IT Brief Asia - Technology news for CIOs & IT decision-makers
Asia
Guides
#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things
Search
Story image
#
Phishing
#
Email Security
#
AI

Barracuda warns of surge in advanced phishing email threats

Today
Author image
By Sean Mitchell, Publisher

Barracuda threat analysts have identified three emerging email threats over the past month targeting organisations globally and utilising tactics intended to evade detection.

The first attack method involves the distribution of poisoned calendar invites crafted using phishing-as-a-service (PhaaS) kits, which are widely available online. According to Barracuda, hackers use iCalendar (ICS) files that are compatible across Google Calendar, Microsoft Outlook and Apple Calendar, making them attractive vectors for phishing attempts.

In these incidents, emails generally lack any accompanying message and instead include a link to an ICS file that appears to be a legitimate calendar invitation. The file often contains event details and a phishing link that purports to redirect the recipient to an unpaid invoice. Upon opening the invite, recipients are directed to the legitimate Monday platform, which is used to host the phishing content. The victim is typically confronted with a CAPTCHA verification and prompted to click "view document," which ultimately leads to a phishing page designed to steal Microsoft credentials.

Barracuda threat analysts advise vigilance, stating, "Any of the following: a meeting invite that you are not expecting, from someone you don't know or don't hear from often, to discuss something you are not aware of, and with no context or covering message, should sound the alarm. Report the message to your security team and check with the sender directly if appropriate to verify if the message is legitimate. The use of calendar invites in phishing attacks is on the rise, with several reports of Google calendar invites being spoofed in phishing campaigns. Since ICS files are often considered harmless and not all security tools can spot malicious invites, this represents a new opportunity — for a while at least — for attackers to bypass security controls and snare victims."

The second method identified involves phishing kits exploiting the ShareFile document-sharing platform. Several hundred attacks were recently observed using these techniques, with malicious actors hosting fraudulent login forms on ShareFile and distributing the corresponding URLs to targeted individuals. Although previous campaigns have made use of ShareFile, Barracuda identifies this as a new trend among established PhaaS platforms, designed to increase stealth and evade detection.

The kits implicated are Tycoon 2FA and Mamba 2FA, both of which employ various evasion strategies. These include use of proxy servers, short-lived and rotating phishing links, and sending unwanted traffic to unrelated sites such as Google 404 pages to interfere with security tool analysis. The phishing emails often impersonate notifications from services such as SharePoint or DocuSign, including a legitimate ShareFile URL that is unlikely to trigger immediate suspicion. As the platform is widely trusted, recipients may be more likely to follow the links and input sensitive information.

Barracuda highlights the need for caution: "As above, an email that you are not expecting, from someone you don't often hear from and on a topic that is not usual for you, should all sound alarm bells. As should an email from ShareFile when your organization doesn't generally use ShareFile. Report the message to your security team and check with the sender directly if appropriate to verify if the message is legitimate. If the email includes a link directing you to a Microsoft or Google login page, check that it is a legitimate login page. Avoid entering your credentials if you suspect the page might be fake or malicious."

The third threat is the resurgence of voicemail-based phishing, or "vishing". Barracuda analysts report that since February there has been an increase in attacks after a previous decline. These emails claim to be alerts about new voicemail messages and entice recipients to click a link to "play" the message. The link leads to a form hosted on trusted platforms such as Monday or Zoho, where victims are asked to enter their credentials. Some of these attacks also involve Tycoon 2FA and Mamba 2FA phishing kits and have included redirects via the professional social media platform LinkedIn.

Barracuda suggests a careful examination of such messages: "As above, the warning light should come on if the sender, nature and claimed content of the message are unexpected or unsolicited. Always verify the source if it really does seem genuine. Another red flag is any pressure to act or respond quickly or any kind of veiled threat."

Barracuda outlines its email protection measures, stating, "Barracuda Email Protection offers a comprehensive suite of features designed to defend against advanced email threats. It includes capabilities such as Email Gateway Defense, which protects against phishing and malware, and Impersonation Protection, which safeguards against social engineering attacks. Additionally, it provides Incident Response and Domain Fraud Protection to mitigate risks associated with compromised accounts and fraudulent domains. The service also includes Cloud-to-Cloud Backup and Security Awareness Training to enhance overall email security posture. Barracuda combines artificial intelligence and deep integration with Microsoft 365 to provide a comprehensive cloud-based solution that guards against potentially devastating, hyper-targeted phishing and impersonation attacks."

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Palo Alto Networks launches Prisma AIRS to secure enterprise AI
Palo Alto Networks unveils Prisma SASE browser for AI security
Palo Alto Networks to acquire Protect AI to boost AI security
Global study reveals public trust is lagging growing AI adoption
CrowdStrike launches unified data protection for AI & cloud
Top stories
Denodo updates platform with new data marketplace & GenAI tools
Global Tech Advocates celebrates decade of fostering innovation
Google Cloud unveils agentic AI to boost security operations efficiency
Palo Alto Networks unveils Cortex XSIAM 3.0 with AI upgrades
Forrester warns of deepfakes & AI extortion in 2025 threats