Yesterday, a phishing attack that security experts called “incredibly sophisticated” ripped through Gmail accounts at a blistering pace. Google managed to head the threat off at the pass, reportedly stopping it in its tracks after just 0.1% of all Gmail users had ever seen one of the malicious emails.
It was an odd incident, to be sure. This “sophisticated” attack didn’t actually manage to do anything all that dangerous. The biggest reason why is that Google reacted swiftly, resolving the issue just an hour after a Google employee spotted news of the attacks on Reddit.
The other is that initial analysis suggests that all the attack did was harvest email addresses so that it could send the phishing email to even more users. That could mean that this was incomplete malware that was turned loose before it was actually ready to carry out its creator’s nefarious plan.
There’s also the remote possibility that it was simply a research project. That theory was put forward by a Twitter user name Eugene Pupov, a name that matches a Gmail account that was embedded in the phishing message.
In a series of Tweets, Pupov claimed that what happened was an accident. The code had reportedly been written as part of a graduate project he was finishing up at the University of Coventry. The emails that were sent were “simply a test” and the whole episode had “taken a toll” on his entire family, Pupov added.
You can’t take everything you read on Twitter at face value, though, and so Motherboard’s Joseph Cox went digging. The picture used on the account was indeed a gentleman named Pupov, but one who works at the Institute of Molecular Genetics. Cox also confirmed with the University of Coventry that there is not now — nor has there ever been — a student enrolled with the name Eugene Pupov.
Add in the fact that this Twitter account appeared out of nowhere the same day that the attack took place and that the Twitter avatar is now a plain white square and the whole thing takes on a decidedly fishy smell. It could be quite some time before the truth is revealed… if that ever happens.
Source: SANS ISC SecNewsFeed @ May 4, 2017 at 10:54AM