The digital stratosphere is a volatile one. You can be the biggest visionary around the block, but chances are, your prediction can still fall of the cliff. Things are always changing at a breakneck pace, and you are left with no option but to bring yourself in alignment with the latest rage that is doing the rounds. While this gets tedious at times, it’s also the primary reason for our extensive progression in such a short time. Nevertheless, it must be noted that the volatility of the tech sphere doesn’t always lead to positive outcomes. With the expansion in number of digital channels we are utilizing on daily basis, we have also unfolded a whole package of new mediums that threat actors across the globe can turn towards to exploit our systems and cause wreak-havoc. This showed up time and again during America’s cybersecurity crisis, which, even after so many months, is not giving any sort of impressions of cooling down. What startled the experts was that unlike other spree of cyberattacks in the history, these ones didn’t bore a shared pattern that the security agencies could have played their bid against. Instead, it felt like the opening a box of aggravated snakes that went in all directions, attacking everyone regardless of their positioning. The cybercriminals looked like they had something special and devastating for every sector and their weaponry is still going strong apparently, with the latest victim coming in the form of Milanote.
Milanote, touted as Evernote for creative junkies, has gathered a fair amount of interest in the artistic community, but as it turns out, the platform made some noises in the cybercriminal groups as well. According to the reports, some hackers have been using the platform to execute their credentials-stealing campaigns. They start things off by infiltrating secure email gateways. The next up is to unleash the phishing attacks. The hackers are known to be well aware of the kind of emails that can escape the watchful eyes of many scanners embedded into the system; therefore they go with pretty simple and static email formats.
The first bait is planted in the subject itself by writing ‘Invoice for Project Proposal’. This grabs the attention of the user. Following the redirection through a string of links the user is asked to click, they finally land on the phishing page, where credentials are eventually stolen.