Cybercriminals are expanding their tactics, moving beyond well-known platforms to exploit lesser-known cloud services and trusted brands, including Gravatar, ProtonMail, and major telecom services like AT&T, Comcast Xfinity, and regional Canadian ISPs such as Kojeko and Eastlink. These targeted attacks use compelling phishing schemes to steal user credentials, exposing sensitive information and amplifying the risks of data breaches.
Researchers say cybercriminals craft phishing emails, mimicking services like ProtonMail, Microsoft, and DocuSign. Trusting the brand name, the victim opens the email and falls into the trap.
The pivot to targeting smaller, less scrutinised platforms stems from their perceived safety and ubiquity. Gravatar’s ‘Profiles as a Service,’ for instance, allows tricking unsuspecting users into revealing sensitive login details. These platforms’ relatively low profile in cybersecurity defences makes them an attractive target.
Cybersecurity experts have discovered that attackers increasingly target services like Gravatar and regional ISPs. This interest is due to a combination of user trust and insufficient security measures.
Many organisations do not block or monitor these platforms as rigorously as larger players, allowing phishing attempts to bypass detection mechanisms. Additionally, the widespread adoption of these services provides attackers with a broad base of potential victims.
The stakes are exceptionally high in the telecom sector, where the vast repositories of user information and the critical role these services play in connectivity make them high-value targets.
“These companies hold vast amounts of user data, making them lucrative targets as well if accounts can be exploited,” researchers noted. “By compromising their ISP cloud-based profiles, attackers can gain access to sensitive customer information, potentially leading to larger scale data breaches and further exploitation.”
Researchers have noted that these modern attacks are increasingly tailored to specific targets, featuring customised impersonations that enhance credibility and increase success rates.
Experts have urged users and organisations to always scrutinise URLs, beware of unexpected emails, enable two-factor authentication and strengthen passwords.
In the News: TripleStrenght targets cloud and on-premise systems
