phishing (13)

8080622291?profile=RESIZE_400xThe coronavirus pandemic and lockdown have forced organizations to make dramatic changes over a short period of time.  One of the biggest changes has been the shift to a remote workforce nationwide.  Because of the abruptness and speed of that transition, proper cybersecurity has not necessarily been followed, prompting cybercriminals to level more attacks against remote workers, devices, and assets.

Based on a recent survey by security provider Keeper Security looks at the types of threats aime

8042433884?profile=RESIZE_400xSMB’s Need to Prepare for Today and Tomorrow’s Cyber Threats

The cybersecurity landscape presents new challenges at businesses - every day.  Please be aware of these 10 threats to help your business avoid a major attack or breach.  When it comes to securing your network, software, and data from potential attackers, Small to Midsize Businesses (SMBs) have numerous concerns.

Security for increasingly mobile and online-focused businesses is a multifaceted problem, especially for SMBs that lack the

7934495870?profile=RESIZE_400xCyberattacks on Small to Medium-sized businesses (SMBs) are continuing at a relentless pace for 2020, with most data breaches coming from outside the organization.  Cyber-attacks are up and average 75% since the Corona pandemic.  Cybersecurity analysts believe hackers are specifically targeting these smaller firms because they know SMBs lack adequate resources and enterprise-grade security tools, making them easier prey than larger businesses.

A new report from Cisco counters this misconception.

7541747475?profile=RESIZE_400xCarnival Corporation & PLC is the largest cruise line operator in the world.  In 2019, Carnival pulled in a record revenue of $20.8 billion.  Even with the troubles of 2020, this makes them a significant target for attackers looking to earn a profit. On 15 August 2020, Carnival Corp & PLC detected a ransomware attack that encrypted a portion of one brand’s IT systems.  Attackers not only encrypted the data, but also downloaded certain files indicating some data was stolen. In their SEC filings,

7328954885?profile=RESIZE_400xThree US agencies published a joint warning alert for private companies about new versions of Taidoor, a malware family previously associated with Chinese state-sponsored hackers.

The alert is from the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (DHS CISA), the Department of Defense's Cyber Command (CyberCom), and the Federal Bureau of Investigations (FBI).  The three US government agencies report they have observed Taidoor being used in new attacks.  The n

7328258478?profile=RESIZE_710x

Analysts studying CoronaVirus-related phishing and malware threats in malicious emails reveal four major topics abused by hackers: news, medical, financial, and regulatory.  In the first phases of the Corona pandemic, hackers were mostly disguising their malicious emails as general news and medical information with the most common keywords being “update” and “affected.”  When Summer 2020 (June-July) arrived, the dominating attack theme became “financial” and the leading keyword became “payment.

6439637457?profile=RESIZE_400xAll organizations should consider working with a cyber threat intelligence firm to send test “Phishing” emails to random employees on a regular basis.  This will test employee vulnerabilities to provide subsequent remediation plans.  Training and instruction from cyber professionals are always cheaper than absorbing the costs of remediation, paying ransoms or having confidential data exposed or auctioned to the highest bidder.

Researchers at two security firms are tracking separate phishing camp

4314495932?profile=RESIZE_710xThe cybercrime environment is evolving as cyber threat actors improve their attack planning, build new malware and sneaky methods to take advantage of both business and consumer’s on-line behavior. Cybercrimes via social media are not new but now have catapulted into a severe problem with the CoronaVirus. Mobile users are more at risk to criminal schemes as popular on-line banking, and merchant services are available as mobile applications.

Besides social engineering techniques, cybercriminals a

4026067745?profile=RESIZE_710xNo, I am not making this up.  This really happened and it started with a phishing attack.  Those you who have read my past articles will see a theme, “Always verify any requests in person to change bank accounts or make any payment that is not authorized and verified by voice through a company office.  Never rely on an email alone.” 

Cyber criminals posed as the wife of Crown Bank CEO Jacinto Rodriques by utilizing a spoofed email address that really looked legitimate.  Crown Bank is a community

4007235433?profile=RESIZE_710xCan you go phishing in a Shark Tank?  Apparently, you can.  "Shark Tank" TV star Barbara Corcoran has lost close to $400,000 last week after her real estate office was duped by criminal hackers who used a small typo to gain access into her company.   

The phish started last week when an email chain was forwarded to Corcoran's bookkeeper whose name is “Christine.”  Confidential sources on Corcoran's team passed to media that the phishing email appeared to have been sent from Corcoran's executive

3836726219?profile=RESIZE_710xDoes your company have $50 million to spare? That is how much a ransomware attack cost Norsk Hydro in the first quarter of 2019.  A total of 22,000 computers had their files forcibly encrypted across 40 countries in which the aluminum producer operates. Employees were using typewriters and manual production lines where possible to operate the business.  Norsk Hydro did not pay the hackers’ ransom and was completely honest about what happened. Its approach was praised by both law enforcement and

Apple IDs are a popular target for hackers because they can enable theft of financial data and other personally identifiable information (PII). These are often obtained through phishing campaigns intended to trick users into entering their personal data. In June 2019, Wapack Labs identified one such campaign that is leveraging a large infrastructure and a phishing kit dubbed ‘Allantibots’. Allantibots is a sophisticated phishing package and is characterized by its ability to spoof the Apple URL.

On 7-9 May 2019, Wapack Labs detected an increase in malicious emails with the spoofed sender field accounts@hhhmarine.com.sg.  Hackers deliver malicious attachments under the pretense of an incoming SWIFT transfer (Figure 1).

2539548681?profile=RESIZE_710x

Figure 1. Email text spoofing HHH Marine Services on 8 May 2019.

The attackers use the popular malware Lokibot.  Wapack Labs detected communications of these samples to known and new Lokibot C2s:

  • kbfvzoboss[.]bid/alien/fre.php
  • carlos-tevez[.]gq/raphael/fre.php
  • uenajrkja[.]ml/ch