Technology Today

A new phishing campaign designed to harvest Cisco WebEx credentials through a security warning for the application has been discovered by the Cofense Phishing Defense Center (PDC).Surprisingly, Cisco's own Secure Email Gateway failed to catch this new campaign which was launched at a time when millions of people are working from home using a variety of online platforms and software.
Cybercriminals are well aware of this and have begun to exploit trusted brands like WebEx to deliver malicious emails to users.Video conferencing software has been targeted by attackers in the past but the rapid influx of remote workers during the global pandemic makes for easy prey for hackers.
Cofense anticipates that there will continue to be an increase in remote work phishing in the months to come.This latest phishing campaign begins with potential victims receiving an email with subject lines such as Critical Update or Alert from the spoofed address [email protected].
The body of the email explains that there is a vulnerability that the user must patch or risk allowing an unauthenticated user to install a Docker container with high privileges on the system.This quite clever on the part of the hackers as they have spoofed a legitimate business service and have even included links to a write-up for a legitimate vulnerability tracked as CVE-2016-9223.
To make their email more compelling, the linked article uses the same wording as the email.The attackers have also created a fake URL (https://globalpagee-prod-webex.com/signin) which, at first glance, appears quite similar to the actual Cisco WebEx URL (https://globalpage-prod.webex.com/sigin).
However, upon further inspection, it is clear that the spoofed URL contains an extra "e" and uses a dash instead of a period at the end.To carry out this attack, the hackers registered a fraudulent domain through Public Domain Registry just a few days before sending out their credential phishing email.
They even went as far as to obtain a SSL certificate for their fraudulent domain to make it appear more legitimate.
Once again though there is a discrepancy though, as the official Cisco certificate is verified by HydrantID while the attacker's certificate is through Sectigo Limited.The phishing page then redirects users to a fake Cisco WebEx login page that is visually identical to the real thing.
Once a user logs in, the attackers then have their WebEx credentials which could be sold on the dark web or used to launch additional attacks against them or their organization.Working from home certainly has its perks but remote workers must remain vigilant to avoid falling victim to this and the many other scams making their way around the internet at the moment.





Unlimited Portal Access + Monthly Magazine - 12 issues


Contribute US to Start Broadcasting - It's Voluntary!


ADVERTISE


Merchandise (Peace Series)

 


Apple fans rushing for ₤ 35 iPhone 16 Pro Max as Sky uses payday deal


'I visited Chinese city which is like sci-fi movie with robots and noiseless trains'


Top Tech: Amazon's best early Prime Day deals including Ring, Tefal and Nespresso


Brits now 'obsessed' with health tracking and say it's key to motivation


Virgin Media is distributing complimentary wise TVs in surprise seven-day sale


O2 confirms UK network switch off and the exact date your phone might quit working


Samsung and Google have a new Android competitor that's like Nothing you've seen before


'Spectacular' Samsung Galaxy S25 Ultra gets £10 a month price cut


Sky users given 48-hour cost alert and your costs could increase tomorrow


Never ever miss your favourite television series when on vacation with basic travel hack


Amazon may offer big reason to ditch your Fire TV Stick next week and try something new


Samsung and Google smartphone deals consist of free earbuds and smartwatches


Everyone using Google Chrome must restart their browser now - don't ignore new alert


iPhone users surprised after finding 'concealed' hack to organise home screen


Sky dishes out brand-new iPhone 16 at 'lowest ever' rate, not surprising that it's offering fast


Argos shoppers can get a free 40-inch Hisense TV by doing one thing


Immediate alert for everyone with a Gmail account - do not overlook 6 important brand-new rules


BBC iPlayer is rivalling Sky TV with a vital free upgrade - check your settings now