themselves . An analysis of over one thousand phishing kits designed to allow wannabe cybercriminals to b uild Attack.Phishingphishing emails and websites found that , in a significant proportion of cases , the trainee phishers a re being compromised,Attack.Databreachwith their stolen data being secretly sent to the kit authors . With p hishing Attack.Phishingsimple to carry out but potentially very financially rewarding -- some of the highest profile cyber-attacks of recent years began with a phishing email -- it 's no wonder that newbie hackers want in . But their lack of skill is coming back to bite some of these aspiring cybercriminals , who might find that all their ill-gotten gains are also transferred to the original author of the kit . Researchers at Imperva analysed 1,019 readily-available phishing kits , finding underground markets filled with low-cost and free phishing kits advertised as means of providing aspiring cyber-attackers with a route into the illegal industry . `` Underground markets are full of phishing kits at all levels and cost , some even distributed at no charge , usually revealing one of the oldest rules in the book -- you get what you pay for , '' said Luda Lazar , security research engineer at Imperva . `` Here we found the only free cheese is in the mousetrap , '' she added . While these phishing kits did provide aspiring attackers with the files necessary to c reate Attack.Phishinga copy of target websites and s teal Attack.Databreachvaluable information , many of these free offerings contain an undisclosed backdoor . That means the kit author is able to secretly t rack Attack.Databreachthe campaigns of the crooks using the software and g ain access Attack.Databreachto the stolen information themselves . In doing so , they 're able exploit the likes of stolen usernames , passwords , and credit card details without putting in the effort required to c ollect Attack.Databreachthem . As a result , the phishing kit user ca n't reap much from their criminal gains , as in many cases , victims will change passwords or cancel credit cards if they realise they 've been targeted . `` About 25 percent of the kits contained implicit recipients which r eceive Attack.Phishingemails with t he phishing Attack.Phishingresults as well as the kit buyers who were intended to receive it . We assume that the hidden addresses belong to the kits ' authors , which are actually s tealing Attack.Databreachfrom the inexperienced phishers who deploy these kits , '' said Lazar . Ultimately , by offering these phishing kits for free , it provides those behind them with the largest possible pool of victims to exploit -- and it 's not as if a hacker can complain to the authorities that they 've been scammed .
malware -- and they 're even m imicking Attack.Phishinginternal corporate travel and expenses systems to steal personal details from the victims they target . While cybercriminals using the lure of fake travel itineraries to d upe Attack.Phishingstaff working in sectors reliant on shipping goods or employee travel is n't new , researchers have uncovered a particularly advanced p hishing attack.Attack.PhishingDiscovered by cybersecurity researchers at Barracuda Networks , this airline p hishing attack Attack.Phishinguses a variety of techniques to capture sensitive data from victims and deploy an advanced persistent threat . The email from the attacker i mpersonates Attack.Phishinga travel agency or an employee in the target 's own HR or finance department . The email 's subject line c laims Attack.Phishingit 's a forwarded message about a flight confirmation , stating the airline , the destination , and the price of the flight . All three of these elements are carefully researched by the attackers , who select them specifically according to the target , in order to make the email look legitimate in context of the company and the email recipient . Taking the time to t ailor Attack.Phishingphishing emails in this way works : these messages are opened 90 percent of the time , one of the highest success rates for p hishing attacks,Attack.Phishingaccording to Barracuda . Once opened , the email presents the target with an attachment in the form of a PDF or Microsoft Word document . The attachment p urports to be Attack.Phishinga flight confirmation or receipt but , of course , it 's neither of these things . When the target opens the attachment , the malware runs immediately , dropping an advanced persistent threat into the network , and enabling the attacker to stealthily monitor the infected organisation -- likely with the aim conducting espionage and s tealing Attack.Databreachdata . Another variant of t his attack Attack.Phishingwhich , instead of dropping malware to stealthily steal data , uses phishing links to directly take sensitive information from the victim . These phishing links are ultimately designed to t rick Attack.Phishingthe victim into supplying sensitive corporate credentials , which the attackers will then use to infiltrate the company network , databases , and emails in order to s teal Attack.Databreachinformation . Cybersecurity researchers warn that the combined use of impersonation , malware , and p hishing Attack.Phishingis particularly dangerous because these methods complement one another , enabling the attacker to essentially gain control of the network . At this stage , the attackers can stealthily conduct espionage or even drop additional malware and ransomware . Sometimes it can be very difficult to identify a phishing email , but the likes of sandboxing and advanced persistent threat prevention combined with employee training and awareness can increase the chances of preventing attacks from compromising the network
The spread of ransomware means government and critical infrastructure providers need to start gaming out responses , cyber watchers say . A cadre of shadowy criminal hackers seizes control of an energy plant . They give themselves administrator privileges and lock the genuine administrators out along with everyone else . Then , they threaten to trigger a major leak or explosion if the plant owners don ’ t p ay up:Attack.Ransom$ 50 million in bitcoin . The story sounds like a fantastical Hollywood plot . It ’ s basically a digital-age riff on the 1965 James Bond Film “ Thunderball ” and the 1997 spoof “ Austin Powers : International Man of Mystery. ” Yet , following a surge in r ansomware attacks—Attack.Ransomin which hackers seize and lock an organization ’ s data and networks and only unlock them for a hefty fee—cyber watchers are beginning to fear this plot could become reality . “ What ransomware does is it creates a business model [ in which ] anybody who has money can potentially b e extorted to pay,Attack.Ransom” McAfee Chief Technology Officer Steve Grobman told reporters during a roundtable discussion Thursday at McAfee ’ s Security Through Innovation Summit . “ There ’ s no reason not to think that criminals will see government assets like critical infrastructure as a target they can h old for ransom,Attack.Ransom” Grobman added . If hackers were able to seize the controls of a critical infrastructure asset such as a dam or airport where they could cause major property destruction and loss of life , t he ransom demand Attack.Ransomcould be huge , Grobman said , and there ’ s a good chance the asset owner or the government w ould have to pay up.Attack.RansomCritical infrastructure is an official designation the Homeland Security Department uses to refer to 16 sectors such as chemical plants and financial firms whose physical and digital security is vital for national security and public safety . McAfee has been tracking r ansomware attacks Attack.Ransomfor years as they progressed from e xtorting Attack.Ransom$ 100 or $ 200 from individuals who clicked the wrong link to “ soft targets ” such as hospitals , universities and police stations to some of the major global corporations the antivirus firm counts among its customers . There ’ s no reason to think government agencies or critical infrastructure providers won ’ t be next on the list , he said . John Felker , director of the DHS ’ main cybersecurity nerve center , the National Cybersecurity and Communications Integration Center , shares Grobman ’ s concerns . “ What Steve is seeing is on the front edge of what is going on , [ so ] we do need to have some concern . I ’ m probably going to have a chat with the folks at the fort about that , ” he said during the same roundtable , referring to the National Security Agency ’ s home in Fort Meade , Maryland . While r ansomware attacks Attack.Ransomagainst local governments are a common problem across the globe , NCCIC has not been called in on a ransomware attack Attack.Ransomagainst the federal government that threatened major destruction , Felker said . When it comes to critical infrastructure , the major cyber fear has typically been an attack by an adversary nation or terrorist group looking to cause destruction and mayhem . For traditional criminal hackers interested in s tealing Attack.Databreachmarketable information such as credit card numbers , these targets held little interest . Industrial systems such as dams are further protected because they operate using comparatively obscure industrial control systems not typically in the wheelhouse of hackers used to manipulating consumer software . For ransomware attackers , however , industrial targets could prove lucrative because a hacker that controlled them would have the power to unleash terrible consequences if t he ransom wasn’t paid,Attack.RansomGrobman said , such as opening that New York dam ’ s floodgates . Criminals also operate with a different calculus than nation-states , which makes them more difficult to deter , Grobman said . The Justice Department has indicted hackers linked to the Chinese and Iranian governments , which caused public embarrassment . The Obama administration also sanctioned North Korean officials for the Sony Pictures Entertainment hack and Russian officials for meddling in the 2016 election . Then-President Barack Obama and Vice President Joe Biden also insinuated the government took covert actions against Russia for that meddling . A criminal or criminal group that didn ’ t expect to be caught , however , would be less susceptible to public embarrassment , immune to diplomatic pressure and much more difficult to target with covert action . The remedy , Grobman said , is for the government and critical infrastructure providers to plan ahead , both by securing their systems and gaming out how they would respond to a ransomware attack.Attack.Ransom“ How do we get the defenses in place before the breach occurs , ” he said , “ so we don ’ t have the consequences that we saw in things like [ the Office of Personnel Management breach ] where , because we didn ’ t invest in the security up front , the cost of the breach was significantly higher . ”