Summary
Netskope Threat Labs is tracking a 17x increase in traffic to malicious web pages hosted on DigitalOcean in the last six months. This increase is attributed to new campaigns of a known tech support scam that mimics Windows Defender and tries to deceive users into believing that their computer is infected. The end goal of this scam is to lure victims into calling a fake “help line”, where attackers may attempt to remotely access the victim’s computer to either install malware or request payment for a service to fix the bogus infection.
In addition to the tech support scam, there has also been an increase in phishing pages hosted on DigitalOcean, targeting customers of the financial institutions America First Credit Union, Huntington, and Truist, and one phishing page targeting IONOS Webmail users.
The attacks have been targeting victims mainly in North America and Europe across different segments, led by the technology, financial services, and manufacturing sectors.