Phishing Attacks Increased by 40.9% in 2018
The 2019 Phishing Trends and Intelligence Report from PhishLabs shows there was a 40.9% increase in phishing attacks in 2018. Attacks increased steadily during Q1 and continued at a high level in Q2 and Q3, with a decline in attacks in Q4. The analysis of attacks shows the tactics used by cybercriminals are constantly changing. New types of attacks were detected in 2018 which exploited changes in the digital landscape. Targets also...
DHS and FBI Issue Warning About New North Korean Hoplight Trojan
The U.S Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have both issued advisories about a new Trojan called Hoplight which is being used by the Lazarus APT group. Lazarus is a North Korea-backed hacking group, also known as Hidden Cobra, Zinc, and Nickel Academy. The hacking group primarily uses spear phishing to install malware on high value targets. The group is primarily concerned with...
A Quarter of Phishing Emails Bypass Office 365 Anti-Phishing Defenses
Microsoft Office 365 default anti-phishing defenses are bypassed by a quarter of all phishing emails, according to new research from cybersecurity firm Avanan. Avanan conducted a study of 52 million emails which had been assessed by Office 365 Exchange Online Protection (EOP). 25% of phishing emails were determined to be non-malicious and were delivered to inboxes. In addition, a further 5.3% of emails were delivered as they had been...
Tech Companies Still Not Implementing DMARC to Block Phishing Attacks
A recent study by Valimail has revealed only 10.5% of large tech companies have correctly implemented the DMARC email authentication protocol to block phishing attacks that spoof email domains. There are several frameworks and protocols that can be adopted to help prevent domain spoofing and authenticate emails. These are Domain-based Message Authentication, Reporting, and Conformance (DMARC), Sender Policy Framework (SPF),...
Europol Meets with Industry Leaders to Discuss Ways to Combat Phishing
Europol has hosted a meeting with 70 industry experts to discuss ways to tackle the growing problem of phishing and business email compromise attacks. According to the 2018 Verizon Data Breach Investigations Report, a single spear phishing attack costs a business an average of $1.6 million to resolve. The FBI reports that business email compromise attacks have resulted in losses of more than $12.5 billion since October 2013. To tackle...
Webinar: New DMARC and Sandboxing Features of SpamTitan Email Security Solution Explained
Cybercriminals are launching ever more sophisticated attacks on businesses, which require more powerful cybersecurity solutions to protect against attacks. One of the most common methods of attack is email and this is an area where security defenses often fall short. Even with robust perimeter defenses, cybercriminals can gain access to business networks by targeting the weakest link: Employees. Phishing attacks are becoming more...
New Report Identifies Latest Spear Phishing Trends
Researchers at email security firm Barracuda have conducted a study to identify current spear phishing trends and the tactics most commonly used to attack businesses and obtain sensitive information. Spear phishing is a highly targeted form of phishing. Campaigns tend to involve low numbers of emails that have been carefully crafted for attacks on a particular industry, company, or individual. Targets are usually researched, and...
MFA Bypassed in IMAP-Based Attacks on Office 365 and G Suite Accounts
Multi-factor authentication can prevent accounts from being accessed if passwords are stolen or obtained using brute force tactics; however, Proofpoint has discovered that multi-factor authentication is being bypassed on Office 365 and G Suite accounts using the legacy IMAP protocol. The IMAP authentication protocol bypasses MFA and attackers are able to avoid being locked out of accounts. The methods used made failed login attempts...
Healthcare Employees Vulnerable to Phishing Attacks
The healthcare industry appears to have more than its fair share of phishing attacks. Barely a week goes by without a major phishing attack being reported by a healthcare provider in the United States. Healthcare organizations are targeted by cybercriminals as they hold valuable data. Healthcare records contain information that can be used for multiple types of fraud and the records sell for big bucks on darknet marketplaces....
SpamTitan Email Security Solution Now Incorporates Sandboxing and DMARC Authentication
SMB and MSP email security solution provider TitanHQ has announced a major update of its SpamTitan email security solution. New features have been added to the solution to provide even greater protection against sophisticated phishing attacks and new malware threats. The new layers of security were applied to the solution this week and are now available to customers at no extra cost. The past few years have seen a major increase in...
1 in 61 Delivered Emails Contains a Malicious URL
A new report from Mimecast has revealed cybercriminals are increasingly using malicious URLs in phishing emails to obtain credentials and deliver malware. Mimecast’s figures show there has been a 126% increase in delivered emails that contain malicious URLs between August 2018 and February 2019. The company has analyzed more than 28.4 million emails that had been determined to be safe by email security solutions and were delivered to...
New Microsoft Report Details 2018 Phishing Trends
Microsoft’s latest Security Intelligence Report provides information on 2018 phishing trends, the changing tactics of cybercriminals, and ransomware, cryptojacking and malware attack statistics. 2018 Ransomware Trends 2017 saw ransomware attacks dominated the threat landscape; however, as the year progressed ransomware started to fall out of favor with cybercriminals and that trend continued throughout 2018. While ransomware attacks...
IRS Launches 2019 Campaign to Raise Awareness of Tax Scams with Phishing Warning
The IRS has launched its annual campaign to raise awareness of tax scams that are highly prevalent during tax season. The Dirty Dozen campaign details 12 common tax scams that taxpayers, tax professionals and businesses need to be aware of and take steps to avoid. In the run up to the deadline for submitting 2018 tax returns, cybercriminals increase their efforts to obtain the personal information of taxpayers. The information can be...
UConn Health Phishing Attack Impacts 326K Patients
A UConn Health phishing attack in December has potentially allowed an unauthorized individual to gain access to the health information of hundreds of thousands of patients. The attack was detected on December 24, 2018, and all email accounts were secured to prevent further unauthorized access. It is unclear for how long the attacker had control of the accounts. The breach may have dated back months. During the time that accounts could...
Businesses Targeted in Ongoing Credential-Stealing Separ Malware Phishing Attack
An ongoing phishing campaign is targeting businesses and distributing the information-stealing Separ malware. The campaign has mostly concentrated on businesses in South East Asia and the Middle East, although some businesses in North America have also been attacked. The Separ information stealer has been in use since September 2017, with earlier versions of the info-stealer dating back to 2013. The latest campaign, which uses an...
Trickbot Trojan Updated to Obtain VNC, PuTTY, and RDP Credentials
The Trickbot banking Trojan has been updated with a new module which is capable of obtaining VNC, PuTTY, and remote desktop credentials. The latest variant of Trickbot is being distributed in a tax season-themed phishing campaign involving emails that offer help with recent changes to the U.S. tax code to reduce tax bills. The emails appear to have been sent by the accounting organization Deloitte and have a tax incentive-related...
FINRA Issues Phishing Warning to Brokerage Firms
The Financial Industry Regulatory Authority (FINRA) has issued a warning to brokerage firms about a new phishing campaign. The scam involves spam emails which appear to have been sent from a credit union alerting the brokerage firm to potential money laundering by one of their clients. The email messages appear to have been sent by a BSA-AML compliance officer at a legitimate Indiana-based credit union and contain details of the...
Phishing Campaign Leverages Google Translate to Steal Google and Facebook Credentials
A phishing campaign has been detected that abuses Google Translate to make the phishing webpage appear to be an official login page for Google. The phishing emails in the campaign are similar to many other campaigns that have been run in the past. The messages have the subject “Security Alert” with a message body virtually identical to the messages sent by Google when a user’s Google account has been accessed from an unfamiliar device...
New BEC Campaign Targets Executives
Business email compromise attacks involve the impersonation of a high-level executive, often the CEO or CFO. The attacks often start with a spear phishing email to obtain the credentials of the CEO/CFO. If the credentials are obtained, the email account is used to send requests to employees. During tax season, W-2 Form data for all employees is often requested or requests are sent to the finance department to make wire transfers to...
Office 365 Phishing Campaign Uses SharePoint Collaboration Request as Lure
A single Office 365 username/password combination can give a hacker access to a vast quantity of sensitive information. Information detailed in emails can be of great value to competitors, identity thieves, and other fraudsters. Office 365 credentials also give hackers access to cloud storage repositories that can contain highly sensitive business information and compromised accounts can be used to distribute malware and conduct...
Fake Google Update Installer Used to Install AZORult Trojan
Researchers at Minerva Labs have identified a new AZORult Trojan campaign that installs the malware through a fake Google update installer. The AZORult Trojan is an information stealer that can obtain system information, cookies, passwords stored in browsers, browser histories, information from saved files, banking credentials, and cryptocurrency wallets. The malware is also used as a downloader of other malware variants and is...
773 Million Email Addresses and 21 Million Unique Passwords Listed for Sale
A massive collection of login credentials that includes approximately 773 million email addresses has been uncovered by security researcher Troy Hunt. Hunt is an Australian Microsoft Regional Director and maintains the Have I Been Pwned (HIBP) website, where people can check to see whether their login credentials have been stolen in a data breach. Hunt discovered the 87GB database on a popular hacking forum. The data was spread across...
BenefitMall Phishing Attack Impacts 111,589 Plan Members
A recently discovered BenefitMall phishing attack has resulted in the exposure of 111,589 plan members’ protected health information. BenefitMall, a division of Centerstone Insurance and Financial Services, discovered on October 11, 2018, that hackers had gained access to several employee email accounts as a result of their responses to phishing emails. Third party computer forensics experts were called in to assist with the...
Highly Sophisticated Apple Vishing Scam Detected
A sophisticated Apple vishing scam has been uncovered. In contrast to most phishing attempts that use email, this scam used voice calls (vishing) with the calls appearing to have come from Apple. The scam starts with an automated voice call to an iPhone that spoofs Apple Inc. The caller display shows that the call is from Apple Inc., increasing the likelihood that the call will be answered. The user is advised that there has been a...
Phishing Website Uses Custom Web Fonts to Evade Detection
Phishers are constantly developing new ways to prevent their websites from being detected. One threat actor is now using custom web fonts to disguise malicious code on phishing websites. The phishing scam spoofs a major U.S. bank in an attempt to get users to disclose their banking credentials. The website used in the scam is well crafted, and like many similar scams, uses stolen branded content to make the website appear legitimate....
Tribune Publishing Cyberattack Cripples Several U.S. Newspapers
A recent malware attack on Tribune Publishing has caused disruption to several newspaper print runs including those of the Los Angeles Times, San Diego Tribune, and the west coast editions of the New York Times and Wall Street Journal, amongst others. The Tribune Publishing cyberattack occurred on Thursday December 28, 2018, and spread throughout the Tribune Publishing network on Friday, affecting the Saturday editions of several...
FTC Issues Warning About New Netflix Phishing Scam
The U.S. Federal Trade Commission has issued a warning about a new global Netflix phishing scam that attempts to fool Netflix subscribers into disclosing their account credentials and payment information. The scam uses a tried and tested tactic to obtain that information: The threat of account closure due to payment information being out of date. Users are sent a message asking them to update their payment details because Netflix has...
More Than 50 Accounts Compromised in San Diego School District Data Breach
A major data breach has been reported by the San Diego School District that has potentially resulted in the theft of the personal information of more than half a million current and former staff and students. The data exposed as a result of the breach date back to the 2008/2009 school year. The breach was detected following reports from district staff of a spate of phishing emails. The emails were highly believable and fooled users...
New Office 365 Phishing Attack Detected
A new Office 365 phishing attack has been identified that uses alerts about message delivery failures to lure unsuspecting users to a website where they are asked to provide their Office 365 account details. The new scam was detected by security researcher Xavier Mertens during an analysis of email honeypot data. The emails closely resemble official messages sent by Microsoft to alert Office 365 users to message delivery failures. The...
Microsoft and Adobe December 2018 Patch Tuesday Updates
December 2018 Patch Tuesday has seen Microsoft issue patches for 39 vulnerabilities, 10 of which have been rated critical, and two are being actively exploited in the wild. There are 9 critical vulnerabilities in Microsoft products and one critical vulnerability in Adobe Flash Player. The patches cover the following products and services: Microsoft Windows, Microsoft Office, Internet Explorer, Microsoft Edge, Microsoft Office...
2018 Security Awareness Training Statistics
A recent survey conducted by Mimecast has produced some interesting security awareness training statistics for 2018. The survey shows many businesses are taking considerable risks by not providing adequate training to their employees on cybersecurity. Ask the IT department what is the greatest risk cybersecurity risk and many will say end users. IT teams put a considerable amount of effort into implementing and maintaining...
Webinar: Cost-Effective DNS-Based Web Filtering
In order to protect against web-based threats such as malware, ransomware, viruses, exploit kits, malvertising, and phishing, businesses need to implement a web filtering solution. A web filter allows businesses to carefully control the websites and webpages that employees can access while connected to the wired and wireless networks. All Internet traffic is routed through the filter where controls are applied to block malware...
Spotify Phishing Scam Detected: User Accounts Breached
Researchers at AppRiver have detected a Spotify phishing scam that attempts to get users to reveal their Spotify credentials. The emails use brand imaging that make the emails appear to have been sent by the music streaming service. The messages are realistic, although there are signs that the messages are not genuine. The email template used in the Spotify phishing scam claims the user needs to confirm their account details to remove...
Marriott Announces 500 Million-Record Breach of Starwood Hotel Guests’ Data
The Marriott hotel chain has announced it has suffered a massive data breach that has resulted in the theft of the personal information of up to 500 million guests of the Starwood Hotels and Resorts group. Marriott discovered the data breach on September 8, 2018 after an alert was generated by its internal security system following an attempt by an unauthorized individual to access the Starwood guest reservation database. Third-party...
49% of All Phishing Sites Have SSL Certificates and Display Green Padlock
Almost half of phishing sites now have SSL certificates, start with HTTPS, and display the green padlock to show the sites are secure, according to new research by PhishLabs. The number of phishing websites that have SSL certificates has been increasing steadily since Q3, 2016, when around 5% of phishing websites were displaying the green padlock to indicate a secure connection. The percentage increased to approximately 25% of all...
Major Malvertising Campaign Detected: 300 Million Browser Sessions Hijacked in 48 Hours
A major malvertising campaign is being conducted that is redirecting web users to phishing and scam websites. While malvertising campaigns are nothing new, this one stands out due to the scale of the campaign. In 48 hours, more than 300 million users have had their browsers redirected to malicious web pages. The campaign was uncovered by researchers at cybersecurity firm Confiant on November 12. The researchers note that the actor...
California Wildfire-Themed BEC Attack Identified
It is common for phishers to use natural disasters as a lure to obtain ‘donations’ to line their pockets rather than help the victims and the California wildfires are no exception. Many people have lost their lives in the fires and the death toll is likely to rise further as hundreds of people are still unaccounted for. Whole towns such as Paradise have been totally destroyed by the wildfires and hundreds of people have lost their...
APT28 Group Uses New Cannon Trojan in Spear Phishing Campaign Targeting US and EU Government Agencies
A new spear phishing campaign is being conducted by the AP28 (Sofacy Group/Fancy Bear/Sednit) on government organizations in the United States, Europe, and a former USSR state using the previously unknown Cannon Trojan. The campaign was detected by Palo Alto Networks’ Unit 42 team and was first identified in late October. The campaign is being conducted via spam email and uses weaponized Word document to deliver two malware variants....
Gmail Flaw Allows Phishing Emails to Be Sent Anonymously
A Gmail flaw has been discovered that allows emails to be sent anonymously with no information included in the sender field. The flaw could easily be exploited by cybercriminals for use in phishing attacks. Phishers often mask the sender of an email in phishing campaigns to fool the recipient into believing the email is genuine. The sender’s email address can be spoofed so the displayed name appears to be a known contact or well-known...
Phishing Accounts for 50% of All Fraud Attacks
An analysis of current cyber fraud threats by network security firm RSA shows that phishing attacks have increased by 70% since Q2 and now account for 50% of all fraud attacks suffered by organizations. Phishing attacks are popular because they are easy to conduct and have a high success rate. An attacker can set up a webpage that mimics a well-known brand such as Microsoft or Google that requests login details. Emails are then sent...
U.S. Treasury Investigating $700,000 Loss to Phishing Scam
In July 2018, the Washington D.C. government fell for an email scam that resulted in wire transfers totaling nearly $700,000 being sent to a scammer’s account. The scammer impersonated a vendor used by the city and requested outstanding invoices for construction work be paid. The vendor had been contracted to work on a design and build project on a permanent supportive housing facility. The emails requested the payment method be...
75% of Employees Lack Security Awareness
MediaPro has published its 2018 State of Privacy and Security Awareness Report which assesses the level of security awareness of employees across different industry sectors. The report is based on the responses to questionnaires sent to 1,024 employees across the United States that probed their understanding of real-world threats and security best practices. This is the third year that MediaPro has conducted the study, which...
Brands Most Commonly Spoofed by Phishers Revealed
Vade Secure has released a new report detailing the brands most commonly targeted by phishers in North America. The Phishers’ Favorites Top 25 list reveals the most commonly spoofed brands in phishing emails detected in Q3, 2018. For the latest report, Vade Security tracked 86 brands and ranked them based on the quantity of phishing attacks in which they were impersonated. Those 86 brands account for 95% of all brand spoofing attacks...
Stealthy sLoad Downloader Performs Extensive Reconnaissance to Improve Quality of Infected Hosts
A new PowerShell downloader has been discovered – the sLoad downloader – which is being used in stealthy, highly targeted attacks in the United Kingdom and Italy. The sLoad downloader performs a wide range of checks to find out a great deal of information about the system on which it resides, before choosing the most appropriate malicious payload to deploy – if a payload is deployed at all. The sLoad downloader was first identified in...
Anti-Phishing Working Group Publishes Q2, 2018 Phishing Trends Report
The Anti-Phishing Working Group has released its Phishing Activity Trends Report for Q2, 2018. The report contains a summary and analysis of phishing attacks that were reported to APWG by its member companies and partners between April and June 2018. The APWG quarterly reports provide insights into the latest phishing trends and show the extent of phishing attacks on businesses – Attacks aimed at getting employees to reveal their...
Anthem Data Breach Settlement of $16 Million Agreed with OCR
The largest ever healthcare data breach in the United States has attracted the largest ever fine for noncompliance with HIPAA Rules. The Anthem data breach settlement of $16 million eclipses the previous highest HIPAA fine of $5.55 million and reflects not only the severity of the Anthem Inc data breach, which saw the protected health information of 78.8 million plan members stolen, but also the extent of noncompliance with HIPAA...
Sophisticated Phishing Attack Inserts Malware into Existing Email Conversation Threads
A new sophisticated phishing tactic has been identified that involves a malicious actor gaining access to an email account, monitoring a conversation thread, and then inserting malware in a reply to an ongoing discussion. The scam is a variation of a Business Email Compromise (BEC) attack. BEC attacks typically involve using a compromised email account to send messages to accounts or payroll employees to get them to make fraudulent...
Phishers Using Azure Blog Storage to Host Phishing Forms with Valid Microsoft SSL Certificate
Cybercriminals are using Microsoft Azure Blog storage to host phishing forms. The site hosting the malicious files has a genuine Microsoft SSL certificate which adds authenticity to the campaign. Similar tactics have been used in the past for Dropbox phishing scams and attacks that impersonate other cloud storage platforms. A typical phishing scenario involves an email being sent with a button or hyperlink that the user is requested...
Persistent New LoJax Rootkit Survives Hard Disk Replacement
Security researchers at ESET have identified a new rootkit that takes persistence to a whole new level. Once infected, the LoJax rootkit will remain active on a device even if the operating system is reinstalled or the hard drive is reformatted or replaced. Rootkits are malicious code that are used to provide an attacker with constant administrator access to an infected device. They are difficult to detect and consequently they can...
Danabot Banking Trojan Used in U.S. Campaign
The DanaBot banking Trojan was first detected by security researchers at Proofpoint in May 2018. It was being used in a single campaign targeting customers of Australian Banks. Further campaigns were later detected targeting customers of European banks, and now the attacks have moved across the Atlantic and U.S. banks are being targeted. Banking Trojans are a major threat. Proofpoint notes that they now account for 60% of all malware...
2018 Has Seen a Marked Increase in Email Impersonation Attacks
The September Email Threat Report published by cybersecurity company FireEye has cast light on the latest tactics being used by cybercriminals to fool end users into disclosing sensitive information such as login credentials to online bank accounts and email services. Phishing attacks continue to dominate the threat landscape and cybercriminals have been refining their techniques to achieve a higher success rate. Standard phishing...
New Brazilian Banking Trojan Hides in Plain Sight
An innovative new Brazilian banking Trojan has been detected by security researchers at IBM X-Force. The Trojan has been named CamuBot due to its use of camouflage to fool employees into running the installer for the malware. As with other banking Trojans, its purpose is to obtain bank account credentials, although its method of doing so is different from most of the banking Trojans currently used by threat actors in Brazil. Most...
Respiratory Care Provider Victim of Phishing Attack
Norwood, MA-based Reliable Respiratory has discovered a hacker has gained access to the email account of one of its employees, and through that account, potentially accessed the protected health information of some of its patients. The respiratory care provider was alerted to a possible email account breach on July 3 when suspicious activity was detected in the email account. An investigation was immediately launched which confirmed...
Massive URL Spoofing Campaign Discovered Targeting 76 Universities
A massive URL spoofing campaign targeting 76 universities in 14 countries has been detected by security researchers at SecureWorks. The threat group known as Cobalt Dickens is believed to be behind the attack. The group is believed to operate out of Iran and is well known for conducting these types of attacks. The latest campaign has seen the hacking group create more than 300 spoofed websites on sixteen domains. Hosted on those...
Wombat Security Technologies Releases 2018 State of the Phish Report
Wombat Security Technologies has released its 2018 State of the Phish Report – an analysis of data from tens of millions of simulated phishing attacks conducted through its Security Education Platform over the past 12 months. The report also provides insights on the current state of phishing from quarterly surveys sent to its customers, highlighting the frequency of phishing attacks on organizations, the impact those attacks are...
U.S. Companies Not Doing Enough to Prevent Phishing and Email Impersonation Attacks
IT professionals are well aware of the threat from phishing and email impersonation attacks, yet even though the risk of an attack is high, U.S. companies are not doing enough to prevent phishing and email impersonation attacks according to a recent survey of U.S. IT professionals. The survey was conducted by the Ponemon Institute on behalf of Valimail on 650 IT and IT security practitioners in the United States who play a role in...
38,000 Patient Health Records Exposed in Legacy Health Phishing Attack
A phishing attack on the Portland, Oregon-based healthcare provider, Legacy Health, has resulted in the exposure and possible theft of 38,000 patients’ protected health information. The phishing attack was detected on June 21, although an investigation into the security breach revealed that access had first been gained to some employees’ email accounts several weeks earlier in May. An analysis of the compromised email accounts...
SharePoint Files Used to Harvest Office 365 Credentials
A phishing campaign termed PhishPoint uses SharePoint files to steal users’ Office 365 credentials. Huge numbers of phishing emails are being sent to businesses that appear to be invitations to collaborate. Users are required to click the URL embedded in the email, which ultimately directs them to a malicious site where they are required to enter their Office 365 credentials. Those credentials are then captured by the attackers. The...
Major Phishing Attack Reported by Augusta University Health
Augusta University Health has experienced a phishing attack that has resulted in the unauthorized accessing of several employees’ email accounts. The substitute breach notice uploaded to the University of Augusta website indicates investigators determined on July 31, 2018 that email accounts containing the protected health information (PHI) of patients and personally identifiable information (PII) of employees had been compromised....
Industry First Security Awareness Practitioner Certification Offered by InfoSec Institute
Security awareness training for employees is now a vital part of any cybersecurity strategy, yet until recently there was no certification program available to confirmed proficiency in the creation and management of these vital training programs. The InfoSec Institute has addressed this problem with the launch of a boot camp. The boot camp provides essential training in this area and certifies that IT professionals have the necessary...
Scammers Claim to Have Webcam Footage of Users Watching Pornography
A new variant of an old scam is currently gaining traction and is fooling many people into paying scammers money to avoid having sensitive information exposed. The scammers claim to have added malware to adult sites which has been downloaded onto a user’s computer. The malware is allegedly capable of taking full control of the webcam, which has been used to record a video of the user while they were visiting pornographic websites. The...
Businesses Turn Employee Safety Solution into Phishing Alert System
Fast action is required when cybersecurity threats are detected to limit the harm caused. When phishing emails are received, or ransomware or malware threats are detected in the email system, fast action can prevent a costly data breach. Many businesses are now turning to their employee safety solutions as an additional protection against phishing and to instantly notify staff of a cyberattack in progress. Mass Notification Systems...
AI-Assisted Virtual Security Analyst Added to Ironscales’ Advanced Threat Protection Platform
Ironscales, the Tel Aviv-based anti-phishing solution provider, has announced it has incorporated a new module into its advanced threat protection platform that helps security teams assess suspicious incoming emails more quickly to determine whether they are benign or malicious. When email threats are reported to security teams they must manually analyze the emails to find the real threats hidden among the false positives. That...
Spam Email Remains the Primary Attack Vector and Click Rates are Increasing
Spam email is still the leading method of malware delivery according to a new report by cybersecurity company F-Secure. The reason is simple. It is relatively easy to bypass security defenses and deliver malicious messages to inboxes and end users are not particularly good at identifying malicious emails. Finding exploitable vulnerabilities is much harder by comparison. According to F-Secure’s figures, in the second half of 2017,...
UnityPoint Health Phishing Attack Exposed PHI of 1.4 Million Patients
Another UnityPoint Health phishing attack has been discovered, and this time it is huge. Hackers have gained access to multiple email accounts which contained the protected health information of approximately 1.4 million patients. This incident is the largest healthcare data breach to be reported since August 2016 and the largest healthcare phishing incident reported since the HHS’ Office for Civil Rights started publishing summaries...
Most Clicked Phishing Emails in Q2, 2018
Security training and phishing email simulation platform provider KnowBe4 has released a report on the most clicked phishing emails in Q2, 2018. If businesses provide security awareness training to their employees and train them how to recognize phishing and other malicious emails, click rates fall dramatically. Since a single response to a phishing email can result in a costly data breach, security awareness training is essential....
Convincing Phishing Campaign Targets Australian Businesses and Spreads DanaBot Trojan
A new phishing campaign has been detected that is spreading the DanaBot Trojan. The campaign involves phishing emails which appear to contain invoices from the Australian multinational corporation MYOB – a provider of tax and accounting services for small and medium sized businesses. The phishing campaign was detected by Trustwave researchers. The phishing emails are succinct and well written and advise the recipient of the invoice...
Cryptocurrency Investors Targeted with MacOs Malware on Slack and Discord
Several MacOs malware attacks have been identified in the past few days with victims targeted via the Slack and Discord chat platforms. The attackers are targeting cryptocurrency investors and are posting messages on Slack and Discord groups linked to cryptocurrencies. This is an impersonation attack in which admins and key personnel are being impersonated, with users advised to run a script that downloads a malware variant named...
Phishing Incident Reported by Trezor Wallet
Trezor, the multi-cryptocurrency wallet service, has announced it has been targeted in a phishing campaign that has seen some users of its service redirected to a malicious website in an attempt to obtain their credentials. Trezor became aware of the phishing campaign when the company started to receive complaints from its users about an invalid Secure Sockets Layer (SSL) certificate on the site. Users who were directed to the fake...
ZeroFont Phishing Attack Bypasses Microsoft Office Security Feature
The ZeroFont phishing attack allows phishers to bypass anti-spam controls and ensure their emails are delivered to end users inboxes. ZeroFont Phishing Cybercriminals are constantly developing new ways to bypass anti-spam technologies, one of which has been uncovered by security researchers at the cloud security company Avanan. The technique, termed ZeroFont phishing, allows phishers to get their messages past Microsoft Office 365...
World Cup Wallchart Phishing Scam Detected
Security researchers at Check Point have uncovered a World Cup wallchart phishing scam that is being used to deliver malware to soccer fans’ devices. The campaign involves specially crafted email messages with the subject line: World_Cup_2018_Schedule_and_Scoresheet_V1.86_CB-DL-Manager. Email recipients are encouraged to open and install a malicious FIFA World Cup schedule and results checker that is attached to the email. The email...
RansomCloud Attack Encrypts Cloud-Based Emails
Ransomware may be more commonly used to encrypt files on business networks, although that does not mean consumers are in the clear. Cybercriminals may target businesses due to the higher potential rewards for a successful attack, although a new ransomware strain has been developed that highlights how vulnerable consumers are to ransomware attacks. In this case, the ransomware strain was developed by a white hat hacker as a proof of...
Department of Justice Announces Arrest of 74 Business Email Compromise Scammers
A coordinated law enforcement effort involving the FBI, U.S Departments of Justice, Homeland Security, Treasury, the US Postal Inspection Service, and law enforcement agencies in Canada, Mauritius, Poland, Indonesia, Malaysia, and Nigeria has resulted in 74 business email compromise (BEC) scammers and associated criminals being arrested. The joint law enforcement effort – called Operation Wire Wire – was conducted over a period of 6...
Spammers Use iqy Files to Deliver Remote Access Trojan
Macros have long been favored by cybercriminals as a method of installing malware. The macros launch VB, JavaScript and PowerShell scripts that download malware. Due to potential threat, security teams often disable macros or at least configure end points to require macros to be manually enabled by end users. The risk of running macros is also usually covered in security awareness programs. It is now harder for cybercriminals to...
InfoSec Institute Now Has Largest Library of Security Awareness Training Content
At the recent Gartner Security & Risk Management Summit 2018, the InfoSec Institute announced that its library of security awareness training content is now the largest collection of content provided by any security awareness training company. The SecurityIQ AwareEd library consists of standard CBT training modules covering the full range of email-based and web-based threats. CBT training is accompanies by video training content,...
May Saw Massive Increase in TSB Phishing Scams
There has been a massive increase in TSB phishing scams over the past month. In April, TSB bank transitioned to a new core banking system. Previously, TSB data had been on a system provided by Lloyds, although following the takeover by Spanish bank Banco Sabadell, data needed to be moved to its banking system. When customer accounts were transferred to the new system, many customers were locked out of their accounts. The outage lasted...
Hackers Potentially Had Access to 42,000 Patients Health Data for a Month After Phishing Attack
The Ohio Healthcare Provider Aultman Health Foundation has discovered some of its employees have been duped by a phishing attack that resulted in the threat actors behind the campaign gaining access to several email accounts. A phishing attack was detected on March 28, prompting a full investigation of the breach. The investigation revealed some employees had fallen for the phishing scam in mid-February. Further accounts were then...
Agari: Business Email Compromise the Most Lucrative Form of Email Attack
A report from the email security vendor Agari provides new insights into the tactics used by cybercriminal groups to conduct email attacks and the extent of global email fraud. While many email-based attack methods are used, business email compromise (BEC) is the most lucrative for criminals and BEC attacks are the costliest for companies. The Agari report was released days after the FBI published figures on the cost of Internet crime...
$875,000 Settlement Agreed in W-2 Phishing Scam Lawsuit
A class-action lawsuit stemming from a W-2 phishing scam that saw an employee of the respiratory therapy supplier Lincare Inc., send the W-2 Forms of employees to a scammer has been settled for $875,000. As is typical with these types of Business Email Compromise (BEC) attacks, the scammer pretended to be a senior executive and sent an email to an employee of the HR department requesting W-2 information for the company’s employees....
InfoSec Institute Named in 2018 Gartner Peer Insights Customers’ Choice for Security Awareness CBT
The InfoSec Institute has developed an extensive library of training material on cybersecurity and helps security professionals attain qualifications to improve their career prospects. The company has also developed a platform for businesses to use to improve their defenses against phishing attacks and other threats that target employees. The firm’s SecurityIQ training platform combines an extensive library of training material and a...
Vega Stealer Malware Harvesting Credentials from Web Browsers
A new variant of August Stealer – named Vega Stealer – is being distributed in small phishing campaigns targeting marketing, advertising, and PR firms and the retail and manufacturing industries. While the campaigns are highly targeted, the malware could potentially be used in much more widespread campaigns and become a major threat. Vega Stealer does not have the same range of capabilities as its predecessor, although it does include...
Does Two-Factor Authentication Protect Businesses from Phishing Attacks?
Two-factor – or multi-factor – authentication is a simple control that makes it harder for unauthorized individuals to gain access to accounts and sensitive data. Rather than just use a single factor for authentication such as a password, an additional factor is required, usually something an individual has. This could be a card reader, which is often used by banks for verifying the identify of an individual who wants to make a...
2018 Phishing Trends & Intelligence Report
Security awareness and anti-phishing vendor PhishLabs has released its 2018 Phishing Trends & Intelligence Report. The report shows there has been a marked change in attacks, with enterprises now being targeted rather than individuals. This comes as no surprise as the potential rewards for a successful attack on an enterprise are considerably higher than attacks on individuals. Enterprises are more likely to pay ransom demands and...
Ironscales Announces Introduction of Non-Blocking Cloud-Native API Deployment
Ironscales has announced its automated phishing defense platform can now be used to protect organizations without the need for any physical plugins, thanks to its new non-blocking cloud-native API deployment, which has been made available for all of its anti-phishing modules. The new option is ideally suited to businesses that have moved their email services to the cloud and are looking for an easy-to-implement solution that offers...
TitanHQ Integrates WebTitan Web Filter into Kaseya IT Complete Suite
TitanHQ has announced its powerful web filtering solution – WebTitan – is now fully integrated into the Kaseya IT Complete Suite, making it easier for MSPs to start offering content filtering to their clients. WebTitan is a 100% cloud-based web filtering solution that allows businesses to carefully control the web content their employees can access. In addition to restricting access to productivity-draining and NSFW...
Wombat Security Releases 2018 Beyond the Phish Report
The Beyond the Phish Report from Wombat Security provides valuable insights into the state of security awareness across different industry sectors. For the report, Wombat Security analyzed the responses to almost 85 million questions and answers collected from employees of its customers across 16 industry sectors. The questions covered 12 different categories including protecting confidential information, safe use of passwords,...
What are the Most Clicked Phishing Emails?
KnowBe4 has released a quarterly report that reveals the most clicked phishing emails in Q1, 2018 – The emails that are proving to be the most effective at fooling employees into clicking hyperlinks and opening potentially malicious email attachments. The data from the report came from responses to phishing simulation emails delivered through its training platform. The simulated phishing emails mirror messages observed in real world...
Microsoft Launches Free Windows Defender Chrome Plugin
One of the key selling points of the Microsoft Edge browser its protection against phishing attacks. Microsoft Edge is already the best browser to use to block phishing attacks, with tests conducted by NSS Labs showing Edge to be capable of blocking 99% of phishing and social engineering-based malware attacks. Its closest competitor, Google Chrome, only blocked 87% of attacks, while Firefox blocked just 70%. Both of those browsers...
Agari Named Best Email Security Solution at 2018 SC Media Awards
Agari has been honored at this year’s SC Media Awards and has collected a prestigious Professional Award for its email security solution – the Agari Email Trust Platform. The SC Media Awards are the premier cybersecurity awards for the cybersecurity industry. Each year, hundreds of products are assessed by a panel of independent judges drawn from the cybersecurity industry. The nominated solutions are whittled down to five...
Security IQ BEC Defense Suite Prepares Businesses for Email Account Compromise Attacks
Business email compromise attacks are on the rise, with one recent report suggesting 44% of businesses have suffered an attack. Business Email Compromise (BEC) attacks are now commonplace. Email accounts are compromised, and threat actors use the accounts to send targeted messages to individuals in an organization. Requests are made to have sensitive data sent by email or for wire transfers to be made. Sophisticated social engineering...
Barracuda PhishLine Levelized Programs Offers New Method of Measuring Susceptibility to Phishing Attacks
Yesterday saw the launch of Barracuda PhishLine Levelized Programs – A new approach developed by Barracuda and PhishLine to determine and improve user resistance to phishing attacks. Most anti-phishing training solutions use click rate metrics to determine resistance and susceptibility to phishing attacks. While this method of testing employees has proven effective, Barracuda Networks points out that there are limits to this approach....
Multiple Staff Email Accounts Accessed in UnityPoint Health Phishing Attack
It has been discovered that the email accounts of several employees of UnityPoint Health hhave been compromised and accessed by unauthorized people. Access to the staff email accounts was first obtained on November 1, 2017 and went on for a period of three months until February 7, 2018, when the phishing attack was noticed and access to the compromised email accounts was turned off. When the phishing attack was first noticed,...
44% of Businesses Victims of Account Takeover Attacks
Agari has released figures from recent research that show account takeover attacks are soaring. These phishing attacks involve the use of a compromised email account to fool employees into revealing sensitive information or installing malware. Agari says account takeover attacks have doubled in 2018. Since messages are believed to have been sent from a known individual, many email recipients let their guard down. The effectiveness of...
Email Account Breach Impacts 4,000 Patients of Texas Health Resources
Texas Health Resources is sending notifications to ‘fewer than 4,000 patients’ that some of their Private Health Information may have been seen by an unauthorized persons. The Arlington-based health care provider, a supplier to over 1.7 million patients in North Texas, says that the data breach may have happened as early as October 2017, although they did not identify it until January 17, 2018, when law enforcement alerted the the...
Proofpoint Study Shows Impact of Email Fraud on Businesses
Proofpoint has published the findings of a recent study investigating the impact of email fraud on businesses. The study reveals the extent to which businesses are affected by email fraud, the typical impact of email fraud on businesses, which individuals are targeted, and the steps that are being taken to reduce risk. There has been an increase in email fraud in recent years, with last year seeing a further surge in attacks. The...
Warning Over Possible MyFitnessPal Phishing Attacks
A recently discovered cyberattack on Under Armour has raised fears about a wave of MyFitnessPal phishing attacks. On March 25, 2018, Under Armour discovered an unauthorized individual had gained access to the data of 150 million users of MyFitnessPal – including users with website accounts and those who use the MyFitnessPal app. The Under Armour data breach is the largest to be discovered this year in terms of the number of...
Lazio Football Club Phishing Scam Sees €2 Million Sent to Attackers
Phishing scams can prove expensive for businesses, as the Italian Serie A football team Lazio is now knows all too well. A recent phishing scam could have cost the club €2 million Euros ($2,461,990). Lazio Football Club transferred in defender Stefan de Vrij from the Dutch club Feyenoord in the summer of 2014 for around €8 million Euros. Not all of that transfer fee was paid in one lump sum. There was one outstanding payment left of...
Phishing Attack on CareFirst BCBS Impacts 6,800 Plan Members
CareFirst Blue Cross Blue Shield is alerting 6,800 of its plan members that some of their protected health information has potentially been accessed by unauthorized individuals as a result of a successful phishing attack on one of its employees. Phishing attacks are conducted to gain access to sensitive information such as email credentials. Those credentials are then used to access to sensitive data or conduct further attacks on an...
New Insider Threat Training Modules Released by Wombat Security
Anti-phishing solution provider Wombat Security – now a division of Proofpoint – has released new insider threat training modules to help businesses deal with the threat from within. Insider breaches are a leading cause of data breaches, especially in the US healthcare industry where they share top spot with hacks. Insider threats include simple mistakes made by employees, negligence, and malicious actions taken to cause harm to...
1,049 Patients of RoxSan Pharmacy Notified of 2015 Email Breach
1,049 patients of Beverly Hills, CA-based RoxSan Pharmacy have been warned that some of their protected health information has been shared with a business associate through an unencrypted email. The notification letters were sent to affected people during February, although the incident happened on January 20, 2015. Commenting in a recent press release, RoxSan stated that affected individuals are being contatced in “as timely a manner...