Resources

2022 Q3 Green Radar Email Threat Index (GRETI): 黑客緊貼市場動向 針對性出擊

(香港,20221025日)劍達(香港)有限公司(「Green Radar」或「公司」)發表 2022 年第三季度的電郵威脅指數 Green Radar Email Threat Index(「GRETI」或「指數」)。本季度指數為 68.1分 (7月發佈的年度報告指數顯示為 66.5分) ,反映電郵威脅風險比上季有所提升。根據分析,網絡釣魚(Phishing)和商業電郵詐騙(BEC)攻擊非常活躍,風險級別水平為「高」。今季報告亦發現,蘋果和OpenSea吸引黑客成爲釣魚目標,主要利用蘋果新品發佈和NFT買賣持續活躍,因此釣魚騙案亦隨之增加。

LinkedIn 超越DHL登假冒品牌首位 HSBC 登榜排第三

根據今季GRETI 報告,商業電郵詐騙攻擊比上季增長42.2%。Green Radar電郵安全監控中心(SOC )統計數據顯示最常被冒充的三大品牌包括:LinkedIn 、DHL和HSBC,當中HSBC首次登榜排名第三。資料發現,單單是2022年上半年度HSBC已經有13次被黑客假冒發出釣魚網站、電郵及短信的記錄。黑客利用HSBC 旗下的電子支付平台假冒為其員工,訛稱幫受害者登記消費券,取得其個人資料再騎劫帳戶騙取資產;涉及款項高達數億港幣。

根據Green Radar SOC 數據顯示,今季的惡意軟件攻擊較上季微跌。而十大惡意軟件家族排行榜的頭三位分別是:UDS:DangerousObject.Multi、HEUR:Exploit.MSOffice和HEUR.Exploit.MSOffice.CVE-2018-0802。想防範惡意軟件可留意有否安裝電郵保安方案,能有效降低詐騙電郵或網站侵入軟件漏洞的攻擊率,有助保護電腦不受其他的保安或惡意軟件攻擊。

黑客緊貼市場動向 趁機獲利

蘋果每年9月都會進行新品發佈,黑客乘機製作假冒電郵,意圖獲利。這些假冒Apple 官方的釣魚電郵,偽裝成 Apple 來信表示用戶的Apple ID異常並附上假網站連結聲稱協助解決問題。一般消費者收到這類電郵之後都會相當緊張,而失去判斷力。黑客藉此在電郵中埋藏假網站誘騙用戶登入並輸入個人和信用卡資料。這樣,用戶的帳號密碼和信用卡資料便讓黑客輕易取得。

然而,從Green Radar SOC攔截的有關電郵中不難發現,黑客的假網站製作手法一改以往的精美設計,反而錯漏百出。 假扮來自台灣的Apple 官方網站,但網站内容繁簡不統一。個案反映並非所有假網站的設計都是難以辨認,但用戶依然會因為當時情緒或警覺性不足而落入黑客陷阱。

 

(黑客製作簡陋的假網站誘騙用戶輸入Apple ID和信用卡資料)

OpenSea 釣魚攻擊頻繁 NFT 安全引大衆憂慮

NFT交易平台OpenSea不時受到網路釣魚攻擊,黑客覬覦NFT玩家的錢包,精心製作以假亂真的電郵和網站,Green Radar SOC於本季亦發現不少類似的釣魚電郵,誘騙用家點擊釣魚網站連結並響應對錢包助記詞的請求。黑客借此從用家錢包轉走NFT再立即轉手變賣。當中涉及254個NFT被盜,包括價值不斐的熱門收藏系列無聊猿(Bored Ape Yacht Club)和 Azuki NFT。事件引起關注,用家憂心NFT的安全問題。

網絡釣魚攻擊手法層出不窮,用家需小心注意電郵發出者是否來自官方電郵,而官方不會要求用家提交錢包的助記詞(seed phrase);也可以使用冷錢包來保存資產,交易時務必從官方渠道購買。切記提防加密社交媒體如Discord群組內非官方公告連結或是管理員私密留言,以免蒙受損失。

 

(假OpenSea 網站) (真OpenSea 網站)

 

Green Radar 產品營銷執行副總裁李祟基先生表示:「黑客的釣魚電郵攻擊越趨頻繁,不同案例的發生亦反映了用戶缺乏網絡安全意識。想為企業提供足夠的網絡釣魚詐騙防禦,選用合適並完善的電郵保安解決方案至關重要。相對地為員工進行培訓提高其防範意識是必不可少,以上的建議和措施可為企業建立强大的保護屏障,免受釣魚攻擊的影響。」

 

如欲了解更多電郵威脅最新情報,歡迎點擊下載 2021/22 GERTI 年度報告:https://greenradar.com/download-report-2021-22-greti-full-report/ 

 

(Hong Kong25 October 2022) Green Radar (Hong Kong) Limited (“Green Radar” or “Company”) has released the Green Radar Email Threat Index (“GRETI” or “Index”) for the third quarter of 2022. The index for this quarter was 68.1 (the annual report index released in July was 66.5), suggesting that the risk of email threats has increased. According to our analysis, phishing and Business Email Fraud (BEC) attacks are frequently observed and the risk level is “High”. The report also discovered that Apple and OpenSea are the main phishing targets of hackers. The number of scams has subsequently increased as they leveraged the phenomenal Apple’s new product launch and the active NFT market.

LinkedIn overtakes DHL for the top counterfeit brand, HSBC tops third

According to the GRETI 2022Q3 report, commercial email scam attacks have increased by 42.2% compared to the previous quarter.  Green Radar Email Security Operations Center (SOC) statistics showed that the top three most impersonated brands are LinkedIn, DHL and HSBC, with HSBC ranking third for the first time.  The data found that in the first half of 2022 alone, HSBC recorded 13 instances of hackers sending phishing websites, emails and text messages.  Hackers typically manipulated HSBC’s electronic payment platform and impersonated its employees, claiming to assist victims in registering for consumption vouchers.  After obtaining their personal information, hackers would then hijack their accounts to defraud clueless victims of assets. The amount involved is up to  hundreds of millions of Hong Kong dollars.

According to the Green Radar SOC data, malware attacks this quarter were down slightly from the previous quarter. The top three of the top ten malware families are UDS:DangerousObject.Multi, HEUR:Exploit.MSOffice and HEUR.Exploit.MSOffice.CVE-2018-0802. To protect oneself from malicious software, it is suggested to pay attention to whether an email security solution is in place, which can effectively reduce the attack rate of fraudulent emails or website intrusion software vulnerabilities and protect computer from other security or malicious software attacks.

Hackers closely monitor market trends and take advantages from this

Apple launches new products every September, and hackers take the opportunity to prey on victims with phishing emails. These phishing emails impersonate notifications from Apple official, implying that the user’s Apple ID was compromised and attached a phishing URL to rectify the problem. In some cases, the consumer gets nervous and loses judgment after receiving such emails. Hackers leveraged this opportunity to lure users into logging in and entering personal and credit card information at phishing websites embedded within the malicious emails. In this case, the user’s account password and credit card information will be easily compromised by hackers.

However, from the malicious emails intercepted by the Green Radar SOC, it is not difficult to identify the badly copied fake websites from the originals, as they are full of loopholes.  For example, the fake Apple Taiwan website displays both traditional and simplified Chinese. This reflects that not all fake sites are hard to distinguish, but users can still fall into the trap due to emotion or lack of alertness.

Frequent OpenSea phishing attacks raising security concerns on NFT

The NFT trading platform OpenSea has been under phishing attacks from time to time. Hackers coveted the wallets of NFT enthusiasts and created delicate fake emails and websites. Green Radar SOC has also detected many similar phishing emails this quarter, baiting users to click the links to phishing websites and respond to requests for their wallet’s seed phrase. Hackers immediately transfer the victim’s NFTs to their own wallets and sell them. 254 NFTs were involved in the thefts, including valuable collectable series Bored Ape Yacht Club and Azuki NFTs. Such incidents have attracted attention, and users are worried about the security issues related to NFTs.

While phishing attacks keep emerging, users should pay attention to whether the message is sent from the official email address. Also, the official representative would not require users to submit the seed phrase of their wallet. Cold wallets can also be considered to store assets. Users need to ensure to purchase from official channels when trading.  To avoid losses, pay extra attention to encrypted social media, such as unofficial announcement links in Discord groups or private messages from administrators.

For more email threat updates, please click to download 2021/22 GERTI Yearly Report: https://www.greenradar.com/email-threat-index/