A recent cyberattack, mimicking the tactics of the notorious Black Basta ransomware group, targeted one of SlashNext’s clients. Within 90 minutes, 1,165 malicious emails bombarded 22 user inboxes, aiming to trick users into clicking on malicious links.
Researchers at SlashNext have published new findings revealing attackers using tactics similar to the Black Basta ransomware gang, targeting 22 inboxes within 90 minutes. The attack was swift and targeted, aiming to overwhelm users and bypass traditional security measures.
According to their blog post, shared with Hackread.com, this Black Basta-style attack utilizes a ransomware scam that deceives employees into granting remote access to their computers.
SlashNext’s investigation of this phishing wave revealed five key tactics used by attackers: masquerading as popular platforms like WordPress and Shopify, using legitimate-looking domains to send fake account creation and subscription emails, utilizing seemingly harmless domains, using unusual characters or minor variations in subject lines, and targeting different user roles to increase attention.
The attackers first flood inboxes with seemingly legitimate emails like newsletters or payment receipts. The emails used subject lines like “Account Confirmation” and “Subscription Notice” to entice users to click malicious links, causing a sense of urgency. Attackers further employed social engineering tactics by incorporating foreign languages or odd characters to bypass basic keyword filters.
This initial barrage creates confusion and makes it difficult to distinguish genuine emails from malicious ones. When users are overwhelmed, attackers swoop in, often via phone calls or messages impersonating IT support. By speaking confidently, they gain trust and trick users into installing remote access software like TeamViewer or AnyDesk. Once this software is installed, attackers gain a foothold in the system, potentially spreading malware or compromising sensitive data on the network.
Fortunately, SlashNext’s Integrated Cloud Email Security (ICES) quickly identified hundreds of red flags targeting a small group of users. Within a mere 90 minutes, a whopping 1,165 emails bombarded 22 mailboxes, averaging over 50 emails per user in rapid bursts. This tactic aimed to create panic and encourage impulsive clicks.
The ICES platform’s early detection allowed the client to respond proactively and prevent the attack from spreading. SlashNext’s AI-powered security system, SEER™, proactively identified and blocked these emails in real time. SEER™ analyzes email behaviour beyond simple keyword checks, detecting suspicious patterns like encoded URLs and fake login pages. Researchers noted a sudden rise in these attacks across the web between November and December. SlashNext was the first to launch an automated AI-powered defence to handle the situation in real time.
The incident shows the increasing nature of cybersecurity threats, with attackers using sophisticated techniques to evade traditional security measures. Organizations should prioritize threat detection and response, and regular security assessments to identify vulnerabilities and improve overall security.
RELATED TOPICS
- ‘Matrix’ Hackers Deploy Massive New IoT Botnet for DDoS Attacks
- Androxgh0st Botnet Integrates Mozi, Expands Attacks on IoT Flaws
- Russian APT29 Using NSO Group-Style Exploits in Attacks: Google
- Iranian Hackers Team Up with Ransomware Gangs in Attacks on US
- BlackByte Ransomware Exploits VMware Flaw in VPN-Based Attacks
Top/Feature Image via Freepik
