New hacking campaign swaps malware for phone calls
Palo Alto Networks has investigated several incidents involving a data extortion gang using a growing social engineering tactic to extort retailers and other businesses out of hundreds of thousands of dollars, according to a report Monday.
Why it matters: The report highlights the range of threats retailers, other businesses and consumers are up against heading into the hectic holiday season — and the depths hackers will go to make sure they find success.
Driving the news: Researchers at Palo Alto Networks said they've uncovered an ongoing hacking campaign from a group known as both "Luna Moth" and "Silent Ransom" that ditches traditional malware attacks for phone calls.
How it works: The scam typically starts with a phishing email, sent through a legitimate service, to a corporate email claiming the recipient's credit card was charged for a recent service. The email usually has a PDF invoice attached.
- The invoice includes a phone number recipients can call if they have questions about the charges. Once they call, they're connected to a call center run by the malicious hackers.
- On the call, the hacker then walks the person through downloading and running a "support tool" that gives the hacker remote access to the victim's computer.
- Once inside, the hacker blanks out the screen so the victim can't see their actions and moves quickly to steal files and personal data from the device.
- The hacker follows up with an extortion email, detailing the data that was stolen and demanding payment to keep the hacker from leaking the data online.
The intrigue: The data extortion group behind these callback phishing attacks is suspected of having ties to the defunct Conti ransomware gang, a Russian group known for its attacks on hospital systems and other critical infrastructure.
Threat level: Researchers anticipate "callback phishing attacks to increase in popularity due to the low per-target cost, low risk of detection and fast monetization," the report says.
- The campaign is currently targeting the retail and legal sectors and is "actively evolving."
Sign up for Axios’ cybersecurity newsletter Codebook here.