Silent Librarian Threat Group Recommenced Spear Phishing Campaign on Universities
The Silent Librarian hacker group – aka TA407 – has recommenced a spear phishing campaign targeting universities. The hacking group is known for sending spear phishing emails to university staff and students that direct the recipients to websites spoofing university and portal apps, on domains very similar to those used by the universities. The theme for the emails varies, although commonly the group spoofs university library systems...
Coalition of Tech Firms Takedown TrickBot Botnet
The backend infrastructure of the TrickBot botnet has been taken down by a coalition of tech companies and government agencies, including Microsoft ESET, NTT, Black Lotus Labs, Symantec, and FS-ISAC. The takedown is the result of several months of painstaking work involving the analysis of more than 125,000 samples of the TrickBot Trojan by the coalition members, who studied the content and extracted and mapped information about how...
Phishing Campaign Offering Inside Info on President Trump’s COVID Diagnosis and Health
Phishers commonly use lures claiming to provide further information on topics that are attracting a lot of media attention. At the start of the coronavirus pandemic, when there was little information about the virus, many phishing campaigns offered new information about the virus, updated figures on cases in the local area, information on how to protect against infection, and new cures. Now, a new coronavirus-themed phishing campaign...
Emotet Campaign Impersonates Democratic National Convention
An Emotet malware campaign is underway which has already targeted hundreds of organizations in the United States. The emails spoof the Democratic National Convention with messages claiming to be a call to action to recruit DNC volunteers across the country to help elected Democrats in the upcoming presidential election, as part of the DNC Team Blue initiative. The threat group behind Emotet, TA542, usually uses lures such as shipping...
Outbound Email Volume Grows During Pandemic, Increasing the Risk of an Email Data Breach
A recent survey conducted on 538 IT leaders has revealed 93% have experienced a data breach as a result of an email error, with 70% believing the move to remote working has increased the risk of outbound email breaches of sensitive data. The research was conducted by email security firm Egress and highlights the risk associated with outbound email and why it is important to implement an email security solution capable of scanning...
Phishing Campaign Uses Real Time Active Directory Validation of Credentials
A new phishing technique has been identified where the attackers validate Office 365 credentials in real time using Active Directory. One of the problems with many phishing landing pages is they capture credentials when they are entered by the user but no checks are performed to make sure the credentials have been entered correctly. In the event of a typo, the incorrect password or username will be captured. A phishing attack detected...
Losses to BEC Attacks Increased by 48% in Q2, 2020
New data released by Agari show there has been a significant increase in losses to business email compromise attacks in Q2, 2020, increasing by 48% from the previous quarter. Business email compromise (BEC) is a form of email fraud in which an attacker compromises an email account of an organization and uses that account to commit fraud against the organization or business contacts. Typically, these attacks aim to fraudulently obtain...
CISA Issues Guidance on Malicious Network Activity Detection and Incident Response
The Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has issued a joint Cybersecurity Advisory offering technical guidance on identifying malicious activity and remediating cyberattacks. The guidance is based on research conducted by cybersecurity authorities in Australia, Canada, New Zealand, the United Kingdom, and the United States. The guidance has been written to help incident response teams...
Phishing Campaign Offering PPE Delivers Agent Tesla RAT
Researchers at Area 1 Security have identified a phishing scam that spoofs legitimate chemical companies, exporters and importers to deliver the Agent Tesla Remote Access Trojan (RAT). The phishing emails offer the recipient personal protective equipment (PPE) such as forehead temperature thermometers, disposable face masks, and other medical supplies that have been in short supply. The emails claim that the company has started mass...
Vishing Campaign Targets Teleworkers for VPN Credentials
Teleworkers are being targeted in a vishing campaign that has been active since mid-July, according to a recent joint security advisory issued by the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA). Vishing, or voice phishing as it is also known, is a form of phishing that occurs over the telephone. As with other forms of phishing, the aim is to get the victim to disclose sensitive...
Google to Add MitM Protection Mechanism to Chrome 86 Warning Users About Insecure Forms
Google has announced that the Google Chrome browser will soon alert individuals about insecure forms on websites. Google is planning on rolling out the new feature in Chrome 86 to protect users from man-in-the-middle attacks. The new feature will generate an alert for mixed forms, which are forms on secure (HTTPS) websites that are delivered insecurely and pose a risk to users’ privacy and security. These insecure forms can be visible...
CISA Warns of Phishing Campaign Targeting SBA Loan Accounts
The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert about an ongoing phishing campaign against government agencies that is attempting to obtain credentials for Small Business Administration COVID-19 loan relief accounts. The campaign uses a spoofed version of the SBA COVID-19 relief webpage to obtain credentials, with links to the fraudulent website distributed through...
SANS Institute Suffers Phishing Attack Involving Theft of 28,000 Individuals’ Information
The SANS Institute, a leading provider of cybersecurity training and certification services, has suffered a phishing attack in which the email account of one of its employees was compromised. The phishing attack was detected on August 6, 2020 during a review of its email system configuration. The SANS Institute issued a statement confirming only a single email account was compromised, which was the result of one employee responding to...
Emotet Botnet Springs Back to Life with Massive Malspam Campaign
The Emotet botnet has sprung back to life after a 5-month break and is being used to send large volumes of spam emails containing malicious URLs and attachments. Emotet malware was the biggest malware threat in 2018 and 2019, but the botnet has been quiet for much of 2020. The Emotet botnet often has periods of dormancy, before springing back to life and sending huge volumes of spam email. When Emotet went quiet in early 2020, it was...
Twitter Confirms Admin Tool Hacked and Used in Massive Cryptocurrency Scam
Several high-profile Twitter accounts have been ‘hacked’ and used in a major cryptocurrency scam. The first Tweets were sent from the accounts around 3pm on July 15, 2020 and asked account followers to transfer Bitcoin to a specific address. In return, the account holder promised to double the amount sent. The Twitter accounts of Elon Musk, Bill Gates, Jeff Bezos, Kanye West, Kim Kardashian, Michael Bloomberg, Joe Biden, Barack Obama,...
95% of Brits Unable to Correctly Distinguish Phishing and Genuine Messages
A recent phishing study conducted by the UK firm, Computer Disposals Limited, has revealed British workers struggle to identify phishing attacks, with only 5% of participants in the study able to identify all phishing attempts in the test. The study was conducted on 1,000 individuals who were given a quiz consisting of messages and emails from well known brands such as Amazon, Netflix, Disney Plus, emails from the UK government and...
BEC Gangs Abandon C-Suite Executives in Favor of Attacks on Finance Employees
A recent report from Abnormal Security suggests business email compromise gangs have changed tactics and have new targets in their sights. BEC gangs have historically targeted C-Suite executives using phishing emails to obtain their credentials to access their email accounts in what is often referred to as whaling attacks. C-Suite email accounts are valuable as they can be used to target other individuals in the organization. These...
Microsoft’s COVID-19 Threat Analysis Reveals Attackers Adapt Campaigns to Local Events
Many threat actors have adopted COVID-19 themed lures in phishing campaigns and for distributing malware, but the proportion of COVID-19 related threats is much lower than the headlines suggest, according to a recent report from Microsoft. In fact, Microsoft’s figures suggest only about 2% of all threats were related to COVID-19 and coronavirus over the past 4 months. Microsoft has previously reported that while there have been many...
113 Email Accounts Compromised in NHS Phishing Attack
The UK’s National Health Service (NHS) has suffered a phishing attack that saw 113 NHSmail email accounts compromised and used to send malicious emails to external recipients. According to NHS Digital, the breach occurred between Saturday May 30, 2020 and Monday 1, June 2020. While 113 email accounts represent a sizeable breach, NHS Digital points out only 0.008% of its email accounts were compromised. The attack appears to be part of...
Fake CVs, Medical Leave Forms, Voicemail Alerts Used as Lures in Phishing Attacks
Researchers at Check Point have issued a warning that cybercriminals are using fake CVs, resumes, and medical leave forms to spread malware such as banking Trojans and information stealers. Many Americans have lost their jobs as a result of the COVID-19 pandemic. Unemployment is now at the highest level it has ever been in the United States, so a great many Americans will now be looking for work. It is therefore no surprise that...
TrickBot Trojan Operators Delivering New BazarBackdoor Malware via Phishing Campaign
The TrickBot Trojan operators are distributing a new backdoor named BazarBackdoor in targeted phishing attacks on businesses. BazarBackdoor is a stealthy backdoor that gives the attackers full access to corporate networks. The malware is being distributed via spear phishing emails that are well written and convincing. Several different lures are used in the campaign including employee termination lists, customer complaints, and...
Updated Valek Malware Used in Targeted Attacks on U.S and German Enterprises
Enterprises in the United States and Germany are being targeted in a phishing campaign spreading Valek malware, according to researchers at Cybereason Nocturnus. Valek is a popular malware loader that was first identified in 2019. Valek has previously been distributed in phishing campaigns to deliver banking Trojans such as Ursnif and IcedID. Valek is active development and new versions are frequently released. According to a recent...
67 Percent of Breaches Caused by Credential Theft, User Error, and Social Attacks
The Verizon 2020 Data Breach Investigations Report shows financial gain is the biggest motivator for cyberattacks, accounting for 86% of the 32,002 security incidents analyzed for this year’s report, up from 71% in 2019. 55% of the financially motivated attacks were conducted by cybercriminal organizations with healthcare records being a preferred target (resulting in HIPAA compliance breaches). The majority of data breaches involve...
Nigerian BEC Gang Targeting COVID-19 Unemployment Benefits and CARES Act Payments
A Nigerian cybercriminal organization known as Scattered Canary has submitted hundreds of fraudulent claims for unemployment benefits and COVID-19 relief fund payments that have been made available under the CARES Act in the United States. Scattered Canary is one of the most prolific business email compromise (BEC) gangs operating out of Nigeria and employs dozens of individuals to conduct email scams. The scammers have submitted at...
Massive Phishing Campaign Distributing Legitimate Remote Admin Tool as RAT
A phishing campaign has been detected that exploits the COVID-19 pandemic to spread a legitimate remote administration tool which is being used as a remote access Trojan. If installed, the attacker will have full control of an infected device. The “massive campaign” was detected by the Microsoft Security Intelligence team, which intercepted emails using malicious Excel spreadsheets to install the NetSupport Manager remote...
COVID-19 Themed Cyberattacks Have Increased by 30% in the Past Two Weeks
There has been a sharp increase in the number of COVID-19 themed cyberattacks in the past two weeks according to Check Point. Check Point has been tracking phishing attacks and other cybersecurity incidents and identified 192,000 COVID-19 themed attacks in the past two weeks. Most of the cyberattacks were phishing attacks where authorities on SARS-CoV-2 such as the World Health Organization (WHO) and the Centers for Disease Control...
13% of Organizations Have Experienced a Cyberattack During the COVID-19 Pandemic
The transition from a largely office-based workforce to having most employees working from home has left many organizations exposed to cyberattacks. While having employees working from home does not necessarily mean a weakening of security defenses, the problem has been the speed at which the changes had to be made. The rapid change to an at-home workforce as a result of the Covid-19 pandemic has meant organizations have not had...
Clop Ransomware Gang Publishes ExecuPharm Data After Non-Payment of Ransom
The U.S. pharmaceutical company ExecuPharm recently announced it suffered a ransomware attack on March 13, in which certain corporate and employee information was compromised. The attack started with phishing emails sent to its employees, with the subsequent investigation indicating the attackers may have viewed or obtained sensitive data prior to the deployment of the ransomware. The types of data that were potentially compromised...
Phishing Campaign Claims Tens of Millions of Euros of Government COVID-19 Payouts
A phishing campaign has resulted in losses of tens of millions of Euros for the German North-Rhine-Westphalia (NRW) government. The NRW government’s Ministry of Economic Affairs set up a website for self-employed individuals and businesses in the province to request financial relief due to the 2019 Novel Coronavirus pandemic. Requests could be submitted through the site to receive emergency aid funding. However, a copycat site was...
FTC: Coronavirus and COVID-19 Scams Result in Losses of $12.78 Million in 2020
Figures released by the U.S. Federal Trade Commission (FTC) have revealed the extent of losses to coronavirus and COVID-19 scams in 2020. The FTC received 16,778 reported complaints of consumer fraud in relation to the 2019 Novel Coronavirus between January 1, 2020 and April 12, 2020. Around 46% of those reported cases of fraud involved financial losses, which totaled $12.78 million during that period. The median loss was $570. The...
INTERPOL Issues Warning About Increase in Ransomware Attacks on Hospitals
Hospitals, research facilities and other healthcare organizations on the front line in the fight against the 2019 Novel Coronavirus and Covid-19 are not only facing incredible challenges treating patients, they are also having to fend off ransomware attacks. Some threat groups have publicly stated that they will not be attacking healthcare organizations during the COVID-19 public health emergency, but there are still some highly...
Phishing Campaigns Using Offer of Coronavirus Financial Relief as Lure
Governments around the world are developing financial relief packages to help citizens that have been unable to work due to the coronavirus and are facing extreme financial difficulties, and cybercriminals are taking advantage. Campaigns have been detected that use the offer of financial relief due to the coronavirus pandemic as a lure to trick people into disclosing sensitive information or installing malware. Over the past few...
Database Containing Extensive Information of 200 Million Americans Exposed Online
A database on the Google Cloud platform containing 800 gigabytes of data and over 200 million user records has been misconfigured and was exposed online, according to researchers at CyberNews. The database contained a folder that included detailed information on around 200 million Americans, including full names, phone numbers, email addresses, dates of birth, credit ratings, home addresses, mortgaged property addresses, number of...
WHO Director-General Impersonated in Spam Campaign Delivering HawkEye Keylogger and Malware Downloader
Another coronavirus-themed phishing campaign has been detected impersonating the World Health Organization (WHO), or more specifically, the Director-General of WHO, Dr. Tedros Adhanom Ghebreyesus. The campaign was identified by security researchers at IBM X-Force Threat Intelligence who report that several waves of spam have already been delivered. The threat actors behind the campaign are using spam emails to distribute a malware...
Microsoft Announces Takedown of Necurs Botnet
Microsoft has announced it has seized the U.S. command and control infrastructure of the Necurs botnet and has taken steps to prevent the infrastructure from being recreated. The Necurs botnet is one of the largest spamming and malware distribution networks ever created. The botnet consists of more than 9 million zombie devices that have been infected with Necurs malware and are under the control of the botnet operators. The botnet is...
What is a DNS Filter?
In this post we explain what a DNS filter is, why DNS filtering is important for cybersecurity, and other advantages of DNS filtering, but first it is useful to explain what the DNS is and why it is essential to the correct functioning of the internet. What is the Domain Name System? The Domain Name System (DNS) is the brainchild of Paul Mockapetris. In 1983, Mockapetris and his team developed the DNS to support the growth of email...
74% of Phishing Sites Now Use HTTPS
The latest phishing activity trends report from the Anti-Phishing Working Group (APWG) shows a decline in the number of detected phishing sites after the 3-year high seen in Q3, 2019. Between October 2019 and December 2019, 162,155 phishing sites were detected, down from 266,387 in Q3. In Q4, 2019, the number of phishing site detections was closer to the mean level in 2019. An average of 333 brands were impersonated in phishing...
Phishers’ Favorite Report Reveals Massive Increase in WhatsApp Phishing URLs
The Q4, 2019 Phishers’ Favorite report from email security firm Vade Secure shows PayPal is the most impersonated brand in phishing attacks, making it two successive quarters at the top of the list. In Q4, 2019, Vade Secure detected 11,392 new PayPal phishing URLs at a rate of 124 new URLs a day. While the number of new PayPal URLs fell 31.2% from Q3, 2019, detections are up 23% on this time last year. Second place went to Facebook,...
Fresh Warnings Issued About Coronavirus Phishing Scams
Fresh warnings have been issued about coronavirus phishing scams that are being conducted to steal sensitive data and spread malware. Multiple threat actors are taking advantage of fear about COVID-19 to conduct attacks, and as February has progressed, the number of COVID-19-themed phishing campaigns has increased dramatically. Earlier this month, the U.S. Federal Trade Commission (FTC) issued an alert warning that cybercriminals were...
Phishing Attack Results in $2.6 Million Loss for Puerto Rico Government
A Puerto Rican government employee has been duped by a phishing scam and wired more than $2.6 million to an account controlled by the scammers. The money had been allocated for remittance payments and was sent to a seemingly legitimate bank account on January 17, but it was later discovered that the transfer was fraudulent. The Puerto Rico government has managed to freeze some of the funds, and efforts are ongoing to recover the...
BEC Attacks Account for More Than Half of All Losses to Cybercrime
Business email compromise attacks are the most financially damaging form of cybercrime, according to the 2019 Internet Crime Report from the FBI’s Internet Crime Complaint Center (IC3). In 2019, IC3 received 467,361 complaints about cybercrime and victims of those crimes reported losses of $3.5 billion. BEC attacks only accounted for 23,775 of those attacks (5.08%), yet they resulted in losses of $1.77 billion – 50.57% of all reported...
Threat from Phishing Highlighted on Safer Internet Day
Today is Safer Internet Day, a global event aimed at promoting safer use of online technology and the creation of a safe and stimulating online environment for everyone. Making the internet a safe and better place for children is a major focus of this year’s events. Initiatives have been launched to promote the benefits of the internet and draw attention to the risks of internet use. The internet can be a dangerous place and...
Ashley Madison Extortion Scams Show Repercussions from Data Breaches Can Last Forever
Almost five years ago, Ashley Madison experienced a massive data breach. Hackers stole the information from 32 million accounts and the data was dumped online. Included in that data set were names, phone numbers, addresses, credit card details, passwords and other sensitive information. That information was used in a plethora of scams, spam campaigns, and many users suffered fraud as a result. There were even several suicides as a...
Evil Corp Resumes Operations Using New Phishing Tactic to Deliver RAT
A hacking group known as Evil Corp, aka TA505, has resumed its malicious activities and has adopted a new phishing tactic for delivering malware. The hacking group has been active since at least 2014 and primarily targets financial institutions and retailers. Large spam campaigns are conducted using the Necurs botnet. Evil Corp was targeted by law enforcement in the United States in late 2019 with U.S. authorities offering up to $5...
Beware of Coronavirus Themed Phishing Attacks
The novel coronavirus that originated in the province of Wuhan in China has now spread to other countries, with Japan and Thailand the worst affected so far with 14 cases. People are naturally worried about infection and with good reason. More than 200 people are known to have died so far. In Japan, people have been receiving emails warning of new infections in their prefectures. The emails have file attachments that appear to be...
55% of Organizations Were Successfully Phished in 2019
Phishing is the most common method of attacking organizations and it continues to cause problems for IT departments and considerable losses for organizations. A new report from Proofpoint has revealed the extent of phishing and how often the attacks succeed. The data for the report came from a survey of more than 3,500 working adults and 600 cybersecurity professionals in Australia, France, Germany, Japan, Spain, the United States,...
CISA Warns of Increase in Emotet Malware Activity
The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning over an increase in Emotet malware activity. The Emotet botnet sprung back to life on January 13, 2020 with largescale spamming campaigns detected spreading the Emotet Trojan. The Emotet Trojan is a modular malware that serves as a banking Trojan, information stealer, and malware downloader. The Trojan can move...
Microsoft Database of 250 Million Records Exposed Online
Microsoft has announced that one of its databases has been accidentally exposed online. The database could over the internet without the need for authentication. The database was found by security researchers at Comparitech, who reported the security issue to Microsoft. Microsoft immediately secured the database and launched an investigation to determine how long the data had been exposed and whether it had been accessed by...
TitanHQ’s Web and Email Security Solutions Now Available for Pax8 Partners
Pax8, the multi-award-winning cloud distribution company, has formed a new strategic partnership with TitanHQ, the leading provider of cloud-based email and web security solutions for managed service providers serving the SMB market. In order to block an increasingly diverse range of cyberthreats and effectively mitigate risk, a layered approach to security is required. Cybersecurity solutions need to be used to protect mobile...
Microsoft Takes Down 50 Phishing Domains Used by North Korea-Backed Threat Group
Microsoft has sought help from the courts to take down domains used by the North Korea-backed hacking group, Thallium (APT37). After securing the court order from the U.S. District Court for the Eastern District of Virginia, 50 that were being used by the hacking group to attack the United States have now been seized. Microsoft’s Digital Crimes Unit (DCU) and Threat Intelligence Center (MSTIC) have been tracking the activity of the...
SpamTitan Scores Big on Business Review Websites
TitanHQ is the leading provider of cloud-based email security to Managed Service Providers (MSPs) serving the SMB market and its email security solution, SpamTitan, is well loved by SMBs and MSPs alike. SpamTitan is consistently rated highly by end users on the leading business software review sites and is routinely awarded scores in excess of 4.5 out of 5 by end users, with a high percentage giving top marks across all rating...
Microsoft Issues Warning About Spear Phishing Attacks
Phishing attacks have been increasing steadily throughout 2019. Most of the phishing emails being sent are part of large campaigns sent randomly using huge lists of email addresses, but not all. Some of the campaigns are far more targeted and are sent to only a handful of individuals – To individuals in a specific department in a company, for instance. Some of the attacks are even more targeted and are just sent one person. These...
Google Sent 12,000 Warnings About State-Sponsored Phishing and Hacking Campaigns in Q3, 2019
A recent report from Google’s Threat Analysis Group (TAG) has shed light on the extent to which government-sponsored hacking and phishing campaigns are being conducted. In Q3, 2019, Google sent more than 12,000 warnings to users about state-sponsored phishing campaigns. These hacking, phishing, and disinformation campaigns have remained steady over the past two years, with a similar number of warnings issued in the corresponding...
Phishing Attacks at Highest Level Since 2016
A new report from the Anti-Phishing Working Group (APWG) shows phishing attacks are occurring at levels not seen since 2016. The quarterly phishing reports from APWG are compiled from data supplied by APWG members such as Agari, MarkMonitor, RIskIQ, and PhishLabs. The reports provide insights into the methods used by phishers and the extent to which businesses and consumers are being attacked. In Q3, 2019, more than 86,000 unique...
New Phishing Campaign Detected Targeting Office 365 Administrators
PhishLabs has identified an ongoing phishing campaign targeting Office 365 administrators. The aim of the campaign is to obtain Office 365 admin credentials. Phishers face several challenges. Their own domains are likely to have a low trust score, which makes it easy for antispam solutions to identify their messages as malicious. To get around this issue, they need to obtain the credentials for a legitimate email account on a clean...
CISA Issues Warning About Holiday Season Scams
‘Tis the season to be jolly, especially if you are a scammer. In the run up to holiday season, cybercriminals go into overdrive and are ready and waiting to take advantage of the millions of online shoppers looking to secure a bargain. Holiday season scams are plentiful, highly varied, convincing, and often successful. This year, the U.S. government is warning consumers to be on high alert for holiday season scams that aim to obtain...
Office 365 Users Targeted with Phishing Emails Containing Incomplete Voicemail Messages
A phishing campaign has been identified targeting Office 365 users that includes an incomplete voicemail message as a lure to get them to visit a malicious website and enter their Office 365 credentials. The emails have been crafted to appear as automated messages from Microsoft that require “immediate attention.” The messages include a summary of the call and voicemail message, such as the telephone number, the date the message was...
Phishing Campaign Identified Targeting NGOs and United Nations
A sophisticated spear phishing campaign has been identified by security researchers at Lookout Inc. that is targeting the United Nations and nongovernment organizations (NGOs). The spear phishing campaign has targeted United Nations officials, the Red Cross, Red Crescent societies the Heritage Foundation and other NGOs. It is not known who is behind the campaign, but the malicious sites are hosted in Malaysia on IPs that have...
7.5 Million Adobe Creative Cloud Users Warned of Data Breach
Adobe has announced that a vulnerability has exposed the private information of approximately 7.5 million Adobe Creative Cloud users. The information was contained in an Elasticsearch database, which could be accessed by anyone via a web browser without any authentication required. Fortunately, only basic customer information was exposed. No financial information or passwords were stored in the database, only basic information about...
145 Month Jail Term for U.S. Superior Court Hacker Who Used LASC System to Send Phishing Emails
In July 2017, Oriyomi Sadiq Aloba, 33, of Katy, TX, hacked into the computer system of the Los Angeles Superior Court (LASC). Aloba conducted a phishing attack and compromised the email account of a LASC worker. That individual’s email account was then used to send spear phishing emails to other Superior Court employees. The phishing emails included a link to a shared file on Dropbox. Instead, the link directed employees to a website...
Gartner Peer Insights Customers’ Choice for Email Security for 2019
The Lexington, MA-based email security company Mimecast has been named a Gartner Peer Insights Customers’ Choice for Email Security for 2019. Gartner Peer Insights is a review platform for IT products and services where users of software and services can submit reviews of their experiences with the solutions. The platform includes more than 215,000 verified customer reviews in 340 markets. When sufficient numbers of reviews are...
Research Universities Targeted by ‘Silent Librarian’ Hacking Group
The start of the academic year has seen the Silent Librarian (TA407) hacking group launch new phishing campaigns targeting research universities. The hacking group is believed to be backed by the Iranian government and is highly active at the start and end of an academic year. The campaigns were detected by security researchers at Proofpoint and Secureworks, who intercepted several emails containing hyperlinks to malicious websites...
Business Email Compromise Attacks Increased by 269% in Q2, 2019
Figures from Mimecast show there has been a sharp rise in business email compromise (BEC) attacks in Q2, 2019. Compared to Q1, 2019, BEC attacks increased by 269% in Q2. Business email compromise attacks involve the use of a compromised business email account to conduct attacks on employees within the organization or their customers. The latter are now much more common than CEO fraud attacks, which involve impersonating the CEO and...
SpamTitan Named Leader in G2 Crowd 2019 Summer Grid Report for Cloud Email Security
The independent business software review platform, G2 Crowd, has named SpamTitan leader in cloud email security in its Grid Summer 2019 Report. This is the third consecutive quarter where SpamTitan has been named leader in cloud-based email security, and this quarter is joined by Proofpoint Email Security Protection and Barracuda Email Security Gateway. The G2 Crowd Grid reports rate companies based on market presence and customer...
Don’t Neglect the Human Factor – Employee Security Awareness Training is Essential
Cybercriminals are attacking businesses by exploiting the weakest link in the security chain – Employees. Attacks exploiting the human factor are far easier to pull off that attempting to find remote code execution vulnerabilities. They are also much quicker and less resource-heavy than brute force attacks. A single phishing email can be all it takes for malware to be installed on a network or for account credentials and sensitive...
Two Thirds of UK Employees Do Not Receive Regular Email Security Training
A recent study by cybersecurity firm Tessian suggests two thirds of UK employees do not receive regular email security training in the workplace. Consequently, UK firms face a high risk of experiencing a costly phishing attack or malware/ransomware infection. For the study, Tessian conducted a survey on 1,000 UK workers at firms with more than 100 employees. Only a third of respondents said their employer provided regular security...
43% of UK SMEs Have Experienced an Email Impersonation Attack in the Past 12 Months
43% of UK small and medium-sized enterprises (SMEs) in the United Kingdom have experienced a business email compromise (BEC) or email impersonation attack in the past 12 months, according to a new study by data analytics firm, CybSafe. For the study, CybSafe surveyed 250 IT decision makers from SMEs in the United Kingdom and asked about the cybersecurity incidents they had experienced and the measures they have put in place to thwart...
Digital Extortion and Fileless Malware Attacks Have Soared in 1H, 2019
The first 6 months of 2019 have seen significant increases in business email compromise (BEC) attacks, ransomware attacks, and other forms of cyber extortion, according to a mid-year cybersecurity roundup from Trend Micro. The report, titled Evasive Threats, Pervasive Effects, provides insights into the current threat landscape and the main threats currently faced by businesses. Ransomware attacks have increased significantly, but the...
Multi-Factor Authentication Stops 99.9% of Automated Cyberattacks
A new report from Microsoft suggests 99.9% of all automated cyberattacks on Microsoft platforms and other online services are blocked by multi-factor authentication, highlighting the importance of this security measure for stopping data breaches. Microsoft says that there are more than 300 million fraudulent sign-in attempts to Microsoft cloud services every day and that figure is steadily growing. There are also around 167 million...
IRS Warns of Phishing Scam Targeting Taxpayers and Tax Professionals
The Internal Revenue Service (IRS) has issued a warning to U.S. taxpayers and tax professionals about a new nationwide phishing campaign that is spreading keylogging malware. The emails appear to have been sent by the IRS and alerts taxpayers and tax professionals to an issue with their electronic tax returns. Users are required to click the link in the email to access information about their tax refund. The emails include a hyperlink...
Researchers Provide Insights into Motivations Behind Healthcare Cyberattacks
A new report from FireEye provides insights into the motivations behind cyberattacks on U.S. healthcare organizations. The report shows patient information is not the only type of sensitive data being sought. There has been a marked increase in cyberattacks on cancer research institutes and medical institutions for the research data they hold. The attacks are being conducted by Advanced Persistent Threat (APT) groups affiliated to...
Study Highlights Risk of Lateral Phishing Attacks
Phishing is the use of impersonation to trick another person into disclosing sensitive information. Phishing can take place over the Internet, telephone, or via text message, but email is the most common attack vector. There are many reasons for compromising email accounts and a variety of tactics are used depending on the end goal. With Business Email Compromise (BEC) the aim is to gain access to the CEO’s email account and use it to...
Custom 404 Pages Used to Serve Fake Microsoft Office 365 Login Forms
A new phishing campaign has been detected by security researchers at Microsoft that uses custom 404 pages to display a fake Office 365 login form. A single domain is used in this campaign and a custom 404 page is created that displays the fake Office 365 login form. The custom 404 page is displayed when any visitor to the website attempts to visit a non-existent web page. Since any URL could be entered to generate the 404 page, the...
New Threat Intelligence Report Provides Insights into Email-Based Malware Attacks
A new report has been released that contains an analysis of the most common malware threats that are delivered via email, the most targeted industry sectors, and some of the tactics and techniques cybercriminals are using to infiltrate business networks. For its Threat Intelligence Report: Black Hat Edition 2019, Mimecast analyzed more than 67 billion emails that its email security solution rejected from more than 160 billion messages...
Massive 540+ Website Spoofing Campaign Identified
A massive spoofing campaign has been detected targeting customers of Walmart and other well-known brand which attempts to get them to part with sensitive personal information. The campaign was detected by DomainTools, which identified more than 540 malicious domains that had been set up by the same threat actor. The websites included job sites, online dating sites, movie download sites, and numerous sites targeting fortune 500 brands...
TitanHQ Partners with Leading UK MSP, OneStopIT
TitanHQ has announced it has partnered with one of the leading managed service providers in the UK, OneStopIT. Edinburgh-based OneStopIT was formed in 2003 to help small- and medium-sized businesses implement enterprise-grade IT solutions and best practices at an affordable price. Under the new partnership, OneStopIT will be offering its customers protection from email threats with SpamTitan Email Security, web-based threat protection...
U.S. Utilities Targeted in Phishing Campaign Spreading New RAT
U.S. utilities are being targeted in a phishing campaign distributing a new malware variant called LookBack. The spear phishing campaign impersonates a U.S. engineering licensing board and lures recipients into opening an attached Word document. The emails impersonate the U.S. National Council of Examiners for Engineering and Surveying (NCEES) and claim that the recipient has failed an NCEES examination. Further information about the...
Mid-Year Threat Report Shows Rise in Ransomware-as-a-Service and IoT Malware Threats
SonicWall’s 2019 Cyber Threat Report shows a there has been a 20% fall in malware attacks in the first half of 2019, but there have been increases in IoT malware, ransomware, cryptojacking, and encrypted threats. Globally, ransomware attacks have increased by 15% in the first 6 months of 2019, with the United Kingdom being increasingly targeted. Ransomware attacks in the UK are up 195% in 2019. The rise in attacks is largely due to...
Vade Secure Adds Auto-Remediate Feature to its Office 365 Email Security Solution
Vade Secure has announced it has launched a new email security feature for Managed Service providers (MSPs) to allow them to better protect their clients’ Office 365 environments with minimal management overhead. The new feature – Auto-Remediate for Vade Secure for Office 365 – provides a layer of continuous, automated protection for Office 365 through the use of artificial intelligence and machine learning. Vade Secure uses...
Phishing Campaign Targets Administrator Credentials with Office Alerts
A new phishing campaign has been identified which uses Office 365 admin alerts as a lure to get administrators to click and disclose their login credentials. A hacker can use phishing emails to obtain Office 365 credentials and gain access to an employee’s email account. That account can be used to send further phishing emails to contacts and colleagues. The hacker also has access to sensitive data in emails and email attachments. If...
Phishing Campaign Uses Fake Office 365 Site to Download Trickbot Trojan
The Trickbot Trojan is being distributed via a new fake Office 365 phishing website. The website is virtually identical to official Microsoft Office 365 site, complete with a realistic looking URL – get-office365[.]live. Nothing appears untoward on the site. Even all the URLs point to webpages on Microsoft domains. However, a few seconds after landing on the site a popup warning will appear from either the Chrome Update Center...
Phishing Campaign Uses SHTML Files to Redirect Users to Malicious Websites
A novel new phishing campaign has been detected that uses an unusual method of directing users to malicious websites that harvest credentials. Phishing campaigns typically use embedded hyperlinks in the message body. Advanced email security solutions can detect and assess the URLs to determine whether they are malicious. To get around this, hyperlinks are often hidden in documents or macros or scripts are hidden in other types of...
$301 Million Lost to BEC Scams Every Month
The number of successful Business Email Compromise (BEC) scams has increased significantly over the past two years, according to a new financial trend analysis report from FinCEN. BEC scams involve gaining access to a business email account and using that account to send a request to the payroll or accounts department requesting a wire transfer be made. In order for the scam to work, the compromised account must belong to someone who...
2019 Beyond the Phish Report Reveals Employees Have Significant Cybersecurity Knowledge Gaps
A survey conducted by the Sunnyvale, CA-based cybersecurity company Proofpoint has revealed end users are unsure how to protect sensitive data and lack the skills to identify phishing threats. For the latest Beyond the Phish report, Proofpoint analyzed the responses to almost 130 million cybersecurity questions in 14 categories. The survey was conducted on employees in 16 industries across 20 different department classifications. The...
City of Griffin Wires $800,000 to BEC Scammers
A business email compromise attack on the city of Griffin, GA, has resulted in two payments totaling $800,000 being made to accounts controlled by the scammers. Business email compromise (BEC) attacks are scams in which the email account of a company is compromised and used to send a request to the finance department or a third party to make a fraudulent wire transfer payment. Access to the email is usually gained with a spear...
Phishing-as-a-Service Helping to Fuel Increase in Phishing Attacks
If a task is time consuming or difficult, there is usually someone willing to offer it as a service. That can now be said of phishing. There are a growing number of criminals offering phishing-as-a-service to help wanna-be criminals conduct phishing campaigns. At the basic level, phishing is a relatively straightforward way of attacking an organization. It is also low cost and requires little in the way of hacking skill. That said,...
General Catalyst Enters into €70 Million Finance Agreement with Vade Secure
Vade Secure has announced it has secured €70 million in funding from General Catalyst. The money will be invested in machine learning technology for its predictive email security solution to improve its threat detection capabilities and for improvements to its email security solution for Office 365. Vade Secure is also planning a major global expansion and part of the finance will be used to expand its global footprint and accelerate...
Emotet was the Biggest Email Threat in Q1
A new report from Proofpoint has confirmed Emotet was the biggest email-based threat in the first quarter of 2019. The popularity of the malware is not surprising. While Emotet was once just a banking Trojan, it can now be used to deliver other malware variants and can even distribute itself automatically by sending copies of itself via spam email on a compromised device. Emotet is now classed as a botnet, as it is being used to...
TrickBot Trojan Now Using URL Redirects to Fool End Users and Cybersecurity Solutions
The Trickbot banking Trojan is one of the biggest cyber threats faced by businesses. Trickbot is primarily a banking Trojan that is used to obtain login credentials to online bank accounts. The malware can also steal from Bitcoin wallets and harvest email credentials and steal other sensitive data. The malware is one of the most active banking Trojans in use, second only to Emotet. The malware is primarily distributed via spam and...
International Law Enforcement Operation Shuts Down Goznym Malware Gang
The international criminal gang behind the infamous Goznym malware has been disbanded following a complex law enforcement investigation in Bulgaria, Germany, Georgia, Moldova, Ukraine, and the United States. The investigation has resulted in indictments for ten defendants, five of whom have been apprehended: Two in Germany, one in Bulgaria, one in Moldova, and the alleged leader of the gang in Georgia. Five Russian nationals involved...
DHS Cybersecurity and Infrastructure Security Agency Issues Guidelines for O365 Migrations
The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has issued a set of guidelines and best practices to help organizations migrate to Microsoft Office 365 and avoid introducing vulnerabilities that could make it easier for cybercriminals to conduct attacks and gain access to Office 365 accounts. There has been a major increase in the number of organizations that have transitioned to...
Antivirus Tool Used by Dharma Ransomware to Hide Malicious Activity
Security researchers at Trend Micro have discovered the threat actors behind Dharma ransomware are using a legitimate AV tool to hide the malicious activities of their ransomware. Dharma ransomware first surfaced in 2016 and has since been used in many attacks on businesses, in particular attacks on healthcare organizations in the United States. The ransomware variant is distributed via spam email which contains a link to a web page...
Chinese Nationals Charged over 78.8 Million-Record Anthem Inc Hack
The U.S. Department of Justice has announced that two Chinese nationals have been charged over the 2015 hacking of Anthem Inc., and three other cyberattacks on U.S. businesses. In February 2015, Anthem Inc., discovered its systems had been infiltrated. Further investigation revealed the records of 78.8 million plan members had been stolen in what was, and still is, the largest healthcare data breach ever to be discovered. On Thursday,...
Verizon 2019 Data Breach Investigations Report Reveals Latest Cyberattack Trends
Verizon has released its 2019 Data Breach Investigations Report. The annual report provides an in-depth analysis of global data breaches, new cyberattack trends, and an overview of the current threat landscape. This is the 12th consecutive year that Verizon has produced the report and this year’s instalment is most extensive DBIR report released to date. Verizon now collects data from 73 sources and included 41,686 reported security...
Popular Mail Clients Vulnerable to Digital Signature Spoofing Attacks
Digital signatures confirm the sender of an email is genuine, that an email is authentic, and has not been intercepted and altered in transit. However, vulnerabilities have been identified in the implementation of digital signature technology in several popular email clients which could be exploited in digital signature spoofing attacks. Were that to happen, the recipient of an email would likely believe the communication is genuine...
Biggest Malware Threats in Healthcare Revealed
A recent report from Malwarebytes has revealed Trojans are the biggest malware threat. Trojans account for 79% of all malware detected on healthcare systems by Malwarebytes. The Emotet Trojan is the leading malware variant, accounting for 37% of all detected Trojans. While the Emotet Trojan was once just a banking Trojan concerned with obtaining credentials to online bank accounts, it has since evolved to include a wide range of...
Latest Phishing Attack Trends Revealed
Proofpoint has released its Q4 2018 quarterly threat analysis which reveals the latest phishing attack trends and provides an insight into the types of individuals being targeted in email attacks. Email attacks on businesses are conducted for a variety of reasons, most commonly to fool employees into installing malware or ransomware, to obtain login credentials, or convince employees to make fraudulent wire transfers or divulge...
FBI’S 2018 Internet Crime Report Shows Massive Increase in BEC Attack Losses
The Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3) has released its 2018 Internet Crime Report which shows there was a dramatic rise in losses due to cybercrime in 2018. In 2018, IC3 received 351,936 complaints involving more than $2.7 billion in losses. That represents an increase in losses of more than 92% compared to 2017. 2018 accounted for 36% of all losses from the past five years and complaints about...
Security Researcher Who Thwarted WannaCry Ransomware Pleads Guilty to Malware Development and Distribution
The security researcher who identified and activated the kill switch in WannaCry ransomware in 2017 and played a critical role in stopping the global attacks has pleaded guilty to helping to develop and distribute banking Trojans. Marcus Hutchins (aka MalwareTech) was initially called a hero for his role in blocking the WannaCry attacks in May 2017; however, in August of the same year, he was arrested by the FBI in the United States...
Google to Start Blocking Logins from Embedded Browsers to Help Combat MitM Attacks
Sign-ins to Google from embedded browser frameworks will soon be blocked. Google announced on Thursday, April 18 that the change is being made to improve protections against man-in-the-middle (MitM) attacks. Embedded browser frameworks are often used in phishing attacks to automate user activity. If a user visits a phishing website that spoofs the Google login page and is requested to enter their Google credentials, the attacker could...