U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Hackers launched phishing attacks aimed at bypassing Gmail, Yahoo 2FA at scale

Amnesty International warns of threat actors that are launching phishing attacks aimed at bypassing Gmail, Yahoo 2FA at scale Amnesty International published a report that details how threat actors are able to bypass 2FA authentication that leverages text message as a second factor. Attackers are using this tactic to break into Gmail and Yahoo accounts […]

phishing attacks Google

Amnesty International warns of threat actors that are launching phishing attacks aimed at bypassing Gmail, Yahoo 2FA at scale

Amnesty International published a report that details how threat actors are able to bypass 2FA authentication that leverages text message as a second factor.

Attackers are using this tactic to break into Gmail and Yahoo accounts in large scale attacks.

2FA processes that are based on a text message are very popular because they are simple to use.

Amnesty experts monitored several credential phishing campaigns targeting individuals across the Middle East and North Africa.

In one campaign, threat actors targeted accounts on popular secure email services, such as Tutanota and ProtonMail.

In another campaign, hackers targeted hundreds of Google and Yahoo accounts, “successfully bypassing common forms of two-factor authentication”.

Amnesty International reported widespread phishing of Google and Yahoo users throughout 2017 and 2018. Attackers targeted human rights defenders and journalists from the Middle East and North Africa region that sharing with the organization suspicious emails they have received. Investigating the emails, the experts uncovered a large and long-running campaign of spear-phishing attacks seemingly originating from the United Arab Emirates, Yemen, Egypt and Palestine.

The attackers used trivial sophisticated social engineering tricks that leveraged common “security alert” scheme. Victims receive fake alarms informing targets of a potential account compromise and asking them to urgently change their password.

phishing attacks Google

The phishing messages included a link that redirected victims to a well-crafted and convincing Google phishing website designed to trick victims into revealing the two-step verification code.

“Sure enough, our configured phone number did receive an SMS message containing a valid Google verification code. After we entered our credentials and the 2-Step Verification code into the phishing page, we were then presented with a form asking us to reset the password for our account. ” continues the analysis.

“To most users a prompt from Google to change passwords would seem a legitimate reason to be contacted by the company, which in fact it is. “

Threat actors were able to automate the attack and take over the accounts of the victims.

Additional information on the phishing attacks, including IoCs, are reported in the analysis published by Amnesty International.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – 2FA, phishing attacks)

[adrotate banner=”5″]

[adrotate banner="13"]