Research Universities Targeted by ‘Silent Librarian’ Hacking Group
Oct16

Research Universities Targeted by ‘Silent Librarian’ Hacking Group

The start of the academic year has seen the Silent Librarian (TA407) hacking group launch new phishing campaigns targeting research universities. The hacking group is believed to be backed by the Iranian government and is highly active at the start and end of an academic year. The campaigns were detected by security researchers at Proofpoint and Secureworks, who intercepted several emails containing hyperlinks to malicious websites...

Read More
Business Email Compromise Attacks Increased by 269% in Q2, 2019
Oct09

Business Email Compromise Attacks Increased by 269% in Q2, 2019

Figures from Mimecast show there has been a sharp rise in business email compromise (BEC) attacks in Q2, 2019. Compared to Q1, 2019, BEC attacks increased by 269% in Q2. Business email compromise attacks involve the use of a compromised business email account to conduct attacks on employees within the organization or their customers. The latter are now much more common than CEO fraud attacks, which involve impersonating the CEO and...

Read More
New IRS Tax Refund Phishing Campaign Distributes Amadey Botnet
Sep19

New IRS Tax Refund Phishing Campaign Distributes Amadey Botnet

A new phishing campaign has been detected targeting U.S. taxpayers offering fake tax refunds. The emails spoof the Internal Revenue Service (IRS) and claim that the recipient is entitled to claim a tax refund. The emails include a “Login Right here” button for users to click to arrange their tax refund together with a one-time password. If the button is clicked, the user will be directed to a spoofed IRS login page where the password...

Read More
Don’t Neglect the Human Factor – Employee Security Awareness Training is Essential
Sep13

Don’t Neglect the Human Factor – Employee Security Awareness Training is Essential

Cybercriminals are attacking businesses by exploiting the weakest link in the security chain – Employees. Attacks exploiting the human factor are far easier to pull off that attempting to find remote code execution vulnerabilities. They are also much quicker and less resource-heavy than brute force attacks. A single phishing email can be all it takes for malware to be installed on a network or for account credentials and sensitive...

Read More
Two Thirds of UK Employees Do Not Receive Regular Email Security Training
Sep10

Two Thirds of UK Employees Do Not Receive Regular Email Security Training

A recent study by cybersecurity firm Tessian suggests two thirds of UK employees do not receive regular email security training in the workplace. Consequently, UK firms face a high risk of experiencing a costly phishing attack or malware/ransomware infection. For the study, Tessian conducted a survey on 1,000 UK workers at firms with more than 100 employees. Only a third of respondents said their employer provided regular security...

Read More
43% of UK SMEs Have Experienced an Email Impersonation Attack in the Past 12 Months
Sep04

43% of UK SMEs Have Experienced an Email Impersonation Attack in the Past 12 Months

43% of UK small and medium-sized enterprises (SMEs) in the United Kingdom have experienced a business email compromise (BEC) or email impersonation attack in the past 12 months, according to a new study by data analytics firm, CybSafe. For the study, CybSafe surveyed 250 IT decision makers from SMEs in the United Kingdom and asked about the cybersecurity incidents they had experienced and the measures they have put in place to thwart...

Read More
Google Docs Phishing Campaign Bypasses Email Security Solutions to Deliver TrickBot Trojan
Sep03

Google Docs Phishing Campaign Bypasses Email Security Solutions to Deliver TrickBot Trojan

A phishing campaign has been detected that uses Google Docs to bypass email security solutions and ensure the emails are delivered to end users’ inboxes. The campaign was detected by security researchers at Cofense, who found the emails were bypassing Proofpoint’s email security gateway solution and were not identified as malicious. The scammers use a legitimate Google account to send emails that link to a document on Google Docs. The...

Read More
Digital Extortion and Fileless Malware Attacks Have Soared in 1H, 2019
Sep02

Digital Extortion and Fileless Malware Attacks Have Soared in 1H, 2019

The first 6 months of 2019 have seen significant increases in business email compromise (BEC) attacks, ransomware attacks, and other forms of cyber extortion, according to a mid-year cybersecurity roundup from Trend Micro. The report, titled Evasive Threats, Pervasive Effects, provides insights into the current threat landscape and the main threats currently faced by businesses. Ransomware attacks have increased significantly, but the...

Read More
Phishing Campaign Uses Fake Resumes Used to Deliver Quasar RAT
Aug29

Phishing Campaign Uses Fake Resumes Used to Deliver Quasar RAT

Fake resumes are being used in a phishing campaign targeting HR departments which delivers Word documents containing a malicious macro that downloads the Quasar Remote Access Trojan (RAT), according to Cofense researchers. The Quasar RAT is an open source malware available on GitHub. The malware is used by many APT groups for espionage, network exploitation, logging keystrokes, stealing passwords, recording webcam footage, and taking...

Read More
Multi-Factor Authentication Stops 99.9% of Automated Cyberattacks
Aug28

Multi-Factor Authentication Stops 99.9% of Automated Cyberattacks

A new report from Microsoft suggests 99.9% of all automated cyberattacks on Microsoft platforms and other online services are blocked by multi-factor authentication, highlighting the importance of this security measure for stopping data breaches. Microsoft says that there are more than 300 million fraudulent sign-in attempts to Microsoft cloud services every day and that figure is steadily growing. There are also around 167 million...

Read More
IRS Warns of Phishing Scam Targeting Taxpayers and Tax Professionals
Aug27

IRS Warns of Phishing Scam Targeting Taxpayers and Tax Professionals

The Internal Revenue Service (IRS) has issued a warning to U.S. taxpayers and tax professionals about a new nationwide phishing campaign that is spreading keylogging malware. The emails appear to have been sent by the IRS and alerts taxpayers and tax professionals to an issue with their electronic tax returns. Users are required to click the link in the email to access information about their tax refund. The emails include a hyperlink...

Read More
Researchers Provide Insights into Motivations Behind Healthcare Cyberattacks
Aug22

Researchers Provide Insights into Motivations Behind Healthcare Cyberattacks

A new report from FireEye provides insights into the motivations behind cyberattacks on U.S. healthcare organizations. The report shows patient information is not the only type of sensitive data being sought. There has been a marked increase in cyberattacks on cancer research institutes and medical institutions for the research data they hold. The attacks are being conducted by Advanced Persistent Threat (APT) groups affiliated to...

Read More
Study Highlights Risk of Lateral Phishing Attacks
Aug21

Study Highlights Risk of Lateral Phishing Attacks

Phishing is the use of impersonation to trick another person into disclosing sensitive information. Phishing can take place over the Internet, telephone, or via text message, but email is the most common attack vector. There are many reasons for compromising email accounts and a variety of tactics are used depending on the end goal. With Business Email Compromise (BEC) the aim is to gain access to the CEO’s email account and use it to...

Read More
Custom 404 Pages Used to Serve Fake Microsoft Office 365 Login Forms
Aug19

Custom 404 Pages Used to Serve Fake Microsoft Office 365 Login Forms

A new phishing campaign has been detected by security researchers at Microsoft that uses custom 404 pages to display a fake Office 365 login form. A single domain is used in this campaign and a custom 404 page is created that displays the fake Office 365 login form. The custom 404 page is displayed when any visitor to the website attempts to visit a non-existent web page. Since any URL could be entered to generate the 404 page, the...

Read More
Massive 540+ Website Spoofing Campaign Identified
Aug07

Massive 540+ Website Spoofing Campaign Identified

A massive spoofing campaign has been detected targeting customers of Walmart and other well-known brand which attempts to get them to part with sensitive personal information. The campaign was detected by DomainTools, which identified more than 540 malicious domains that had been set up by the same threat actor. The websites included job sites, online dating sites, movie download sites, and numerous sites targeting fortune 500 brands...

Read More
U.S. Utilities Targeted in Phishing Campaign Spreading New RAT
Aug05

U.S. Utilities Targeted in Phishing Campaign Spreading New RAT

U.S. utilities are being targeted in a phishing campaign distributing a new malware variant called LookBack. The spear phishing campaign impersonates a U.S. engineering licensing board and lures recipients into opening an attached Word document. The emails impersonate the U.S. National Council of Examiners for Engineering and Surveying (NCEES) and claim that the recipient has failed an NCEES examination. Further information about the...

Read More
Phishing Campaign Targets Administrator Credentials with Office Alerts
Jul22

Phishing Campaign Targets Administrator Credentials with Office Alerts

A new phishing campaign has been identified which uses Office 365 admin alerts as a lure to get administrators to click and disclose their login credentials. A hacker can use phishing emails to obtain Office 365 credentials and gain access to an employee’s email account. That account can be used to send further phishing emails to contacts and colleagues. The hacker also has access to sensitive data in emails and email attachments. If...

Read More
Phishing Campaign Uses Fake Office 365 Site to Download Trickbot Trojan
Jul19

Phishing Campaign Uses Fake Office 365 Site to Download Trickbot Trojan

The Trickbot Trojan is being distributed via a new fake Office 365 phishing website. The website is virtually identical to official Microsoft Office 365 site, complete with a realistic looking URL – get-office365[.]live. Nothing appears untoward on the site. Even all the URLs point to webpages on Microsoft domains. However, a few seconds after landing on the site a popup warning will appear from either the Chrome Update Center...

Read More
Phishing Campaign Uses SHTML Files to Redirect Users to Malicious Websites
Jul19

Phishing Campaign Uses SHTML Files to Redirect Users to Malicious Websites

A novel new phishing campaign has been detected that uses an unusual method of directing users to malicious websites that harvest credentials. Phishing campaigns typically use embedded hyperlinks in the message body. Advanced email security solutions can detect and assess the URLs to determine whether they are malicious. To get around this, hyperlinks are often hidden in documents or macros or scripts are hidden in other types of...

Read More
$301 Million Lost to BEC Scams Every Month
Jul18

$301 Million Lost to BEC Scams Every Month

The number of successful Business Email Compromise (BEC) scams has increased significantly over the past two years, according to a new financial trend analysis report from FinCEN. BEC scams involve gaining access to a business email account and using that account to send a request to the payroll or accounts department requesting a wire transfer be made. In order for the scam to work, the compromised account must belong to someone who...

Read More
City of Griffin Wires $800,000 to BEC Scammers
Jul10

City of Griffin Wires $800,000 to BEC Scammers

A business email compromise attack on the city of Griffin, GA, has resulted in two payments totaling $800,000 being made to accounts controlled by the scammers. Business email compromise (BEC) attacks are scams in which the email account of a company is compromised and used to send a request to the finance department or a third party to make a fraudulent wire transfer payment. Access to the email is usually gained with a spear...

Read More
Phishing-as-a-Service Helping to Fuel Increase in Phishing Attacks
Jul02

Phishing-as-a-Service Helping to Fuel Increase in Phishing Attacks

If a task is time consuming or difficult, there is usually someone willing to offer it as a service. That can now be said of phishing. There are a growing number of criminals offering phishing-as-a-service to help wanna-be criminals conduct phishing campaigns. At the basic level, phishing is a relatively straightforward way of attacking an organization. It is also low cost and requires little in the way of hacking skill. That said,...

Read More
QR Code Phishing Scam Targets Cofense Customers
Jun28

QR Code Phishing Scam Targets Cofense Customers

A new phishing campaign has been detected that uses QR codes to hide the hyperlink to a phishing webpage. Not only does this tactic bypass security solutions that search for potentially malicious URLs, by using a QR code the recipient must switch from the business network to their mobile phone to view the document. The corporate network may have a web filter, sandboxes, and other cybersecurity protections to prevent users from...

Read More
Emotet was the Biggest Email Threat in Q1
May31

Emotet was the Biggest Email Threat in Q1

A new report from Proofpoint has confirmed Emotet was the biggest email-based threat in the first quarter of 2019. The popularity of the malware is not surprising. While Emotet was once just a banking Trojan, it can now be used to deliver other malware variants and can even distribute itself automatically by sending copies of itself via spam email on a compromised device. Emotet is now classed as a botnet, as it is being used to...

Read More
TrickBot Trojan Now Using URL Redirects to Fool End Users and Cybersecurity Solutions
May21

TrickBot Trojan Now Using URL Redirects to Fool End Users and Cybersecurity Solutions

The Trickbot banking Trojan is one of the biggest cyber threats faced by businesses. Trickbot is primarily a banking Trojan that is used to obtain login credentials to online bank accounts. The malware can also steal from Bitcoin wallets and harvest email credentials and steal other sensitive data. The malware is one of the most active banking Trojans in use, second only to Emotet. The malware is primarily distributed via spam and...

Read More
International Law Enforcement Operation Shuts Down Goznym Malware Gang
May17

International Law Enforcement Operation Shuts Down Goznym Malware Gang

The international criminal gang behind the infamous Goznym malware has been disbanded following a complex law enforcement investigation in Bulgaria, Germany, Georgia, Moldova, Ukraine, and the United States. The investigation has resulted in indictments for ten defendants, five of whom have been apprehended: Two in Germany, one in Bulgaria, one in Moldova, and the alleged leader of the gang in Georgia. Five Russian nationals involved...

Read More
DHS Cybersecurity and Infrastructure Security Agency Issues Guidelines for O365 Migrations
May14

DHS Cybersecurity and Infrastructure Security Agency Issues Guidelines for O365 Migrations

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has issued a set of guidelines and best practices to help organizations migrate to Microsoft Office 365 and avoid introducing vulnerabilities that could make it easier for cybercriminals to conduct attacks and gain access to Office 365 accounts. There has been a major increase in the number of organizations that have transitioned to...

Read More
Antivirus Tool Used by Dharma Ransomware to Hide Malicious Activity
May10

Antivirus Tool Used by Dharma Ransomware to Hide Malicious Activity

Security researchers at Trend Micro have discovered the threat actors behind Dharma ransomware are using a legitimate AV tool to hide the malicious activities of their ransomware. Dharma ransomware first surfaced in 2016 and has since been used in many attacks on businesses, in particular attacks on healthcare organizations in the United States. The ransomware variant is distributed via spam email which contains a link to a web page...

Read More
Chinese Nationals Charged over 78.8 Million-Record Anthem Inc Hack
May10

Chinese Nationals Charged over 78.8 Million-Record Anthem Inc Hack

The U.S. Department of Justice has announced that two Chinese nationals have been charged over the 2015 hacking of Anthem Inc., and three other cyberattacks on U.S. businesses. In February 2015, Anthem Inc., discovered its systems had been infiltrated. Further investigation revealed the records of 78.8 million plan members had been stolen in what was, and still is, the largest healthcare data breach ever to be discovered. On Thursday,...

Read More
Verizon 2019 Data Breach Investigations Report Reveals Latest Cyberattack Trends
May08

Verizon 2019 Data Breach Investigations Report Reveals Latest Cyberattack Trends

Verizon has released its 2019 Data Breach Investigations Report. The annual report provides an in-depth analysis of global data breaches, new cyberattack trends, and an overview of the current threat landscape. This is the 12th consecutive year that Verizon has produced the report and this year’s instalment is most extensive DBIR report released to date.  Verizon now collects data from 73 sources and included 41,686 reported security...

Read More
Popular Mail Clients Vulnerable to Digital Signature Spoofing Attacks
May01

Popular Mail Clients Vulnerable to Digital Signature Spoofing Attacks

Digital signatures confirm the sender of an email is genuine, that an email is authentic, and has not been intercepted and altered in transit. However, vulnerabilities have been identified in the implementation of digital signature technology in several popular email clients which could be exploited in digital signature spoofing attacks. Were that to happen, the recipient of an email would likely believe the communication is genuine...

Read More
Biggest Malware Threats in Healthcare Revealed
Apr30

Biggest Malware Threats in Healthcare Revealed

A recent report from Malwarebytes has revealed Trojans are the biggest malware threat. Trojans account for 79% of all malware detected on healthcare systems by Malwarebytes. The Emotet Trojan is the leading malware variant, accounting for 37% of all detected Trojans. While the Emotet Trojan was once just a banking Trojan concerned with obtaining credentials to online bank accounts, it has since evolved to include a wide range of...

Read More
Latest Phishing Attack Trends Revealed
Apr26

Latest Phishing Attack Trends Revealed

Proofpoint has released its Q4 2018 quarterly threat analysis which reveals the latest phishing attack trends and provides an insight into the types of individuals being targeted in email attacks. Email attacks on businesses are conducted for a variety of reasons, most commonly to fool employees into installing malware or ransomware, to obtain login credentials, or convince employees to make fraudulent wire transfers or divulge...

Read More
FBI’S 2018 Internet Crime Report Shows Massive Increase in BEC Attack Losses
Apr24

FBI’S 2018 Internet Crime Report Shows Massive Increase in BEC Attack Losses

The Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3) has released its 2018 Internet Crime Report which shows there was a dramatic rise in losses due to cybercrime in 2018. In 2018, IC3 received 351,936 complaints involving more than $2.7 billion in losses. That represents an increase in losses of more than 92% compared to 2017. 2018 accounted for 36% of all losses from the past five years and complaints about...

Read More
Security Researcher Who Thwarted WannaCry Ransomware Pleads Guilty to Malware Development and Distribution
Apr23

Security Researcher Who Thwarted WannaCry Ransomware Pleads Guilty to Malware Development and Distribution

The security researcher who identified and activated the kill switch in WannaCry ransomware in 2017 and played a critical role in stopping the global attacks has pleaded guilty to helping to develop and distribute banking Trojans. Marcus Hutchins (aka MalwareTech) was initially called a hero for his role in blocking the WannaCry attacks in May 2017; however, in August of the same year, he was arrested by the FBI in the United States...

Read More
Google to Start Blocking Logins from Embedded Browsers to Help Combat MitM Attacks
Apr23

Google to Start Blocking Logins from Embedded Browsers to Help Combat MitM Attacks

Sign-ins to Google from embedded browser frameworks will soon be blocked. Google announced on Thursday, April 18 that the change is being made to improve protections against man-in-the-middle (MitM) attacks. Embedded browser frameworks are often used in phishing attacks to automate user activity. If a user visits a phishing website that spoofs the Google login page and is requested to enter their Google credentials, the attacker could...

Read More
Phishing Attacks Increased by 40.9% in 2018
Apr17

Phishing Attacks Increased by 40.9% in 2018

The 2019 Phishing Trends and Intelligence Report from PhishLabs shows there was a 40.9% increase in phishing attacks in 2018. Attacks increased steadily during Q1 and continued at a high level in Q2 and Q3, with a decline in attacks in Q4. The analysis of attacks shows the tactics used by cybercriminals are constantly changing. New types of attacks were detected in 2018 which exploited changes in the digital landscape. Targets also...

Read More
DHS and FBI Issue Warning About New North Korean Hoplight Trojan
Apr16

DHS and FBI Issue Warning About New North Korean Hoplight Trojan

The U.S Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have both issued advisories about a new Trojan called Hoplight which is being used by the Lazarus APT group. Lazarus is a North Korea-backed hacking group, also known as Hidden Cobra, Zinc, and Nickel Academy. The hacking group primarily uses spear phishing to install malware on high value targets. The group is primarily concerned with...

Read More
A Quarter of Phishing Emails Bypass Office 365 Anti-Phishing Defenses
Apr12

A Quarter of Phishing Emails Bypass Office 365 Anti-Phishing Defenses

Microsoft Office 365 default anti-phishing defenses are bypassed by a quarter of all phishing emails, according to new research from cybersecurity firm Avanan. Avanan conducted a study of 52 million emails which had been assessed by Office 365 Exchange Online Protection (EOP). 25% of phishing emails were determined to be non-malicious and were delivered to inboxes. In addition, a further 5.3% of emails were delivered as they had been...

Read More
Tech Companies Still Not Implementing DMARC to Block Phishing Attacks
Apr01

Tech Companies Still Not Implementing DMARC to Block Phishing Attacks

A recent study by Valimail has revealed only 10.5% of large tech companies have correctly implemented the DMARC email authentication protocol to block phishing attacks that spoof email domains. There are several frameworks and protocols that can be adopted to help prevent domain spoofing and authenticate emails. These are Domain-based Message Authentication, Reporting, and Conformance (DMARC), Sender Policy Framework (SPF),...

Read More
Europol Meets with Industry Leaders to Discuss Ways to Combat Phishing
Apr01

Europol Meets with Industry Leaders to Discuss Ways to Combat Phishing

Europol has hosted a meeting with 70 industry experts to discuss ways to tackle the growing problem of phishing and business email compromise attacks. According to the 2018 Verizon Data Breach Investigations Report, a single spear phishing attack costs a business an average of $1.6 million to resolve. The FBI reports that business email compromise attacks have resulted in losses of more than $12.5 billion since October 2013. To tackle...

Read More
Webinar: New DMARC and Sandboxing Features of SpamTitan Email Security Solution Explained
Mar28

Webinar: New DMARC and Sandboxing Features of SpamTitan Email Security Solution Explained

Cybercriminals are launching ever more sophisticated attacks on businesses, which require more powerful cybersecurity solutions to protect against attacks. One of the most common methods of attack is email and this is an area where security defenses often fall short. Even with robust perimeter defenses, cybercriminals can gain access to business networks by targeting the weakest link: Employees. Phishing attacks are becoming more...

Read More
New Report Identifies Latest Spear Phishing Trends
Mar21

New Report Identifies Latest Spear Phishing Trends

Researchers at email security firm Barracuda have conducted a study to identify current spear phishing trends and the tactics most commonly used to attack businesses and obtain sensitive information. Spear phishing is a highly targeted form of phishing. Campaigns tend to involve low numbers of emails that have been carefully crafted for attacks on a particular industry, company, or individual. Targets are usually researched, and...

Read More
MFA Bypassed in IMAP-Based Attacks on Office 365 and G Suite Accounts
Mar15

MFA Bypassed in IMAP-Based Attacks on Office 365 and G Suite Accounts

Multi-factor authentication can prevent accounts from being accessed if passwords are stolen or obtained using brute force tactics; however, Proofpoint has discovered that multi-factor authentication is being bypassed on Office 365 and G Suite accounts using the legacy IMAP protocol. The IMAP authentication protocol bypasses MFA and attackers are able to avoid being locked out of accounts. The methods used made failed login attempts...

Read More
Healthcare Employees Vulnerable to Phishing Attacks
Mar14

Healthcare Employees Vulnerable to Phishing Attacks

The healthcare industry appears to have more than its fair share of phishing attacks. Barely a week goes by without a major phishing attack being reported by a healthcare provider in the United States. Healthcare organizations are targeted by cybercriminals as they hold valuable data. Healthcare records contain information that can be used for multiple types of fraud and the records sell for big bucks on darknet marketplaces....

Read More
SpamTitan Email Security Solution Now Incorporates Sandboxing and DMARC Authentication
Mar13

SpamTitan Email Security Solution Now Incorporates Sandboxing and DMARC Authentication

SMB and MSP email security solution provider TitanHQ has announced a major update of its SpamTitan email security solution. New features have been added to the solution to provide even greater protection against sophisticated phishing attacks and new malware threats. The new layers of security were applied to the solution this week and are now available to customers at no extra cost. The past few years have seen a major increase in...

Read More
1 in 61 Delivered Emails Contains a Malicious URL
Mar08

1 in 61 Delivered Emails Contains a Malicious URL

A new report from Mimecast has revealed cybercriminals are increasingly using malicious URLs in phishing emails to obtain credentials and deliver malware. Mimecast’s figures show there has been a 126% increase in delivered emails that contain malicious URLs between August 2018 and February 2019. The company has analyzed more than 28.4 million emails that had been determined to be safe by email security solutions and were delivered to...

Read More
New Microsoft Report Details 2018 Phishing Trends
Mar06

New Microsoft Report Details 2018 Phishing Trends

Microsoft’s latest Security Intelligence Report provides information on 2018 phishing trends, the changing tactics of cybercriminals, and ransomware, cryptojacking and malware attack statistics. 2018 Ransomware Trends 2017 saw ransomware attacks dominated the threat landscape; however, as the year progressed ransomware started to fall out of favor with cybercriminals and that trend continued throughout 2018. While ransomware attacks...

Read More
IRS Launches 2019 Campaign to Raise Awareness of Tax Scams with Phishing Warning
Mar05

IRS Launches 2019 Campaign to Raise Awareness of Tax Scams with Phishing Warning

The IRS has launched its annual campaign to raise awareness of tax scams that are highly prevalent during tax season. The Dirty Dozen campaign details 12 common tax scams that taxpayers, tax professionals and businesses need to be aware of and take steps to avoid. In the run up to the deadline for submitting 2018 tax returns, cybercriminals increase their efforts to obtain the personal information of taxpayers. The information can be...

Read More
UConn Health Phishing Attack Impacts 326K Patients
Feb25

UConn Health Phishing Attack Impacts 326K Patients

A UConn Health phishing attack in December has potentially allowed an unauthorized individual to gain access to the health information of hundreds of thousands of patients. The attack was detected on December 24, 2018, and all email accounts were secured to prevent further unauthorized access. It is unclear for how long the attacker had control of the accounts. The breach may have dated back months. During the time that accounts could...

Read More
Businesses Targeted in Ongoing Credential-Stealing Separ Malware Phishing Attack
Feb21

Businesses Targeted in Ongoing Credential-Stealing Separ Malware Phishing Attack

An ongoing phishing campaign is targeting businesses and distributing the information-stealing Separ malware. The campaign has mostly concentrated on businesses in South East Asia and the Middle East, although some businesses in North America have also been attacked. The Separ information stealer has been in use since September 2017, with earlier versions of the info-stealer dating back to 2013. The latest campaign, which uses an...

Read More
Trickbot Trojan Updated to Obtain VNC, PuTTY, and RDP Credentials
Feb19

Trickbot Trojan Updated to Obtain VNC, PuTTY, and RDP Credentials

The Trickbot banking Trojan has been updated with a new module which is capable of obtaining VNC, PuTTY, and remote desktop credentials. The latest variant of Trickbot is being distributed in a tax season-themed phishing campaign involving emails that offer help with recent changes to the U.S. tax code to reduce tax bills. The emails appear to have been sent by the accounting organization Deloitte and have a tax incentive-related...

Read More
FINRA Issues Phishing Warning to Brokerage Firms
Feb19

FINRA Issues Phishing Warning to Brokerage Firms

The Financial Industry Regulatory Authority (FINRA) has issued a warning to brokerage firms about a new phishing campaign. The scam involves spam emails which appear to have been sent from a credit union alerting the brokerage firm to potential money laundering by one of their clients. The email messages appear to have been sent by a BSA-AML compliance officer at a legitimate Indiana-based credit union and contain details of the...

Read More
Phishing Campaign Leverages Google Translate to Steal Google and Facebook Credentials
Feb11

Phishing Campaign Leverages Google Translate to Steal Google and Facebook Credentials

A phishing campaign has been detected that abuses Google Translate to make the phishing webpage appear to be an official login page for Google. The phishing emails in the campaign are similar to many other campaigns that have been run in the past. The messages have the subject “Security Alert” with a message body virtually identical to the messages sent by Google when a user’s Google account has been accessed from an unfamiliar device...

Read More
New BEC Campaign Targets Executives
Feb06

New BEC Campaign Targets Executives

Business email compromise attacks involve the impersonation of a high-level executive, often the CEO or CFO. The attacks often start with a spear phishing email to obtain the credentials of the CEO/CFO. If the credentials are obtained, the email account is used to send requests to employees. During tax season, W-2 Form data for all employees is often requested or requests are sent to the finance department to make wire transfers to...

Read More
Office 365 Phishing Campaign Uses SharePoint Collaboration Request as Lure
Feb06

Office 365 Phishing Campaign Uses SharePoint Collaboration Request as Lure

A single Office 365 username/password combination can give a hacker access to a vast quantity of sensitive information. Information detailed in emails can be of great value to competitors, identity thieves, and other fraudsters. Office 365 credentials also give hackers access to cloud storage repositories that can contain highly sensitive business information and compromised accounts can be used to distribute malware and conduct...

Read More
2019 State of the Phish Report Reveals Increase in Successful Phishing Attacks
Jan29

2019 State of the Phish Report Reveals Increase in Successful Phishing Attacks

The Proofpoint 2019 State of the Phish Report has revealed that while phishing is still used to infect users with malware, 70% of phishing attacks are concerned with obtaining credentials. In the past 12 months there has been a major increase in phishing attacks. The last time the report was produced in 2017, 38% of InfoSec professionals reported having experienced at least one account compromise as a result of a phishing attack in...

Read More
Fake Google Update Installer Used to Install AZORult Trojan
Jan28

Fake Google Update Installer Used to Install AZORult Trojan

Researchers at Minerva Labs have identified a new AZORult Trojan campaign that installs the malware through a fake Google update installer. The AZORult Trojan is an information stealer that can obtain system information, cookies, passwords stored in browsers, browser histories, information from saved files, banking credentials, and cryptocurrency wallets. The malware is also used as a downloader of other malware variants and is...

Read More
Cofense Launches New Managed Security Service Provider Anti-Phishing Program
Jan19

Cofense Launches New Managed Security Service Provider Anti-Phishing Program

A new Managed Security Service Provider (MSSP) program has been launched by Cofense to help MSSPs deliver advanced anti-phishing solutions to their SMB clients to improve protection against sophisticated phishing attacks. Phishing is now the number one cybersecurity threat faced by SMBs. Phishing serves as an easy attack vector for cybercriminals and is one that is often used to gain access to business networks. Phishing is used to...

Read More
773 Million Email Addresses and 21 Million Unique Passwords Listed for Sale
Jan18

773 Million Email Addresses and 21 Million Unique Passwords Listed for Sale

A massive collection of login credentials that includes approximately 773 million email addresses has been uncovered by security researcher Troy Hunt. Hunt is an Australian Microsoft Regional Director and maintains the Have I Been Pwned (HIBP) website, where people can check to see whether their login credentials have been stolen in a data breach. Hunt discovered the 87GB database on a popular hacking forum. The data was spread across...

Read More
BenefitMall Phishing Attack Impacts 111,589 Plan Members
Jan16

BenefitMall Phishing Attack Impacts 111,589 Plan Members

A recently discovered BenefitMall phishing attack has resulted in the exposure of 111,589 plan members’ protected health information.   BenefitMall, a division of Centerstone Insurance and Financial Services, discovered on October 11, 2018, that hackers had gained access to several employee email accounts as a result of their responses to phishing emails. Third party computer forensics experts were called in to assist with the...

Read More
Highly Sophisticated Apple Vishing Scam Detected
Jan10

Highly Sophisticated Apple Vishing Scam Detected

A sophisticated Apple vishing scam has been uncovered. In contrast to most phishing attempts that use email, this scam used voice calls (vishing) with the calls appearing to have come from Apple. The scam starts with an automated voice call to an iPhone that spoofs Apple Inc. The caller display shows that the call is from Apple Inc., increasing the likelihood that the call will be answered. The user is advised that there has been a...

Read More
Phishing Website Uses Custom Web Fonts to Evade Detection
Jan08

Phishing Website Uses Custom Web Fonts to Evade Detection

Phishers are constantly developing new ways to prevent their websites from being detected. One threat actor is now using custom web fonts to disguise malicious code on phishing websites. The phishing scam spoofs a major U.S. bank in an attempt to get users to disclose their banking credentials. The website used in the scam is well crafted, and like many similar scams, uses stolen branded content to make the website appear legitimate....

Read More
Tribune Publishing Cyberattack Cripples Several U.S. Newspapers
Jan02

Tribune Publishing Cyberattack Cripples Several U.S. Newspapers

A recent malware attack on Tribune Publishing has caused disruption to several newspaper print runs including those of the Los Angeles Times, San Diego Tribune, and the west coast editions of the New York Times and Wall Street Journal, amongst others. The Tribune Publishing cyberattack occurred on Thursday December 28, 2018, and spread throughout the Tribune Publishing network on Friday, affecting the Saturday editions of several...

Read More
FTC Issues Warning About New Netflix Phishing Scam
Jan01

FTC Issues Warning About New Netflix Phishing Scam

The U.S. Federal Trade Commission has issued a warning about a new global Netflix phishing scam that attempts to fool Netflix subscribers into disclosing their account credentials and payment information. The scam uses a tried and tested tactic to obtain that information: The threat of account closure due to payment information being out of date. Users are sent a message asking them to update their payment details because Netflix has...

Read More
More Than 50 Accounts Compromised in San Diego School District Data Breach
Dec27

More Than 50 Accounts Compromised in San Diego School District Data Breach

A major data breach has been reported by the San Diego School District that has potentially resulted in the theft of the personal information of more than half a million current and former staff and students. The data exposed as a result of the breach date back to the 2008/2009 school year. The breach was detected following reports from district staff of a spate of phishing emails. The emails were highly believable and fooled users...

Read More
90% of Malware Delivered Via Spam Email
Dec19

90% of Malware Delivered Via Spam Email

Cybercriminals use a variety of methods to gain access to business networks to install malware, although by far the most common method of spreading malware is spam email. According to a recent study by F-Secure, in 2018, 90% of malware was delivered through spam email. The most common types of malware delivered via spam email are downloaders, bots, and backdoors, which collectively account for 52% of all infections. Banking Trojans...

Read More
New Office 365 Phishing Attack Detected
Dec18

New Office 365 Phishing Attack Detected

A new Office 365 phishing attack has been identified that uses alerts about message delivery failures to lure unsuspecting users to a website where they are asked to provide their Office 365 account details. The new scam was detected by security researcher Xavier Mertens during an analysis of email honeypot data. The emails closely resemble official messages sent by Microsoft to alert Office 365 users to message delivery failures. The...

Read More
New Survey Highlights Importance of Security Awareness Training for Employees
Dec17

New Survey Highlights Importance of Security Awareness Training for Employees

A recent phishing survey of 500 office workers in Ireland has revealed the risks business leaders are taking by failing to provide security awareness training for employees. Phishing is one of the easiest methods of gaining access to sensitive information and gaining a foothold in a network. Phishing is the act of deceiving users into disclosing sensitive information, usually via email. An email is sent with a lure to get the user to...

Read More
Microsoft and Adobe December 2018 Patch Tuesday Updates
Dec12

Microsoft and Adobe December 2018 Patch Tuesday Updates

December 2018 Patch Tuesday has seen Microsoft issue patches for 39 vulnerabilities, 10 of which have been rated critical, and two are being actively exploited in the wild. There are 9 critical vulnerabilities in Microsoft products and one critical vulnerability in Adobe Flash Player. The patches cover the following products and services: Microsoft Windows, Microsoft Office, Internet Explorer, Microsoft Edge, Microsoft Office...

Read More
2018 Security Awareness Training Statistics
Dec12

2018 Security Awareness Training Statistics

A recent survey conducted by Mimecast has produced some interesting security awareness training statistics for 2018. The survey shows many businesses are taking considerable risks by not providing adequate training to their employees on cybersecurity. Ask the IT department what is the greatest risk cybersecurity risk and many will say end users. IT teams put a considerable amount of effort into implementing and maintaining...

Read More
Webinar: Cost-Effective DNS-Based Web Filtering
Dec04

Webinar: Cost-Effective DNS-Based Web Filtering

In order to protect against web-based threats such as malware, ransomware, viruses, exploit kits, malvertising, and phishing, businesses need to implement a web filtering solution. A web filter allows businesses to carefully control the websites and webpages that employees can access while connected to the wired and wireless networks. All Internet traffic is routed through the filter where controls are applied to block malware...

Read More
Spotify Phishing Scam Detected: User Accounts Breached
Nov30

Spotify Phishing Scam Detected: User Accounts Breached

Researchers at AppRiver have detected a Spotify phishing scam that attempts to get users to reveal their Spotify credentials. The emails use brand imaging that make the emails appear to have been sent by the music streaming service. The messages are realistic, although there are signs that the messages are not genuine. The email template used in the Spotify phishing scam claims the user needs to confirm their account details to remove...

Read More
Marriott Announces 500 Million-Record Breach of Starwood Hotel Guests’ Data
Nov30

Marriott Announces 500 Million-Record Breach of Starwood Hotel Guests’ Data

The Marriott hotel chain has announced it has suffered a massive data breach that has resulted in the theft of the personal information of up to 500 million guests of the Starwood Hotels and Resorts group. Marriott discovered the data breach on September 8, 2018 after an alert was generated by its internal security system following an attempt by an unauthorized individual to access the Starwood guest reservation database. Third-party...

Read More
49% of All Phishing Sites Have SSL Certificates and Display Green Padlock
Nov29

49% of All Phishing Sites Have SSL Certificates and Display Green Padlock

Almost half of phishing sites now have SSL certificates, start with HTTPS, and display the green padlock to show the sites are secure, according to new research by PhishLabs. The number of phishing websites that have SSL certificates has been increasing steadily since Q3, 2016, when around 5% of phishing websites were displaying the green padlock to indicate a secure connection. The percentage increased to approximately 25% of all...

Read More
Major Malvertising Campaign Detected: 300 Million Browser Sessions Hijacked in 48 Hours
Nov28

Major Malvertising Campaign Detected: 300 Million Browser Sessions Hijacked in 48 Hours

A major malvertising campaign is being conducted that is redirecting web users to phishing and scam websites. While malvertising campaigns are nothing new, this one stands out due to the scale of the campaign. In 48 hours, more than 300 million users have had their browsers redirected to malicious web pages. The campaign was uncovered by researchers at cybersecurity firm Confiant on November 12. The researchers note that the actor...

Read More
California Wildfire-Themed BEC Attack Identified
Nov27

California Wildfire-Themed BEC Attack Identified

It is common for phishers to use natural disasters as a lure to obtain ‘donations’ to line their pockets rather than help the victims and the California wildfires are no exception. Many people have lost their lives in the fires and the death toll is likely to rise further as hundreds of people are still unaccounted for. Whole towns such as Paradise have been totally destroyed by the wildfires and hundreds of people have lost their...

Read More
APT28 Group Uses New Cannon Trojan in Spear Phishing Campaign Targeting US and EU Government Agencies
Nov22

APT28 Group Uses New Cannon Trojan in Spear Phishing Campaign Targeting US and EU Government Agencies

A new spear phishing campaign is being conducted by the AP28 (Sofacy Group/Fancy Bear/Sednit) on government organizations in the United States, Europe, and a former USSR state using the previously unknown Cannon Trojan. The campaign was detected by Palo Alto Networks’ Unit 42 team and was first identified in late October. The campaign is being conducted via spam email and uses weaponized Word document to deliver two malware variants....

Read More
Rise in Phishing Emails Using .Com File Extensions
Nov21

Rise in Phishing Emails Using .Com File Extensions

The anti-phishing solution provider Cofense, formerly PhishMe, has reported a marked increase in phishing campaigns using files with the .com extension. The .com extension is used for text files with executable byte code. The code can be executed on Microsoft NT-kernel-based and DOS operating systems. The campaigns identified through Cofense Intelligence are primarily being sent to financial service departments and are used to...

Read More
Gmail Flaw Allows Phishing Emails to Be Sent Anonymously
Nov21

Gmail Flaw Allows Phishing Emails to Be Sent Anonymously

A Gmail flaw has been discovered that allows emails to be sent anonymously with no information included in the sender field. The flaw could easily be exploited by cybercriminals for use in phishing attacks. Phishers often mask the sender of an email in phishing campaigns to fool the recipient into believing the email is genuine. The sender’s email address can be spoofed so the displayed name appears to be a known contact or well-known...

Read More
Phishing Accounts for 50% of All Fraud Attacks
Nov15

Phishing Accounts for 50% of All Fraud Attacks

An analysis of current cyber fraud threats by network security firm RSA shows that phishing attacks have increased by 70% since Q2 and now account for 50% of all fraud attacks suffered by organizations. Phishing attacks are popular because they are easy to conduct and have a high success rate. An attacker can set up a webpage that mimics a well-known brand such as Microsoft or Google that requests login details. Emails are then sent...

Read More
U.S. Treasury Investigating $700,000 Loss to Phishing Scam
Oct30

U.S. Treasury Investigating $700,000 Loss to Phishing Scam

In July 2018, the Washington D.C. government fell for an email scam that resulted in wire transfers totaling nearly $700,000 being sent to a scammer’s account. The scammer impersonated a vendor used by the city and requested outstanding invoices for construction work be paid. The vendor had been contracted to work on a design and build project on a permanent supportive housing facility. The emails requested the payment method be...

Read More
Cofense Expands 24/7 Global Phishing Defense Services
Oct30

Cofense Expands 24/7 Global Phishing Defense Services

Cofense has announced that it has expanded its 24/7 Phishing Defense Service to provide even greater support to customers outside business hours and ensure that phishing threats are identified in the shortest possible time. The Cofense Phishing Defense Center (PDC) was launched to ease the burden on IT security teams by allowing them to offload some of the burden of searching through emails reported by their end users and analysing...

Read More
United States Leads the World as Main Host of Malware C2 Infrastructure
Oct26

United States Leads the World as Main Host of Malware C2 Infrastructure

The United States is home to the highest percentage of malware command and control (C2) infrastructure – 35% of the global total, according to new research published by phishing defense and threat intelligence firm Cofense.  27% of network Indicators of Compromise (IoCs) from phishing-borne malware are also either located in or proxied through the United States. Cofense data show that Russia is in second place with 11%, followed by...

Read More
75% of Employees Lack Security Awareness
Oct26

75% of Employees Lack Security Awareness

MediaPro has published its 2018 State of Privacy and Security Awareness Report which assesses the level of security awareness of employees across different industry sectors. The report is based on the responses to questionnaires sent to 1,024 employees across the United States that probed their understanding of real-world threats and security best practices. This is the third year that MediaPro has conducted the study, which...

Read More
Brands Most Commonly Spoofed by Phishers Revealed
Oct25

Brands Most Commonly Spoofed by Phishers Revealed

Vade Secure has released a new report detailing the brands most commonly targeted by phishers in North America. The Phishers’ Favorites Top 25 list reveals the most commonly spoofed brands in phishing emails detected in Q3, 2018. For the latest report, Vade Security tracked 86 brands and ranked them based on the quantity of phishing attacks in which they were impersonated. Those 86 brands account for 95% of all brand spoofing attacks...

Read More
Stealthy sLoad Downloader Performs Extensive Reconnaissance to Improve Quality of Infected Hosts
Oct25

Stealthy sLoad Downloader Performs Extensive Reconnaissance to Improve Quality of Infected Hosts

A new PowerShell downloader has been discovered – the sLoad downloader – which is being used in stealthy, highly targeted attacks in the United Kingdom and Italy. The sLoad downloader performs a wide range of checks to find out a great deal of information about the system on which it resides, before choosing the most appropriate malicious payload to deploy – if a payload is deployed at all. The sLoad downloader was first identified in...

Read More
Anti-Phishing Working Group Publishes Q2, 2018 Phishing Trends Report
Oct19

Anti-Phishing Working Group Publishes Q2, 2018 Phishing Trends Report

The Anti-Phishing Working Group has released its Phishing Activity Trends Report for Q2, 2018. The report contains a summary and analysis of phishing attacks that were reported to APWG by its member companies and partners between April and June 2018. The APWG quarterly reports provide insights into the latest phishing trends and show the extent of phishing attacks on businesses – Attacks aimed at getting employees to reveal their...

Read More
Cofense Explores the State of Phishing Defenses in 2018
Oct18

Cofense Explores the State of Phishing Defenses in 2018

The anti-phishing solution provider Cofense has released its 2018 State of Phishing Defense report. The report provides insights into the most common phishing emails being used by cybercriminals and the message subjects that are most effective at fooling employees into clicking and revealing sensitive information. The report also breaks down phishing attacks by industry sector and shows which industries are most susceptible to...

Read More
Anthem Data Breach Settlement of $16 Million Agreed with OCR
Oct16

Anthem Data Breach Settlement of $16 Million Agreed with OCR

The largest ever healthcare data breach in the United States has attracted the largest ever fine for noncompliance with HIPAA Rules. The Anthem data breach settlement of $16 million eclipses the previous highest HIPAA fine of $5.55 million and reflects not only the severity of the Anthem Inc data breach, which saw the protected health information of 78.8 million plan members stolen, but also the extent of noncompliance with HIPAA...

Read More
Sophisticated Phishing Attack Inserts Malware into Existing Email Conversation Threads
Oct11

Sophisticated Phishing Attack Inserts Malware into Existing Email Conversation Threads

A new sophisticated phishing tactic has been identified that involves a malicious actor gaining access to an email account, monitoring a conversation thread, and then inserting malware in a reply to an ongoing discussion. The scam is a variation of a Business Email Compromise (BEC) attack. BEC attacks typically involve using a compromised email account to send messages to accounts or payroll employees to get them to make fraudulent...

Read More
Phishers Using Azure Blog Storage to Host Phishing Forms with Valid Microsoft SSL Certificate
Oct08

Phishers Using Azure Blog Storage to Host Phishing Forms with Valid Microsoft SSL Certificate

Cybercriminals are using Microsoft Azure Blog storage to host phishing forms. The site hosting the malicious files has a genuine Microsoft SSL certificate which adds authenticity to the campaign. Similar tactics have been used in the past for Dropbox phishing scams and attacks that impersonate other cloud storage platforms. A typical phishing scenario involves an email being sent with a button or hyperlink that the user is requested...

Read More
Persistent New LoJax Rootkit Survives Hard Disk Replacement
Oct04

Persistent New LoJax Rootkit Survives Hard Disk Replacement

Security researchers at ESET have identified a new rootkit that takes persistence to a whole new level. Once infected, the LoJax rootkit will remain active on a device even if the operating system is reinstalled or the hard drive is reformatted or replaced. Rootkits are malicious code that are used to provide an attacker with constant administrator access to an infected device. They are difficult to detect and consequently they can...

Read More
Danabot Banking Trojan Used in U.S. Campaign
Oct03

Danabot Banking Trojan Used in U.S. Campaign

The DanaBot banking Trojan was first detected by security researchers at Proofpoint in May 2018. It was being used in a single campaign targeting customers of Australian Banks. Further campaigns were later detected targeting customers of European banks, and now the attacks have moved across the Atlantic and U.S. banks are being targeted. Banking Trojans are a major threat. Proofpoint notes that they now account for 60% of all malware...

Read More
KnowBe4 Launches ‘Domain Doppelgänger’ Fake Domain Identification Tool
Oct01

KnowBe4 Launches ‘Domain Doppelgänger’ Fake Domain Identification Tool

A new tool has been released by the security awareness training and phishing simulation platform provider KnowBe4 that can help companies to identify ‘evil twin domains’ – lookalike spoofed domains that are typically used by cybercriminals for phishing and spreading malware. An evil twin domain is very similar to a genuine website that is used by a company. It could include an extra letter such as faceboook.com, have missing letters...

Read More
2018 Has Seen a Marked Increase in Email Impersonation Attacks
Sep27

2018 Has Seen a Marked Increase in Email Impersonation Attacks

The September Email Threat Report published by cybersecurity company FireEye has cast light on the latest tactics being used by cybercriminals to fool end users into disclosing sensitive information such as login credentials to online bank accounts and email services. Phishing attacks continue to dominate the threat landscape and cybercriminals have been refining their techniques to achieve a higher success rate. Standard phishing...

Read More
Cofense Takes a Closer Look at Healthcare Phishing Attacks
Sep24

Cofense Takes a Closer Look at Healthcare Phishing Attacks

Cofense, the leading provider of human-based phishing threat management solutions, has published new research that shows the healthcare industry lags behind other industry sectors for phishing defenses and is routinely attacked by cybercriminals who often succeed in gaining access to sensitive patient health data. The Department of Health and Human Services’ Office for Civil Rights publishes a summary of data breaches reported by...

Read More
Proofpoint Launches Closed-Loop Email Analysis and Response (CLEAR) Solution
Sep12

Proofpoint Launches Closed-Loop Email Analysis and Response (CLEAR) Solution

The Sunnyvale, CA-based cybersecurity firm Proofpoint has announced it has launched a new Closed-Loop Email Analysis and Response (CLEAR) solution that can significantly reduce the time it takes to triage email-based threats. The solution uses a complete closed-loop approach to automatically analyze suspicious emails reported by end users to security teams, identify real threats from false positives, and help security teams remediate...

Read More
New Brazilian Banking Trojan Hides in Plain Sight
Sep10

New Brazilian Banking Trojan Hides in Plain Sight

An innovative new Brazilian banking Trojan has been detected by security researchers at IBM X-Force. The Trojan has been named CamuBot due to its use of camouflage to fool employees into running the installer for the malware. As with other banking Trojans, its purpose is to obtain bank account credentials, although its method of doing so is different from most of the banking Trojans currently used by threat actors in Brazil. Most...

Read More
Respiratory Care Provider Victim of Phishing Attack
Sep05

Respiratory Care Provider Victim of Phishing Attack

Norwood, MA-based Reliable Respiratory has discovered a hacker has gained access to the email account of one of its employees, and through that account, potentially accessed the protected health information of some of its patients. The respiratory care provider was alerted to a possible email account breach on July 3 when suspicious activity was detected in the email account. An investigation was immediately launched which confirmed...

Read More