Introduction
Cybercriminals are increasingly adopting low-tech [1], human-centric tactics to execute cyber attacks [1], with callback scams emerging as a significant threat. These scams exploit human behavior, making them difficult to detect and prevent using traditional security measures.
Description
Cybercriminals are increasingly utilizing low-tech [1], human-centric tactics to execute cyber attacks [1], with callback scams being a prominent example [1]. In these scams [1], victims are deceived into calling a seemingly legitimate phone number through emails or texts [1], leading to the potential exposure of sensitive information or the download of malware [1]. In the first quarter of 2025 [1], callback scams represented nearly 20% of phishing attempts [1], as they require victims to initiate the contact [1], making them easier for attackers [1].
One notable group, the Silent Ransom Group (SRG) [2] [3], also known as Luna Moth [2] [3], Chatty Spider [2] [3], and UNC3753 [2] [3], has been actively targeting US-based law firms since Spring 2023 through IT-themed social engineering and callback phishing emails. These attacks aim to gain remote access to systems [2], exfiltrate sensitive data [2] [3], and demand ransom payments [2]. SRG employs tactics such as impersonating well-known companies and charging small subscription fees, directing victims to call a fake support line to cancel the subscription. This leads to the installation of remote access tools (RATs) like Zoho Assist [2], AnyDesk [2], or Atera [2], allowing attackers to access devices and steal sensitive information.
In March 2025 [2] [3], SRG escalated its tactics by making direct phone calls to employees [2], impersonating internal IT support staff [2]. Victims are instructed to join remote sessions under the pretense of maintenance [2], granting attackers near-invisible access to their devices [2]. This vishing tactic has proven highly effective [3], resulting in multiple compromises [3]. Law firms are specifically targeted due to the high sensitivity of legal data [2], making them more susceptible to social engineering tactics [2]. The FBI has identified law firms as the primary victim group [2], with medical and insurance companies also at risk [2]. SRG’s extortion site aims to amplify reputational pressure on victims to force negotiations [2].
These human-centric attacks effectively bypass traditional security measures [1], as they do not rely on malware and can evade email security systems [1]. Phishing tactics are evolving [1], with an increase in the use of malicious attachments [1], particularly SVG file images [1], which accounted for 34% of phishing attacks in the same period [1]. Cybercriminals exploit these file types by embedding malicious scripts that execute when the files are opened in a web browser [1], redirecting users to compromised websites [1].
To combat these evolving threats [1], organizations must rethink their email security strategies [1], focusing on the human element and adapting to the tactics employed by cybercriminals [1]. This involves enhancing verification protocols for IT requests [2], monitoring unauthorized downloads of remote access tools [3], and educating employees on recognizing social engineering attacks [2]. Implementing two-factor authentication for all employees and developing policies for authenticating IT staff are also crucial. By analyzing attacker behavior and developing targeted detection methods for emerging threats [1], such as those involving SVG files [1], organizations can enhance their defenses against callback phishing and other low-tech scams [1]. A proactive [1], intelligence-driven approach is essential for creating adaptable security measures that can respond to the dynamic nature of cyber threats [1].
While most attacks have been observed in the United States [2], law firms in the Middle East and Africa (MEA) should be cautious [2], as they may also become targets [2]. Countries in the Gulf Cooperation Council (GCC) and North Africa [2], which are digitizing legal systems [2], could face similar threats [2]. Breaches of client data in these regions could lead to significant penalties under local cybersecurity laws [2]. The shift towards socially engineered [2], malware-free extortion campaigns by groups like SRG underscores the increasing sophistication of cyber threats [2], as attackers exploit trust and urgency rather than relying on technical exploits [2], blurring the line between cybersecurity and employee awareness [2].
Conclusion
The rise of human-centric cyber attacks, such as those executed by the Silent Ransom Group, highlights the need for organizations to adapt their security strategies. By focusing on the human element and implementing robust verification and authentication protocols, organizations can better protect themselves against these evolving threats. As cybercriminals continue to exploit trust and urgency, a proactive and intelligence-driven approach will be crucial in safeguarding sensitive information and maintaining cybersecurity resilience. Additionally, as these threats expand globally, regions like the Middle East and Africa must remain vigilant to avoid potential breaches and legal repercussions.
References
[1] https://www.cybersecurityintelligence.com/blog/avoiding-low-tech-human-centric-cyber-attacks-8431.html
[2] https://cybercory.com/2025/05/27/silent-ransom-group-launches-targeted-cyber-extortion-campaigns-against-law-firms-using-callback-phishing-and-it-spoofing/
[3] https://thecyberexpress.com/fbi-silent-ransom-group-advisory/
