CyberScoop reports that Arizona and Pennsylvania county election officers have been facing a deluge of phishing attacks ahead of their primaries in August, indicating extensive cybersecurity threats against election officials prior to the midterm polls.
Malicious emails aimed at Arizona county election officials increased by more than threefold between the first and third quarter of 2022, with phishing activity peaking around the state's primary on Aug. 2, while malicious emails targeted at those in Pennsylvania rose by 382% between the last quarter of 2021 and the first quarter of 2022, before increasing by another 169% during the second quarter, according to a Trellix report.
Phishing attacks were found to either be notifications regarding soon-to-expire email passwords that redirect to a phishing site collecting recipients' credentials, or email thread hijacking involving a county election worker and a ballot distribution and collector contractor.
"Ultimately, this phishing scheme plays on the election workers professional and moral commitment to help a trusted contractor struggling to register people to vote," researchers added.
OSET Institute Board Member Eddie Perez noted that prevalent disinformation has exacerbated the impact of elections-targeted phishing since 2020.
BleepingComputer reports that recent phishing attacks by the QBot malware operation, also known as Qakbot, have involved the exploitation of a DLL hijacking flaw in the Windows 10 WordPad executable "write.exe."
Microsoft credentials targeted new phishing attacks with RPMSG files New phishing attacks involving compromised Microsoft 365 accounts and encrypted restricted permission message, or RPMSG, files, are being leveraged by threat actors to facilitate the stealthy exfiltration of Microsoft credentials, according to BleepingComputer.
BleepingComputer reports that some Barracuda Email Security Gateway instances have been compromised in attacks exploiting a zero-day vulnerability, which has already been patched in security updates issued over the weekend.