74% of Organizations Punish Employees for Phishing Failures
Jan23

74% of Organizations Punish Employees for Phishing Failures

Many cybersecurity threats keep cybersecurity professionals awake at night but phishing attacks top of the list. According to a recent survey of cybersecurity professionals by the email security software company Egress, 95% of security professionals are stressed about email security, and for good reason. The study revealed 94% of organizations have suffered phishing attacks in the past 12 months, up 2% from last year, and 91% said...

Read More
LastPass Employees and Customers Targeted in Phishing Campaign
Oct04

LastPass Employees and Customers Targeted in Phishing Campaign

A widespread phishing campaign has been detected that is targeting LastPass employees and customers. The campaign was first detected in mid-September, and a second wave of phishing emails was sent at the end of the month. The aim of the campaign is to obtain LastPass credentials. If the credentials are obtained, the attackers will have access to users’ password vaults. LastPass offers users multifactor authentication; however, this...

Read More
Russian Threat Actor Conducting Convincing Phishing Campaign via Microsoft Teams
Aug03

Russian Threat Actor Conducting Convincing Phishing Campaign via Microsoft Teams

The Russian cyber threat actor Midnight Blizzard (Nobelium, APT29, UNC2452, Cozy Bear) is conducting a highly targeted phishing and social engineering campaign via Microsoft Teams to gain persistent access to Microsoft 365 environments. The United States and the United Kingdom believe Midnight Blizzard to be part of the Foreign Intelligence Service of the Russian Federation (SVR). The threat actor seeks persistent access to networks...

Read More
Verizon 2023 DBIR: DoS Attacks Dominate 2022 Cyberattacks and BEC Attacks Double
Jun08

Verizon 2023 DBIR: DoS Attacks Dominate 2022 Cyberattacks and BEC Attacks Double

The recently published Verizon 2023 Data Breach Investigations Report provides insights into the tactics, techniques, and procedures that cyber actors are using to gain access to networks to achieve their objectives. The data for the report comes from security incidents and data breaches between Nov. 1, 2021, to Oct. 31, 2022, which this year includes 953,894 security incidents and 254,968 confirmed breaches, including more than...

Read More

Security Agencies Issue Warning About North Korean Spear Phishing Campaigns

Intelligence and law enforcement agencies in the United States and South Korea have issued a warning about the North Korean state-sponsored hacking group Kimsuky (aka APT43, Thallium, and Velvet Chollima), which has been targeting individuals in research centers, think tanks, academic institutions, and news media organizations in spear phishing campaigns, often posing as journalists, academics, and other individuals with credible...

Read More
Advanced Phishing Attacks Increased by 356% in 2022
May31

Advanced Phishing Attacks Increased by 356% in 2022

An analysis of by the cybersecurity firm Perception Point shows there was a major increase in advanced phishing attacks in 2022, which increased by 356% from 2021. Phishing accounted for 67.4% of cyberattacks in 2022, and there was an 83% increase in business email compromise (BEC) attacks. In total, cyberattacks increased by 87% from the previous year. While BEC attacks only account for a small percentage of attacks, the losses to...

Read More
North Korean Threat Group Using ReconShark Malware in Spear Phishing Campaign
May08

North Korean Threat Group Using ReconShark Malware in Spear Phishing Campaign

A North Korean advanced persistent threat (APT) actor is using a new malware called ReconShark in a global spear phishing campaign. The malware is capable of collecting and exfiltrating sensitive information to its command-and-control server and downloading executable files on targeted systems. The information gathered by the group is believed to be used for conducting precision follow on attacks on targeted individuals. The malware...

Read More
Phishers Turn to Telegram to Market Their Kits and Services
Apr07

Phishers Turn to Telegram to Market Their Kits and Services

Cybercriminals are increasingly turning to Telegram to share tactics and market their services, especially threat actors specializing in phishing, according to Kaspersky. The phishing community on Telegram has grown substantially over the past year, as phishers flock to the platform an create Telegram channels for promoting phishing kits and bots for automating routine workflows, including for generating phishing pages and collecting...

Read More
Security Agency Recommends Businesses Change their Approach to Combat Phishing
Dec22

Security Agency Recommends Businesses Change their Approach to Combat Phishing

The UK National Cyber Security Centre (NCSC) has issued advice to businesses to help them improve their defenses against phishing, one of the most common ways that malicious actors gain initial access to business networks. Phishing targets employees, who are weak links in the security chain. Employees are prone to make mistakes, and all it takes is for one employee to fail to recognize a phishing threat for a threat actor to gain...

Read More
Multiple Threat Actors Exploiting Windows 0Day That Prevents Generation of MotW Warnings
Nov22

Multiple Threat Actors Exploiting Windows 0Day That Prevents Generation of MotW Warnings

A phishing campaign has been detected that exploits a zero-day Windows vulnerability to drop Qbot malware, a password-stealing Trojan cum malware dropper. QBot has been observed delivering the Brute Ratel and Cobalt Strike post-exploitation tool kits, and ransomware payloads such as Egregor and Black Basta. When files are downloaded from the Internet from untrusted locations, a Mark of the Web attribute is added to the files that...

Read More
Massive WhatsApp Phishing Campaign Detected Involving 42,000 Malicious Domains
Nov15

Massive WhatsApp Phishing Campaign Detected Involving 42,000 Malicious Domains

A massive phishing campaign is being conducted via WhatsApp that alerts recipients that they have won a prize and need to visit a website using the provided link to claim it. The campaign was identified by security researchers at Cyjax, who have attributed the campaign to a Chinese threat group they are tracking as Fangxiao, after they successfully deanonymized some of the domains used in the campaign and bypassed the Cloudflare...

Read More
MFA Bypassed in Dropbox Phishing Attack Targeting GitHub Credentials
Nov04

MFA Bypassed in Dropbox Phishing Attack Targeting GitHub Credentials

Dropbox has announced that it has suffered a phishing-related data breach in which hackers gained access to proprietary code stored in GitHub repositories. The San Francisco-based file hosting service provider said customer accounts were not compromised, but hackers gained access to 130 code repositories on GitHub using credentials stolen from employees after they responded to phishing emails. Dropbox said no user content, passwords,...

Read More
New Callback Phishing Tactics Used to Gain Access to Devices
Oct10

New Callback Phishing Tactics Used to Gain Access to Devices

Ransomware gangs have resurrected a callback phishing technique for gaining initial access to networks, where initial contact is made with the victim via email and a telephone number is provided for the victim to call, along with an important reason for making contact. This is usually a pending charge for a fake subscription to a product or service or a free trial that is due to come to an end, resulting in a charge being applied....

Read More
IRS Warns of Exponential Increase in IRS-Themed Smishing Attacks
Sep29

IRS Warns of Exponential Increase in IRS-Themed Smishing Attacks

The U.S. Internal Revenue Service (IRS) has issued a warning following a massive increase in SMS-based phishing (smishing) attacks over the past few weeks. The IRS-themed messages include links to malicious websites that attempt to steal sensitive personal and financial information. The IRS says it observed an increase in smishing attacks on taxpayers in the fall of 2020, with the attacks continuing throughout the pandemic, but this...

Read More
Cybersecurity Awareness Month 2022 Focuses on People
Sep28

Cybersecurity Awareness Month 2022 Focuses on People

Cybersecurity Awareness Month 2022 runs from October 1 to October 31, with the month of October having been dedicated to improving awareness about cybersecurity since 2004. Throughout October, the U.S. Cybersecurity and Infrastructure Security (CISA) and the National Cybersecurity Alliance (NCA) will lead a collaborative effort  between government and industry to improve cybersecurity awareness in the United States and beyond. The...

Read More
More than 130 Companies Fall Victim to SMS Phishing Campaign Targeting Okta Credentials
Aug29

More than 130 Companies Fall Victim to SMS Phishing Campaign Targeting Okta Credentials

A highly successful phishing campaign has been identified that targets Okta credentials. Okta is an American identity and access management company that provides cloud-based software solutions to help companies manage and secure user authentication. Researchers at Group-IB analyzed the campaign and reported that 136 companies are known to have been attacked, although only 2/3 of the attacked companies were able to be identified. Some...

Read More
Microsoft Disrupts Ongoing Russia-Linked Phishing Campaign
Aug16

Microsoft Disrupts Ongoing Russia-Linked Phishing Campaign

Microsoft has announced it has taken steps to disrupt phishing campaigns conducted by a Russia-linked threat actor tracked as SEABORGIUM. The threat actor originates from Russia and conducts operations closely aligned with Russian interests. The threat group has been in operation since at least 2017, and the group is known to conduct phishing and credential theft campaigns, mostly targeting organizations in the United States and the...

Read More
Conti Ransomware Groups Using Callback Phishing to Gain Access to Victims’ Networks
Aug15

Conti Ransomware Groups Using Callback Phishing to Gain Access to Victims’ Networks

Three groups that split from the Conti ransomware operation are primarily gaining access to victims’ networks using callback phishing tactics, according to cybersecurity firm AdvIntel. Callback phishing involves making initial contact with targeted employees in an organization via email. They are advised about a pressing issue that needs to be resolved by telephone. The phone line is manned by the threat actor and social engineering...

Read More
Ransomware Gangs are Weaponizing Their Stolen Data and Making BEC Attacks Easier
Aug12

Ransomware Gangs are Weaponizing Their Stolen Data and Making BEC Attacks Easier

Business email compromise (BEC) attacks have been increasing. According to the Federal Bureau of Investigation (FBI), BEC attacks are the costliest type of cybercrime and resulted in $43 billion in losses between June 2016 and December 2021. In 2021 alone, 19,954 complaints were received by the FBI’s Internet Crime Complaint Center (IC3) and almost $2.4 billion was lost to the scams. Abnormal Security reports an 84% annual...

Read More
Sophisticated Twilio Smishing Attack Sees Accounts and Customer Data Compromised
Aug09

Sophisticated Twilio Smishing Attack Sees Accounts and Customer Data Compromised

The digital communication platform provider Twilio has confirmed that multiple employees have been tricked into disclosing their account credentials in a smishing attack. Smishing is the use of SMS messages for conducting a phishing attack to steal employee credentials. Those credentials can be used to access employee accounts and any sensitive data accessible through those accounts. Twilio provides programmable communication tools...

Read More
97% of Top Universities Failing to Adequately Protect Against Email Impersonation Attacks
Aug04

97% of Top Universities Failing to Adequately Protect Against Email Impersonation Attacks

Domain spoofing is a common tactic used by phishers to trick victims into believing they have received an official email from a trusted business or contact. Technologies have been developed to detect domain spoofing and protect individuals from email impersonation attacks, yet many organizations have not implemented email validation protocols that can detect spoofing, and as such, their employees and other stakeholders are subjected...

Read More
LinkedIn Remains the Most Impersonated Brand in Phishing Attacks
Jul27

LinkedIn Remains the Most Impersonated Brand in Phishing Attacks

The Q2, 2022 Brand Phishing Report from cybersecurity firm Check Point shows LinkedIn is still the most impersonated brand in phishing attempts, having first entered into the Top 10 Most Impersonated Brands list in Q1, 2022. There has also been a surge in phishing attempts impersonating Microsoft, which have more than doubled from the previous quarter. The increase has seen Microsoft catapulted into position 2 in the list, accounting...

Read More
Security Vendors Impersonated in Callback Phishing Campaign
Jul14

Security Vendors Impersonated in Callback Phishing Campaign

The cybersecurity vendor CrowdStrike has issued a warning about a callback phishing campaign that attempts to trick employees at businesses into visiting a malicious website. Initial contact is made via email, which instructs recipients to make a phone call as part of a security audit. According to one of the emails obtained by researchers at Crowdstrike, contact is made due to an alleged data breach at the cybersecurity firm. The...

Read More
Massive Phishing Campaign Bypasses MFA to Gain Access to Office 365 Accounts for BEC Attacks
Jul13

Massive Phishing Campaign Bypasses MFA to Gain Access to Office 365 Accounts for BEC Attacks

This week, Microsoft shared details of a massive phishing campaign that has targeted more than 10,000 organizations since September 2021. The campaign targets organizations that use Office 365 and allows the attackers to hijack accounts, even if they have multi-factor authentication (MFA) enabled. The compromised accounts are then used to conduct business email compromise attacks on external companies to get them to make fraudulent...

Read More
Microsoft Rollback of VBA Macro Blocking is Only a Temporary Measure
Jul12

Microsoft Rollback of VBA Macro Blocking is Only a Temporary Measure

Last week, Windows users started noticing that Microsoft had stopped blocking Internet-delivered VBA macros by default without making an announcement. Microsoft has now confirmed that the rollback is only a temporary measure. Back in February, Microsoft announced that it would be taking steps to improve security by blocking Visual Basic for Applications (VBA) macros by default in certain Office apps. The security measure would apply...

Read More
Police in Europe Dismantle Multi-Million-Euro Phishing Operation
Jun24

Police in Europe Dismantle Multi-Million-Euro Phishing Operation

An organized criminal gang that was operating a multi-million-Euro phishing operation has been dismantled by police forces in Belgium and the Netherlands, according to Europol. The operation involved raids at 24 addresses in the Netherlands on June 21, and police arrested 9 individuals suspected of involvement in the operation. They also seized cash, cryptocurrency, jewelry, firearms, and ammunition. Europol assisted in the operation...

Read More
Thousands Arrested in Interpol-Led Operation Targeting Social Engineering Scammers
Jun16

Thousands Arrested in Interpol-Led Operation Targeting Social Engineering Scammers

An international law enforcement operation led by Interpol that involved police forces in 76 countries has seen more than $50 million seized and thousands of people have been arrested in connection with social engineering scams such as telecommunication fraud, business email compromise scams, and the money laundering activities in relation to those operations. The operation – called First Light 2022 – ran for two months between...

Read More
Emotet Malware Infections Increased by 2,700% from Q4, 2021 to Q1, 2022
Jun13

Emotet Malware Infections Increased by 2,700% from Q4, 2021 to Q1, 2022

Security researchers have identified new variants of Emotet malware that are capable of collecting and using stolen credentials, which are then weaponized and used to distribute the malware, and security solutions are failing to block the malware. Emotet is widely regarded as the most dangerous malware threat. While action was taken by a coalition of law enforcement agencies, which shut down the infrastructure of Emotet in January...

Read More
Researchers Uncover Massive Facebook and Messenger Phishing Campaign
Jun10

Researchers Uncover Massive Facebook and Messenger Phishing Campaign

Security researchers at the cybersecurity firm PIXM have identified a massive phishing campaign being conducted through Facebook and Messenger, which has driven millions of individuals to web pages hosting phishing forms and online adverts. According to PIXM, in just 4 months, a threat actor was able to steal more than 1 million credentials and generated significant revenue from online advertising commissions. The account credentials...

Read More
Local Governments Targeted in Phishing Campaign Exploiting Windows Follina Vulnerability
Jun07

Local Governments Targeted in Phishing Campaign Exploiting Windows Follina Vulnerability

The critical Windows ‘Follina’ zero-day vulnerability is being exploited in phishing attacks on local governments in the United States and government entities throughout Europe, according to Proofpoint. The phishing campaign uses Rich Text File (RTF) attachments, which will exploit the Microsoft Windows Support Diagnostic Tool (MSDT) remote code execution bug – CVE-2022-30190 – if opened. Exploitation of the vulnerability does not...

Read More
Phishing Campaign Pushing Jester Malware Targets Ukrainian Citizens Warning of Chemical Attacks
May10

Phishing Campaign Pushing Jester Malware Targets Ukrainian Citizens Warning of Chemical Attacks

A phishing campaign has been identified that warns of chemical weapon attacks on Ukrainian citizens in an attempt to infect devices with Jester malware.  The Computer Emergency Response Team of Ukraine (CERT-UA) has recently issued a security advisory about the mass distribution of these malicious emails targeting Ukrainian citizens. The emails have the subject line “chemical attack” and warn in Ukrainian that information has been...

Read More
FBI: More than $43 Billion has been Lost to BEC Scams Since 2016
May06

FBI: More than $43 Billion has been Lost to BEC Scams Since 2016

Business email compromise (BEC) scams are the leading cause of losses to cybercrime. According to the U.S. Federal Bureau of Investigation (FBI), reported losses between June 2016 and December 2021 exceeded $43.3 billion. These scams, also known as email account compromise (EAC), involve compromising a business email account and using it to send emails to individuals responsible for making wire transfers and tricking them into making...

Read More
Man Convicted for Phishing Scam Resulting in Theft of $23.5 Million from DoD
May03

Man Convicted for Phishing Scam Resulting in Theft of $23.5 Million from DoD

The losses to phishing scams can be considerable. What starts with a single phishing email can easily result in a costly data breach, malware infection, or the fraudulent transfer of millions of dollars to an attacker-controlled account. Last week, the U.S Department of Justice announced that one of the perpetrators of a phishing scam has been convicted on six counts for his role in a complex phishing scheme and vendor email...

Read More
LinkedIn is the Most Impersonated Brand in Phishing Attacks
Apr19

LinkedIn is the Most Impersonated Brand in Phishing Attacks

The professional social networking site LinkedIn is now the most impersonated brand in phishing attacks according to Check Point Research. In Q1, 2022, 52% of phishing attacks spoofed LinkedIn, which is a 550% increase from the previous quarter when LinkedIn was the 5th most impersonated brand. This is part of an emerging trend in phishing that has seen phishers switch to campaigns seeking corporate social media credentials, which can...

Read More
WhatsApp Voicemail Phishing Campaign Distributes Information Stealing Malware
Apr05

WhatsApp Voicemail Phishing Campaign Distributes Information Stealing Malware

A new WhatsApp phishing campaign has been identified by researchers at Armorblox that has been sent to at least 27,655 email addresses. The emails impersonate WhatsApp and relate to the voice message feature of the instant messaging app to get recipients of the messages to install information-stealing malware. The malware targets passwords stored in browsers and applications, steals cryptocurrency wallets, and can be used to...

Read More
Critical Infrastructure Organizations Warned About AvosLocker Ransomware Attacks
Mar21

Critical Infrastructure Organizations Warned About AvosLocker Ransomware Attacks

AvosLocker ransomware is being used in attacks on U.S. critical infrastructure organizations, according to a recent joint cybersecurity advisory issued by the Federal Bureau of Investigation (FBI), U.S. Department of the Treasury, and the U.S. Treasury Financial Crimes Enforcement Network (FinCEN). AvosLocker is a relatively new ransomware group that first appeared in June 2021. Initially, the ransomware was used in attacks on Windows...

Read More
Feds Issue Update on Conti Ransomware
Mar10

Feds Issue Update on Conti Ransomware

The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have issued an update on Conti Ransomware as attacks on U.S. businesses pass the 1,000 mark. The update includes information gathered from the recent leak of internal private messages between gang members by a Ukrainian researcher, who also released the source code for the ransomware and...

Read More
Lapsus Ransomware Gang Continues with High Profile Attacks
Mar04

Lapsus Ransomware Gang Continues with High Profile Attacks

The Lapsus ransomware gang only is a new threat group that first appeared in December 2021 but has already started building a name for itself with several high-profile attacks already conducted, the latest being the ransomware attack on GPU giant NVIDIA. Sensitive Employee Data and Source Code Stolen from NVIDIA NVIDIA said it detected the attack on February 23, 2021, and announced on February 25 that it was investigating a security...

Read More
Phishing Campaign Capitalizes on Ukrainian Crisis
Mar03

Phishing Campaign Capitalizes on Ukrainian Crisis

A new phishing campaign has been detected that piggybacks on the current crisis in Ukraine to trick people into divulging their credentials. Emails are being sent warning about suspicious account access from Russia to scare people into clicking the link and logging into their account to change the password. The campaign targets Microsoft customers and attempts to steal Microsoft 365 credentials. The campaign was discovered by security...

Read More
83% of Businesses Experienced a Successful Phishing Attack in 2021
Feb23

83% of Businesses Experienced a Successful Phishing Attack in 2021

Phishing is the most common method used to attack businesses. Phishing attacks are performed to steal credentials, obtain sensitive data, install malware, or gain a foothold in a network for a more extensive compromise. Phishing attacks target individuals and exploit human rather than technical weaknesses, and use social engineering to trick people into taking an action that allows the attacker to achieve their aims. The UK...

Read More
TitanHQ Acquires Cyber Risk Aware to Add Security Awareness Training to its Cybersecurity Portfolio
Feb17

TitanHQ Acquires Cyber Risk Aware to Add Security Awareness Training to its Cybersecurity Portfolio

The Irish cybersecurity firm TitanHQ, a leading SaaS business offering a portfolio of cloud-based cybersecurity solutions, has announced the acquisition of the Dublin-based security awareness firm Cyber Risk Aware. Cyber Risk Aware was formed in 2016 and provides the only behavior-driven security awareness platform that provides real-time training to help counter the threat from phishing and other cybersecurity threats that target...

Read More
46% of Emails in 2021 Were Spam
Feb16

46% of Emails in 2021 Were Spam

The Russian cybersecurity firm Kaspersky has released its 2021 Spam and Phishing Report which identifies the key annual trends in spamming and phishing. The report shows 45.56% of global email volume consisted of spam emails, with Russia the biggest culprit, with 24.77% of spam emails coming from Russian IP addresses and German IP addresses used to send 14.12% of the year’s spam emails. Legitimate organizations such as banks and...

Read More
Next-Gen Phishing Kits Used to Bypass Multifactor Authentication
Feb08

Next-Gen Phishing Kits Used to Bypass Multifactor Authentication

Proofpoint has revealed cyber threat actors are now using a new class of phishing kit that is allowing them to bypass multi-factor authentication (MFA). Multi-factor authentication is strongly recommended on accounts to improve security. Multifactor authentication requires an additional form of identification to be provided in addition to a password. In the event of a password being obtained by an unauthorized individual, access to...

Read More
DHL Was the Most Imitated Brand in Phishing Campaigns in Q4, 2021
Jan18

DHL Was the Most Imitated Brand in Phishing Campaigns in Q4, 2021

A recent report from the cybersecurity firm Check Point has revealed DHL was the most impersonated brand in phishing attacks in Q4, 2021, overtaking Microsoft. Check Point’s data show 23% of phishing emails impersonating brands in Q4, 2021 spoofed DHL, up 9% from the previous quarter. Microsoft is usually the brand most impersonated by cybercriminals due to the huge number of customers. In Q4, 20% of all brand impersonation...

Read More
COVID-19 Omicron Phishing Scam Targets UK Residents Offering Free NHS Omicron PCR Test
Dec06

COVID-19 Omicron Phishing Scam Targets UK Residents Offering Free NHS Omicron PCR Test

An COVID-19 Omicron phishing campaign has been detected that spoofs the UK’s National Health Service and attempts to get individuals to disclose sensitive personally identifiable information and financial details. The campaign takes advantage of fear about the new Omicron variant of the coronavirus which could potentially be more transmissible than other SARS-CoV-2 variants and make current vaccines less effective. Scientists around...

Read More
SpamTitan Plus Has Better Coverage of Malicious URLs and Detects Them Faster Than Market Leading Solutions
Dec03

SpamTitan Plus Has Better Coverage of Malicious URLs and Detects Them Faster Than Market Leading Solutions

A new anti-phishing product has been launched by TitanHQ which the company says provides far better coverage of malicious URLs than any of the current market-leading anti-phishing solutions, which means more malicious links are detected and those links are detected faster than other solutions. TitanHQ had been getting feedback from its customer base of 12,000+ businesses and 3,000+ Managed Service Providers that phishing attacks are...

Read More
Multiple APT Actors Using Novel RFT Template Injection Technique in Phishing Attacks
Dec02

Multiple APT Actors Using Novel RFT Template Injection Technique in Phishing Attacks

A novel Rich Text Format (RTF) Template Injection technique is being used in phishing campaigns conducted by multiple nation-state hacking groups. Researchers at Proofpoint say they first identified this technique being used in March 2021 and its use has been steadily growing. The technique was initially used by the Indian APT group DoNot Team (APT-C-35), followed by the Chinese APT group TA423, then the Russian APT actor Gamaredon....

Read More
Vaccine Manufacturers Targeted with Metamorphic Tardigrade Malware
Nov30

Vaccine Manufacturers Targeted with Metamorphic Tardigrade Malware

The biomanufacturing sector has been warned about targeted attacks involving Tardigrade malware – a sophisticated metamorphic variant of the SmokeLoader backdoor. Tardigrade malware is known to have been used in two cyberattacks on companies in the biomanufacturing sector in 2021. In the spring of this year, a large biomanufacturing facility was targeted and a second facility was infected with the malware in October. The attacks...

Read More
GoDaddy Data Breach Affects 1.2 Million Customers and 6 Web Hosts
Nov26

GoDaddy Data Breach Affects 1.2 Million Customers and 6 Web Hosts

On November 22, GoDaddy said it was the victim of a data breach that exposed the email addresses and customer numbers of up to 1.2 million active and inactive Managed WordPress users. The breach also exposed the original admin-level WordPress passwords for those accounts that were created when WordPress was first installed. The passwords could have allowed access to customers’ WordPress servers. Active customers also had their sFTP...

Read More
New JavaScript Malware Delivers Multiple Rats and Info Stealers
Nov25

New JavaScript Malware Delivers Multiple Rats and Info Stealers

A new JavaScript malware dubbed RATDispenser is being used to deliver at least 8 different Remote Access Trojans (RATs), information stealers, and keyloggers. According to an analysis by the HP Threat Research team, three different variants of RATDispenser have been detected in the past 3 months and 155 samples have been intercepted. All but 10 of those samples act as first-stage malware droppers that do not communicate with an...

Read More
Ransomware Attacks on CNA, Colonial Pipeline, and JBS the Result of Minor Security Lapses
Nov18

Ransomware Attacks on CNA, Colonial Pipeline, and JBS the Result of Minor Security Lapses

Ransomware attacks in 2021 have increased to record levels and no industry sector is immune. Cyber threat actors have become bolder and have conducted an increasing number of attacks on healthcare organizations, where the lack of access to systems and data has put patient safety at risk, while attacks on critical infrastructure have threatened food production and fuel availability. The escalation of attacks in the United States has...

Read More
The Emotet Botnet is Back: TrickBot Infrastructure Being Used to Rebuild the Botnet
Nov17

The Emotet Botnet is Back: TrickBot Infrastructure Being Used to Rebuild the Botnet

The infrastructure of the Emotet botnet was taken down in a Europol/Eurojust coordinated law enforcement operation in January 2021. Since the takedown it has been all quiet on the Emotet front, but the Emotet botnet has now returned. That law enforcement operation saw the infrastructure seized and taken down and two individuals believed to have played key roles in maintaining the infrastructure of the botnet were arrested. The Emotet...

Read More
Legitimate FBI System Hacked and Used to Send Spam Emails About Fake Cyberattack
Nov15

Legitimate FBI System Hacked and Used to Send Spam Emails About Fake Cyberattack

A spam email campaign involving at least 100,000 emails has been conducted using ‘hacked’ FBI-owned servers. The messages advised the recipients that their network had been breached and data was stolen. The emails were sent from the legitimate [email protected] email account and, as such, were passed by the DomainKeys Identified Mail (DKIM) mechanism. The Spamhaus project said the messages were delivered to at least 100,000 mailboxes,...

Read More
Robinhood Announces Breach of 7 Million User Records
Nov09

Robinhood Announces Breach of 7 Million User Records

Hacking attempts are often sophisticated but in some cases gaining access to a company’s internal networks is as simple as asking an employee for login credentials. This is often achieved through a phishing email, where employees are tricked into visiting a website that asks them to log in with their Microsoft 365 credentials. Similar tactics were recently used in an attack on the stock trading platform Robinhood. On November 3, 2021,...

Read More
Amazon SES Token Stolen and Used to Send Phishing Emails from Kaspersky.com Email Accounts
Nov02

Amazon SES Token Stolen and Used to Send Phishing Emails from Kaspersky.com Email Accounts

A phishing campaign has been identified that abused a legitimate access token of a third-party contractor to send phishing emails from legitimate Kaspersky.com email accounts. The campaign was conducted using the Amazon Simple Email Service (SES) email service, which allows developers to send emails from any app, including apps used for mass email communications. Kaspersky’s Amazon SES token was provided to a third-party contractor in...

Read More
NHS Vaccination Proof Phishing Campaign Rife in the UK
Oct25

NHS Vaccination Proof Phishing Campaign Rife in the UK

Cybercriminals have stepped up their efforts to scam Brits according to new research, with one of the most common scams offering fake proof of COVID-19 vaccination. According to Tessian, the phishing scam spoofs the NHS and advises recipients that they are eligible to apply for a “Digital Passport” which can be used as proof that an individual has been vaccinated against COVID-19 or has contracted COVID-19 and has recently recovered....

Read More
CryptoRom Gang Targets iPhone Users of Dating Apps in Sophisticated Romance Scam
Oct15

CryptoRom Gang Targets iPhone Users of Dating Apps in Sophisticated Romance Scam

Users of dating apps are being warned about a romance scam being conducted by an international cybercriminal gang dubbed CryptoRom. The gang has previously targeted individuals in Asia but has now expanded its operation and is targeting dating app users in Europe and the United States. Romance scams are nothing new of course, but they have become much more prevalent due to the increased use of dating apps, which allow scammers to...

Read More
Phishing Campaign Uses Mathematical Symbols to Fool Email Security Solutions
Oct14

Phishing Campaign Uses Mathematical Symbols to Fool Email Security Solutions

Analysts at email security firm INKY have identified a new phishing campaign that uses mathematical symbols in spoofed corporate logos in an attempt to fool email security solutions and ensure the phishing messages get delivered to inboxes. Many AI-based anti-phishing solutions can detect brand impersonation attacks and reject or quarantine messages rather than delivering to inboxes. If a message looks like it is from a known brand,...

Read More
Microsoft Discovers Large-scale Phishing-as-a-Service Operation
Sep23

Microsoft Discovers Large-scale Phishing-as-a-Service Operation

Microsoft has discovered a major phishing-as-a-service operation that it says is behind many phishing attacks on businesses over the past 3 years. Phishing is one of the easiest ways for cybercriminals to gain access to business networks. Attackers require a phishing email template to use, need to have a domain to send emails, and a webpage where credentials are harvested. Creating the infrastructure to support phishing campaigns can...

Read More
Europol Breaks up Major Cybercrime Ring
Sep21

Europol Breaks up Major Cybercrime Ring

A major cybercrime gang operating in the Canary Islands has been broken up by the Spanish National Police, with assistance provided by the Italian National Police and Europol. The gang generated more than $12 million in profit through phishing scams and other forms of fraud such as SIM swapping and business email compromise scams. The scams mostly targeted Italian nationals but also claimed victims in Spain, Ireland, Germany and the...

Read More
TitanHQ Adds Geo-Blocking in Latest Release of SpamTitan Email Security
Sep15

TitanHQ Adds Geo-Blocking in Latest Release of SpamTitan Email Security

TitanHQ has released of a new version of its award-winning SpamTitan email security solution. The Fall 2021 release – SpamTitan 7.11 – includes several enhancements to improve detection of threats such as malware, ransomware, APTs, spear phishing, and malicious URLs, with the updated version providing greater threat insights to help administrators mitigate risks more effectively. SpamTitan 7.11 includes a new feature –...

Read More
Nigerian Threat Actor Tries to Recruit Disgruntled Employees to Conduct a Ransomware Attack on Their Employer
Aug23

Nigerian Threat Actor Tries to Recruit Disgruntled Employees to Conduct a Ransomware Attack on Their Employer

Researchers at Abnormal Security have identified an email campaign run by a Nigerian threat group that is advertising for individuals to take part in ransomware attacks in exchange for a cut of any ransom payments they help to generate. This tactic is nothing new, as many ransomware operations seek affiliates to conduct attacks for an exchange of the profits under the ransomware-as-a-service (RaaS) model. This campaign differs as it...

Read More
Phishing Costs Large U.S. Companies $14.8 Million a Year
Aug19

Phishing Costs Large U.S. Companies $14.8 Million a Year

The cost of phishing attacks has risen fourfold over the past 6 according to the 2021 Cost of Phishing Report published by Proofpoint. Large companies in the United States are now losing an average of $14.8 million a year due to phishing. That equates to a cost of $1,500 per employee. In 2015, when the survey was first conducted, the average cost of phishing for large U.S. companies was $3.8 million. Phishing emails are sent to...

Read More

73% of Organizations Suffered a Phishing Related Data Breach in the Past Year

Almost three quarters (73%) of organizations in the United States and United Kingdom suffered a data breach in the past 12 months as a result of a phishing attack, according to the Egress’ 2021 Insider Data Breach survey. The survey was conducted on 500 IT leaders and 3,000 employees in the US and UK by Arlington Research on behalf of Egress, with respondents coming from a variety of industry sectors, including healthcare, legal, and...

Read More
Fake Kaseya Updates Used in Phishing Campaign to Deliver Cobalt Strike Backdoors
Jul09

Fake Kaseya Updates Used in Phishing Campaign to Deliver Cobalt Strike Backdoors

A phishing campaign has been detected by Malwarebytes Threat Intelligence researchers which targets managed service provider customers of Kaseya. The emails claim to provide a Kaseya security update to prevent ransomware attacks but delivers Cobalt Strike backdoors to victims’ networks. The campaign piggybacks on the REvil ransomware attack on the Kaseya Virtual System Administrator (VSA) platform on July 2 that saw ransomware pushed...

Read More
Profile Data of 700 Million LinkedIn Users Listed for Sale on Hacking Forum
Jun30

Profile Data of 700 Million LinkedIn Users Listed for Sale on Hacking Forum

700 million LinkedIn records were listed for sale on a hacking forum on June 22, 2021 by an individual who calls himself GOD User TomLiner. A sample of 1 million records has been made available as proof that the offer is genuine. The sample records include the full names of LinkedIn users, phone numbers, genders, email addresses, and job information. This is not the first time that a multi-million record batch of LinkedIn user data...

Read More
FIN7 Pen Tester Sentenced to 7 Years in Jail
Jun29

FIN7 Pen Tester Sentenced to 7 Years in Jail

A high-level member of the FIN7 organized crime group has been sentenced to 7 years in jail. The U.S. Department of Justice recently announced that Ukrainian national Andreii Kolpakov has been convicted in the Western District of Washington on one count of wire fraud and one count of conspiracy to commit computer hacking related to payment card theft. In addition to the lengthy jail term, Kolpakov was ordered to pay $2.5 million in...

Read More
NCSC Warns UK Educational Institutions of Increased Ransomware Threat
Jun07

NCSC Warns UK Educational Institutions of Increased Ransomware Threat

The UK’s National Cyber Security Center (NCSC) has issued a warning to the UK education sector following a recent spike in ransomware attacks on schools, colleges, and universities. Some of the recent attacks have resulted in the loss of school financial records, student coursework, and COVID-19 testing data. Ransomware attacks often involve the theft of data prior to the use of ransomware to encrypt systems. The attacks can have a...

Read More
SolarWinds Hackers Conducting Spear Phishing Campaign Posing as USAID
Jun01

SolarWinds Hackers Conducting Spear Phishing Campaign Posing as USAID

The Russian Advanced Persistent Threat (APT) group Nobelium – aka APT29/The Dukes/Cozy Bear – that was behind the SolarWinds Orion supply chain attack has been conducting a spear phishing campaign masquerading as the U.S. Agency for International Development (USAID). The emails are used to deliver malware and gain persistent access to the internal networks of the targeted companies. The spear phishing attacks were identified by...

Read More
Large-Scale Malspam Campaign Detected Delivering the STRRAT Remote Access Trojan
May21

Large-Scale Malspam Campaign Detected Delivering the STRRAT Remote Access Trojan

Microsoft has issued a warning about a massive malspam campaign that is being used to deliver the STRRAT remote access trojan (RAT). The campaign is being conducted using compromised email accounts with what appears at first glance to be a PDF file attachment. The attached file appears to have a .pdf extension and displays the typical PDF image; however, the file attachment is simply an image which, if clicked, will download the...

Read More
Train Company Under Fire for Insensitive Phishing Simulation Emails
May11

Train Company Under Fire for Insensitive Phishing Simulation Emails

Phishing simulations are an important way to test resilience to phishing attacks, but a British train company has discovered these campaigns can easily backfire if care is not taken when selecting suitable lures for the phishing simulation emails. West Midland Trains recently sent a phishing simulation email to staff that had all the hallmarks of a real-world phishing attack. The emails looked realistic, they appeared to have been...

Read More
Phishing Campaign Impersonates Click Studios to Deliver New Moserpass Malware Variant
Apr29

Phishing Campaign Impersonates Click Studios to Deliver New Moserpass Malware Variant

Last week, Click Studios alerted users of the Passwordstate enterprise password manager about a supply chain attack in which hackers successfully compromised the In-Place Upgrade mechanism of the app, which allowed the attackers to perform malicious upgrades between April 20 and April 22, 2021. During that 28-hour window it is possible that the attackers downloaded a malformed Passwordstate_upgrade.zip file, which was sourced from a...

Read More
External Email Message Warnings Can be Easily Hidden or Altered
Apr23

External Email Message Warnings Can be Easily Hidden or Altered

One of the ways that businesses help their employees identify potentially malicious emails is to flag any email that has been sent from an external email account. These external sender warnings can easily be configured in email clients such as Microsoft Outlook and email security gateways. When the warnings are shown, employees know they need to exercise caution when taking any action suggested in the email. If the warning is not...

Read More
Bloomberg Clients Targeted in Phishing Campaign Distributing Remote Access Trojans
Apr22

Bloomberg Clients Targeted in Phishing Campaign Distributing Remote Access Trojans

Remote Access Trojans (RATs) according to a new report published by researchers at Cisco Talos. The relatively few emails that have been intercepted have made it difficult to determine whether this campaign, dubbed Fajan, uses spray and pray tactics of if the emails are more targeted. The small scale of the campaign suggests the attackers are attempting to hone their skills and are actively maintaining and developing functionality to...

Read More
IcedID Malware Distribution Increases as it Vies to Become the New Emotet
Apr12

IcedID Malware Distribution Increases as it Vies to Become the New Emotet

A massive malspam campaign is underway distributing the IcedID banking Trojan. The malicious emails have Microsoft Excel attachments, which use Excel 4 macros to deliver the banking Trojan. IcedID is a modular malware that started life as a Trojan that steals financial information from victims. Like several other banking Trojans, it has since evolved into a malware dropper and is now primarily being used to distribute secondary...

Read More
New Malware Variant with Worm-Like Capabilities Spoofs Netflix and Spreads via WhatsApp
Apr08

New Malware Variant with Worm-Like Capabilities Spoofs Netflix and Spreads via WhatsApp

A new malware variant has been discovered by security researchers at Check Point that has been added to a fake Netflix application – FlixOnline – available from the Google Play Store. The malware has worm-like properties and can spread to other devices via WhatsApp messages. The Android app has the Netflix logo and claims to provide unlimited viewing from any location. If the app is downloaded and installed, permissions are...

Read More
FBI Warns State and Local Governments of Increased Risk of BEC Attacks
Mar23

FBI Warns State and Local Governments of Increased Risk of BEC Attacks

The Federal Bureau of Investigation (FBI) has issued a warning to state, local, tribal, and territorial (SLTT) governments in the United States about Business Email Compromise (BEC) scams. Losses to BEC attacks increased by 5% to more than $1.8 billion in 2020 and between 2018 and 2020, SLTT government entities have been targeted. BEC attacks involve the use of a compromise email account to send messages to individuals with authority...

Read More
Internet Crime Complaints Increased by 69% in 2020 with $4.2 Billion in Losses to Cybercrime
Mar19

Internet Crime Complaints Increased by 69% in 2020 with $4.2 Billion in Losses to Cybercrime

During the pandemic, cybercriminals stepped up their attacks on businesses and individuals and record numbers of complaints about cybercrime were filed with the Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3). 69% more complaints were filed with IC3 than 2019, which received 791,790 complaints about cybercriminal activity such as phishing attacks, ransomware and malware, and a wide range of online scams....

Read More
Pysa Ransomware Gang Targeting Education Sector, Warns FBI
Mar18

Pysa Ransomware Gang Targeting Education Sector, Warns FBI

The FBI has issued an alert following a surge in Pysa ransomware attacks on K-12 schools and higher education institutions. The Pysa (Mespinoza) ransomware gang has recently conducted attacks in 12 U.S. states and the United Kingdom. The ransomware was first identified in 2019, with the FBI aware of targeted Pysa ransomware attacks in the United States and foreign government entities, educational institutions, private companies, and...

Read More
Spear Phishing Campaign by Lazarus APT Group Targeting Defense Companies
Mar02

Spear Phishing Campaign by Lazarus APT Group Targeting Defense Companies

Security researchers at Kaspersky ICS CERT have identified a spear phishing campaign targeting defense companies that delivers an advanced malware dubbed ThreatNeedle. The campaign has been linked to the North Korean Advanced Persistent Threat (APT) group Lazarus – The most active APT group in 2020. Lazarus has conducted many spear phishing campaigns in recent months using the ThreatNeedle cluster of malware, which is a more advanced...

Read More
Phishing Attacks Detected Using Malformed URL Prefix
Feb22

Phishing Attacks Detected Using Malformed URL Prefix

A new phishing campaign has been detected that uses malformed URL prefixes to bypass email security solutions and fool individuals into disclosing their login credentials. The novel tactic was identified by researchers at GreatHorn. Rather than use the standard URL protocols HTTP:// or HTTPS:// the domain linked in the phishing email used HTTP:/\ (forward slash/backslash). The researchers first identified this tactic being used in...

Read More
Ransomware Attacks Most Commonly Start with Phishing and 70% Involve Data Exfiltration
Feb04

Ransomware Attacks Most Commonly Start with Phishing and 70% Involve Data Exfiltration

The Q4, 2020 Quarterly Ransomware Report from Coveware shows there has been a marked decline in the number of companies paying ransoms to recover data stolen in ransomware attacks and prevent the public release of stolen data. The fall is seen as a response to the erosion of trust. There have been several recent attacks where stolen data has been released publicly even when a ransom has been paid. If companies have a viable backup...

Read More
Phishers Target US Businesses in Scam Offering Fake PPP Loans
Feb02

Phishers Target US Businesses in Scam Offering Fake PPP Loans

A phishing campaign has been detected which is targeting U.S. businesses that are struggling to stay in operation during the pandemic. The emails attempt to get business owners to apply for a fake PPP loan and disclose sensitive data. The Paycheck Protection Program (PPP) is part of the U.S. CARES Act, which was launched by the Trump Administration on April 3, 2020 to provide financial assistance to businesses that have been adversely...

Read More
TrickBot Returns with a New Malspam Campaign
Feb01

TrickBot Returns with a New Malspam Campaign

A botnet that was severely disrupted in late 2020 by a coalition led by Microsoft is now back with a new malspam campaign. The infrastructure used by the operators of the TrickBot botnet was taken down in the run up to the November 2020 U.S. Presidential election, but it didn’t take long for the infrastructure to be rebuilt. The takedown was successful and caused major disruption to the operation, but since no arrests were made, the...

Read More
Europol Announces Takedown of the Emotet Botnet
Jan27

Europol Announces Takedown of the Emotet Botnet

Europol has announced that following a global operation by law enforcement and judicial authorities, the Emotet botnet has been disrupted and law enforcement agencies have seized control of its infrastructure. The takedown was planned for two years and involved Europol, Eurojust, the FBI, the Royal Canadian Mounted Police, the UK’s National Crime Agency, and law enforcement agencies in Ukraine, Netherlands, Germany, Lithuania, and...

Read More
UK Residents Warned of COVID-19 Vaccine Phishing Emails Seeking Financial Information
Jan26

UK Residents Warned of COVID-19 Vaccine Phishing Emails Seeking Financial Information

UK residents are being warned about a new phishing campaign that spoofs the National Health Service (NHS) and asks recipients to confirm that they want to receive the COVID-19 vaccine. The UK’s vaccination program is now well underway, with more than 6.5 million people already given the first dose of one of the approved COVID-19 vaccines, with the most vulnerable groups and NHS workers being prioritized. However, it is likely to take...

Read More
Mistake with Phishing Campaign Saw Stolen Credentials Accessible Through Google Searches
Jan22

Mistake with Phishing Campaign Saw Stolen Credentials Accessible Through Google Searches

A mistake by the operators of a phishing campaign has resulted in stolen credentials being accessible through Google searches. Compromised WordPress sites were used to receive stolen credentials; but the information was saved to locations accessible to the public and search engines. Search engines such as Google indexed those locations, which meant the stolen credentials could be found using a simple Google search. More than 1,000...

Read More

New PayPal Phishing Scam Advises Users via SMS that their Account has been Limited

A new PayPal phishing scam is being conducted via SMS messages that informs users that their PayPal account has been permanently set to ‘limited’ status, which restricts sending, receiving, or withdrawing money from PayPal accounts. The limited status is applied to accounts when PayPal detects fraudulent or suspicious activity. PayPal restricts accounts for security reasons, such as when someone other than the legitimate account...

Read More
US Federal Government Seizes Domains Spoofing COVID-19 Vaccine Developers
Dec22

US Federal Government Seizes Domains Spoofing COVID-19 Vaccine Developers

Two domains spoofing the COVID-19 vaccine developers Moderna and Regeneron have been seized by the U.S. Department of Justice. The websites were almost perfect clones of the websites they impersonated and had potential to deceive millions of individuals into disclosing sensitive information or downloading malware. This year has seen cybercriminals take advantage of the COVID-19 pandemic and conduct campaigns offering up to date...

Read More
More Than 3 Million Chrome and Edge Users Have Malware-Infected Browser Extensions
Dec21

More Than 3 Million Chrome and Edge Users Have Malware-Infected Browser Extensions

Approximately 3 million users of Google Chrome and Microsoft Edge have been infected with malware that has been hidden in browser extensions, according to a new report from antivirus company Avast. At least 28 JavaScript-based Chrome and Edge extensions for Instagram, Facebook, Vimeo and others have had malicious code added, which is used to steal personal data and redirect users to adverts and phishing websites. The malicious code...

Read More
Document Delivery Lure Used in Large Scale Spear Phishing Campaign Targeting Enterprise Employees
Dec15

Document Delivery Lure Used in Large Scale Spear Phishing Campaign Targeting Enterprise Employees

Last week, researchers at Abnormal Security identified a coordinated phishing attack targeting enterprise employees that attempts to steal their Microsoft Office 365 credentials. The emails are being sent from legitimate, but compromised Office 365 accounts using document delivery notifications as the lure to get users to disclose their credentials. Several enterprise organizations were targeted in the attack using hundreds of...

Read More
K-12 Schools Warned About Cyber Actors Targeting Distance Learning Education
Dec11

K-12 Schools Warned About Cyber Actors Targeting Distance Learning Education

The U.S. Cybersecurity and infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have issued a joint advisory to K-12 schools warning that cyber actors are conducting targeted attacks on distance learning education. Cyber actors are attempting to disrupt distance learning services, gain access to sensitive data, and conduct ransomware...

Read More
Spear Phishing Campaign Spoofing Microsoft.Com Sees Emails Delivered to Office 365 Inboxes
Dec10

Spear Phishing Campaign Spoofing Microsoft.Com Sees Emails Delivered to Office 365 Inboxes

Researchers at Israeli cybersecurity firm Ironscales have identified a spear phishing campaign targeting Office 365 users that spoofs the Microsoft.com domain. Several thousand Office 365 mailboxes are known to have been targeted, with around 100 customers of Ironscales having been sent the phishing emails. Those customers span several industry sectors including healthcare, insurance, telecom, manufacturing, and financial services....

Read More
Foreign APT Groups Targeting Think Tanks, Warns CISA/FBI
Dec03

Foreign APT Groups Targeting Think Tanks, Warns CISA/FBI

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a warning about ongoing cyberattacks on think tanks by foreign Advanced Persistent Threat (APT) groups. The purpose of the attacks is to gain persistent access to victim networks for espionage purposes. This is achieved through phishing attacks to gain access to user credentials and by exploiting vulnerabilities in...

Read More
BEC Scammers Using Auto-Forwarding Rules in Web-Based Email Clients to Prevent Detection
Dec02

BEC Scammers Using Auto-Forwarding Rules in Web-Based Email Clients to Prevent Detection

Cybercriminals have been using auto-forwarding rules in web-based email clients to increase the chances of success of their business email compromise (BEC) scams, according to a recently issued TLP: WHITE Joint Private Industry Notification from the Federal Bureau of Investigation (FBI). Business email compromise scams involve gaining access to a corporate email account and using that account to send emails to other individuals in the...

Read More
BEC Gang Members who Scammed More Than 50,000 Organizations Arrested
Nov26

BEC Gang Members who Scammed More Than 50,000 Organizations Arrested

Image source: INTERPOL Three members of a cybercriminal gang that has attacked more 50,000 organizations have been arrested in Lagos, Nigeria. The arrests come at the end of a year-long investigation into the prolific business email compromise scammers by INTERPOL, Group-IB, and the Nigerian Police Force. The three gang members arrested are believed to be responsible for phishing scams, BEC attacks, and malware distribution on tens of...

Read More
Warning Issued After Discovery of Scores of Spoofed FBI Websites
Nov24

Warning Issued After Discovery of Scores of Spoofed FBI Websites

Scores of domains have been identified which spoof official Federal Bureau of Investigation (FBI) websites, prompting the FBI’s Internet Crime Complaint Center to issue a warning. While the intentions of the individuals who registered the domains is not known, it is strongly suspected that the domains were intended for use in future phishing or malware distribution campaigns. The domains could be used to register email accounts that...

Read More
Use of SSL Certificates in Malware and Phishing Attacks Up 260% in 2020
Nov11

Use of SSL Certificates in Malware and Phishing Attacks Up 260% in 2020

Abuse of SSL certificates in phishing and malware attacks has increased by 260% in the first 9 months of 2020, according to a new report from Zscaler. Zscaler analyzed more than 6.6 billion threats for the report and found a major rise in the use of encryption to hide attacks. Encryption was being used across the full attack cycle, according to the researchers, including the initial delivery of malware or malicious links to the...

Read More
78% of Microsoft 365 Administrators Have Not Enabled Multi-Factor Authentication
Oct28

78% of Microsoft 365 Administrators Have Not Enabled Multi-Factor Authentication

Despite the risk of phishing attacks and email account compromises, 78% of Microsoft 365 admins have not enabled multi-factor authentication and 97% of all Microsoft 365 users are not using MFA, according to a recent report published by CoreView Research. Multi-factor authentication is one of the most effective measures to prevent stolen credentials from being used to gain access to accounts. It is alarming that so few users and...

Read More
Phishing Campaign Spoofs Microsoft Teams
Oct23

Phishing Campaign Spoofs Microsoft Teams

A large-scale phishing campaign is being conducted that spoofs Microsoft Teams in an attempt to get users to part with their Microsoft Office 365 credentials. Abnormal Security reports that up to 50,000 mailboxes have been targeted in the campaign so far. The emails appear to be automatic notifications from Microsoft with “There’s new activity in Teams” as the display name. The subject line indicates messages have been sent in Teams...

Read More