating the issue, even though phishing is one of the most well-understood initial attack channels.

Assailants have also become more proficient at creating phishing lures, and they're increasingly using a variety of methods, including email phishing, SMS phishing, and even voice or phone phishing (vishing).

This year has seen an increase in the number of phishing campaigns

This year's phishing activity, according to the Anti-Phishing Working Group (APWG), more than doubled from the year before. According to APWG, the month of June 2021 saw a record-breaking 222,127 phishing assaults, ranking it as the third-worst month in the organization's history.

According to APWG, the month of June 2021 saw a record-breaking 222,127 phishing assaults, ranking it as the third-worst month in the organization's history. During the third quarter, the most often targeted industries were financial institutions and social media.

This week, Armorblox disclosed an attack in which a bait spoofing an encrypted message notification from email encryption and security firm Zix was used. Despite the fact that the message did not seem exactly like a legal Zix notification, it was close enough for recipients to mistake it for the real thing. 

Using an obsolete or outdated version of the parent domain, the threat actors sent a malicious email from a domain that belonged to a religious organization that was founded in 1994.

According to Armorblox's findings, the threat actor avoided attacking numerous employees from a single department in the attacks it saw. Instead, they appear to have targeted a broader range of employees in order to maximize the likelihood that someone may be duped by the spam email.