19
English
Afrikaans
Albanian
Amharic
Arabic
Armenian
Azerbaijani
Basque
Belarusian
Bengali
Bosnian
Bulgarian
Catalan
Cebuano
Chichewa
Chinese (Simplified)
Chinese (Traditional)
Corsican
Croatian
Czech
Danish
Dutch
Esperanto
Estonian
Filipino
Finnish
French
Frisian
Galician
Georgian
German
Greek
Gujarati
Haitian Creole
Hausa
Hawaiian
Hebrew
Hindi
Hmong
Hungarian
Icelandic
Igbo
Indonesian
Irish
Italian
Japanese
Javanese
Kannada
Kazakh
Khmer
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latin
Latvian
Lithuanian
Macedonian
Malagasy
Malay
Malayalam
Maltese
Maori
Marathi
Mongolian
Myanmar (Burmese)
Nepali
Norwegian
Pashto
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Samoan
Scottish Gaelic
Serbian
Sesotho
Shona
Sindhi
Sinhala
Slovak
Slovenian
Somali
Spanish
Sudanese
Swahili
Swedish
Tajik
Tamil
Telugu
Thai
Turkish
Ukrainian
Urdu
Uzbek
Vietnamese
Welsh
Xhosa
Yiddish
Yoruba
Zulu
A new phishing campaign designed to harvest Cisco WebEx credentials through a security warning for the application has been discovered by the Cofense Phishing Defense Center (PDC).Surprisingly, Cisco's own Secure Email Gateway failed to catch this new campaign which was launched at a time when millions of people are working from home using a variety of online platforms and software.
Cybercriminals are well aware of this and have begun to exploit trusted brands like WebEx to deliver malicious emails to users.Video conferencing software has been targeted by attackers in the past but the rapid influx of remote workers during the global pandemic makes for easy prey for hackers.
Cofense anticipates that there will continue to be an increase in remote work phishing in the months to come.This latest phishing campaign begins with potential victims receiving an email with subject lines such as Critical Update or Alert from the spoofed address [email protected].
The body of the email explains that there is a vulnerability that the user must patch or risk allowing an unauthenticated user to install a Docker container with high privileges on the system.This quite clever on the part of the hackers as they have spoofed a legitimate business service and have even included links to a write-up for a legitimate vulnerability tracked as CVE-2016-9223.
To make their email more compelling, the linked article uses the same wording as the email.The attackers have also created a fake URL (https://globalpagee-prod-webex.com/signin) which, at first glance, appears quite similar to the actual Cisco WebEx URL (https://globalpage-prod.webex.com/sigin).
However, upon further inspection, it is clear that the spoofed URL contains an extra "e" and uses a dash instead of a period at the end.To carry out this attack, the hackers registered a fraudulent domain through Public Domain Registry just a few days before sending out their credential phishing email.
They even went as far as to obtain a SSL certificate for their fraudulent domain to make it appear more legitimate.
Once again though there is a discrepancy though, as the official Cisco certificate is verified by HydrantID while the attacker's certificate is through Sectigo Limited.The phishing page then redirects users to a fake Cisco WebEx login page that is visually identical to the real thing.
Once a user logs in, the attackers then have their WebEx credentials which could be sold on the dark web or used to launch additional attacks against them or their organization.Working from home certainly has its perks but remote workers must remain vigilant to avoid falling victim to this and the many other scams making their way around the internet at the moment.
