Email threats are on the rise, and organisations need to be vigilant to protect themselves against these emerging threats. In recent months, Barracuda threat analysts have identified three new email threats that are targeting organisations globally. These threats are using tactics designed to evade detection and exploit vulnerabilities in security controls. The first threat involves the use of poisoned calendar invites crafted using phishing-as-a-service (PhaaS) kits. These kits are widely available online and can be used to create fake calendar invites that appear to be legitimate. The invites often contain event details and a phishing link that redirects the recipient to a malicious page designed to steal Microsoft credentials. • The phishing links are often disguised as legitimate calendar invites, making it difficult to distinguish between genuine and fake invites. • The use of iCalendar (ICS) files makes the phishing links more attractive to security tools, which may not be able to detect the malicious content. • The attacks often involve a CAPTCHA verification, which can make it difficult for recipients to distinguish between legitimate and fake invites. Barracuda advises organisations to be cautious of emails that:
• Are not expected from a sender, especially if the sender is not known or not frequently communicated with. • Contain links to calendar invites that appear to be legitimate but lack context or a covering message. • Are suspicious in nature, such as emails that claim to be notifications from services like SharePoint or DocuSign. The second threat involves phishing kits exploiting the ShareFile document-sharing platform. Several hundred attacks have been observed using these techniques, which involve hosting fraudulent login forms on ShareFile and distributing the corresponding URLs to targeted individuals. • The phishing kits used are Tycoon 2FA and Mamba 2FA, which employ various evasion strategies to evade detection. • The attacks often involve using proxy servers, short-lived and rotating phishing links, and sending unwanted traffic to unrelated sites to interfere with security tool analysis. • The phishing emails often impersonate notifications from services like SharePoint or DocuSign, making it difficult for recipients to distinguish between genuine and fake emails. Barracuda highlights the need for organisations to be cautious of emails that:
• Are not expected from a sender, especially if the sender is not known or not frequently communicated with. • Contain links to ShareFile that are not generally used by the organisation. The third threat involves the resurgence of voicemail-based phishing, or “vishing”. This type of attack involves emails that claim to be alerts about new voicemail messages and entice recipients to click a link to “play” the message. The link leads to a form hosted on trusted platforms like Monday or Zoho, where victims are asked to enter their credentials. • The attacks often involve using Tycoon 2FA and Mamba 2FA phishing kits and redirects via the professional social media platform LinkedIn. • The attacks often involve pressure to act quickly or respond to the message, which can make it difficult for recipients to verify the authenticity of the message. Barracuda advises organisations to be cautious of emails that:
• Are not expected from a sender, especially if the sender is not known or not frequently communicated with. • Contain links to voicemail messages that are not expected or unsolicited. Barracuda outlines its email protection measures, stating that it offers a comprehensive suite of features designed to defend against advanced email threats. The features include:
• Email Gateway Defense, which protects against phishing and malware. • Impersonation Protection, which safeguards against social engineering attacks. • Incident Response and Domain Fraud Protection to mitigate risks associated with compromised accounts and fraudulent domains. • Cloud-to-Cloud Backup and Security Awareness Training to enhance overall email security posture. Barracuda combines artificial intelligence and deep integration with Microsoft 365 to provide a comprehensive cloud-based solution that guards against potentially devastating, hyper-targeted phishing and impersonation attacks.
| Threat | Description | Characteristics |
|---|---|---|
| Phishing kits using calendar invites | Phishing kits crafted using PhaaS kits to create fake calendar invites | Use of iCalendar (ICS) files, CAPTCHA verification, and links to malicious pages |
| Phishing kits exploiting ShareFile | Phishing kits using ShareFile to host fraudulent login forms | Use of proxy servers, short-lived and rotating phishing links, and unwanted traffic to unrelated sites |
| Voicemail-based phishing (vishing) | Emails claiming to be alerts about new voicemail messages | Use of Tycoon 2FA and Mamba 2FA phishing kits, redirects via LinkedIn, and pressure to act quickly |
The use of calendar invites in phishing attacks is on the rise, with several reports of Google calendar invites being spoofed in phishing campaigns. Since ICS files are often considered harmless and not all security tools can spot malicious invites, this represents a new opportunity for attackers to bypass security controls and snare victims. Barracuda suggests that organisations should be vigilant and report any suspicious emails to their security team. They should also verify the source of the email and check with the sender directly to ensure that the message is legitimate. By taking these precautions, organisations can reduce the risk of falling victim to these emerging email threats.
“The use of calendar invites in phishing attacks is on the rise, with several reports of Google calendar invites being spoofed in phishing campaigns. Since ICS files are often considered harmless and not all security tools can spot malicious invites, this represents a new opportunity — for a while at least — for attackers to bypass security controls and snare victims.”
Barracuda Email Protection
Barracuda Email Protection offers a comprehensive suite of features designed to defend against advanced email threats. It includes capabilities such as Email Gateway Defense, which protects against phishing and malware, and Impersonation Protection, which safeguards against social engineering attacks. Additionally, it provides Incident Response and Domain Fraud Protection to mitigate risks associated with compromised accounts and fraudulent domains. Cloud-to-Cloud Backup and Security Awareness Training
Barracuda Email Protection also includes Cloud-to-Cloud Backup and Security Awareness Training to enhance overall email security posture. The service combines artificial intelligence and deep integration with Microsoft 365 to provide a comprehensive cloud-based solution that guards against potentially devastating, hyper-targeted phishing and impersonation attacks. Barracuda Combines Expertise with Microsoft 365
Barracuda combines its expertise with Microsoft 365 to provide a comprehensive cloud-based solution that guards against potentially devastating, hyper-targeted phishing and impersonation attacks. This solution is designed to provide real-time protection against advanced email threats and to enhance overall email security posture.
*
: Pre-built packages of malicious code used to create and distribute phishing emails. *
: A service that provides pre-built phishing kits and other malicious tools to attackers. *
: A standard for sharing calendar information and scheduling events. *
: Phishing kits used to exploit ShareFile and other platforms.
