Another week, another wave of cyberattacks shaking up the digital world. From phishing scams targeting iPhone users to the international impacts felt by the CrowdStrike outage on Friday July 19th, the threat landscape is only getting more complex. Stay alert as these cyber dangers continue to evolve.
CrowdStrike Catastrophe: The IT Meltdown
A faulty update from CrowdStrike on Friday July 19th led to significant global disruptions for millions of software programs connected to the CrowdStrike technology. The update caused devices to shut down and continuously reboot, affecting various sectors worldwide.
Major airlines, including Delta and American Airlines, had to halt departures overnight. The outage extended into banks, television networks, health systems and law enforcement agencies. In Phoenix, emergency response systems were disrupted, forcing dispatchers to manually record and share 911 call information. Other states, such as Iowa, New York, Tennessee and Minnesota, also faced similar challenges.
In an official statement from , CrowdStrike, they’ve since identified and reverted the problematic update, ensuring that their Falcon platform systems continue to operate normally.
Learn more about the impacts of the Crowdstrike outage, and the data our Bolster Research Team discovered on how hackers are taking advantage.
New Cyberattacks are Targeting iPhone Users
On July 9th, CBS news reported that there is a new form of cyberattacks that are targeting iPhone users, with threat actors seeking to steal individual’s Apple IDs in a “phishing” campaign.
Apple ID credentials open attackers to a vast pool of information, “providing control over devices, access to personal and financial information, and potential revenue through unauthorized purchases” says Megan Cerullo from CBS News. Fake iCloud login pages get sent to the users through malicious SMS messages appearing to come from Apple, prompting users to input their iCloud credentials.
Such cyberattacks are referred to as “smishing schemes in which criminals use fake text messages from purposely reputable organization, rather than email, to lure people into sharing personal information, such as account passwords and credit card data.” Be alert and cautious about opening any texts that appear to be sent from Apple, CBS News warns. Additionally, the Federal Trade Commission also recommends setting up your computer and mobile phone so that security software is updated automatically.
FishXProxy: Phishing Toolkits Floating on the Dark Web
A fresh, end-to-end phishing kit is making its way around the Dark Web, lowering the barrier to entry to create sophisticated campaigns and malicious attacks that can avoid most traditional security. The kit, called FishXProxy, includes features and integrations with Cloudflare content delivery network (CDN) and is said to be “The Ultimate Powerful Phishing Toolkit” in ads on underground cybercriminal forums, said researchers from SlashNext Security in their most recent blog post.
Although there are various phishing kits on the Dark Web that give threat actors the tool to develop successful phishing campaigns, FishXProxy’s unique value proposition is its “focus on evading detection and maximizing the success rate of credential theft attempts,” said Elizabeth Montalbano from the Dark Reading.
With these advanced phishing kits making cybercrime easily accessible and quick to assemble for more and more attackers, traditional security solutions struggle to keep up. Security teams must adopt “multi-layered defenses and continuously update their threat intelligence.
Increased Scam Risks During Amazon Prime Days
Amazon Prime Days, which happened July 16th and 17th, can be a great way to save a few bucks on your favorite Amazon items. Despite these seemingly harmless sale days, cybercriminals were waiting patiently and lurking to steal your credentials during this year’s sale event.
Journalist, Niamh Acncell from Cybernews, reports that “85% of 2024 domains associated with Amazon were flagged as malicious or suspicious.” Through phishing and social engineering attacks, cyber threat actors will attempt to steal Amazon credentials by constructing false web pages “masquerading as official Amazon websites or by sending malicious emails” says Acnell.
Scammers create a sense of urgency, prompting the user to make a quick decision without properly analyzing the website to ensure its legitimacy, i.e. inputting credentials or creating a countdown for a purchase. Use caution and be mindful when purchasing anything online, especially from Amazon during one of these sale-heavy days!
Stay up to Date to Protect Your Online Security
Tune into our Bolster news round ups every few weeks to get the latest security news insight and attack details. With better knowledge comes better planning, so be sure to catch the latest global cyber happenings to help arm your business against new and evolving threats.
Check out CheckPhish, our free URL scanner and community hub, for more cyber security conversation and resources
