Latest News

5 considerations for choosing accounting software

How To Integrate Tech Into Your Bathroom

Android App Development: Elevate Your Business with Sigma Solve

RiverSafe partner with EARTH 51 to develop sustainability strategy in cybersecurity

Organizations Lack Resources to Address Active Directory (AD) Security Concerns, New Quest Software Research Shows

Cylera Named Leader in Connected Medical Device Security Solutions Report

Pre-Built Computer System vs Custom PC Design – Which is Best for Tech-Savvy Gamers?

Looking to 2024: Data, AI and security will be top priorities for businesses

Colt highlights ten enterprise tech industry trends and forecasts for 2024

Elevate Your Business with Sigma Solve’s Cutting-Edge React Native App Solutions

Phishing campaign targets UN and humanitarian aid organisations

Cybersecurity
Guest Author

Recent reports from security company Lookout reveal that the United Nations and several humanitarian aid organisations, including UNICEF and UN World Food, have been targeted by a phishing campaign.

The campaign uses convincing landing pages signed by SSL certificates to create legitimate-looking Microsoft Office 365 login pages, and attempts to trick UN officials into revealing their login and password credentials.

The security company reports that these fake pages are able to respond according to whether the user is on a computer or a mobile device, delivering specific content to suit the browser being used, meanwhile browsers on mobile make it difficult for viewers to recognize that the site is fake by truncating them.

On learning of these worrying reports, Kevin Bocek, VP security strategy & threat intelligence, Venafi advises:

“These latest attacks targeting United Nations and global charity websites use TLS certificates to make malicious domains appear legitimate, they take advantage of the implicit trust users have in the green padlock created by TLS certificates. Internet users have been trained to look for a green padlock when they visit websites, and bad actors are using SSL/TLS certificates to impersonate all kinds of organizations.

“This may appear sophisticated, but these kinds of phishing attacks are very common. For example, in 2017, security researchers uncovered over 15,000 certificates containing the word ‘PayPal’ that were being used in attacks. And in June, the FBI issued a warning stating that the green padlock on websites doesn’t mean the domain is trustworthy and safe from cyber criminals.

“In order to protect businesses and users, security teams must identify all the legitimate TLS certificates on their own networks. They also need to identify fraudulent certificates issued by attackers that are being used to impersonate their organization. Technologies like certificate transparency and certificate reputation can definitely help, but as the number of certificates issued every day continues to skyrocket, more help is definitely needed.”

Related Post

BlueVoyant Acquires Conquest Cyber to Meet Market Need for Comprehensive Managed Detection and Response and Cyber Risk Posture Solutions

Mark Baker, UK Tech News Editor

Beyond phishing: The Top Employee Security Risks You’re Probably Not Measuring

Mark Baker, UK Tech News Editor

Two Powerful DDoS Attacks Prevented by Gcore

Mark Baker, UK Tech News Editor

Egress enhances cloud email security offering with advanced graymail detection to improve employee productivity and reduce admin overhead

Mark Baker, UK Tech News Editor

Cohesity Positioned as a Leader in the IDC MarketScape for Worldwide Cyber Recovery

Mark Baker, UK Tech News Editor

Double blow – Ransomware group denounces victims to American authorities

Mark Baker, UK Tech News Editor