Cyber Security Today, July 3, 2024 – Beware of advanced attack tactics

Share post:

Beware of advanced attack tactics.

Welcome to Cyber Security Today. It’s Wedneday July 3rd, 2024. I’m Howard Solomon, contributing reporter on cybersecurity for

Threat actors are getting craftier. That’s no surprise. But a recent report from Menlo Security highlighted the tactics of three sophisticated attack groups as examples of what defenders have to prepare for.

“The complexity and stealth of these new tactics represents the investment of considerable resources in advancing phishing and malware delivery,” the report says. Combined, these three campaigns went after approximately 40,000 high-impact users, including C-suite executives.

One attack group, nicknamed LegalQloud, targets governments and investment banks in North America, sending emails impersonating the names of some 500 law firms. The goal is to steal Microsoft application login credentials. It gets away with the strategy by hosting its infrastructure on the cloud servers of China-based internet provider Tencent, so the URLs in malicous phishing links bypass traditional defence scanners and allow-list controls.

Another group, nicknamed Eqooqp has been targeting government and private sector organizations by putting a proxy server in between the target user and a legitimate website. That allows the attacker to intercept login credentials. Another way of describing this is a man-in-the-middle attack that can bypass non-phishing-resistant multifactor authentication. It starts with a victim clicking on a link in a phishing email that looks like it came from a legitimate source, like the HR department. The malicious web page they go to relays the victim’s login credentials to a legitimate-looking Microsoft login page.

The third phishing campaign is nicknamed Boomer and has been targeting government and healthcare organizations among others. It uses advanced evasive techniques including custom HTTP headers, tracking cookies and server-side generated phishing pages. Some of the phony web sites it creates have short lives, making it hard for defenders to create URL block lists.

It’s not like these and other evasive tactics can’t be spotted. But defenders have to be aware and watch for them. One thing these groups have in common is the use of phishing attacks, so regularly reminding employees not to enter login credentials after clicking on a link is vital.

Follow Cyber Security Today on Apple Podcasts, Spotify or add us to your Flash Briefing on your smart speaker.

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.


Related articles

Security research team claims to have helped avert a major supply chain attack

JFrog Security Research team continuously scans public repositories such as Docker Hub, NPM, and PyPI to identify malicious...

Phishing attacks on state and local governments surge by 360%

Phishing attacks targeting state and local governments have surged by 360% between May 2023 and May 2024, according...

What is Ticketmaster saying to its customers?

Here's the letter that has been sent out out to Ticketmaster clients that a reader sent to me....

Will the “AI bubble” burst? Hashtag Trending for Wednesday, July 10, 2024

Europe may be reigning in big tech, but Canada and the US are struggling, despite public concern.  Analysts...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways