X-Industry

All organizations should consider working with a cyber threat intelligence firm to send test “Phishing” emails to random employees on a regular basis.  This will test employee vulnerabilities to provide subsequent remediation plans.  Training and instruction from cyber professionals are always cheaper than absorbing the costs of remediation, paying ransoms or having confidential data exposed or auctioned to the highest bidder.

Researchers at two security firms are tracking separate phishing camp

The cybercrime environment is evolving as cyber threat actors improve their attack planning, build new malware and sneaky methods to take advantage of both business and consumer’s on-line behavior. Cybercrimes via social media are not new but now have catapulted into a severe problem with the CoronaVirus. Mobile users are more at risk to criminal schemes as popular on-line banking, and merchant services are available as mobile applications.

Besides social engineering techniques, cybercriminals a

No, I am not making this up.  This really happened and it started with a phishing attack.  Those you who have read my past articles will see a theme, “Always verify any requests in person to change bank accounts or make any payment that is not authorized and verified by voice through a company office.  Never rely on an email alone.” 

Cyber criminals posed as the wife of Crown Bank CEO Jacinto Rodriques by utilizing a spoofed email address that really looked legitimate.  Crown Bank is a community

Can you go phishing in a Shark Tank?  Apparently, you can.  "Shark Tank" TV star Barbara Corcoran has lost close to $400,000 last week after her real estate office was duped by criminal hackers who used a small typo to gain access into her company.   

The phish started last week when an email chain was forwarded to Corcoran's bookkeeper whose name is “Christine.”  Confidential sources on Corcoran's team passed to media that the phishing email appeared to have been sent from Corcoran's executive

Does your company have $50 million to spare? That is how much a ransomware attack cost Norsk Hydro in the first quarter of 2019.  A total of 22,000 computers had their files forcibly encrypted across 40 countries in which the aluminum producer operates. Employees were using typewriters and manual production lines where possible to operate the business.  Norsk Hydro did not pay the hackers’ ransom and was completely honest about what happened. Its approach was praised by both law enforcement and

Apple IDs are a popular target for hackers because they can enable theft of financial data and other personally identifiable information (PII). These are often obtained through phishing campaigns intended to trick users into entering their personal data. In June 2019, Wapack Labs identified one such campaign that is leveraging a large infrastructure and a phishing kit dubbed ‘Allantibots’. Allantibots is a sophisticated phishing package and is characterized by its ability to spoof the Apple URL.

On 7-9 May 2019, Wapack Labs detected an increase in malicious emails with the spoofed sender field accounts@hhhmarine.com.sg.  Hackers deliver malicious attachments under the pretense of an incoming SWIFT transfer (Figure 1).

Figure 1. Email text spoofing HHH Marine Services on 8 May 2019.

The attackers use the popular malware Lokibot.  Wapack Labs detected communications of these samples to known and new Lokibot C2s:

• kbfvzoboss[.]bid/alien/fre.php
• carlos-tevez[.]gq/raphael/fre.php
• uenajrkja[.]ml/ch