Cybercriminals Leverage Past Success to Double-Down on Phishing Attacks

June 11, 2021
zero day threats from russian aligned cybercriminals represented b a hacker in a dark hoodie on a laptop overlaid by a glowing Russian flag.

Every organization wants to get the maximum possible use out of its assets, especially if they were challenging to acquire — even cybercriminals. That’s one reason why cybercrime gangs have recently launched a spate of ransomware attacks against strategic targets, like data processors and security companies. Not only do bad actors gain valuable data from successful attacks on those targets, but they also gain access to resources they can use to facilitate more cybercrime. Savvy cybercriminals are getting maximum ROI on their initial attacks by weaponizing the fruits of their previous operations like stolen credentials, database access, back doors, executive email addresses and other assets to execute sophisticated phishing operations like ransomware attacks that strike at a whole new round of victims – and every organization is under siege.


What’s next in phishing? Find out in the 2021 State of Email Security Report! GET IT NOW>>


Cybercriminals Use Old Tricks in Frightening New Ways


In a recent blog post, Microsoft detailed how a major nation-state hacking crew was spinning the spoils of its earlier successes against large targets into a potential cybercrime goldmine. The Microsoft Threat Intelligence Center (MSTIC) reported it has unearthed a wide-scale phishing campaign operated by the Russian-aligned cybercrime gang Nobelium, the threat actor behind the attacks against SolarWinds. In a separate report, the company revealed that Nobelium recently launched a phishing campaign that illegally utilized popular mass-mailing service Constant Contact to deliver threats to top organizations around the world by posing as a quasi-governmental agency, sending shockwaves through the already beleaguered federal cybersecurity landscape.  

For this new phishing scheme, Nobelium used a few classics out of the cybercrime playbook and information gained from previous schemes or the dark web and blended them into what it hoped would be a winning combination. The threat actors used government brand impersonation to pose as the US Agency for International Development (USAID) after gaining unauthorized access to the agency’s Constant Contact account through undetermined means. They then used that account and a poisonous cargo of malicious URLs to gin up an attack that targeted an estimated 3,000 email accounts at more than 150 organizations involved in international development, humanitarian and human rights work.  


How safe are the domains that you manage? Find out now! CHECK MY DOMAIN>>


Nation-State Threat Actors Have a Dangerous New Toolkit


An alert from the Cybersecurity Infrastructure Security Agency (CISA) details the action. The gang used well-crafted and authentic-looking phishing messages dated May 25, 2021, that claimed to contain new information about election fraud to entice their targets to click a link to malware that allowed the hackers to punch a hole in the victim’s security and create a backdoor that the cybercriminals could then exploit at their leisure. Threat actors of this caliber generally have help from smaller satellites called affiliates that handle portions of their hacking operations. The campaign has been characterized as a continuation of efforts by the Russian hackers to exploit opportunities gained in the SolarWinds attack to conduct operations against other U.S. government and national security targets. 

Microsoft’s blog post lays out the specifics of exactly how Nobelium constructed the sophisticated, socially engineered assets used in this campaign and how they were detected. But one worrisome note stands out from expert commentary on this incident: This set of phishing emails forming a zero-day threat had a relatively low detection rate, indicating that the attackers likely had a reasonable measure of success against their targets. This is especially dangerous in an era when many organizations are supporting a remote or hybrid workforce who are more likely to fall for phishing. Another major concern is the ease with which nation-state threat actors have been able to utilize under-the-radar tools, like software updates, and stolen assets, like accounts with mass email providers, to do their dirty work. Microsoft also released a detailed assessment of the attackers’ toolkit and the company’s incident response.


Zero-day threats like this phishing campaign can present serious challenges to the old-fashioned email security solutions and SEGs that most companies rely on – but they’re no match for Graphus. 


Protect Your Organization from Zero-Day Threats


Protecting your business from email threats like these is critical. As the cybercrime landscape continues to evolve, cybercriminals will be on the hunt for new ways to launch attacks that use assets gained from third-party service providers like Constant Contact and SolarWinds to slip into employee inboxes undetected. They’ll enjoy a measure of success too because conventional email security is notoriously reliant on patches and threat intelligence reports to learn about emerging dangers. Those updates often need to be added by overburdened technicians that may not make them a high priority, leaving organizations on the hook for days or weeks and dangerous new phishing threats in employee inboxes just waiting for that one fatal click.

Graphus isn’t a conventional solution. It’s the next frontier in automated security and it immediately provides businesses with a robust phishing defense. Unlike ordinary email security that relies on periodic security updates, Graphus is smart. The power of AI and a patented algorithm enable Graphus to automatically evolve and learn on its own so it doesn’t have to wait for a technician to tell it about a new threat to protect your business. Graphus also uses that smart capability to guard your business from unexpected trouble like zero-day threats while it spots and stops 40% more phishing messages than the competition.  


Still relying on an old-fashioned SEG? See why Graphus is better! SEE THE COMPARISON>>


But the dynamic protection that your organization gets from the Graphus AI doesn’t stop there. Every business has a unique communication pattern, and detecting anomalies from that pattern is a fast, accurate way to guard against trouble. Graphus uses over 50 points of comparison to adjudicate every message an organization sends and receives automatically, enabling the smart AI to quickly identify and neutralize phishing threats. This technology also deploys three strong shields that work in concert to protect your organization against all kinds of phishing threats – even new ones that no one has ever heard of before.

Learn more about how easy and affordable it is to protect your business from zero-day threats and other phishing nightmares with smart, AI-powered security from Graphus in our eBook Automated Email Security Makes Cents. DOWNLOAD IT NOW>>


Stay safe from even the most sophisticated cyberattacks and social engineering scams

Put the powerful TrustGraph® AI of Graphus to work for your business, and in minutes you’ll get a powerful, easy-to-use, and customizable EmployeeShield® against phishing attacks.
Get a Demo of Graphus