TrickBot Trojan Now Using URL Redirects to Fool End Users and Cybersecurity Solutions
May21

TrickBot Trojan Now Using URL Redirects to Fool End Users and Cybersecurity Solutions

The Trickbot banking Trojan is one of the biggest cyber threats faced by businesses. Trickbot is primarily a banking Trojan that is used to obtain login credentials to online bank accounts. The malware can also steal from Bitcoin wallets and harvest email credentials and steal other sensitive data. The malware is one of the most active banking Trojans in use, second only to Emotet. The malware is primarily distributed via spam and...

Read More
International Law Enforcement Operation Shuts Down Goznym Malware Gang
May17

International Law Enforcement Operation Shuts Down Goznym Malware Gang

The international criminal gang behind the infamous Goznym malware has been disbanded following a complex law enforcement investigation in Bulgaria, Germany, Georgia, Moldova, Ukraine, and the United States. The investigation has resulted in indictments for ten defendants, five of whom have been apprehended: Two in Germany, one in Bulgaria, one in Moldova, and the alleged leader of the gang in Georgia. Five Russian nationals involved...

Read More
DHS Cybersecurity and Infrastructure Security Agency Issues Guidelines for O365 Migrations
May14

DHS Cybersecurity and Infrastructure Security Agency Issues Guidelines for O365 Migrations

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has issued a set of guidelines and best practices to help organizations migrate to Microsoft Office 365 and avoid introducing vulnerabilities that could make it easier for cybercriminals to conduct attacks and gain access to Office 365 accounts. There has been a major increase in the number of organizations that have transitioned to...

Read More
Antivirus Tool Used by Dharma Ransomware to Hide Malicious Activity
May10

Antivirus Tool Used by Dharma Ransomware to Hide Malicious Activity

Security researchers at Trend Micro have discovered the threat actors behind Dharma ransomware are using a legitimate AV tool to hide the malicious activities of their ransomware. Dharma ransomware first surfaced in 2016 and has since been used in many attacks on businesses, in particular attacks on healthcare organizations in the United States. The ransomware variant is distributed via spam email which contains a link to a web page...

Read More
Verizon 2019 Data Breach Investigations Report Reveals Latest Cyberattack Trends
May08

Verizon 2019 Data Breach Investigations Report Reveals Latest Cyberattack Trends

Verizon has released its 2019 Data Breach Investigations Report. The annual report provides an in-depth analysis of global data breaches, new cyberattack trends, and an overview of the current threat landscape. This is the 12th consecutive year that Verizon has produced the report and this year’s instalment is most extensive DBIR report released to date.  Verizon now collects data from 73 sources and included 41,686 reported security...

Read More
Popular Mail Clients Vulnerable to Digital Signature Spoofing Attacks
May01

Popular Mail Clients Vulnerable to Digital Signature Spoofing Attacks

Digital signatures confirm the sender of an email is genuine, that an email is authentic, and has not been intercepted and altered in transit. However, vulnerabilities have been identified in the implementation of digital signature technology in several popular email clients which could be exploited in digital signature spoofing attacks. Were that to happen, the recipient of an email would likely believe the communication is genuine...

Read More
Latest Phishing Attack Trends Revealed
Apr26

Latest Phishing Attack Trends Revealed

Proofpoint has released its Q4 2018 quarterly threat analysis which reveals the latest phishing attack trends and provides an insight into the types of individuals being targeted in email attacks. Email attacks on businesses are conducted for a variety of reasons, most commonly to fool employees into installing malware or ransomware, to obtain login credentials, or convince employees to make fraudulent wire transfers or divulge...

Read More
FBI’S 2018 Internet Crime Report Shows Massive Increase in BEC Attack Losses
Apr24

FBI’S 2018 Internet Crime Report Shows Massive Increase in BEC Attack Losses

The Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3) has released its 2018 Internet Crime Report which shows there was a dramatic rise in losses due to cybercrime in 2018. In 2018, IC3 received 351,936 complaints involving more than $2.7 billion in losses. That represents an increase in losses of more than 92% compared to 2017. 2018 accounted for 36% of all losses from the past five years and complaints about...

Read More
Phishing Attacks Increased by 40.9% in 2018
Apr17

Phishing Attacks Increased by 40.9% in 2018

The 2019 Phishing Trends and Intelligence Report from PhishLabs shows there was a 40.9% increase in phishing attacks in 2018. Attacks increased steadily during Q1 and continued at a high level in Q2 and Q3, with a decline in attacks in Q4. The analysis of attacks shows the tactics used by cybercriminals are constantly changing. New types of attacks were detected in 2018 which exploited changes in the digital landscape. Targets also...

Read More
DHS and FBI Issue Warning About New North Korean Hoplight Trojan
Apr16

DHS and FBI Issue Warning About New North Korean Hoplight Trojan

The U.S Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have both issued advisories about a new Trojan called Hoplight which is being used by the Lazarus APT group. Lazarus is a North Korea-backed hacking group, also known as Hidden Cobra, Zinc, and Nickel Academy. The hacking group primarily uses spear phishing to install malware on high value targets. The group is primarily concerned with...

Read More
Microsoft Confirms Support Agent’s Credentials were Compromised and Customers’ Email Data Potentially Accessed
Apr16

Microsoft Confirms Support Agent’s Credentials were Compromised and Customers’ Email Data Potentially Accessed

Microsoft has experienced a data breach that has lasted at least three months. During that time, hackers were able to access affected users’ email addresses, email subject lines, folder names, and email contacts. The breach affected certain users of its web email services: Hotmail, MSN, and Outlook. A Microsoft support agent’s account details were compromised on January 1, 2019 which allowed the attackers to gain access to information...

Read More
SpamTitan Leading Secure Email Gateway Solution According to G2 Crowd
Apr15

SpamTitan Leading Secure Email Gateway Solution According to G2 Crowd

Selecting the best business security software can be a headache. Even when business leaders know exactly what they want from a software solution, choosing the right product can be difficult. After determining that a software solution ticks all the boxes and has all the required features, many businesses discover that it is a nightmare to use. When it comes to security software it is important to choose a solution that’s user friendly...

Read More
A Quarter of Phishing Emails Bypass Office 365 Anti-Phishing Defenses
Apr12

A Quarter of Phishing Emails Bypass Office 365 Anti-Phishing Defenses

Microsoft Office 365 default anti-phishing defenses are bypassed by a quarter of all phishing emails, according to new research from cybersecurity firm Avanan. Avanan conducted a study of 52 million emails which had been assessed by Office 365 Exchange Online Protection (EOP). 25% of phishing emails were determined to be non-malicious and were delivered to inboxes. In addition, a further 5.3% of emails were delivered as they had been...

Read More
Two New Sextortion Scam Detected: Thousands Demanded to Prevent Further Action
Apr04

Two New Sextortion Scam Detected: Thousands Demanded to Prevent Further Action

2018 has seen a major increase in sextortion scams and large volumes of mails are still being sent. While there are many types of sextortion scams, two of the most common involve spoofed emails from law enforcement agencies and emails from hackers who claim to have installed malware which has recorded users via their webcams. Both of these types of scam claim the user has been caught visiting questionable or illegal pornographic...

Read More
Beware of Tax Season Phishing Scams
Apr04

Beware of Tax Season Phishing Scams

Cybercriminals have stepped up their efforts to scam U.S. taxpayers into divulging their sensitive information and installing malware. Many elaborate tax season phishing scams have been detected in 2019. Phishing scams are common during tax season. Tax-themed phishing emails are sent which contain a hyperlink that directs the recipient to a website where they are asked to enter information such as their name, address, DOB, and Social...

Read More
Webinar: New DMARC and Sandboxing Features of SpamTitan Email Security Solution Explained
Mar28

Webinar: New DMARC and Sandboxing Features of SpamTitan Email Security Solution Explained

Cybercriminals are launching ever more sophisticated attacks on businesses, which require more powerful cybersecurity solutions to protect against attacks. One of the most common methods of attack is email and this is an area where security defenses often fall short. Even with robust perimeter defenses, cybercriminals can gain access to business networks by targeting the weakest link: Employees. Phishing attacks are becoming more...

Read More
New Report Identifies Latest Spear Phishing Trends
Mar21

New Report Identifies Latest Spear Phishing Trends

Researchers at email security firm Barracuda have conducted a study to identify current spear phishing trends and the tactics most commonly used to attack businesses and obtain sensitive information. Spear phishing is a highly targeted form of phishing. Campaigns tend to involve low numbers of emails that have been carefully crafted for attacks on a particular industry, company, or individual. Targets are usually researched, and...

Read More
Healthcare Employees Vulnerable to Phishing Attacks
Mar14

Healthcare Employees Vulnerable to Phishing Attacks

The healthcare industry appears to have more than its fair share of phishing attacks. Barely a week goes by without a major phishing attack being reported by a healthcare provider in the United States. Healthcare organizations are targeted by cybercriminals as they hold valuable data. Healthcare records contain information that can be used for multiple types of fraud and the records sell for big bucks on darknet marketplaces....

Read More
1 in 61 Delivered Emails Contains a Malicious URL
Mar08

1 in 61 Delivered Emails Contains a Malicious URL

A new report from Mimecast has revealed cybercriminals are increasingly using malicious URLs in phishing emails to obtain credentials and deliver malware. Mimecast’s figures show there has been a 126% increase in delivered emails that contain malicious URLs between August 2018 and February 2019. The company has analyzed more than 28.4 million emails that had been determined to be safe by email security solutions and were delivered to...

Read More
New Microsoft Report Details 2018 Phishing Trends
Mar06

New Microsoft Report Details 2018 Phishing Trends

Microsoft’s latest Security Intelligence Report provides information on 2018 phishing trends, the changing tactics of cybercriminals, and ransomware, cryptojacking and malware attack statistics. 2018 Ransomware Trends 2017 saw ransomware attacks dominated the threat landscape; however, as the year progressed ransomware started to fall out of favor with cybercriminals and that trend continued throughout 2018. While ransomware attacks...

Read More
IRS Launches 2019 Campaign to Raise Awareness of Tax Scams with Phishing Warning
Mar05

IRS Launches 2019 Campaign to Raise Awareness of Tax Scams with Phishing Warning

The IRS has launched its annual campaign to raise awareness of tax scams that are highly prevalent during tax season. The Dirty Dozen campaign details 12 common tax scams that taxpayers, tax professionals and businesses need to be aware of and take steps to avoid. In the run up to the deadline for submitting 2018 tax returns, cybercriminals increase their efforts to obtain the personal information of taxpayers. The information can be...

Read More
WinRAR Vulnerability Actively Exploited in the Wild to Install Backdoor
Feb27

WinRAR Vulnerability Actively Exploited in the Wild to Install Backdoor

The 19-year old WinRAR vulnerability that was recently identified by Check Point is being exploited in the wild to install a backdoor that allows remote access. An updated version of WinRAR was released in January to correct the flaw, but many users have yet to update to the latest version of the file compression tool. In January it was estimated that around 500 million individuals worldwide had a vulnerable version of WinRAR...

Read More
Businesses Targeted in Ongoing Credential-Stealing Separ Malware Phishing Attack
Feb21

Businesses Targeted in Ongoing Credential-Stealing Separ Malware Phishing Attack

An ongoing phishing campaign is targeting businesses and distributing the information-stealing Separ malware. The campaign has mostly concentrated on businesses in South East Asia and the Middle East, although some businesses in North America have also been attacked. The Separ information stealer has been in use since September 2017, with earlier versions of the info-stealer dating back to 2013. The latest campaign, which uses an...

Read More
GandCrab Ransomware Decryptor Developed for Versions 5.0.4 to 5.1
Feb20

GandCrab Ransomware Decryptor Developed for Versions 5.0.4 to 5.1

A free GandCrab ransomware decryptor has been released that works for the latest version of the ransomware. Files encrypted by versions 1, 4, early versions of 5, and versions 5.0.4 to 5.1 can now be decrypted without paying the ransom. GandCrab ransomware was first detected in January 2018 and went on to become the biggest ransomware threat of 2018. In addition to encrypting local files on an infected device, GandCrab ransomware can...

Read More
Trickbot Trojan Updated to Obtain VNC, PuTTY, and RDP Credentials
Feb19

Trickbot Trojan Updated to Obtain VNC, PuTTY, and RDP Credentials

The Trickbot banking Trojan has been updated with a new module which is capable of obtaining VNC, PuTTY, and remote desktop credentials. The latest variant of Trickbot is being distributed in a tax season-themed phishing campaign involving emails that offer help with recent changes to the U.S. tax code to reduce tax bills. The emails appear to have been sent by the accounting organization Deloitte and have a tax incentive-related...

Read More
FINRA Issues Phishing Warning to Brokerage Firms
Feb19

FINRA Issues Phishing Warning to Brokerage Firms

The Financial Industry Regulatory Authority (FINRA) has issued a warning to brokerage firms about a new phishing campaign. The scam involves spam emails which appear to have been sent from a credit union alerting the brokerage firm to potential money laundering by one of their clients. The email messages appear to have been sent by a BSA-AML compliance officer at a legitimate Indiana-based credit union and contain details of the...

Read More
Emotet Threat Actors Now Distributing Trojan via XML Files Masked as Word Documents
Feb15

Emotet Threat Actors Now Distributing Trojan via XML Files Masked as Word Documents

At least one cybercriminal group distributing the Emotet Trojan has started using a new tactic to infect end users with the malware. The malware is now being delivered using XML files disguised as Word documents, with the malware installed via embedded macros. The Emotet Trojan is one of the most rapidly evolving malware variants. The malware is regularly updated with new functions and the methods used to distribute the malware and...

Read More
Mac Users Targeted with New Shlayer Malware Variant
Feb15

Mac Users Targeted with New Shlayer Malware Variant

A new Shlayer malware variant has been detected that infects Mac computers and disables macOS Gatekeeper security software. The latest version of the malware was identified by researchers at Carbon Black and appears to only target MacOS versions from 10.10.5 to 10.14.3. Shlayer malware is distributed via fake Flash Player updates. Warnings are generated when visiting websites advising the user that their Flash Player is out of date...

Read More
Phishing Campaign Leverages Google Translate to Steal Google and Facebook Credentials
Feb11

Phishing Campaign Leverages Google Translate to Steal Google and Facebook Credentials

A phishing campaign has been detected that abuses Google Translate to make the phishing webpage appear to be an official login page for Google. The phishing emails in the campaign are similar to many other campaigns that have been run in the past. The messages have the subject “Security Alert” with a message body virtually identical to the messages sent by Google when a user’s Google account has been accessed from an unfamiliar device...

Read More
New BEC Campaign Targets Executives
Feb06

New BEC Campaign Targets Executives

Business email compromise attacks involve the impersonation of a high-level executive, often the CEO or CFO. The attacks often start with a spear phishing email to obtain the credentials of the CEO/CFO. If the credentials are obtained, the email account is used to send requests to employees. During tax season, W-2 Form data for all employees is often requested or requests are sent to the finance department to make wire transfers to...

Read More
Office 365 Phishing Campaign Uses SharePoint Collaboration Request as Lure
Feb06

Office 365 Phishing Campaign Uses SharePoint Collaboration Request as Lure

A single Office 365 username/password combination can give a hacker access to a vast quantity of sensitive information. Information detailed in emails can be of great value to competitors, identity thieves, and other fraudsters. Office 365 credentials also give hackers access to cloud storage repositories that can contain highly sensitive business information and compromised accounts can be used to distribute malware and conduct...

Read More
Xvideos Sextortion Scam Threatens to Expose Porn Viewing Habits
Feb04

Xvideos Sextortion Scam Threatens to Expose Porn Viewing Habits

An xvideos sextortion scam threatens to expose users’ porn viewing habits to friends, family, and work colleagues.   The scammer claims to have recorded the user via the webcam while they viewed content on the xvideos adult website. The email is made more believable by the inclusion of the user’s password in the message body. The scammer claims to have gained access to the email recipient’s computer and installed a keylogger. The...

Read More
2019 State of the Phish Report Reveals Increase in Successful Phishing Attacks
Jan29

2019 State of the Phish Report Reveals Increase in Successful Phishing Attacks

The Proofpoint 2019 State of the Phish Report has revealed that while phishing is still used to infect users with malware, 70% of phishing attacks are concerned with obtaining credentials. In the past 12 months there has been a major increase in phishing attacks. The last time the report was produced in 2017, 38% of InfoSec professionals reported having experienced at least one account compromise as a result of a phishing attack in...

Read More
Free Decryptor for Fileslocker Ransomware Developed After Master Key Leaked
Jan03

Free Decryptor for Fileslocker Ransomware Developed After Master Key Leaked

A free decryptor for Fileslocker ransomware has been developed following the leaking of the master key for the ransomware on Pastebin. The master key is the key used by threat actors to decrypt files that have been encrypted by the ransomware. The post was created on December 29, 2018 and states that the master key, which decrypts the private key, is “applicable to V1, V2 version” and that the poster is “waiting for security personnel...

Read More
Tribune Publishing Cyberattack Cripples Several U.S. Newspapers
Jan02

Tribune Publishing Cyberattack Cripples Several U.S. Newspapers

A recent malware attack on Tribune Publishing has caused disruption to several newspaper print runs including those of the Los Angeles Times, San Diego Tribune, and the west coast editions of the New York Times and Wall Street Journal, amongst others. The Tribune Publishing cyberattack occurred on Thursday December 28, 2018, and spread throughout the Tribune Publishing network on Friday, affecting the Saturday editions of several...

Read More
FTC Issues Warning About New Netflix Phishing Scam
Jan01

FTC Issues Warning About New Netflix Phishing Scam

The U.S. Federal Trade Commission has issued a warning about a new global Netflix phishing scam that attempts to fool Netflix subscribers into disclosing their account credentials and payment information. The scam uses a tried and tested tactic to obtain that information: The threat of account closure due to payment information being out of date. Users are sent a message asking them to update their payment details because Netflix has...

Read More
90% of Malware Delivered Via Spam Email
Dec19

90% of Malware Delivered Via Spam Email

Cybercriminals use a variety of methods to gain access to business networks to install malware, although by far the most common method of spreading malware is spam email. According to a recent study by F-Secure, in 2018, 90% of malware was delivered through spam email. The most common types of malware delivered via spam email are downloaders, bots, and backdoors, which collectively account for 52% of all infections. Banking Trojans...

Read More
New Office 365 Phishing Attack Detected
Dec18

New Office 365 Phishing Attack Detected

A new Office 365 phishing attack has been identified that uses alerts about message delivery failures to lure unsuspecting users to a website where they are asked to provide their Office 365 account details. The new scam was detected by security researcher Xavier Mertens during an analysis of email honeypot data. The emails closely resemble official messages sent by Microsoft to alert Office 365 users to message delivery failures. The...

Read More
New Survey Highlights Importance of Security Awareness Training for Employees
Dec17

New Survey Highlights Importance of Security Awareness Training for Employees

A recent phishing survey of 500 office workers in Ireland has revealed the risks business leaders are taking by failing to provide security awareness training for employees. Phishing is one of the easiest methods of gaining access to sensitive information and gaining a foothold in a network. Phishing is the act of deceiving users into disclosing sensitive information, usually via email. An email is sent with a lure to get the user to...

Read More
2018 Security Awareness Training Statistics
Dec12

2018 Security Awareness Training Statistics

A recent survey conducted by Mimecast has produced some interesting security awareness training statistics for 2018. The survey shows many businesses are taking considerable risks by not providing adequate training to their employees on cybersecurity. Ask the IT department what is the greatest risk cybersecurity risk and many will say end users. IT teams put a considerable amount of effort into implementing and maintaining...

Read More
Adobe Patches Actively Exploited 0-Day Vulnerability in Flash Player
Dec06

Adobe Patches Actively Exploited 0-Day Vulnerability in Flash Player

On Wednesday, December 5, 2018, Adobe issued an update to correct a vulnerability in Adobe Flash Player that is being leveraged by a threat group in targeted attacks in Russia. The threat group has already attacked a healthcare facility in Russia that is used by senior civil servants. The vulnerability was identified by researchers at Gigamon who passed on details of the vulnerability to Adobe in late November. Qihoo 360 researchers...

Read More
Spotify Phishing Scam Detected: User Accounts Breached
Nov30

Spotify Phishing Scam Detected: User Accounts Breached

Researchers at AppRiver have detected a Spotify phishing scam that attempts to get users to reveal their Spotify credentials. The emails use brand imaging that make the emails appear to have been sent by the music streaming service. The messages are realistic, although there are signs that the messages are not genuine. The email template used in the Spotify phishing scam claims the user needs to confirm their account details to remove...

Read More
Marriott Announces 500 Million-Record Breach of Starwood Hotel Guests’ Data
Nov30

Marriott Announces 500 Million-Record Breach of Starwood Hotel Guests’ Data

The Marriott hotel chain has announced it has suffered a massive data breach that has resulted in the theft of the personal information of up to 500 million guests of the Starwood Hotels and Resorts group. Marriott discovered the data breach on September 8, 2018 after an alert was generated by its internal security system following an attempt by an unauthorized individual to access the Starwood guest reservation database. Third-party...

Read More
49% of All Phishing Sites Have SSL Certificates and Display Green Padlock
Nov29

49% of All Phishing Sites Have SSL Certificates and Display Green Padlock

Almost half of phishing sites now have SSL certificates, start with HTTPS, and display the green padlock to show the sites are secure, according to new research by PhishLabs. The number of phishing websites that have SSL certificates has been increasing steadily since Q3, 2016, when around 5% of phishing websites were displaying the green padlock to indicate a secure connection. The percentage increased to approximately 25% of all...

Read More
California Wildfire-Themed BEC Attack Identified
Nov27

California Wildfire-Themed BEC Attack Identified

It is common for phishers to use natural disasters as a lure to obtain ‘donations’ to line their pockets rather than help the victims and the California wildfires are no exception. Many people have lost their lives in the fires and the death toll is likely to rise further as hundreds of people are still unaccounted for. Whole towns such as Paradise have been totally destroyed by the wildfires and hundreds of people have lost their...

Read More
APT28 Group Uses New Cannon Trojan in Spear Phishing Campaign Targeting US and EU Government Agencies
Nov22

APT28 Group Uses New Cannon Trojan in Spear Phishing Campaign Targeting US and EU Government Agencies

A new spear phishing campaign is being conducted by the AP28 (Sofacy Group/Fancy Bear/Sednit) on government organizations in the United States, Europe, and a former USSR state using the previously unknown Cannon Trojan. The campaign was detected by Palo Alto Networks’ Unit 42 team and was first identified in late October. The campaign is being conducted via spam email and uses weaponized Word document to deliver two malware variants....

Read More
Rise in Phishing Emails Using .Com File Extensions
Nov21

Rise in Phishing Emails Using .Com File Extensions

The anti-phishing solution provider Cofense, formerly PhishMe, has reported a marked increase in phishing campaigns using files with the .com extension. The .com extension is used for text files with executable byte code. The code can be executed on Microsoft NT-kernel-based and DOS operating systems. The campaigns identified through Cofense Intelligence are primarily being sent to financial service departments and are used to...

Read More
Gmail Flaw Allows Phishing Emails to Be Sent Anonymously
Nov21

Gmail Flaw Allows Phishing Emails to Be Sent Anonymously

A Gmail flaw has been discovered that allows emails to be sent anonymously with no information included in the sender field. The flaw could easily be exploited by cybercriminals for use in phishing attacks. Phishers often mask the sender of an email in phishing campaigns to fool the recipient into believing the email is genuine. The sender’s email address can be spoofed so the displayed name appears to be a known contact or well-known...

Read More
TA505 APT Group Spreading tRat Malware in New Spam Campaigns
Nov20

TA505 APT Group Spreading tRat Malware in New Spam Campaigns

The prolific APT group TA505 is conducting spam email campaigns spreading a new, modular malware variant named tRAT. tRAT malware is a remote access Trojan capable of downloading additional modules. In addition to adding infected users to a botnet, the threat actors have the option of selling access to different elements of the malware to other threat groups for use in different attacks. Threat researchers at Proofpoint intercepted...

Read More
Phishing Accounts for 50% of All Fraud Attacks
Nov15

Phishing Accounts for 50% of All Fraud Attacks

An analysis of current cyber fraud threats by network security firm RSA shows that phishing attacks have increased by 70% since Q2 and now account for 50% of all fraud attacks suffered by organizations. Phishing attacks are popular because they are easy to conduct and have a high success rate. An attacker can set up a webpage that mimics a well-known brand such as Microsoft or Google that requests login details. Emails are then sent...

Read More
Trump Spam Dominates Email Subject Lines in Run up to Mid-Terms
Nov07

Trump Spam Dominates Email Subject Lines in Run up to Mid-Terms

Donald Trump is well known for his claims to be the biggest and best and now he can make a new claim, having been named by Proofpoint as the most commonly used keyword in election-related spam. The name Trump featuring in 53% of election-related spam email subject lines, beating the nearest rival “Obama” who had a paltry 6%. The closest keyword term to Trump was “democrat” with 11% of spam volume, followed by “election” on 10% and...

Read More
Elon Musk Bitcoin Scam Generates $180,000 in a Day
Nov06

Elon Musk Bitcoin Scam Generates $180,000 in a Day

The promise of payment of a sizable sum in return for a small payment is a classic scam that has been conducted in various forms for many years. An administration fee is required before a Saudi prince’s inheritance will be paid, and payment I required to help a widow get her husbands fortune out of the country. This week an interesting variation of the scam has been conducted on Twitter that has been surprisingly effective. The Saudi...

Read More
U.S. Treasury Investigating $700,000 Loss to Phishing Scam
Oct30

U.S. Treasury Investigating $700,000 Loss to Phishing Scam

In July 2018, the Washington D.C. government fell for an email scam that resulted in wire transfers totaling nearly $700,000 being sent to a scammer’s account. The scammer impersonated a vendor used by the city and requested outstanding invoices for construction work be paid. The vendor had been contracted to work on a design and build project on a permanent supportive housing facility. The emails requested the payment method be...

Read More
United States Leads the World as Main Host of Malware C2 Infrastructure
Oct26

United States Leads the World as Main Host of Malware C2 Infrastructure

The United States is home to the highest percentage of malware command and control (C2) infrastructure – 35% of the global total, according to new research published by phishing defense and threat intelligence firm Cofense.  27% of network Indicators of Compromise (IoCs) from phishing-borne malware are also either located in or proxied through the United States. Cofense data show that Russia is in second place with 11%, followed by...

Read More
75% of Employees Lack Security Awareness
Oct26

75% of Employees Lack Security Awareness

MediaPro has published its 2018 State of Privacy and Security Awareness Report which assesses the level of security awareness of employees across different industry sectors. The report is based on the responses to questionnaires sent to 1,024 employees across the United States that probed their understanding of real-world threats and security best practices. This is the third year that MediaPro has conducted the study, which...

Read More
Brands Most Commonly Spoofed by Phishers Revealed
Oct25

Brands Most Commonly Spoofed by Phishers Revealed

Vade Secure has released a new report detailing the brands most commonly targeted by phishers in North America. The Phishers’ Favorites Top 25 list reveals the most commonly spoofed brands in phishing emails detected in Q3, 2018. For the latest report, Vade Security tracked 86 brands and ranked them based on the quantity of phishing attacks in which they were impersonated. Those 86 brands account for 95% of all brand spoofing attacks...

Read More
Stealthy sLoad Downloader Performs Extensive Reconnaissance to Improve Quality of Infected Hosts
Oct25

Stealthy sLoad Downloader Performs Extensive Reconnaissance to Improve Quality of Infected Hosts

A new PowerShell downloader has been discovered – the sLoad downloader – which is being used in stealthy, highly targeted attacks in the United Kingdom and Italy. The sLoad downloader performs a wide range of checks to find out a great deal of information about the system on which it resides, before choosing the most appropriate malicious payload to deploy – if a payload is deployed at all. The sLoad downloader was first identified in...

Read More
Anti-Phishing Working Group Publishes Q2, 2018 Phishing Trends Report
Oct19

Anti-Phishing Working Group Publishes Q2, 2018 Phishing Trends Report

The Anti-Phishing Working Group has released its Phishing Activity Trends Report for Q2, 2018. The report contains a summary and analysis of phishing attacks that were reported to APWG by its member companies and partners between April and June 2018. The APWG quarterly reports provide insights into the latest phishing trends and show the extent of phishing attacks on businesses – Attacks aimed at getting employees to reveal their...

Read More
Sophisticated Phishing Attack Inserts Malware into Existing Email Conversation Threads
Oct11

Sophisticated Phishing Attack Inserts Malware into Existing Email Conversation Threads

A new sophisticated phishing tactic has been identified that involves a malicious actor gaining access to an email account, monitoring a conversation thread, and then inserting malware in a reply to an ongoing discussion. The scam is a variation of a Business Email Compromise (BEC) attack. BEC attacks typically involve using a compromised email account to send messages to accounts or payroll employees to get them to make fraudulent...

Read More
Phishers Using Azure Blog Storage to Host Phishing Forms with Valid Microsoft SSL Certificate
Oct08

Phishers Using Azure Blog Storage to Host Phishing Forms with Valid Microsoft SSL Certificate

Cybercriminals are using Microsoft Azure Blog storage to host phishing forms. The site hosting the malicious files has a genuine Microsoft SSL certificate which adds authenticity to the campaign. Similar tactics have been used in the past for Dropbox phishing scams and attacks that impersonate other cloud storage platforms. A typical phishing scenario involves an email being sent with a button or hyperlink that the user is requested...

Read More
Cofense Research Reveals Extensive Abuse of Zoho Email by Keyloggers
Oct05

Cofense Research Reveals Extensive Abuse of Zoho Email by Keyloggers

New research from Cofense has revealed there has been a significant rise in keylogger activity in 2018 which backs up research conducted by Microsoft that showed the resurgence of a keylogger known as Hawkeye. Keyloggers are information-stealing malware that log keystrokes on a computer and other input from human interface devices (HUDs) such as webcams and microphones. Many modern keyloggers are also able to copy information from the...

Read More
Persistent New LoJax Rootkit Survives Hard Disk Replacement
Oct04

Persistent New LoJax Rootkit Survives Hard Disk Replacement

Security researchers at ESET have identified a new rootkit that takes persistence to a whole new level. Once infected, the LoJax rootkit will remain active on a device even if the operating system is reinstalled or the hard drive is reformatted or replaced. Rootkits are malicious code that are used to provide an attacker with constant administrator access to an infected device. They are difficult to detect and consequently they can...

Read More
Danabot Banking Trojan Used in U.S. Campaign
Oct03

Danabot Banking Trojan Used in U.S. Campaign

The DanaBot banking Trojan was first detected by security researchers at Proofpoint in May 2018. It was being used in a single campaign targeting customers of Australian Banks. Further campaigns were later detected targeting customers of European banks, and now the attacks have moved across the Atlantic and U.S. banks are being targeted. Banking Trojans are a major threat. Proofpoint notes that they now account for 60% of all malware...

Read More
2018 Has Seen a Marked Increase in Email Impersonation Attacks
Sep27

2018 Has Seen a Marked Increase in Email Impersonation Attacks

The September Email Threat Report published by cybersecurity company FireEye has cast light on the latest tactics being used by cybercriminals to fool end users into disclosing sensitive information such as login credentials to online bank accounts and email services. Phishing attacks continue to dominate the threat landscape and cybercriminals have been refining their techniques to achieve a higher success rate. Standard phishing...

Read More
Cofense Takes a Closer Look at Healthcare Phishing Attacks
Sep24

Cofense Takes a Closer Look at Healthcare Phishing Attacks

Cofense, the leading provider of human-based phishing threat management solutions, has published new research that shows the healthcare industry lags behind other industry sectors for phishing defenses and is routinely attacked by cybercriminals who often succeed in gaining access to sensitive patient health data. The Department of Health and Human Services’ Office for Civil Rights publishes a summary of data breaches reported by...

Read More
New Python Ramsomware Threat Detected
Sep18

New Python Ramsomware Threat Detected

Security researchers at Trend Micro have identified a new Python ransomware threat that piggybacks on the success of Locky ransomware. The threat actors behind the ransomware have copied the ransom note used by the gang responsible for Locky. The ransomware note claims files have been encrypted by Locky Locker. Trend Micro have instead named this new ransomware threat PyLocky. Python is a popular script-writing language, although it...

Read More
Respiratory Care Provider Victim of Phishing Attack
Sep05

Respiratory Care Provider Victim of Phishing Attack

Norwood, MA-based Reliable Respiratory has discovered a hacker has gained access to the email account of one of its employees, and through that account, potentially accessed the protected health information of some of its patients. The respiratory care provider was alerted to a possible email account breach on July 3 when suspicious activity was detected in the email account. An investigation was immediately launched which confirmed...

Read More
Massive URL Spoofing Campaign Discovered Targeting 76 Universities
Sep04

Massive URL Spoofing Campaign Discovered Targeting 76 Universities

A massive URL spoofing campaign targeting 76 universities in 14 countries has been detected by security researchers at SecureWorks. The threat group known as Cobalt Dickens is believed to be behind the attack. The group is believed to operate out of Iran and is well known for conducting these types of attacks. The latest campaign has seen the hacking group create more than 300 spoofed websites on sixteen domains. Hosted on those...

Read More
Wombat Security Technologies Releases 2018 State of the Phish Report
Aug31

Wombat Security Technologies Releases 2018 State of the Phish Report

Wombat Security Technologies has released its 2018 State of the Phish Report – an analysis of data from tens of millions of simulated phishing attacks conducted through its Security Education Platform over the past 12 months. The report also provides insights on the current state of phishing from quarterly surveys sent to its customers, highlighting the frequency of phishing attacks on organizations, the impact those attacks are...

Read More
AdvisorsBot Malware Used in Targeted Attacks on Hotels and Restaurants
Aug28

AdvisorsBot Malware Used in Targeted Attacks on Hotels and Restaurants

Security researchers at Proofpoint have detected a new malware threat that is being used in targeted attacks on hotels, restaurants, and telecoms firms. AdvisorsBot malware, so named because its C&C servers contain the word advisors, was first detected in May 2018 in a variety of spam email campaigns. AdvisorsBot malware is under development although the current form of the malware has been used in multiple attacks around the...

Read More
Necurs Botnet Now Distributing Marap Malware
Aug21

Necurs Botnet Now Distributing Marap Malware

The Necurs botnet is being used to send huge quantities of spam emails containing Marap malware. Marap malware is currently being used for reconnaissance and learning about victims. The aim appears to be the creation of a network of infected users that can be targeted in future attacks. The malware creates a unique fingerprint for each infected device, contacts its C2 server, and sends information about the victim’s system to the...

Read More
U.S. Companies Not Doing Enough to Prevent Phishing and Email Impersonation Attacks
Aug21

U.S. Companies Not Doing Enough to Prevent Phishing and Email Impersonation Attacks

IT professionals are well aware of the threat from phishing and email impersonation attacks, yet even though the risk of an attack is high, U.S. companies are not doing enough to prevent phishing and email impersonation attacks according to a recent survey of U.S. IT professionals. The survey was conducted by the Ponemon Institute on behalf of Valimail on 650 IT and IT security practitioners in the United States who play a role in...

Read More
New KeyPass Ransomware Campaign Infects Users in More than 20 Countries
Aug15

New KeyPass Ransomware Campaign Infects Users in More than 20 Countries

A new ransomware variant – called KeyPass ransomware – is being used in a new campaign that has seen many victims created around the world. While Brazil and Vietnam have taken the brunt of the attacks, there have been victims in more than 20 countries with the list growing by the day. KeyPass ransomware is written in C++ and is a variant of STOP ransomware. At present it is not known how the KeyPass ransomware attacks are...

Read More
New Shrug Ransomware Variant Detected
Aug13

New Shrug Ransomware Variant Detected

Shrug ransomware was first detected in early July. Now a new variant of this .NET ransomware variant has been detected, which has enhanced capabilities. Shrug ransomware was primarily distributed bundled with fake software and apps, although the infection vector for the latest version is not known. Phishing emails, RDP attacks, and drive-by downloads may also be used in addition to fake software. Shrug2 ransomware was detected by...

Read More
Scammers Claim to Have Webcam Footage of Users Watching Pornography
Aug09

Scammers Claim to Have Webcam Footage of Users Watching Pornography

A new variant of an old scam is currently gaining traction and is fooling many people into paying scammers money to avoid having sensitive information exposed. The scammers claim to have added malware to adult sites which has been downloaded onto a user’s computer. The malware is allegedly capable of taking full control of the webcam, which has been used to record a video of the user while they were visiting pornographic websites. The...

Read More
Spam Email Remains the Primary Attack Vector and Click Rates are Increasing
Aug01

Spam Email Remains the Primary Attack Vector and Click Rates are Increasing

Spam email is still the leading method of malware delivery according to a new report by cybersecurity company F-Secure. The reason is simple. It is relatively easy to bypass security defenses and deliver malicious messages to inboxes and end users are not particularly good at identifying malicious emails. Finding exploitable vulnerabilities is much harder by comparison. According to F-Secure’s figures, in the second half of 2017,...

Read More
UnityPoint Health Phishing Attack Exposed PHI of 1.4 Million Patients
Jul31

UnityPoint Health Phishing Attack Exposed PHI of 1.4 Million Patients

Another UnityPoint Health phishing attack has been discovered, and this time it is huge. Hackers have gained access to multiple email accounts which contained the protected health information of approximately 1.4 million patients. This incident is the largest healthcare data breach to be reported since August 2016 and the largest healthcare phishing incident reported since the HHS’ Office for Civil Rights started publishing summaries...

Read More
Most Clicked Phishing Emails in Q2, 2018
Jul24

Most Clicked Phishing Emails in Q2, 2018

Security training and phishing email simulation platform provider KnowBe4 has released a report on the most clicked phishing emails in Q2, 2018. If businesses provide security awareness training to their employees and train them how to recognize phishing and other malicious emails, click rates fall dramatically. Since a single response to a phishing email can result in a costly data breach, security awareness training is essential....

Read More
Convincing Phishing Campaign Targets Australian Businesses and Spreads DanaBot Trojan
Jul17

Convincing Phishing Campaign Targets Australian Businesses and Spreads DanaBot Trojan

A new phishing campaign has been detected that is spreading the DanaBot Trojan. The campaign involves phishing emails which appear to contain invoices from the Australian multinational corporation MYOB – a provider of tax and accounting services for small and medium sized businesses. The phishing campaign was detected by Trustwave researchers. The phishing emails are succinct and well written and advise the recipient of the invoice...

Read More
Code Stealing Certificates Stolen from D-Link and Used in Malware Campaign
Jul12

Code Stealing Certificates Stolen from D-Link and Used in Malware Campaign

The Advanced Persistent Threat (APT) group BlackTech has stolen code-signing certificates from D-Link and Changing Information Technology Inc., and is using them to cryptographically sign a remotely controlled backdoor known as Plead and an associated password stealer. With the stolen certificates, individuals who receive the malware as email attachments are likely to be fooled into thinking the files are genuine and have been...

Read More
New AZORult Phishing Campaign Detected by Cofense
Jul09

New AZORult Phishing Campaign Detected by Cofense

Leading anti-phishing solution provider Cofense has detected a new AZORult phishing campaign. AZORult is an information stealer capable of stealing cookies, stored passwords, payment card information, autocomplete data stored in web browsers, Bitcoin wallet information, and email, FTP, and XMPP client credentials. The latest campaign uses malicious email attachments to spread a new variant of the malware. Version 3 of AZORult...

Read More
Email Attack Uses Macros to Hijack Desktop Shortcuts
Jul09

Email Attack Uses Macros to Hijack Desktop Shortcuts

The deployment of malware via malicious Word documents is nothing new, although the tactics used by cybercriminals often change. Now a new method of malware deployment has been uncovered, in which users are fooled into downloading the malicious payload. The attack starts like many other email-based attacks. The user must open an email and attachment and enable macros. The macro then searches for common desktop shortcuts such as Google...

Read More
Rakhni Trojan Decides Whether to Encrypt or Mine Dashcoin
Jul06

Rakhni Trojan Decides Whether to Encrypt or Mine Dashcoin

A new variant of the Rakhni Trojan has been detected by security researchers at Kaspersky Lab. This new malware variant decides whether a device is suited to mining cryptocurrency. If the device has sufficient processing power, a Dashcoin miner is downloaded and the device is turned into a cryptocurrency mining slave. If the likely profits from cryptocurrency mining are low, files on the device will be encrypted in a standard...

Read More
ZeroFont Phishing Attack Bypasses Microsoft Office Security Feature
Jun21

ZeroFont Phishing Attack Bypasses Microsoft Office Security Feature

The ZeroFont phishing attack allows phishers to bypass anti-spam controls and ensure their emails are delivered to end users inboxes. ZeroFont Phishing Cybercriminals are constantly developing new ways to bypass anti-spam technologies, one of which has been uncovered by security researchers at the cloud security company Avanan. The technique, termed ZeroFont phishing, allows phishers to get their messages past Microsoft Office 365...

Read More
World Cup Wallchart Phishing Scam Detected
Jun19

World Cup Wallchart Phishing Scam Detected

Security researchers at Check Point have uncovered a World Cup wallchart phishing scam that is being used to deliver malware to soccer fans’ devices. The campaign involves specially crafted email messages with the subject line: World_Cup_2018_Schedule_and_Scoresheet_V1.86_CB-DL-Manager. Email recipients are encouraged to open and install a malicious FIFA World Cup schedule and results checker that is attached to the email. The email...

Read More
RansomCloud Attack Encrypts Cloud-Based Emails
Jun14

RansomCloud Attack Encrypts Cloud-Based Emails

Ransomware may be more commonly used to encrypt files on business networks, although that does not mean consumers are in the clear. Cybercriminals may target businesses due to the higher potential rewards for a successful attack, although a new ransomware strain has been developed that highlights how vulnerable consumers are to ransomware attacks. In this case, the ransomware strain was developed by a white hat hacker as a proof of...

Read More
Sophos Adds Deep Learning to Email Security Offering
Jun13

Sophos Adds Deep Learning to Email Security Offering

Sophos has announced a major update to its email security offering to help customers detect and block sophisticated new email threats. Sophos Email Security Advanced now incorporates deep learning and predictive security for active threat protection along with outbound scanning, anti-phishing email authentication, and policy support. According to Sophos research, 75% of malware variants that make it past perimeter defenses are unique...

Read More
Department of Justice Announces Arrest of 74 Business Email Compromise Scammers
Jun12

Department of Justice Announces Arrest of 74 Business Email Compromise Scammers

A coordinated law enforcement effort involving the FBI, U.S Departments of Justice, Homeland Security, Treasury, the US Postal Inspection Service, and law enforcement agencies in Canada, Mauritius, Poland, Indonesia, Malaysia, and Nigeria has resulted in 74 business email compromise (BEC) scammers and associated criminals being arrested. The joint law enforcement effort – called Operation Wire Wire – was conducted over a period of 6...

Read More
Spammers Use iqy Files to Deliver Remote Access Trojan
Jun11

Spammers Use iqy Files to Deliver Remote Access Trojan

Macros have long been favored by cybercriminals as a method of installing malware. The macros launch VB, JavaScript and PowerShell scripts that download malware. Due to potential threat, security teams often disable macros or at least configure end points to require macros to be manually enabled by end users. The risk of running macros is also usually covered in security awareness programs. It is now harder for cybercriminals to...

Read More
May Saw Massive Increase in TSB Phishing Scams
Jun05

May Saw Massive Increase in TSB Phishing Scams

There has been a massive increase in TSB phishing scams over the past month. In April, TSB bank transitioned to a new core banking system. Previously, TSB data had been on a system provided by Lloyds, although following the takeover by Spanish bank Banco Sabadell, data needed to be moved to its banking system. When customer accounts were transferred to the new system, many customers were locked out of their accounts. The outage lasted...

Read More
Mnubot Banking Trojan Used in Attacks on Brazilian Firms
May31

Mnubot Banking Trojan Used in Attacks on Brazilian Firms

A new banking Trojan – MnuBot – has been detected by IBM X-Force researchers which uses an unusual method of communication. Instead of using a command and control server like most other malware families, MnuBot uses Microsoft SQL Server to receive its initial configuration and for communication. The MnuBot banking Trojan is being used in targeted attacks in Brazil and its primary function is to make fraudulent bank transfers via...

Read More
Hackers Potentially Had Access to 42,000 Patients Health Data for a Month After Phishing Attack
May28

Hackers Potentially Had Access to 42,000 Patients Health Data for a Month After Phishing Attack

The Ohio Healthcare Provider Aultman Health Foundation has discovered some of its employees have been duped by a phishing attack that resulted in the threat actors behind the campaign gaining access to several email accounts. A phishing attack was detected on March 28, prompting a full investigation of the breach. The investigation revealed some employees had fallen for the phishing scam in mid-February. Further accounts were then...

Read More
Agari: Business Email Compromise the Most Lucrative Form of Email Attack
May23

Agari: Business Email Compromise the Most Lucrative Form of Email Attack

A report from the email security vendor Agari provides new insights into the tactics used by cybercriminal groups to conduct email attacks and the extent of global email fraud. While many email-based attack methods are used, business email compromise (BEC) is the most lucrative for criminals and BEC attacks are the costliest for companies. The Agari report was released days after the FBI published figures on the cost of Internet crime...

Read More
$875,000 Settlement Agreed in W-2 Phishing Scam Lawsuit
May18

$875,000 Settlement Agreed in W-2 Phishing Scam Lawsuit

A class-action lawsuit stemming from a W-2 phishing scam that saw an employee of the respiratory therapy supplier Lincare Inc., send the W-2 Forms of employees to a scammer has been settled for $875,000. As is typical with these types of Business Email Compromise (BEC) attacks, the scammer pretended to be a senior executive and sent an email to an employee of the HR department requesting W-2 information for the company’s employees....

Read More
GDPR Phishing Scam Targets Airbnb Customers
May16

GDPR Phishing Scam Targets Airbnb Customers

A GDPR phishing scam has been detected targeting Airbnb customers. The GDPR-themed scam requests customers of the home-sharing website must re-enter their contact information and credit card details in order to comply with the EU’s General Data Protection Regulation that comes into force on May 25, 2018. The scammers are taking advantage of the high volume of emails currently being sent by companies as part of their GDPR compliance...

Read More
Does Two-Factor Authentication Protect Businesses from Phishing Attacks?
May08

Does Two-Factor Authentication Protect Businesses from Phishing Attacks?

Two-factor – or multi-factor – authentication is a simple control that makes it harder for unauthorized individuals to gain access to accounts and sensitive data. Rather than just use a single factor for authentication such as a password, an additional factor is required, usually something an individual has. This could be a card reader, which is often used by banks for verifying the identify of an individual who wants to make a...

Read More
2018 Phishing Trends & Intelligence Report
May06

2018 Phishing Trends & Intelligence Report

Security awareness and anti-phishing vendor PhishLabs has released its 2018 Phishing Trends & Intelligence Report. The report shows there has been a marked change in attacks, with enterprises now being targeted rather than individuals. This comes as no surprise as the potential rewards for a successful attack on an enterprise are considerably higher than attacks on individuals. Enterprises are more likely to pay ransom demands and...

Read More
Wombat Security Releases 2018 Beyond the Phish Report
May03

Wombat Security Releases 2018 Beyond the Phish Report

The Beyond the Phish Report from Wombat Security provides valuable insights into the state of security awareness across different industry sectors. For the report, Wombat Security analyzed the responses to almost 85 million questions and answers collected from employees of its customers across 16 industry sectors. The questions covered 12 different categories including protecting confidential information, safe use of passwords,...

Read More
What are the Most Clicked Phishing Emails?
May02

What are the Most Clicked Phishing Emails?

KnowBe4 has released a quarterly report that reveals the most clicked phishing emails in Q1, 2018 – The emails that are proving to be the most effective at fooling employees into clicking hyperlinks and opening potentially malicious email attachments. The data from the report came from responses to phishing simulation emails delivered through its training platform. The simulated phishing emails mirror messages observed in real world...

Read More
KnowBe4 Issues Alert About Fake Active Shooter Phishing Emails
Apr20

KnowBe4 Issues Alert About Fake Active Shooter Phishing Emails

The recent shootings at schools in the United States have shocked the nation, with educational institutions now on high alert for any recurrences. The news of an active shooter on campus requires an immediate response and is likely to result in panic. It is therefore no surprise that scammers have taken advantage and have been sending fake active shooter alerts via email to schools and colleges. KnowBe4 has recently identified one...

Read More