Security Champion

?? Our team continues to help companies educate their employees about cybersecurity. We've created 20 posters with useful tips on how to protect sensitive data, prevent information leaks and avoid being scammed. Just print them out and put them up around the office. ??We've also decided to make our anti-phishing courses temporarily free. Get your staff up to speed quickly. ?The courses will help you stop 80% of phishing attacks: - How to spot dangerous links (15+ types of camouflage). - How to identify dangerous email attachments. ??Download free materials from our website?https://secuchamp.com/free The registration form consists of only two fields. #cybersecurity #cybersecurityawarenessmonth #phishing #cybersecurityawareness #securityawareness

New Warning: Microsoft 365 Attack Bypasses Email Security Microsoft 365 users are once again under threat from cyberattacks. A new phishing campaign exploiting trusted Microsoft infrastructure can bypass traditional email security measures and compromise accounts. Guardz Research has confirmed attacks that leverage legitimate Microsoft domains and client configuration vulnerabilities to execute Business Email Compromise (BEC) attacks. This attack does not rely on domain spoofing or email impersonation. Instead, cybercriminals use the Microsoft 365 infrastructure itself to deliver phishing lures disguised as legitimate messages. This method allows them to evade security mechanisms such as domain reputation analysis and the DMARC protocol. Guardz Researcher Ron Lev explains that as secure email gateways evolve, attackers are forced to develop new evasion techniques. In this case, they manipulate Microsoft 365 tenant settings, alter organizational properties, and use fake profiles to distribute malicious content. Guardz experts highlight several key stages of this campaign. First, attackers register new Microsoft 365 tenants or compromise existing ones, allowing them to bypass security mechanisms. They then create administrative accounts using .onmicrosoft.com domains, configure email forwarding, and implement phishing evasion techniques. To enhance credibility, they modify the organization name in the tenant settings to generate fake Microsoft notifications. Next, they initiate a trial subscription purchase, triggering a real Microsoft billing email while altering the displayed organization name. In the final step, they use fake customer support numbers to convince victims to contact what appears to be an official representative. According to Dor Eisner, CEO of Guardz, this attack is particularly difficult to detect because it leverages trusted Microsoft services and circumvents standard email authentication mechanisms. Despite its complexity, experts recommend training employees to recognize phishing attempts, staying cautious of emails from unfamiliar Microsoft 365 tenants and .onmicrosoft.com domains, and implementing email content analysis that checks organization fields and return-path headers. Microsoft has yet to provide an official statement on this attack. However, users should take immediate precautions to minimize the risk of compromise. Employee training remains a key element of protection—an informed user is the first line of defense against such threats. #cybersecurity? #phishing #securityawareness? #securitychampion

Large-Scale Phishing Attack Masquerading as Bооking.cоm Distributes Malware A sophisticated phishing campaign impersonating Bооking.cоm is actively spreading malicious software designed to steal credentials and financial data. First detected in December 2024, this attack remains a relevant and evolving threat to the hospitality industry worldwide, including in North America, Europe, Asia, and Oceania. Cybercriminals behind this campaign employ a complex social engineering chain, centered around a relatively new technique known as ClickFix. This method enables attackers to bypass traditional security measures by manipulating victims into unknowingly executing malicious code themselves. The attackers send fake emails crafted to look like legitimate notifications from Bооking.cоm. These messages cover a range of topics — from supposed issues with guest reviews to requests for account verification. A key element of this phishing campaign is a carefully crafted fake Bооking.cоm webpage featuring a fraudulent CAPTCHA. Victims are prompted to complete what appears to be a routine verification step, after which they are shown a “technical error” message with instructions to execute a command in the Windows "Run" dialog. This is where the ClickFix mechanism triggers: users are tricked into manually running a malicious script via mshta.exe, leading to the download and execution of multiple malware families, including XWorm, Lumma Stealer, VenomRAT, AsyncRAT, Danabot, and NetSupport RAT. These tools are designed to covertly harvest credentials, banking information, and enable full remote control over infected systems. Remarkably, ClickFix allows attackers to bypass most automated security defenses by exploiting human behavior. Victims believe they are taking legitimate steps to resolve service issues, while in reality, their devices are already compromised. According to Microsoft threat analysts, this campaign is internally tracked as Storm-1865. Experts emphasize that the attackers are continuously refining and evolving their tactics, moving well beyond earlier phishing schemes that primarily targeted individual hotel guests or online shoppers. Today, entire organizations are at risk, and in the context of the hospitality sector, compromised credentials can lead to severe data breaches affecting customers, bookings, and payment systems. For businesses, building multi-layered defense strategies is essential. This includes ongoing employee education, deployment of phishing-resistant authentication methods, and advanced threat monitoring systems. Equally important is staying updated on the latest adversarial tactics to avoid being caught off guard. As this campaign demonstrates, even a trusted and seemingly secure brand can be weaponized in a sophisticated attack. #cybersecurity? #phishing #securityawareness? #securitychampion

Hacked by Image: SVG-Based Phishing Attacks Surge by 245% At the start of 2025, KnowBe4 Threat Lab recorded a 245% surge in phishing attacks using SVG files — a format often seen as harmless but increasingly used to hide malicious code. SVG (Scalable Vector Graphics) is a vector format for logos and icons, but unlike JPG or PNG, it's an XML file that can embed executable code like JavaScript. Recipients see an image, but opening it can trigger malicious scripts. From January 1 to March 5, 2025, SVGs made up 6.6% of malicious attachments detected by KnowBe4 Defend, up from 1.9% in late 2024. The peak was March 4, when nearly a third of all malicious attachments were SVGs. Two key phishing campaigns fueled this rise. The first used SVGs with unique filenames to bypass antivirus filters. Emails looked like system notices and came from compromised but trusted accounts, passing SPF, DKIM, and DMARC. Opening the SVG loaded an invisible clickable area that redirected victims to fake Microsoft login pages. The second was more personalized. Victims got "missed call" emails with attached SVGs containing JavaScript that auto-opened phishing sites pre-filled with user data. Emails included the victim’s address in the attachment name and body. Hackers also altered the email HTML to push Microsoft's external sender warning to the bottom. Why are SVGs dangerous? Unlike standard images, they can contain executable code and hidden elements like malicious links or transparent click zones. Being text-based, SVGs are easily obfuscated to evade detection. Worse, many email security systems treat SVGs as harmless images, letting them bypass filters. Traditional defenses focus on ZIP, PDF, DOC, or EXE, but not SVGs. Experts warn SVG-based attacks will grow in 2025. Defense requires not only tech solutions but also staff training — people remain the last line of defense. Source: KnowBe4 Threat Lab #cybersecurity? #phishing #securityawareness? #securitychampion

How AI is Changing Phishing and Deepfakes: The Future of Digital Fraud Not long ago, phishing was seen as clumsy emails with errors and fake links. But times have changed. Today, artificial intelligence (AI) has given cybercriminals a new level of weaponry: phishing and deepfakes have become smarter, more personalized, and almost indistinguishable from reality. Where a hacker used to manually write an email "from the boss," now AI does it in a matter of seconds, using all your personal data available online. What's Changing in the World of Digital Fraud? 1. Next-Generation Personalized Phishing AI no longer writes template emails. It gathers information about a person from open sources like LinkedIn, Facebook, and corporate websites, creating unique phishing messages tailored to a specific individual. According to the Financial Times, companies like Beazley have seen a sharp increase in attacks where AI imitates executives' writing styles to gain access to company finances. These aren't mass emails—they are targeted attacks on key people in business. 2. Deepfakes That Are Indistinguishable from Real Ones AI can not only write but also "speak" and "appear" in videos. Creating a deepfake where "your CEO" appears in a video asking to transfer money takes just a few hours. In 2024, hackers in Hong Kong made a video call to a financial officer at an international company using deepfakes of all the company’s top executives. The employee transferred over $25 million to the attackers. 3. Scalability: AI Attacks Thousands of People Simultaneously AI bots can generate thousands of emails, messages, and phone calls in just minutes. Each email will be personalized and convincing, and the call may sound like your colleague's real voice. A real example: During Black Friday and Cyber Monday in 2023, criminals used AI to create thousands of fake websites and fraudulent ads. Visa and Mastercard client losses during this period were estimated in the millions of dollars. How to Protect Yourself from AI Fraudsters? 1. Employee Training - Don't just talk about phishing; train employees using real examples, such as phishing email simulations and deepfakes. - Teach critical thinking: verify any urgent requests through independent channels. 2. Strict Financial Protocols - Two-factor authentication for any financial transactions, especially large transfers. - Verification via a call to a personal number, not through email information. 3. Technical Measures - Implement anti-phishing solutions and monitoring systems capable of detecting AI-generated content. - Use multi-factor authentication (MFA) for access to corporate systems. True cybersecurity isn't just about technology; it's also about people who know how to respond properly. Source: Forbes Tech Council #cybersecurity? #phishing #securityawareness? #securitychampion

EncryptHub: A New Cyber Threat Spreading Ransomware via Phishing, Fake Apps, and PPI Services Researchers from Outpost24 KrakenLabs uncovered EncryptHub, a hacker group that spreads ransomware and steals data using three main methods: - Targeted phishing — fake VPN login pages combined with calls or SMS pretending to be IT support to steal credentials. - Trojanized apps — fake versions of Google Meet, WeChat, Visual Studio, and others that install malware instead of real software. - PPI services (Pay-Per-Install) — buying bulk infections through platforms like LabInstalls (e.g., $10 for 100 infected devices). Once inside, EncryptHub uses stealers like Fickle and StealC to grab data, then deploys ransomware to demand payment. They are also developing EncryptRAT, a tool to control infected devices and manage attacks — potentially to sell to other criminals. Why does it matter for businesses? EncryptHub’s tactics show that phishing is more than just email — employees can be tricked via calls, SMS, or fake apps. Companies that don’t control what employees install are especially vulnerable. How we help at Security Champion We train employees to recognize phishing and social engineering, run simulations, and identify weak points in the company. Our goal is to reduce the risk of real attacks and ransomware infections. Want to know how it works? Let's talk. #cybersecurity? #phishing #securityawareness? #securitychampion

Phishing Campaign Uses Havoc Framework to Control Infected Systems New Phishing Attack Leverages Havoc C2 and Microsoft Graph API Cybersecurity experts have identified another phishing campaign in which attackers use the Havoc Framework—an open-source command-and-control (C2) system. The malware modifies the Havoc Demon agent and utilizes the Microsoft Graph API to manage infected devices through SharePoint. Attack Mechanism The attack begins with a phishing email containing an HTML attachment named "Documents.html." This file employs ClickFix—a social engineering tactic that tricks the victim into copying and executing a malicious PowerShell command. This script downloads a remote PowerShell code from a SharePoint-hosted server, checks for sandbox environments, modifies system registry entries, and, if necessary, downloads a Python interpreter to execute a hidden shellcode loader. Advanced Evasion Techniques A key component of the attack is the use of KaynLdr—a shellcode loader hosted on GitHub. It applies API hashing to obscure its execution. Once loaded, the modified Havoc Demon DLL establishes a connection with C2 via the Microsoft Graph API, blending its activity into legitimate SharePoint traffic. "This attack demonstrates the evolution of phishing techniques and the increasing sophistication of cyber threats," commented Eric Schweik, Director of Cybersecurity Strategy at Salt Security. "Leveraging trusted cloud services like SharePoint and Microsoft Graph API makes detecting malicious traffic significantly more challenging." How to Protect Against Such Attacks? Attackers are using sophisticated obfuscation techniques, but organizations can mitigate risks by implementing proactive cybersecurity measures: - Employee Training: Raising awareness about modern phishing tactics. - PowerShell Script Control: Restricting the execution of unauthorized scripts. - SharePoint Monitoring: Analyzing activity for unusual file creation. - Threat Detection: Deploying solutions capable of identifying C2 traffic. Security Champion helps protect your business from such attacks. We train employees to recognize phishing, reducing the risk of compromise. Source: Article by Alessandro Mascellino. #cybersecurity? #phishing #securityawareness? #securitychampion

Protect Your Devices: Mobile Phishing Bypasses Desktop Security Phishing attacks are increasingly targeting mobile devices, circumventing traditional desktop security measures. Researchers at Zimperium warn that hackers are adapting their tactics to infiltrate companies through employees' smartphones. Unlike classic phishing attacks, mobile phishing isn’t limited to email—it also exploits SMS, voice messages, and QR codes. Cybercriminals craft emails that closely resemble legitimate messages, but the malicious payload is only triggered when accessed from a mobile device. If the link is opened on a desktop, the attack chain is interrupted, making detection more difficult. An analysis of phishing websites has revealed that many redirect desktop users to legitimate services like Google or Facebook. This tactic conceals malicious activity from security systems and extends the lifespan of phishing campaigns. As mobile technology advances, businesses are increasingly integrating smartphones into their operations—for multi-factor authentication, cloud applications, and messaging. This expansion of attack surfaces makes mobile devices a prime target for cybercriminals. Traditional phishing protection measures designed for desktops are no longer sufficient against mobile threats. To safeguard corporate data, organizations should implement mobile threat protection solutions and educate employees on modern social engineering tactics. #cybersecurity? #phishing #securityawareness? #securitychampion

Rise of Phishing Attacks via Trusted Platforms Cybercriminals are increasingly leveraging trusted business tools such as Dropbox, SharePoint, and QuickBooks to launch phishing attacks. According to a recent Darktrace report published by TechRepublic, 96% of phishing emails in 2024 contained links to existing domains rather than newly created ones, making them harder to detect using traditional security tools. How Do Attackers Operate? Hackers embed malicious links within well-known services, including Zoom Docs, Adobe, and HelloSign. They also exploit compromised email accounts, such as Amazon Simple Email Service, to bypass security filters. Last year, Darktrace recorded 30.4 million phishing emails, including: - 2.7 million containing multi-stage malicious payloads, - Nearly 1 million embedding malicious QR codes. With the advancement of artificial intelligence, phishing attacks have become more sophisticated. Complex linguistic models and targeted spear phishing campaigns now account for 38% of all phishing attacks. Living-off-the-Land Techniques Beyond phishing, cybercriminals are exploiting Living-off-the-Land (LotL) techniques, using vulnerabilities in enterprise systems like Ivanti and Fortinet. This allows them to operate stealthily, leveraging pre-installed corporate tools. Ransomware groups such as Akira and Black Basta are also stepping up their attacks. They increasingly rely on remote access software like AnyDesk and Atera to infiltrate corporate networks. Meanwhile, Malware-as-a-Service (MaaS) offerings have surged, with a 17% increase in 2024, allowing cybercriminals to sell their tools on a subscription basis. How to Protect Your Business? With cyberattacks becoming more sophisticated and damaging, employee cybersecurity training is one of the most effective ways to defend against phishing threats. Security Champion helps organizations educate their staff on identifying phishing attacks, reducing the risk of successful breaches. #cybersecurity? #phishing #securityawareness? #securitychampion

?? Urgent Warning: New Astaroth Attack Threatens 1.8 Billion Gmail Users! Phishing has reached a new level – a powerful tool called Astaroth now allows cybercriminals to bypass two-factor authentication (2FA) and take over user accounts in real-time. This is no longer just fake login pages – it's full control over your account, including banking data and private correspondence. Let's break down how this attack works and how to stay safe. How Does Astaroth Steal Accounts? ?? Phase 1: Fake Email The victim receives a convincing email – it might be a notification from “Google” about account suspension, a payment request, or even a corporate message. ?? Phase 2: Malicious Link The link leads to a fake login page that looks identical to the real one. The victim enters their credentials – and hackers instantly capture them. ?? Phase 3: 2FA Hijacking Astaroth operates in real-time: as soon as the victim enters their SMS or authenticator app verification code, hackers intercept it and immediately log in. ?? Phase 4: Session Hijacking After gaining access, cybercriminals steal session cookies, allowing them to stay logged in without needing repeated authentication. Who Is at Risk? ?? 1.8 billion Gmail users ?? 400+ million Outlook accounts ?? 225 million Yahoo users ?? Accounts using Google/Facebook login – social media, banks, subscription services Why Is This Dangerous? ?? Phishing is now smarter – Astaroth doesn’t just steal passwords; it intercepts 2FA and session data, completely bypassing security measures. ?? Fast and undetectable – Hackers gain access in seconds, and users don’t even realize their account is compromised. ?? Available on the dark web – This tool is sold for $2,000, making it accessible even to beginner hackers. How to Protect Yourself? ? Don’t click on links in emails, even if they look legitimate. Always type the Gmail address manually. ? Check the URL carefully – fake pages often have minor misspellings. ? Use hardware security keys (like Yubikey) – they prevent 2FA code theft. ? Enable Google login alerts – the sooner you spot a breach attempt, the better your chances of stopping it. ? Get phishing awareness training – Security Champion helps companies and employees recognize these attacks and avoid falling victim. ? Cybersecurity is not a myth, it's a necessity! Share this with your colleagues and protect your accounts from modern cyber threats! ?? #cybersecurity? #phishing #securityawareness? #securitychampion