INSUBCONTINENT EXCLUSIVE:
A new phishing campaign designed to harvest Cisco WebEx credentials through a security warning for the application has been discovered by
the Cofense Phishing Defense Center (PDC).Surprisingly, Cisco's own Secure Email Gateway failed to catch this new campaign which was
launched at a time when millions of people are working from home using a variety of online platforms and software
Cybercriminals are well aware of this and have begun to exploit trusted brands like WebEx to deliver malicious emails to users.Video
conferencing software has been targeted by attackers in the past but the rapid influx of remote workers during the global pandemic makes for
Cofense anticipates that there will continue to be an increase in remote work phishing in the months to come.This latest phishing campaign
The body of the email explains that there is a vulnerability that the user must patch or risk allowing an unauthenticated user to install a
business service and have even included links to a write-up for a legitimate vulnerability tracked as CVE-2016-9223
To make their email more compelling, the linked article uses the same wording as the email.The attackers have also created a fake URL
(https://globalpagee-prod-webex.com/signin) which, at first glance, appears quite similar to the actual Cisco WebEx URL
(https://globalpage-prod.webex.com/sigin)
However, upon further inspection, it is clear that the spoofed URL contains an extra "e" and uses a dash instead of a period at the end.To
carry out this attack, the hackers registered a fraudulent domain through Public Domain Registry just a few days before sending out their
credential phishing email
They even went as far as to obtain a SSL certificate for their fraudulent domain to make it appear more legitimate
Once again though there is a discrepancy though, as the official Cisco certificate is verified by HydrantID while the attacker's certificate
is through Sectigo Limited.The phishing page then redirects users to a fake Cisco WebEx login page that is visually identical to the real
Once a user logs in, the attackers then have their WebEx credentials which could be sold on the dark web or used to launch additional
attacks against them or their organization.Working from home certainly has its perks but remote workers must remain vigilant to avoid
falling victim to this and the many other scams making their way around the internet at the moment.
