Hacker In the Court
Armorblox confirmed in their analysis the recent email phishing scam that circulates in the Supreme Court of the United States. Based on their reports, a similar attack had happened in the UK Ministry. The threat actors used the same tactics by sending spoof emails of subpoenas to targeted individuals of a known established organization of insurance or retail companies. In their submitted report, the victims are now with individuals that have Office 365 access.
How does the intimidation happen?
The brilliant plan of the attacker came with ease by spreading fear and panic to their intended victim. With this mindset, the perpetrators victimize more people through threats. Since the email spoof sent to the victims is disguised coming from the Supreme Court sending subpoenas, any individual’s first instinct is to open and know its content without having adept checking of its legitimacy.
The experts analyzed the details of the attack. The analysis determined that it came from 2 senders – court@flippintoacure[.]com or court@somersethillsevents[.]com). The content of the email was short but very well crafted in an authoritative way leaving the recipient victim to be in fear. As a result, the victims immediately follow the included instruction to click the added link to get a full view of the subpoena content, but unknowingly contains the hacking element of the attackers. Redirecting URLs are also embedded onto the link that would seemingly come from legitimate sources. Still, if examined thoroughly, it will surely show fake addresses. Stealthily, the victims are then routed to the Captcha interface to further deceived people about the legitimacy of the content and then will end up entering their Office 365 credentials. Obtaining access to Office 365 will give a vast overflowing of sensitive information to hackers, as this application is widely used mostly on corporate businesses. Seriously, the attack is a grave threat to many companies. The hackers could use compromised login details for further email chain attacks to other tie-up organizations. Also, to infiltrate other individual’s business application that uses the same credentials, in the end, it will inevitably cause considerable damage.
Recommendation
We strongly recommend everyone to be more vigilant and be more proactive in checking the legitimacy of anything that runs through cyberspace . As noted in the analysis, the number of threat and report of such attacks are increasing especially in the current pandemic crisis that is experienced by cyber-netizens worldwide. Fraudsters always use current events and other factors such as panic and fear to perform malicious acts. Such actions cause significant money losses and reputation damage from small to large businesses alike. Always be cautious and never entertain anything that comes from unknown sources, as it can result in malware infection and data compromise.
