phishing (5)

4026067745?profile=RESIZE_710xNo, I am not making this up.  This really happened and it started with a phishing attack.  Those you who have read my past articles will see a theme, “Always verify any requests in person to change bank accounts or make any payment that is not authorized and verified by voice through a company office.  Never rely on an email alone.” 

Cyber criminals posed as the wife of Crown Bank CEO Jacinto Rodriques by utilizing a spoofed email address that really looked legitimate.  Crown Bank is a community

4007235433?profile=RESIZE_710xCan you go phishing in a Shark Tank?  Apparently, you can.  "Shark Tank" TV star Barbara Corcoran has lost close to $400,000 last week after her real estate office was duped by criminal hackers who used a small typo to gain access into her company.   

The phish started last week when an email chain was forwarded to Corcoran's bookkeeper whose name is “Christine.”  Confidential sources on Corcoran's team passed to media that the phishing email appeared to have been sent from Corcoran's executive

3836726219?profile=RESIZE_710xDoes your company have $50 million to spare? That is how much a ransomware attack cost Norsk Hydro in the first quarter of 2019.  A total of 22,000 computers had their files forcibly encrypted across 40 countries in which the aluminum producer operates. Employees were using typewriters and manual production lines where possible to operate the business.  Norsk Hydro did not pay the hackers’ ransom and was completely honest about what happened. Its approach was praised by both law enforcement and

Apple IDs are a popular target for hackers because they can enable theft of financial data and other personally identifiable information (PII). These are often obtained through phishing campaigns intended to trick users into entering their personal data. In June 2019, Wapack Labs identified one such campaign that is leveraging a large infrastructure and a phishing kit dubbed ‘Allantibots’. Allantibots is a sophisticated phishing package and is characterized by its ability to spoof the Apple URL.

On 7-9 May 2019, Wapack Labs detected an increase in malicious emails with the spoofed sender field accounts@hhhmarine.com.sg.  Hackers deliver malicious attachments under the pretense of an incoming SWIFT transfer (Figure 1).

2539548681?profile=RESIZE_710x

Figure 1. Email text spoofing HHH Marine Services on 8 May 2019.

The attackers use the popular malware Lokibot.  Wapack Labs detected communications of these samples to known and new Lokibot C2s:

  • kbfvzoboss[.]bid/alien/fre.php
  • carlos-tevez[.]gq/raphael/fre.php
  • uenajrkja[.]ml/ch