social engineering (5)

12490423256?profile=RESIZE_400x

DEV#POPPER is a social engineering campaign that has been tracked recently by the Securonix Threat Research team.  Social engineering is a topic we have covered many times, but ultimately what it boils down to is that social engineering attacks are generally geared towards tricking victims into compromising themselves.  With that in mind, the primary target for the DEV#POPPER campaign appears to be software developers who are looking for work. 

Job interviews can be an effective cover for socia

12167935268?profile=RESIZE_400xThe Lazarus Group is North Korean state sponsored cybercrime group and they have been credited, in one way or another, with a recent social engineering campaign targeting developers on GitHub.  They are said to have been created by the North Korean government as early as 2007 and they are a part of the RGB, which is North Korea’s primary foreign intelligence agency.  “Lazarus Group” would appear to be the primary identity of the group, but they do have several aliases such as Appleworm, Group 77

10930207273?profile=RESIZE_400xAfter being in the law enforcement and security profession for over 30 years, I trust very few people.  Maybe it’s just me, but I can be really rude on calls whom I don’t know calling my cell phone.  I don’t subscribe to being like me, but the barrage of suspicious calls, text messages and emails I currently receive seems to have drastically escalated.  All this harassment are social engineering tactics.  A recent article in Forbes highlights the need to play as a team. 

Social engineering attac

10599094693?profile=RESIZE_400xIt has been reported that cyber criminals are sending out millions of phishing emails a day, using extortion and other schemes to steal Bitcoin and other cryptocurrencies from victims.  The phishing attacks use a variety of techniques to trick people into transferring sums of Bitcoin, including phony requests for charity donations and Business Email Compromise BEC scams.

See:  https://redskyalliance.org/xindustry/what-the-heck-is-bec

According to a report by cybersecurity researchers at Proofpoi

2856985791?profile=RESIZE_710xOur friends at the US Federal Bureau of Investigation, Office of Private Sector, has recently provided information to private sector partners regarding criminals posing as technology support representatives to obtain personal and financial information. 

The culprits gain the trust from victims by impersonating a representative from a legitimate or an illegitimate technology company. They mislead the victims by offering computer services to resolve a range of computer security and operations issu