FBI’S 2018 Internet Crime Report Shows Massive Increase in BEC Attack Losses
The Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3) has released its 2018 Internet Crime Report which shows there was a dramatic rise in losses due to cybercrime in 2018. In 2018, IC3 received 351,936 complaints involving more than $2.7 billion in losses. That represents an increase in losses of more than 92% compared to 2017. 2018 accounted for 36% of all losses from the past five years and complaints about...
Phishing Attacks Increased by 40.9% in 2018
The 2019 Phishing Trends and Intelligence Report from PhishLabs shows there was a 40.9% increase in phishing attacks in 2018. Attacks increased steadily during Q1 and continued at a high level in Q2 and Q3, with a decline in attacks in Q4. The analysis of attacks shows the tactics used by cybercriminals are constantly changing. New types of attacks were detected in 2018 which exploited changes in the digital landscape. Targets also...
DHS and FBI Issue Warning About New North Korean Hoplight Trojan
The U.S Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have both issued advisories about a new Trojan called Hoplight which is being used by the Lazarus APT group. Lazarus is a North Korea-backed hacking group, also known as Hidden Cobra, Zinc, and Nickel Academy. The hacking group primarily uses spear phishing to install malware on high value targets. The group is primarily concerned with...
Microsoft Confirms Support Agent’s Credentials were Compromised and Customers’ Email Data Potentially Accessed
Microsoft has experienced a data breach that has lasted at least three months. During that time, hackers were able to access affected users’ email addresses, email subject lines, folder names, and email contacts. The breach affected certain users of its web email services: Hotmail, MSN, and Outlook. A Microsoft support agent’s account details were compromised on January 1, 2019 which allowed the attackers to gain access to information...
SpamTitan Leading Secure Email Gateway Solution According to G2 Crowd
Selecting the best business security software can be a headache. Even when business leaders know exactly what they want from a software solution, choosing the right product can be difficult. After determining that a software solution ticks all the boxes and has all the required features, many businesses discover that it is a nightmare to use. When it comes to security software it is important to choose a solution that’s user friendly...
A Quarter of Phishing Emails Bypass Office 365 Anti-Phishing Defenses
Microsoft Office 365 default anti-phishing defenses are bypassed by a quarter of all phishing emails, according to new research from cybersecurity firm Avanan. Avanan conducted a study of 52 million emails which had been assessed by Office 365 Exchange Online Protection (EOP). 25% of phishing emails were determined to be non-malicious and were delivered to inboxes. In addition, a further 5.3% of emails were delivered as they had been...
Two New Sextortion Scam Detected: Thousands Demanded to Prevent Further Action
2018 has seen a major increase in sextortion scams and large volumes of mails are still being sent. While there are many types of sextortion scams, two of the most common involve spoofed emails from law enforcement agencies and emails from hackers who claim to have installed malware which has recorded users via their webcams. Both of these types of scam claim the user has been caught visiting questionable or illegal pornographic...
Beware of Tax Season Phishing Scams
Cybercriminals have stepped up their efforts to scam U.S. taxpayers into divulging their sensitive information and installing malware. Many elaborate tax season phishing scams have been detected in 2019. Phishing scams are common during tax season. Tax-themed phishing emails are sent which contain a hyperlink that directs the recipient to a website where they are asked to enter information such as their name, address, DOB, and Social...
Webinar: New DMARC and Sandboxing Features of SpamTitan Email Security Solution Explained
Cybercriminals are launching ever more sophisticated attacks on businesses, which require more powerful cybersecurity solutions to protect against attacks. One of the most common methods of attack is email and this is an area where security defenses often fall short. Even with robust perimeter defenses, cybercriminals can gain access to business networks by targeting the weakest link: Employees. Phishing attacks are becoming more...
Agari Announces Spring 2019 Release of its Secure Email Cloud Email Security Solution
Agari has announced the Spring 2019 release of its AI-powered email security solution, Secure Email Cloud. The latest round of updates includes enhanced Brand Indicators for Message Identification (BIMI) management and introduces the Continuous Detection and Response Mobile App, which was announced at the 2019 RSA Conference. BIMI is an industry standard that allows brand logos to be inserted into receiver inbox messages to help end...
New Report Identifies Latest Spear Phishing Trends
Researchers at email security firm Barracuda have conducted a study to identify current spear phishing trends and the tactics most commonly used to attack businesses and obtain sensitive information. Spear phishing is a highly targeted form of phishing. Campaigns tend to involve low numbers of emails that have been carefully crafted for attacks on a particular industry, company, or individual. Targets are usually researched, and...
Healthcare Employees Vulnerable to Phishing Attacks
The healthcare industry appears to have more than its fair share of phishing attacks. Barely a week goes by without a major phishing attack being reported by a healthcare provider in the United States. Healthcare organizations are targeted by cybercriminals as they hold valuable data. Healthcare records contain information that can be used for multiple types of fraud and the records sell for big bucks on darknet marketplaces....
1 in 61 Delivered Emails Contains a Malicious URL
A new report from Mimecast has revealed cybercriminals are increasingly using malicious URLs in phishing emails to obtain credentials and deliver malware. Mimecast’s figures show there has been a 126% increase in delivered emails that contain malicious URLs between August 2018 and February 2019. The company has analyzed more than 28.4 million emails that had been determined to be safe by email security solutions and were delivered to...
New Microsoft Report Details 2018 Phishing Trends
Microsoft’s latest Security Intelligence Report provides information on 2018 phishing trends, the changing tactics of cybercriminals, and ransomware, cryptojacking and malware attack statistics. 2018 Ransomware Trends 2017 saw ransomware attacks dominated the threat landscape; however, as the year progressed ransomware started to fall out of favor with cybercriminals and that trend continued throughout 2018. While ransomware attacks...
IRS Launches 2019 Campaign to Raise Awareness of Tax Scams with Phishing Warning
The IRS has launched its annual campaign to raise awareness of tax scams that are highly prevalent during tax season. The Dirty Dozen campaign details 12 common tax scams that taxpayers, tax professionals and businesses need to be aware of and take steps to avoid. In the run up to the deadline for submitting 2018 tax returns, cybercriminals increase their efforts to obtain the personal information of taxpayers. The information can be...
WinRAR Vulnerability Actively Exploited in the Wild to Install Backdoor
The 19-year old WinRAR vulnerability that was recently identified by Check Point is being exploited in the wild to install a backdoor that allows remote access. An updated version of WinRAR was released in January to correct the flaw, but many users have yet to update to the latest version of the file compression tool. In January it was estimated that around 500 million individuals worldwide had a vulnerable version of WinRAR...
Businesses Targeted in Ongoing Credential-Stealing Separ Malware Phishing Attack
An ongoing phishing campaign is targeting businesses and distributing the information-stealing Separ malware. The campaign has mostly concentrated on businesses in South East Asia and the Middle East, although some businesses in North America have also been attacked. The Separ information stealer has been in use since September 2017, with earlier versions of the info-stealer dating back to 2013. The latest campaign, which uses an...
GandCrab Ransomware Decryptor Developed for Versions 5.0.4 to 5.1
A free GandCrab ransomware decryptor has been released that works for the latest version of the ransomware. Files encrypted by versions 1, 4, early versions of 5, and versions 5.0.4 to 5.1 can now be decrypted without paying the ransom. GandCrab ransomware was first detected in January 2018 and went on to become the biggest ransomware threat of 2018. In addition to encrypting local files on an infected device, GandCrab ransomware can...
Trickbot Trojan Updated to Obtain VNC, PuTTY, and RDP Credentials
The Trickbot banking Trojan has been updated with a new module which is capable of obtaining VNC, PuTTY, and remote desktop credentials. The latest variant of Trickbot is being distributed in a tax season-themed phishing campaign involving emails that offer help with recent changes to the U.S. tax code to reduce tax bills. The emails appear to have been sent by the accounting organization Deloitte and have a tax incentive-related...
FINRA Issues Phishing Warning to Brokerage Firms
The Financial Industry Regulatory Authority (FINRA) has issued a warning to brokerage firms about a new phishing campaign. The scam involves spam emails which appear to have been sent from a credit union alerting the brokerage firm to potential money laundering by one of their clients. The email messages appear to have been sent by a BSA-AML compliance officer at a legitimate Indiana-based credit union and contain details of the...
Emotet Threat Actors Now Distributing Trojan via XML Files Masked as Word Documents
At least one cybercriminal group distributing the Emotet Trojan has started using a new tactic to infect end users with the malware. The malware is now being delivered using XML files disguised as Word documents, with the malware installed via embedded macros. The Emotet Trojan is one of the most rapidly evolving malware variants. The malware is regularly updated with new functions and the methods used to distribute the malware and...
Mac Users Targeted with New Shlayer Malware Variant
A new Shlayer malware variant has been detected that infects Mac computers and disables macOS Gatekeeper security software. The latest version of the malware was identified by researchers at Carbon Black and appears to only target MacOS versions from 10.10.5 to 10.14.3. Shlayer malware is distributed via fake Flash Player updates. Warnings are generated when visiting websites advising the user that their Flash Player is out of date...
Phishing Campaign Leverages Google Translate to Steal Google and Facebook Credentials
A phishing campaign has been detected that abuses Google Translate to make the phishing webpage appear to be an official login page for Google. The phishing emails in the campaign are similar to many other campaigns that have been run in the past. The messages have the subject “Security Alert” with a message body virtually identical to the messages sent by Google when a user’s Google account has been accessed from an unfamiliar device...
Investigation of Corporate Phishing Incidents Costs $4.86 Million Per Year
New figures from email security company Agari show organizations are now spending $4.86 million a year triaging, investigating, and responding to phishing incidents. The Agari Q1 2019 Email Fraud & Identity Deception Trends report shows that on average, organizations are now having to investigate around 23,000 phishing incidents a year. Approximately half of the emails reported to security teams by employees are false positives,...
New BEC Campaign Targets Executives
Business email compromise attacks involve the impersonation of a high-level executive, often the CEO or CFO. The attacks often start with a spear phishing email to obtain the credentials of the CEO/CFO. If the credentials are obtained, the email account is used to send requests to employees. During tax season, W-2 Form data for all employees is often requested or requests are sent to the finance department to make wire transfers to...
Office 365 Phishing Campaign Uses SharePoint Collaboration Request as Lure
A single Office 365 username/password combination can give a hacker access to a vast quantity of sensitive information. Information detailed in emails can be of great value to competitors, identity thieves, and other fraudsters. Office 365 credentials also give hackers access to cloud storage repositories that can contain highly sensitive business information and compromised accounts can be used to distribute malware and conduct...
Xvideos Sextortion Scam Threatens to Expose Porn Viewing Habits
An xvideos sextortion scam threatens to expose users’ porn viewing habits to friends, family, and work colleagues. The scammer claims to have recorded the user via the webcam while they viewed content on the xvideos adult website. The email is made more believable by the inclusion of the user’s password in the message body. The scammer claims to have gained access to the email recipient’s computer and installed a keylogger. The...
Free Decryptor for Fileslocker Ransomware Developed After Master Key Leaked
A free decryptor for Fileslocker ransomware has been developed following the leaking of the master key for the ransomware on Pastebin. The master key is the key used by threat actors to decrypt files that have been encrypted by the ransomware. The post was created on December 29, 2018 and states that the master key, which decrypts the private key, is “applicable to V1, V2 version” and that the poster is “waiting for security personnel...
Tribune Publishing Cyberattack Cripples Several U.S. Newspapers
A recent malware attack on Tribune Publishing has caused disruption to several newspaper print runs including those of the Los Angeles Times, San Diego Tribune, and the west coast editions of the New York Times and Wall Street Journal, amongst others. The Tribune Publishing cyberattack occurred on Thursday December 28, 2018, and spread throughout the Tribune Publishing network on Friday, affecting the Saturday editions of several...
FTC Issues Warning About New Netflix Phishing Scam
The U.S. Federal Trade Commission has issued a warning about a new global Netflix phishing scam that attempts to fool Netflix subscribers into disclosing their account credentials and payment information. The scam uses a tried and tested tactic to obtain that information: The threat of account closure due to payment information being out of date. Users are sent a message asking them to update their payment details because Netflix has...
New Office 365 Phishing Attack Detected
A new Office 365 phishing attack has been identified that uses alerts about message delivery failures to lure unsuspecting users to a website where they are asked to provide their Office 365 account details. The new scam was detected by security researcher Xavier Mertens during an analysis of email honeypot data. The emails closely resemble official messages sent by Microsoft to alert Office 365 users to message delivery failures. The...
Fortinet FortiMail Given AAA Rating in SE Labs Phishing Detection Test
Fortinet’s FortiMail Secure Email Gateway has recently been independently tested by SE Labs and has been shown to be highly effective at identifying and blocking phishing threats. In the tests, SE Labs found the solution blocked 100% of phishing attempts with no false positives. The solution was not quite as effective at blocking business email compromise attacks and other advanced threats, although only 5% of those threats were not...
2018 Security Awareness Training Statistics
A recent survey conducted by Mimecast has produced some interesting security awareness training statistics for 2018. The survey shows many businesses are taking considerable risks by not providing adequate training to their employees on cybersecurity. Ask the IT department what is the greatest risk cybersecurity risk and many will say end users. IT teams put a considerable amount of effort into implementing and maintaining...
Adobe Patches Actively Exploited 0-Day Vulnerability in Flash Player
On Wednesday, December 5, 2018, Adobe issued an update to correct a vulnerability in Adobe Flash Player that is being leveraged by a threat group in targeted attacks in Russia. The threat group has already attacked a healthcare facility in Russia that is used by senior civil servants. The vulnerability was identified by researchers at Gigamon who passed on details of the vulnerability to Adobe in late November. Qihoo 360 researchers...
Spotify Phishing Scam Detected: User Accounts Breached
Researchers at AppRiver have detected a Spotify phishing scam that attempts to get users to reveal their Spotify credentials. The emails use brand imaging that make the emails appear to have been sent by the music streaming service. The messages are realistic, although there are signs that the messages are not genuine. The email template used in the Spotify phishing scam claims the user needs to confirm their account details to remove...
Marriott Announces 500 Million-Record Breach of Starwood Hotel Guests’ Data
The Marriott hotel chain has announced it has suffered a massive data breach that has resulted in the theft of the personal information of up to 500 million guests of the Starwood Hotels and Resorts group. Marriott discovered the data breach on September 8, 2018 after an alert was generated by its internal security system following an attempt by an unauthorized individual to access the Starwood guest reservation database. Third-party...
49% of All Phishing Sites Have SSL Certificates and Display Green Padlock
Almost half of phishing sites now have SSL certificates, start with HTTPS, and display the green padlock to show the sites are secure, according to new research by PhishLabs. The number of phishing websites that have SSL certificates has been increasing steadily since Q3, 2016, when around 5% of phishing websites were displaying the green padlock to indicate a secure connection. The percentage increased to approximately 25% of all...
California Wildfire-Themed BEC Attack Identified
It is common for phishers to use natural disasters as a lure to obtain ‘donations’ to line their pockets rather than help the victims and the California wildfires are no exception. Many people have lost their lives in the fires and the death toll is likely to rise further as hundreds of people are still unaccounted for. Whole towns such as Paradise have been totally destroyed by the wildfires and hundreds of people have lost their...
APT28 Group Uses New Cannon Trojan in Spear Phishing Campaign Targeting US and EU Government Agencies
A new spear phishing campaign is being conducted by the AP28 (Sofacy Group/Fancy Bear/Sednit) on government organizations in the United States, Europe, and a former USSR state using the previously unknown Cannon Trojan. The campaign was detected by Palo Alto Networks’ Unit 42 team and was first identified in late October. The campaign is being conducted via spam email and uses weaponized Word document to deliver two malware variants....
Gmail Flaw Allows Phishing Emails to Be Sent Anonymously
A Gmail flaw has been discovered that allows emails to be sent anonymously with no information included in the sender field. The flaw could easily be exploited by cybercriminals for use in phishing attacks. Phishers often mask the sender of an email in phishing campaigns to fool the recipient into believing the email is genuine. The sender’s email address can be spoofed so the displayed name appears to be a known contact or well-known...
TA505 APT Group Spreading tRat Malware in New Spam Campaigns
The prolific APT group TA505 is conducting spam email campaigns spreading a new, modular malware variant named tRAT. tRAT malware is a remote access Trojan capable of downloading additional modules. In addition to adding infected users to a botnet, the threat actors have the option of selling access to different elements of the malware to other threat groups for use in different attacks. Threat researchers at Proofpoint intercepted...
Phishing Accounts for 50% of All Fraud Attacks
An analysis of current cyber fraud threats by network security firm RSA shows that phishing attacks have increased by 70% since Q2 and now account for 50% of all fraud attacks suffered by organizations. Phishing attacks are popular because they are easy to conduct and have a high success rate. An attacker can set up a webpage that mimics a well-known brand such as Microsoft or Google that requests login details. Emails are then sent...
Trump Spam Dominates Email Subject Lines in Run up to Mid-Terms
Donald Trump is well known for his claims to be the biggest and best and now he can make a new claim, having been named by Proofpoint as the most commonly used keyword in election-related spam. The name Trump featuring in 53% of election-related spam email subject lines, beating the nearest rival “Obama” who had a paltry 6%. The closest keyword term to Trump was “democrat” with 11% of spam volume, followed by “election” on 10% and...
Elon Musk Bitcoin Scam Generates $180,000 in a Day
The promise of payment of a sizable sum in return for a small payment is a classic scam that has been conducted in various forms for many years. An administration fee is required before a Saudi prince’s inheritance will be paid, and payment I required to help a widow get her husbands fortune out of the country. This week an interesting variation of the scam has been conducted on Twitter that has been surprisingly effective. The Saudi...
U.S. Treasury Investigating $700,000 Loss to Phishing Scam
In July 2018, the Washington D.C. government fell for an email scam that resulted in wire transfers totaling nearly $700,000 being sent to a scammer’s account. The scammer impersonated a vendor used by the city and requested outstanding invoices for construction work be paid. The vendor had been contracted to work on a design and build project on a permanent supportive housing facility. The emails requested the payment method be...
75% of Employees Lack Security Awareness
MediaPro has published its 2018 State of Privacy and Security Awareness Report which assesses the level of security awareness of employees across different industry sectors. The report is based on the responses to questionnaires sent to 1,024 employees across the United States that probed their understanding of real-world threats and security best practices. This is the third year that MediaPro has conducted the study, which...
Cloud-Based Threat Analytics Firm ZoneFox Acquired by Fortinet
Fortinet has announced it has acquired the cloud-based threat analytics firm ZoneFox and will be using the company’s machine learning threat detection technology to enhance protection against insider threats. As companies are migrating data and infrastructure to the cloud, more and more endpoints and users are accessing cloud resources. While those resources need to be accessed by employees for legitimate work purposes, they can also...
Brands Most Commonly Spoofed by Phishers Revealed
Vade Secure has released a new report detailing the brands most commonly targeted by phishers in North America. The Phishers’ Favorites Top 25 list reveals the most commonly spoofed brands in phishing emails detected in Q3, 2018. For the latest report, Vade Security tracked 86 brands and ranked them based on the quantity of phishing attacks in which they were impersonated. Those 86 brands account for 95% of all brand spoofing attacks...
Stealthy sLoad Downloader Performs Extensive Reconnaissance to Improve Quality of Infected Hosts
A new PowerShell downloader has been discovered – the sLoad downloader – which is being used in stealthy, highly targeted attacks in the United Kingdom and Italy. The sLoad downloader performs a wide range of checks to find out a great deal of information about the system on which it resides, before choosing the most appropriate malicious payload to deploy – if a payload is deployed at all. The sLoad downloader was first identified in...
Anti-Phishing Working Group Publishes Q2, 2018 Phishing Trends Report
The Anti-Phishing Working Group has released its Phishing Activity Trends Report for Q2, 2018. The report contains a summary and analysis of phishing attacks that were reported to APWG by its member companies and partners between April and June 2018. The APWG quarterly reports provide insights into the latest phishing trends and show the extent of phishing attacks on businesses – Attacks aimed at getting employees to reveal their...
Sophisticated Phishing Attack Inserts Malware into Existing Email Conversation Threads
A new sophisticated phishing tactic has been identified that involves a malicious actor gaining access to an email account, monitoring a conversation thread, and then inserting malware in a reply to an ongoing discussion. The scam is a variation of a Business Email Compromise (BEC) attack. BEC attacks typically involve using a compromised email account to send messages to accounts or payroll employees to get them to make fraudulent...
Phishers Using Azure Blog Storage to Host Phishing Forms with Valid Microsoft SSL Certificate
Cybercriminals are using Microsoft Azure Blog storage to host phishing forms. The site hosting the malicious files has a genuine Microsoft SSL certificate which adds authenticity to the campaign. Similar tactics have been used in the past for Dropbox phishing scams and attacks that impersonate other cloud storage platforms. A typical phishing scenario involves an email being sent with a button or hyperlink that the user is requested...
Persistent New LoJax Rootkit Survives Hard Disk Replacement
Security researchers at ESET have identified a new rootkit that takes persistence to a whole new level. Once infected, the LoJax rootkit will remain active on a device even if the operating system is reinstalled or the hard drive is reformatted or replaced. Rootkits are malicious code that are used to provide an attacker with constant administrator access to an infected device. They are difficult to detect and consequently they can...
Danabot Banking Trojan Used in U.S. Campaign
The DanaBot banking Trojan was first detected by security researchers at Proofpoint in May 2018. It was being used in a single campaign targeting customers of Australian Banks. Further campaigns were later detected targeting customers of European banks, and now the attacks have moved across the Atlantic and U.S. banks are being targeted. Banking Trojans are a major threat. Proofpoint notes that they now account for 60% of all malware...
2018 Has Seen a Marked Increase in Email Impersonation Attacks
The September Email Threat Report published by cybersecurity company FireEye has cast light on the latest tactics being used by cybercriminals to fool end users into disclosing sensitive information such as login credentials to online bank accounts and email services. Phishing attacks continue to dominate the threat landscape and cybercriminals have been refining their techniques to achieve a higher success rate. Standard phishing...
New Python Ramsomware Threat Detected
Security researchers at Trend Micro have identified a new Python ransomware threat that piggybacks on the success of Locky ransomware. The threat actors behind the ransomware have copied the ransom note used by the gang responsible for Locky. The ransomware note claims files have been encrypted by Locky Locker. Trend Micro have instead named this new ransomware threat PyLocky. Python is a popular script-writing language, although it...
Respiratory Care Provider Victim of Phishing Attack
Norwood, MA-based Reliable Respiratory has discovered a hacker has gained access to the email account of one of its employees, and through that account, potentially accessed the protected health information of some of its patients. The respiratory care provider was alerted to a possible email account breach on July 3 when suspicious activity was detected in the email account. An investigation was immediately launched which confirmed...
Massive URL Spoofing Campaign Discovered Targeting 76 Universities
A massive URL spoofing campaign targeting 76 universities in 14 countries has been detected by security researchers at SecureWorks. The threat group known as Cobalt Dickens is believed to be behind the attack. The group is believed to operate out of Iran and is well known for conducting these types of attacks. The latest campaign has seen the hacking group create more than 300 spoofed websites on sixteen domains. Hosted on those...
Wombat Security Technologies Releases 2018 State of the Phish Report
Wombat Security Technologies has released its 2018 State of the Phish Report – an analysis of data from tens of millions of simulated phishing attacks conducted through its Security Education Platform over the past 12 months. The report also provides insights on the current state of phishing from quarterly surveys sent to its customers, highlighting the frequency of phishing attacks on organizations, the impact those attacks are...
AdvisorsBot Malware Used in Targeted Attacks on Hotels and Restaurants
Security researchers at Proofpoint have detected a new malware threat that is being used in targeted attacks on hotels, restaurants, and telecoms firms. AdvisorsBot malware, so named because its C&C servers contain the word advisors, was first detected in May 2018 in a variety of spam email campaigns. AdvisorsBot malware is under development although the current form of the malware has been used in multiple attacks around the...
Necurs Botnet Now Distributing Marap Malware
The Necurs botnet is being used to send huge quantities of spam emails containing Marap malware. Marap malware is currently being used for reconnaissance and learning about victims. The aim appears to be the creation of a network of infected users that can be targeted in future attacks. The malware creates a unique fingerprint for each infected device, contacts its C2 server, and sends information about the victim’s system to the...
U.S. Companies Not Doing Enough to Prevent Phishing and Email Impersonation Attacks
IT professionals are well aware of the threat from phishing and email impersonation attacks, yet even though the risk of an attack is high, U.S. companies are not doing enough to prevent phishing and email impersonation attacks according to a recent survey of U.S. IT professionals. The survey was conducted by the Ponemon Institute on behalf of Valimail on 650 IT and IT security practitioners in the United States who play a role in...
New KeyPass Ransomware Campaign Infects Users in More than 20 Countries
A new ransomware variant – called KeyPass ransomware – is being used in a new campaign that has seen many victims created around the world. While Brazil and Vietnam have taken the brunt of the attacks, there have been victims in more than 20 countries with the list growing by the day. KeyPass ransomware is written in C++ and is a variant of STOP ransomware. At present it is not known how the KeyPass ransomware attacks are...
New Shrug Ransomware Variant Detected
Shrug ransomware was first detected in early July. Now a new variant of this .NET ransomware variant has been detected, which has enhanced capabilities. Shrug ransomware was primarily distributed bundled with fake software and apps, although the infection vector for the latest version is not known. Phishing emails, RDP attacks, and drive-by downloads may also be used in addition to fake software. Shrug2 ransomware was detected by...
Scammers Claim to Have Webcam Footage of Users Watching Pornography
A new variant of an old scam is currently gaining traction and is fooling many people into paying scammers money to avoid having sensitive information exposed. The scammers claim to have added malware to adult sites which has been downloaded onto a user’s computer. The malware is allegedly capable of taking full control of the webcam, which has been used to record a video of the user while they were visiting pornographic websites. The...
Spam Email Remains the Primary Attack Vector and Click Rates are Increasing
Spam email is still the leading method of malware delivery according to a new report by cybersecurity company F-Secure. The reason is simple. It is relatively easy to bypass security defenses and deliver malicious messages to inboxes and end users are not particularly good at identifying malicious emails. Finding exploitable vulnerabilities is much harder by comparison. According to F-Secure’s figures, in the second half of 2017,...
UnityPoint Health Phishing Attack Exposed PHI of 1.4 Million Patients
Another UnityPoint Health phishing attack has been discovered, and this time it is huge. Hackers have gained access to multiple email accounts which contained the protected health information of approximately 1.4 million patients. This incident is the largest healthcare data breach to be reported since August 2016 and the largest healthcare phishing incident reported since the HHS’ Office for Civil Rights started publishing summaries...
Most Clicked Phishing Emails in Q2, 2018
Security training and phishing email simulation platform provider KnowBe4 has released a report on the most clicked phishing emails in Q2, 2018. If businesses provide security awareness training to their employees and train them how to recognize phishing and other malicious emails, click rates fall dramatically. Since a single response to a phishing email can result in a costly data breach, security awareness training is essential....
Convincing Phishing Campaign Targets Australian Businesses and Spreads DanaBot Trojan
A new phishing campaign has been detected that is spreading the DanaBot Trojan. The campaign involves phishing emails which appear to contain invoices from the Australian multinational corporation MYOB – a provider of tax and accounting services for small and medium sized businesses. The phishing campaign was detected by Trustwave researchers. The phishing emails are succinct and well written and advise the recipient of the invoice...
Code Stealing Certificates Stolen from D-Link and Used in Malware Campaign
The Advanced Persistent Threat (APT) group BlackTech has stolen code-signing certificates from D-Link and Changing Information Technology Inc., and is using them to cryptographically sign a remotely controlled backdoor known as Plead and an associated password stealer. With the stolen certificates, individuals who receive the malware as email attachments are likely to be fooled into thinking the files are genuine and have been...
Email Attack Uses Macros to Hijack Desktop Shortcuts
The deployment of malware via malicious Word documents is nothing new, although the tactics used by cybercriminals often change. Now a new method of malware deployment has been uncovered, in which users are fooled into downloading the malicious payload. The attack starts like many other email-based attacks. The user must open an email and attachment and enable macros. The macro then searches for common desktop shortcuts such as Google...
Rakhni Trojan Decides Whether to Encrypt or Mine Dashcoin
A new variant of the Rakhni Trojan has been detected by security researchers at Kaspersky Lab. This new malware variant decides whether a device is suited to mining cryptocurrency. If the device has sufficient processing power, a Dashcoin miner is downloaded and the device is turned into a cryptocurrency mining slave. If the likely profits from cryptocurrency mining are low, files on the device will be encrypted in a standard...
ZeroFont Phishing Attack Bypasses Microsoft Office Security Feature
The ZeroFont phishing attack allows phishers to bypass anti-spam controls and ensure their emails are delivered to end users inboxes. ZeroFont Phishing Cybercriminals are constantly developing new ways to bypass anti-spam technologies, one of which has been uncovered by security researchers at the cloud security company Avanan. The technique, termed ZeroFont phishing, allows phishers to get their messages past Microsoft Office 365...
World Cup Wallchart Phishing Scam Detected
Security researchers at Check Point have uncovered a World Cup wallchart phishing scam that is being used to deliver malware to soccer fans’ devices. The campaign involves specially crafted email messages with the subject line: World_Cup_2018_Schedule_and_Scoresheet_V1.86_CB-DL-Manager. Email recipients are encouraged to open and install a malicious FIFA World Cup schedule and results checker that is attached to the email. The email...
RansomCloud Attack Encrypts Cloud-Based Emails
Ransomware may be more commonly used to encrypt files on business networks, although that does not mean consumers are in the clear. Cybercriminals may target businesses due to the higher potential rewards for a successful attack, although a new ransomware strain has been developed that highlights how vulnerable consumers are to ransomware attacks. In this case, the ransomware strain was developed by a white hat hacker as a proof of...
Sophos Adds Deep Learning to Email Security Offering
Sophos has announced a major update to its email security offering to help customers detect and block sophisticated new email threats. Sophos Email Security Advanced now incorporates deep learning and predictive security for active threat protection along with outbound scanning, anti-phishing email authentication, and policy support. According to Sophos research, 75% of malware variants that make it past perimeter defenses are unique...
Department of Justice Announces Arrest of 74 Business Email Compromise Scammers
A coordinated law enforcement effort involving the FBI, U.S Departments of Justice, Homeland Security, Treasury, the US Postal Inspection Service, and law enforcement agencies in Canada, Mauritius, Poland, Indonesia, Malaysia, and Nigeria has resulted in 74 business email compromise (BEC) scammers and associated criminals being arrested. The joint law enforcement effort – called Operation Wire Wire – was conducted over a period of 6...
Spammers Use iqy Files to Deliver Remote Access Trojan
Macros have long been favored by cybercriminals as a method of installing malware. The macros launch VB, JavaScript and PowerShell scripts that download malware. Due to potential threat, security teams often disable macros or at least configure end points to require macros to be manually enabled by end users. The risk of running macros is also usually covered in security awareness programs. It is now harder for cybercriminals to...
May Saw Massive Increase in TSB Phishing Scams
There has been a massive increase in TSB phishing scams over the past month. In April, TSB bank transitioned to a new core banking system. Previously, TSB data had been on a system provided by Lloyds, although following the takeover by Spanish bank Banco Sabadell, data needed to be moved to its banking system. When customer accounts were transferred to the new system, many customers were locked out of their accounts. The outage lasted...
Mnubot Banking Trojan Used in Attacks on Brazilian Firms
A new banking Trojan – MnuBot – has been detected by IBM X-Force researchers which uses an unusual method of communication. Instead of using a command and control server like most other malware families, MnuBot uses Microsoft SQL Server to receive its initial configuration and for communication. The MnuBot banking Trojan is being used in targeted attacks in Brazil and its primary function is to make fraudulent bank transfers via...
Hackers Potentially Had Access to 42,000 Patients Health Data for a Month After Phishing Attack
The Ohio Healthcare Provider Aultman Health Foundation has discovered some of its employees have been duped by a phishing attack that resulted in the threat actors behind the campaign gaining access to several email accounts. A phishing attack was detected on March 28, prompting a full investigation of the breach. The investigation revealed some employees had fallen for the phishing scam in mid-February. Further accounts were then...
Agari: Business Email Compromise the Most Lucrative Form of Email Attack
A report from the email security vendor Agari provides new insights into the tactics used by cybercriminal groups to conduct email attacks and the extent of global email fraud. While many email-based attack methods are used, business email compromise (BEC) is the most lucrative for criminals and BEC attacks are the costliest for companies. The Agari report was released days after the FBI published figures on the cost of Internet crime...
$875,000 Settlement Agreed in W-2 Phishing Scam Lawsuit
A class-action lawsuit stemming from a W-2 phishing scam that saw an employee of the respiratory therapy supplier Lincare Inc., send the W-2 Forms of employees to a scammer has been settled for $875,000. As is typical with these types of Business Email Compromise (BEC) attacks, the scammer pretended to be a senior executive and sent an email to an employee of the HR department requesting W-2 information for the company’s employees....
Does Two-Factor Authentication Protect Businesses from Phishing Attacks?
Two-factor – or multi-factor – authentication is a simple control that makes it harder for unauthorized individuals to gain access to accounts and sensitive data. Rather than just use a single factor for authentication such as a password, an additional factor is required, usually something an individual has. This could be a card reader, which is often used by banks for verifying the identify of an individual who wants to make a...
2018 Phishing Trends & Intelligence Report
Security awareness and anti-phishing vendor PhishLabs has released its 2018 Phishing Trends & Intelligence Report. The report shows there has been a marked change in attacks, with enterprises now being targeted rather than individuals. This comes as no surprise as the potential rewards for a successful attack on an enterprise are considerably higher than attacks on individuals. Enterprises are more likely to pay ransom demands and...
Wombat Security Releases 2018 Beyond the Phish Report
The Beyond the Phish Report from Wombat Security provides valuable insights into the state of security awareness across different industry sectors. For the report, Wombat Security analyzed the responses to almost 85 million questions and answers collected from employees of its customers across 16 industry sectors. The questions covered 12 different categories including protecting confidential information, safe use of passwords,...
What are the Most Clicked Phishing Emails?
KnowBe4 has released a quarterly report that reveals the most clicked phishing emails in Q1, 2018 – The emails that are proving to be the most effective at fooling employees into clicking hyperlinks and opening potentially malicious email attachments. The data from the report came from responses to phishing simulation emails delivered through its training platform. The simulated phishing emails mirror messages observed in real world...
Barracuda PhishLine Levelized Programs Offers New Method of Measuring Susceptibility to Phishing Attacks
Yesterday saw the launch of Barracuda PhishLine Levelized Programs – A new approach developed by Barracuda and PhishLine to determine and improve user resistance to phishing attacks. Most anti-phishing training solutions use click rate metrics to determine resistance and susceptibility to phishing attacks. While this method of testing employees has proven effective, Barracuda Networks points out that there are limits to this approach....
Multiple Staff Email Accounts Accessed in UnityPoint Health Phishing Attack
It has been discovered that the email accounts of several employees of UnityPoint Health hhave been compromised and accessed by unauthorized people. Access to the staff email accounts was first obtained on November 1, 2017 and went on for a period of three months until February 7, 2018, when the phishing attack was noticed and access to the compromised email accounts was turned off. When the phishing attack was first noticed,...
New Email Security Services Launched by Cisco
Cisco has announced the release of new email security services that provide better protection from phishing and spoofing attacks, while increasing the level of protection against malware, ransomware, cryptojacking, and fileless malware attacks. Virtually all endpoint security solutions block more than 99% of malware. The new updates are concerned with blocking some of the 1% of malware which are often not detected by security...
Proofpoint Study Shows Impact of Email Fraud on Businesses
Proofpoint has published the findings of a recent study investigating the impact of email fraud on businesses. The study reveals the extent to which businesses are affected by email fraud, the typical impact of email fraud on businesses, which individuals are targeted, and the steps that are being taken to reduce risk. There has been an increase in email fraud in recent years, with last year seeing a further surge in attacks. The...
Warning Over Possible MyFitnessPal Phishing Attacks
A recently discovered cyberattack on Under Armour has raised fears about a wave of MyFitnessPal phishing attacks. On March 25, 2018, Under Armour discovered an unauthorized individual had gained access to the data of 150 million users of MyFitnessPal – including users with website accounts and those who use the MyFitnessPal app. The Under Armour data breach is the largest to be discovered this year in terms of the number of...
Lazio Football Club Phishing Scam Sees €2 Million Sent to Attackers
Phishing scams can prove expensive for businesses, as the Italian Serie A football team Lazio is now knows all too well. A recent phishing scam could have cost the club €2 million Euros ($2,461,990). Lazio Football Club transferred in defender Stefan de Vrij from the Dutch club Feyenoord in the summer of 2014 for around €8 million Euros. Not all of that transfer fee was paid in one lump sum. There was one outstanding payment left of...
Phishing Attack on CareFirst BCBS Impacts 6,800 Plan Members
CareFirst Blue Cross Blue Shield is alerting 6,800 of its plan members that some of their protected health information has potentially been accessed by unauthorized individuals as a result of a successful phishing attack on one of its employees. Phishing attacks are conducted to gain access to sensitive information such as email credentials. Those credentials are then used to access to sensitive data or conduct further attacks on an...
TitanHQ Protecting McDonalds Restaurants from Malware with SpamTitan
TitanHQ has announced that McDonalds is now being protected from email spam, malware, ransomware, and phishing attacks with SpamTitan, the Galway, Ireland-based company’s award-winning anti-spam solution. Under the terms of the new agreement, SpamTitan is being set up to prevent spam and malicious messages from being delivered to end users’ inboxes throughout the Philippines, which will help McDonald’s to keep its networks and...
1,049 Patients of RoxSan Pharmacy Notified of 2015 Email Breach
1,049 patients of Beverly Hills, CA-based RoxSan Pharmacy have been warned that some of their protected health information has been shared with a business associate through an unencrypted email. The notification letters were sent to affected people during February, although the incident happened on January 20, 2015. Commenting in a recent press release, RoxSan stated that affected individuals are being contatced in “as timely a manner...
Primary Health Care Experiences Multiple Email Hacks
A non-profit network of community health centers in Des Moines, Marshalltown and Ames, IA, Primary Health Care Inc. has reported that hackers gained access to the email accounts of four workers and may have viewed or downloaded patients’ PHI. A press release issued by Primary Health Care and published a substitute breach notice to its website on March 16, 2018 outlining that the breach occurred on February 28, 2017. The breach was...
77% of Businesses Expect to Be Victims of Email Fraud in 2018
A new report from Proofpoint has revealed 82% of boards are concerned about email fraud with six out of 10 businesses considering email fraud to be a major security risk and with good reason. Email fraud is now commonplace and poses a major threat to businesses of all sizes, from mom and pop stores to the largest enterprises. The data for the report came from Proofpoint’s 2018 global ‘Understanding Email Fraud’ survey, which was...
Increase in W-2 Phishing Campaigns Leads to FBI Warning
The Federal Bureau of Investigation (FBI) has issued a new alert for businesses due to a major rise in phishing attacks attacking payroll worker. The target of the phishing attacks is to download copies of the W-2 forms of workers. Information on the forms is used to carry out identity theft and tax fraud. 2017 saw record numbers of phishing campaigns targeting businesses, educational institutions, and healthcare groups. In some...
Phishing Attack on Sutter Health Business Associate Impacts Patients
Sutter Health is contacting certain patients to advise them that their protected health information may have been exposed in a phishing attack on the legal firm Salem and Green, one of its business associates. It is thought that the attack took place on or around October 11, 2017, a phishing email was received by a worker at Salem and Green. The worker responded and, in doing so, allowed the attackers access to their email account....