Report: Iran Is Likely Setting Stage for International Phishing Campaign

[InfoSec News <alerts () infosecnews org>]

https://www.defenseone.com/technology/2019/01/report-iran-likely-setting-stage-international-phishing-campaign/154077/

By Patrick Tucker
Technology Editor
Defense One
January 10, 2019

Hackers have been methodically gaining access to domain name services that 
allow malware-laden emails to look like they come from legitimate 
organizations.

Phishing attacks only work when the target takes the bait. The email containing 
the link or attachment that will compromise the target's computer has to look 
legitimate, from a recognizable domain. A new report says that someone -- 
likely Iran -- has been hijacking domains related to entities across the Middle 
East and North America, which could allow Iran to launch more, and more 
successful, cyber attacks.

Issued Thursday by cybersecurity company FireEye, the report says actors are 
using various techniques to hijack Domain Name System, or DNS, functions, 
allowing them to make phony emails appear legitimate.

"The entities targeted by this group include Middle Eastern governments whose 
confidential information would be of interest to the Iranian government and 
have relatively little financial value" the researchers write. "A large number 
of organizations have been affected by this pattern of DNS record 
manipulation... They include telecoms and [Internet service providers], 
internet infrastructure providers, government and sensitive commercial 
entities."

[...]



--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_