two of the world 's biggest companies was arrested on fraud charges GOOGLE and Facebook have admitted they were conned outAttack.Phishingof an alleged $ 100million ( £77million ) in a phishing scamAttack.Phishing. The two world 's biggest companies fell victim after a Lithuanian man allegedly trickedAttack.Phishingemployees into wiring over the money to bank accounts that he controlled , Fortune reported on Thursday . Evaldas Rimasauskas , 48 , is accused of posing asAttack.Phishingan Asia-based manufacturer and deceivedAttack.Phishingthe internet giants from around 2013 until 2015 . He was arrested earlier this month in Lithuania at the request of US authorities The conman is said to have forgedAttack.Phishingemail addresses , invoices and corporate stamps to impersonateAttack.PhishingQuanta and trickAttack.Phishingthem into paying for computer supplies . Rimasauskas , who is awaiting extradition proceedings , has denied the allegations . The US Department of Justice ( DOJ ) said last month : `` Fraudulent phishing emails were sentAttack.Phishingto employees and agents of the victim companies , which regularly conducted multi-million-dollar transactions with [ the Asian ] company . '' Both Facebook and Google have confirmed the fraud and said that they had been able to recoup funds . But they did n't reveal how much money it had transferred and recouped . A Google spokeswoman said : `` We detected this fraud against our vendor management team and promptly alerted the authorities . '' `` We recouped the funds and we ’ re pleased this matter is resolved . '' A spokeswoman for Facebook added : `` Facebook recovered the bulk of the funds shortly after the incident and has been cooperating with law enforcement in its investigation . '' Security experts said the recent cyber attack highlighted how sophisticated phishing scamsAttack.Phishingare being used to foolAttack.Phishingeven two of the biggest tech companies .
Attackers h ave been phishing Attack.Phishingdevelopers as a way of compromising Chrome extensions into spreading affiliate program ads that scare victims into paying for PC repairs . Proofpoint researcher Kafeine has identified six compromised Chrome extensions that have been recently modified by an attacker after p hishing Attack.Phishinga developer 's Google Account credentials . Web Developer 0.4.9 , Chrometana 1.1.3 , Infinity New Tab 3.12.3 , Copyfish 2.8.5 , Web Paint 1.2.1 , and Social Fixer 20.1.1 were compromised in late July and early August . Kafeine believes TouchVPN and Betternet VPN were also comprised in late June with the same technique . Developers of several of the extensions h ave removed Vulnerability-related.PatchVulnerabilitythe threat in recent updates to their affected apps , including Web Developer , Copyfish , Chrometana , and Social Fixer . The main intent of the attack on Chrome extension developers is to divert Chrome users to affiliate programs and switch out legitimate ads with malicious ones , ultimately to generate money for the attacker through referrals . The attackers h ave also been gathering Attack.Databreachcredentials of users of Cloudflare , an availability service for website operators , which probably could be used in future attacks . The hijacked extensions were coded mostly to substitute banner ads on adult websites , but also a range of other sites , and to steal traffic from legitimate ad networks . `` In many cases , victims w ere presented Attack.Phishingwith fake JavaScript alerts prompting them to repair their PC , then redirecting them to affiliate programs from which the threat actors could profit , '' notes Kafeine . At least one of the affiliate programs receiving the hijacked traffic promoted PCKeeper , a Windows-focused tool originally from ZeobitLLC , the maker of the MacKeeper security product that was the subject of a class action suit a few years ago over false security claims . A snippet of JavaScript in the compromised extensions also downloaded a file that was served by Cloudflare containing code with a script designed to collect Cloudflare user credentials after login . Cloudflare stopped serving the file after it was alerted to the issue by Proofpoint . The phishing emails that compromised developers ' Google Accounts p urported to come from Attack.PhishingGoogle 's Chrome Web Store team , which claimed the developer 's extension did n't comply with its policies and would be removed unless the issue w as fixed.Vulnerability-related.PatchVulnerabilityAs Bleeping Computer recently reported , Google 's security team has sent an email warning to Chrome extension developers to be on the lookout for p hishing attacks.Attack.PhishingThe attackers h ad created Attack.Phishinga convincing copy of Google 's real account login page . It 's not the first time Chrome extensions have been targeted to spread adware and promote affiliate networks . In 2014 , adware firms bought several popular Chrome extensions from legitimate developers , which up to that point had maintained trustworthy products .
Radisson Hotel Group has confirmed that it has suffered a data breachAttack.Databreachon affecting “ a small percentage of our Radisson Rewards members ” . Business Traveller was alerted to the incident by one of our readers , who had received an email from Radisson confirming that his details had been compromisedAttack.Databreach. Radisson says that it identified the breach on October 1 , although it ’ s not clear exactly when the incident occured . A statement on the group ’ s website states : “ This data security incident did not compromiseAttack.Databreachany credit card or password information . Our ongoing investigation has determined that the information accessedAttack.Databreachwas restricted to member name , address ( including country of residence ) , email address , and in some cases , company name , phone number , Radisson Rewards member number and any frequent flyer numbers on file . “ Upon identifying this issue Radisson Rewards immediately revoked access to the unauthorized person ( s ) . All impacted member accounts have been secured and flagged to monitor for any potential unauthorized behavior . “ While the ongoing risk to your Radisson Rewards account is low , please monitor your account for any suspicious activity . You should also be aware that third parties may claim to beAttack.PhishingRadisson Rewards and attempt to gather personal information by deception ( known as “ phishingAttack.Phishing” ) , including through the use of links to fake websites . Radisson Rewards will not ask for your password or user information to be provided in an e-mail . “ Radisson Rewards takes this incident very seriously and is conducting an ongoing extensive investigation into the incident to help prevent data privacy incidents from happening again in the future. ” Radisson says that affected members will have receives an email notification from Radisson Rewards either yesterday ( October 30 ) or today ( October 31 ) . In the FAQs Radisson stresses that credit card data was not exposed by the breachAttack.Databreach, nor were members ’ passwords or travel histories / future stays . The hotel group is the latest in a line of travel companies to suffer data breachesAttack.Databreach, with British Airways and Cathay Pacific both admitting to compromisedAttack.Databreachdata in the last couple of months .
With phishingAttack.Phishingnow widely used as a mechanism for distributing ransomware , a new NTT Security reveals that 77 % of all detected ransomware globally was in four main sectors – business & professional services ( 28 % ) , government ( 19 % ) , health care ( 15 % ) and retail ( 15 % ) . While technical attacks on the newest vulnerabilities tend to dominate the media , many attacks rely on less technical means . According to the GTIR , phishing attacksAttack.Phishingwere responsible for nearly three-quarters ( 73 % ) of all malware delivered to organizations , with government ( 65 % ) and business & professional services ( 25 % ) as the industry sectors most likely to be attacked at a global level . When it comes to attacks by country , the U.S. ( 41 % ) , Netherlands ( 38 % ) and France ( 5 % ) were the top three sources of phishing attacksAttack.Phishing. The report also reveals that just 25 passwords accounted for nearly 33 % of all authentication attempts against NTT Security honeypots last year . Over 76 % of log on attempts included a password known to be implemented in the Mirai botnet – a botnet comprised of IoT devices , which was used to conduct , what were at the time , the largest ever distributed denial of service ( DDoS ) attacks . DDoS attacks represented less than 6 % of attacks globally , but accounted for over 16 % of all attacks from Asia and 23 % of all attacks from Australia . Finance was the most commonly attacked industry globally , subject to 14 % of all attacks . The finance sector was the only sector to appear in the top three across all of the geographic regions analysed , while manufacturing appeared in the top three in five of the six regions . Finance ( 14 % ) , government ( 14 % ) and manufacturing ( 13 % ) were the top three most commonly attacked industry sectors . “ We identified more than six billion attempted attacks over the 12-month period – that ’ s around 16 million attacks a day – and monitored threat actors using nearly every type of attack , ” said Steven Bullitt , Vice President Threat Intelligence & Incident Response , GTIC , NTT Security . With visibility into 40 percent of the world ’ s internet traffic , NTT Security summarizes data from over 3.5 trillion logs and 6.2 billion attacks for the 2017 Global Threat Intelligence Report ( GTIR ) . Analysis is based on log , event , attack , incident and vulnerability data .
I recently had a client getAttack.Phishingan interesting phishing message . They had receivedAttack.Phishinga fake message from their CEO to their Controller - a `` start the conversation '' email to end up with a wire transfer . This sort of email is not common , but is frequent enough in Sr Management circles , especially if you are in the middle of merger or acquisition discussions with another company . Some technical warning signs in that note were : So the discussion quickly moved from `` I 'm glad our execs came to us , we really dodged a bullet there '' to `` just how did this get in the door past our spam filter anyway ? '' Their SPAM filter does use the SPF ( Sender Policy Framework ) DNS TXT record , and a quick check on the SPF indicated that things looked in order there . However , after a second look , the problem jumped right out . A properly formed SPF will end with a `` - '' , which essentially means `` mail senders in this SPF record are valid for this domain , and no others '' . However , their SPF had a typo - their record ended in a `` ~ '' instead . What the tilde character means to this spam filter is `` the mail senders in this SPF record are valid for this domain , but YOLO , so is any other mail sender '' . From the RFC ( RFC7208 ) , the ~ means `` softfail '' , `` A `` softfail '' result is a weak statement by the publishing ADMD that the host is probably not authorized '' . More detail appears later in the RFC : `` A `` softfail '' result ought to be treated as somewhere between `` fail '' and `` neutral '' / '' none '' . The ADMD believes the host is not authorized but is not willing to make a strong policy statement . Receiving software SHOULD NOT reject the message based solely on this result , but MAY subject the message to closer scrutiny than normal. `` This same reasoning applies to the ~all and -all directives in the SPF ( which I see more often ) . You 'd think that a lot has changed since 2006 ( the date of the original SPF spec , RFC4408 ) , that in 2017 a spam filter should fail on that result , but apparently not ( sad panda ) . Kinda makes you wonder what the actual use case is for that tilde character in the definition - I ca n't think of a good reason to list permitted mail senders , then allow any and every other server too . That being said , their filter * should * still have caught the mismatch between the `` from '' and `` reply-to '' fields , especially since it involved an external source and internal domains . Or at least paired that up with the domain mismatch to weight this email towards a SPAM decision . Long story short - this type of attack was pretty popular ( and widely reported ) about a year ago , but successful methods never ( never ever ) go away . A little bit of research can make for a really well-formed phish , right down to using the right people in the conversation , good grammar , and phrasing appropriate to the people involved . So a bit of homework can get an attacker a really nice payday , especially if their campaign targets a few hundred companies at a time ( and they put more work into their email than the example above ) So in this case , a typo in a DNS record could have cost millions of dollars . Good security training for the end users and vigilant people made all the difference - a phone call to confirm is a `` must-do '' step before doing something irrevocable like a wire transfer
INDIANAPOLIS , Ind.– Officials at Scotty ’ s Brewhouse are working to inform thousands of employees across the company about an email data breachAttack.Databreach, leakingAttack.Databreachemployees ’ W-2 forms to an unknown suspect . Company officials called IMPD Monday afternoon to report the breachAttack.Databreach, which apparently resulted from an email phishing scamAttack.Phishing. According to the police report , an individual posing asAttack.Phishingcompany CEO Scott Wise sentAttack.Phishingan email to a payroll account employee . The email requested the employee to send all 4,000 employees W-2 forms in PDF form . Chris Martin , director of HR/Payroll for the company , told police the email did not really come from Wise . However , the payroll account employee did email all 4,000 W-2 forms to the unknown individual . The report says Martin contacted the IRS to inform the agency of the breach . The IRS recommended Martin also file a report with IMPD . Scotty ’ s Brewhouse officials are now in the process of informing all employees , and providing them with precautionary measures to take in order to protect their financial and personal information . The company says it will offer one year of credit monitoring at no cost to employees , in addition to providing information regarding available resources for its employees to monitor their credit . Scotty ’ s says no customer information was obtainedAttack.Databreachduring the phishing scamAttack.Phishing. The company is working with law enforcement and the credit bureaus to limit any potential misuse of the information that was obtainedAttack.Databreachand to identify and apprehend the scammers . Scott Wise , CEO of Scotty ’ s Holdings , LLC , issued the following statement : “ Unfortunately , Scotty ’ s was the target of and fell victim to scammers , as so many other companies have , ” said Wise . “ Scotty ’ s employees and customers are of tremendous importance to the company and Scotty ’ s regrets any inconvenience to its employees that may result from this scamming incident . Scotty ’ s will continue to work with federal and local law enforcement , the Internal Revenue Service and credit bureaus to bring the responsible party or parties to justice ” . The incident appears to match the description of an email phishingAttack.Phishingscheme the IRS issued warnings about last year . This scheme involves scammers posing asAttack.Phishingcompany executives to request financial and personal information on employees . The IRS has online tutorials on the proper steps to take if you have become the victim of identity theft or your personal information has been leakedAttack.Databreach
Morphisec researchers have spotted another attack campaign using fileless malware that is believed to be mounted by the infamous FIN7 hacking group . The goal of the campaign is to gain control of the target businesses ’ systems , install a backdoor , and through it perform continual exfiltrationAttack.Databreachof financial information . “ Like past attacks , the initial infection vector is a malicious Word document attached to a phishing email that is well-tailoredAttack.Phishingto the targeted business and its day-to-day operations , ” the researchers noted . “ The Word document executes a fileless attack that uses DNS queries to deliver the next shellcode stage ( Meterpreter ) . However , in this new variant , all the DNS activity is initiated and executed solely from memory – unlike previous attacks which used PowerShell commands. ” The researchers attribute this one important change to the group ’ s efforts to stay one step ahead of the defenders , and they are succeeding : “ After decryption of the second stage shellcode , the shellcode deletes the ‘ MZ ’ prefix from within a very important part of the shellcode . This prefix indicates it may be a DLL , and its deletion helps the attack to evade memory scanning solutions , ” the researchers found . “ If this DLL was saved on disk , many security solutions would immediately identify it as a CobaltStrike Meterpreter , which is used by many attackers and pen testers. ” But it ’ s not , and it passes undetected . In-memory resident attacks and the use of fileless malware are on the rise , and FIN7 is one group that has been employing this approach regularly . There can be no doubt other attackers will try to implement the same tactic . FIN7 has previously been tied to a sophisticated spear-phishing campaign hittingAttack.PhishingUS-based businesses with emails purportedly coming fromAttack.Phishingthe US Securities and Exchange Commission ( SEC ) , and Morphisec researchers believe that the series of attacks leveraged against 140+ banks and other businesses earlier this year is also their work . FIN7 is also associated with the infamous Carbanak gang , but whether they are one and the same it ’ s still impossible to say for sure .
Advanced Persistent Threat group linked to China said to be attacking companies by targeting their suppliers - scale of operation said to be unprecedented . A Chinese hacking group is thought to be behind attacks on managed service providers as a way into their client companies , to facilitate the theft of intellectual property . The hacking group , called APT10 , used custom malware and spear-phishing attacksAttack.Phishingto gain access to victims ' systems . Once inside , they used the company 's credentials to attack their client companies . The security of the supply chain has been a recognised weakness in security systems since at least 2013 when it was discovered that attackers had gained access to the Target retail chain in America through an HVAC service provider . Now it appears that APT10 is using that approach on a large scale . The group was discovered by PwC 's cyber-security practice and BAE Systems , working alongside the UK 's National Cyber Security Centre ( NCSC ) . The scale of the espionage campaign only became apparent in late 2016 , but the attack is thought to be the largest sustained global cyber-espionage campaign ever seen . PwC and BAE Systems said APT10 conducted the espionage campaign by targeting providers of managed outsourced IT services as a way in to their customers ' organisations around the world , gaining unprecedented accessAttack.Databreachto intellectual property and sensitive data . It is thought the group launched the campaign in 2014 and then significantly ramped it up in early 2016 , adding new developers and intrusion operators to continually enhance capability . The group is known to have exfiltratedAttack.Databreacha high volume of data from multiple victims and used compromised networks to stealthily move this data around the world . A number of Japanese organisations have also been targeted directly in a separate , simultaneous campaign by the same group , with APT10 masquerading asAttack.Phishinglegitimate Japanese government entities to gain access . Forensic analysis of the timings of the attack , as well as tools and techniques used , led investigators to conclude that the group may be based in China , but apart from that , it is not known precisely who is behind APT10 or why it targets certain organisations . Kris McConkey , partner for cyber-threat detection and response at PwC , said that the indirect approach of this attack highlights the need for organisations to have a comprehensive view of the threats they 're exposed to – including those of their supply chain . “ This is a global campaign with the potential to affect a wide range of countries , so organisations around the world should work with their security teams and providers to check networks for the key warning signs of compromise and ensure they respond and protect themselves accordingly , ” he said . Richard Horne , cyber-security partner at PwC , added that “ operating alone , none of us would have joined the dots to uncover this new campaign of indirect attacks . “ Together we 've been working to brief the global security community , managed service providers and known end victims to help prevent , detect and respond to these attacks , ” he added . Ilia Kolochenko , CEO of High-Tech Bridge , told SC Media UK that until there is more detail on the attacks , it would not be possible to make a reliable conclusion as to who was behind the so-called APT10 . “ Taking into consideration how careless and negligent some managed IT providers are , I would n't be surprised if all the attacks were conducted by a group of teenagers – something we have already seen in the past , ” he said . “ IT services providers should better enumerate and assess their digital risks , and implement appropriate security controls to mitigate related threats and vulnerabilities . Security standards , like ISO 27001 , can significantly help assure that the risks are continuously identified and are being duly addressed . For cyber-security service providers , accreditation by CREST is also an important factor to demonstrate the necessary standard of care around security , confidentiality and integrity for their own and client data , ” he added . “ Companies looking to secure their supply-chain can oblige their suppliers to get certified by ISO 27001 for example , or to provide solid and unconditional insurance to cover any data breachesAttack.Databreachand data leaksAttack.Databreach, including direct and consequent damages . ''
Since last year ’ s revelation that attackers have compromised SWIFT software of Bangladesh ’ s central bank and usedAttack.Phishingit to perform fraudulent transfers worth tens of millions , news about similar attacks – both successful and not – have become a regular occurrence . Attackers usually use banks ’ compromised SWIFT system to sendAttack.Phishinginformation about fraudulent financial transactions , but in attacksAttack.Phishingaimed at three government-owned banks in India , they chose to create fake trade documents such as letters of credit and guarantees . A letter of credit allows the sellers to be sure that they will get paid once they prove that the sold goods have been provided , as the buyer ’ s bank – the institution that issued the letter of credit – is obliged to release the money , even if the buyer is unable to make payment . Bank guarantees are documents that guarantee that the bank will release an agreed-upon sum either to the seller or the buyer in case the other party ultimately can ’ t provide the goods or the cash . A source close to the investigation told Economic Times that there have been no monetary losses or ransom demands as of yet . He or she posits that the hackers were planningAttack.Phishingto use the forged documents to get cash from offshore banks or carry out trade of prohibited or illegal commodities . It ’ s still unknown how the compromises were effected , and it ’ s possible that other Indian banks have been hit as well . The Reserve Bank of India has been notified of the breaches , and it has directed several banks to check whether the trade documents they sent via SWIFT have a match in their core banking system
Researchers identified over 70 organizations targeted in these attacks , with most located in Ukraine , and especially in the self-declared separatist states of Donetsk and Luhansk , near the Russian border . The target list includes editors of Ukrainian newspapers , a scientific research institute ; a company that designs remote monitoring systems for oil & gas pipeline infrastructures ; an international organization that monitors human rights , counter-terrorism and cyberattacks on critical infrastructure in Ukraine ; and an engineering company that designs electrical substations , gas distribution pipelines , and water supply plants ; among many others . According to CyberX security experts , attacksAttack.Phishingare mostly driven by spear-phishing emails that spread Word documents that contain malicious macros . AttacksAttack.PhishinglureAttack.Phishingvictims into allowing the macros in these documents to execute by telling them the document was created in a newer version of Word , and enabling macros allows them to view their content . Enabling macros downloads several malware families in multiple stages . The downloaded malware does n't include destructive features and uses several mechanisms to remain hidden , an important clue pointing to the fact its authors are using it for reconnaissance only . Using Dropbox instead of a custom web server for collecting dataAttack.Databreachis yet another sign that hackers are trying to stay hidden as long as possible . This is because it would be much easier to detect malicious traffic sent to a remote web server compared to Dropbox , an application whitelisted by firewalls and other security products . CyberX researchers named this particular campaign BugDrop because crooks used the PC 's microphone 's to bug victims , and Dropbox to exfiltrateAttack.Databreachdata . After they analyzed the malware deployed in this campaign , CyberX security experts claim the malware and techniques used in the BugDrop operation are similar to Groundbait , another cyber-espionage campaign discovered in May 2016 by ESET researchers .
Google has announcedVulnerability-related.DiscoverVulnerabilitya crackdown on intrusive pop-up advertisements on its Chrome web browser after a previous update failedVulnerability-related.PatchVulnerabilityto stop them . The ads open users up to phishing attacksAttack.Phishingthat attempt to scamAttack.Phishingpeople into giving private information such as bank details to online fraudsters . Google says the ads create an 'abusive experience for users ' , including fee messages , unexpected clicks , phishing attemptsAttack.Phishingand misleading site behaviour . The firm tried to stopVulnerability-related.PatchVulnerabilitymanipulative adverts in an update last February but now admits that it 'did not go far enough ' . Chrome currently has an option to enable a pop-up blocker but fraudsters have quickly found ways around this . The company declined to name the companies involved in the crackdown but said that the update will blockVulnerability-related.PatchVulnerabilityads from a 'small number of sites with persistent abusive problems ' . Pop-ups are small windows that tend to show system warnings which are difficult to close , as well as 'watch video ' buttons . When the company announced its previous crackdown back in February , critics were quick to point out that the firm wanted to make ads more tolerable - so that their own could get past filters . Some said that the aim was to persuade people to disable their ad block so as not to deprive publishers ( including Google ) from displaying their advertisements and thus depriving them of revenue . Although they did not go into detail about why the previous block did n't work , Chrome product manager Vivek Sekhar said : 'We 've learned since then that this approach did not go far enough . ' 'In fact , more than half of these abusive experiences are not blocked by our current set of protections , and nearly all involve harmful or misleading ads . ' Advertisements also tend to be a hotbed for malicious software or scams where fraudsters trickAttack.Phishingpeople into giving out their personal information . Once a pop-up is clicked on , the ad can take you to a separate web page asking you to download an application and actually triggers an onslaught of more pop-up ads
According to the Graham Cluley , hackers are conducting phishing attacksAttack.Phishingon gamers using two types of emails to steal their login credentials . Hackers are sendingAttack.Phishingemails to World of Warcraft players making them believe that they have won a prize followed by a link to claim it by putting their Blizzard account credentials . The items used in the email are “ Battlepaw ” an in-game pet , and a flying mount called “ Mystic Runesaber ” . Both these items are legitimate and can be bought in the game , which makes these emails more believable , but of course , it ’ s all just a lie . Once you click the email , a new window will appearAttack.Phishingasking you to enter the login details of your blizzard account , and if you do that , the hacker will receiveAttack.Databreachyour information , which can either be sold or used personally . “ You are receiving this e-mail because your friend has purchased World of Warcraft In-Game Pet : Brightpaw for you as a gift ! This would have been a perfect scam if not for the two obvious flaws in the email . First one is the suspicious looking question mark after Battle dot net , and the second one is named Blizzard Entertainment wrote at the end of the email . Like all the other phishing scamsAttack.Phishing, this one also relies on the poor judgment of the recipients and to make sure that you do not fall into this trap you must be very careful when you receive an email from an unknown sender
Here are five best practices that can help you boost end-user experiences , simplify performance management , and reduce the cost of your AWS environment . The number of successful cyberattacks per year per company has increased by 46 % over the last four years . But what really needs to be considered when exploring a solution ? The leaked database weighs in at 52.2GB , and according to ZDNet comes via business services firm Dun & Bradstreet , which sells it to marketers that send targeted email campaigns . After examining the data , Hunt has revealed that the data dumpAttack.Databreachcontains details belonging exclusively to US-based companies and government agencies . California is the most represented demographic with over four million records , followed by New York with 2.7 million records and Texas with 2.6 million records . The leading organisation by records is the Department of Defense , with 101,013 personnel records exposed in the dumpAttack.Databreach. It is followed by the United States Postal Service ( USPS ) with 88,153 leaked employee records and AT & T with 67,382 . Other firms affected by the leakAttack.Databreachincludes CVS with 40,739 records , Citigroup with 35,292 and IBM with 33,412 . The database contains dozens of fields , some including personal information such as names , job titles and functions , work email addresses , and phone numbers . While the database does n't contain more sensitive information , such as credit card numbers or SSNs , Hunt says it 's an `` absolute goldmine for targeted spear phishingAttack.Phishing. '' `` From this data , you can piece together organisational structures and tailor messagingAttack.Phishingto create an air of authenticity and that 's something that 's attractive to crooks and nation-state actors alike , '' he said . `` I often work with companies attempting to mitigate the damage of their organisational data being publicly exposedAttack.Databreach( frequently due to data breachesAttack.Databreach) , and I can confidently say that knowing this information is out there circulating would concern many of them . '' Dun & Bradstreet has denied responsibility for the leakAttack.Databreachand said it could have come from come from any of its thousands of clients . `` Based on our analysis , it is our determination that there has been no exposureAttack.Databreachof sensitive personal information from , and no infiltration of our system . The information in question is data typically found on a business card . `` As general practice , Dun & Bradstreet uses an agile security process and evaluates and evolves security controls to protect the integrity of our data , '' a spokesperson told the INQUIRER
A few days ago experts at antivirus firm ESET spotted a new MacOS ransomware , a rarity in the threat landscape , but it has a serious problem . Malware experts from antivirus vendor ESET have discovered a new file-encrypting ransomware , dubbed OSX/Filecoder.E , targeting MacOS that is being distributed through bittorrent websites. “ Early last week , we have seen a new ransomware campaign for Mac . This new ransomware , written in Swift , is distributed via BitTorrent distribution sites and calls itself “ Patcher ” , ostensibly an application for pirating popular software. ” reads the analysis published by ESET . The bad news for the victims is that they will not be able to recover their files , even if they pay the ransomAttack.Ransom. MacOS ransomware is not common in the threat landscape , this is the second such malware discovered by the security experts after the researchers spotted the Keranger threat in March 2016 . The OSX/Filecoder.E MacOS ransomware masqueradesAttack.Phishingitself as a cracking tool for commercial software like Adobe Premiere Pro CC and Microsoft Office for Mac . The fake cracking tool is being distributed as a bittorrent download . The malware researchers noted that the ransomware is written in Apple ’ s Swift programming language and it appears to be the result of the work of a novice Vxer . The MacOS ransomware is hard to install on the last OS X and MacOS versions because the installer is not signed with a developer certificate issued by Apple . The OSX/Filecoder.E MacOS ransomware generates a single encryption key for all files and then stores the files in encrypted zip archives . Unfortunately , the malicious code is not able to send the encryption key to the C & C server before being destroyed , this makes impossible the file decryption . The experts highlighted that implementation of the encryption process is effective and makes impossible to crack it . “ There is one big problem with this ransomware : it doesn ’ t have any code to communicate with any C & C server . This means that there is no way the key that was used to encrypt the files can be sent to the malware operators. ” continues the analysis . “ The random ZIP password is generated with arc4random_uniform which is considered a secure random number generator , ” “ The key is also too long to brute force in a reasonable amount of time. ” At the time I was writing , the monitoring to the bitcoin wallet address used to receive the paymentAttack.Ransomof the victims revealed that none has paid the ransomAttack.Ransom. Experts believe that the crooks behind OSX/Filecoder . E are likely interested in scamming the victims instead of managing a botnet . “ This new crypto-ransomware , designed specifically for macOS , is surely not a masterpiece . Unfortunately , it ’ s still effective enough to prevent the victims accessing their own files and could cause serious damage. ” closed the analysis .
Cybersecurity experts and companies on Long Island are looking for ways to shore up the weakest link on company computer networks : the employee . Local cybersecurity professionals are creating interactive comic books , testing employees with simulated phishing emails — tailored messages that seek to obtain key information , such as passwords — and seeking to convince top executives that the threat of business disruption from hacking requires their attention . “ The biggest problem is not the technology ; it ’ s the people , ” said Laurin Buchanan , principal investigator at Secure Decisions , a division of Northport software developer Applied Visions Inc. Sixty percent of cyber-assaults on businesses can be traced to insiders ’ actions , either inadvertent or malicious , according to a 2016 study by IBM Security . The average cost of a data breachAttack.Databreachfor U.S. companies is $ 7.4 million , or $ 225 per lost or stolen record , a June 2017 study by IBM and the Ponemon Institute , a Traverse City , Michigan , researcher , found . Costs related to data breachesAttack.Databreachcan include the investigation , legal costs to defend against and settle class-action lawsuits , credit monitoring for affected customers , and coverage of fraud losses . Harder to gauge is the cost to a company ’ s reputation . One of the largest hacksAttack.Databreachever was disclosed this month , when credit reporting company Equifax Inc. revealed that sensitive data from 143 million consumers , including Social Security numbers and birth dates , was exposedAttack.Databreach. A stock analyst from Stifel Financial Corp. estimated that the attack will cost Equifax about $ 300 million in direct expenses . Investors seem to think the incident will have a much greater impact on At a seminar in Garden City this month , Henry Prince , chief security officer at Shellproof Security in Greenvale , explained how in a ransomware attackAttack.Ransom— one of many types — cybercriminals can buy specialized tools such as those used to sendAttack.Phishingphishing emails . The easy availability of that software means that hackers require “ no programming experience , ” Prince said . Phishing emails can be blocked by company email filters , firewalls and anti-virus software . But if one gets throughAttack.Phishingand an employee clicks on the link in the phishing email , the business ’ network is compromised . Hackers can then encrypt files , preventing access to them by the company and crippling the business , Prince said at the seminar . Hackers then can demand paymentAttack.Ransom, typically in an untraceable cryptocurrency like Bitcoin — a digital asset that uses encryption — before agreeing to decrypt the files . “ Ransomware is a business to these people , ” Prince said . “ Ninety-nine percent of the time , ransomware requires user interaction to infect. ” Della Ragione echoed that sentiment : “ The greatest risk at a company is the employees . Training employees is one of the best steps in shoring up your defenses. ” In response , many local experts and companies focus on teaching employees how to resist hackers ’ tricks . Secure Decisions has developed interactive comics to teach employees ways of detecting “ phishing ” emails and other hacking attempts . The company has gotten more than $ 1 million for research related to the interactive comic project , known as Comic-BEE , from the Department of Homeland Security , as well as a grant for $ 162,262 from the National Science Foundation . The comics , inspired by children ’ s “ Choose Your Own Adventure ” books , feature different plots depending on the reader ’ s choices . “ If you can give people the opportunity to role-play , some of the exhortations by the experts will make more sense , ” Buchanan said . The comics are being field-tested at several companies and Stony Brook University . They were featured in July at a DHS cybersecurity workshop in Washington , D.C. Radu Sion , a computer science professor at Stony Brook and director of its National Security Institute , which studies how to secure digital communications , acknowledged that security is far from a priority for most users . “ Ultimately , the average Joe doesn ’ t care , ” he said . “ You [ should ] treat the vast majority of your users as easily hackable. ” Northwell Health , the New Hyde Park-based health care system that is the largest private employer in New York State , is trying to find and get the attention of those inattentive employees . Kathy Hughes , Northwell vice president and chief information security officer , sends out “ phishing simulations ” to the workforce . The emails are designed to mimicAttack.Phishinga real phishing campaignAttack.Phishingthat seeks passwords and personal information . In April , for instance , Northwell sent outAttack.Phishingphishing emails with a tax theme . Hughes collects reports on which employees take the baitAttack.Phishingby user , department and job function . “ We present them with a teachable moment , ” she said . “ We point out things in the email that they should have looked at more carefully. ” The emails are supplemented with newsletters , screen savers and digital signage reminding users that hackers are lurking . Another tool : Non-Northwell emails have an “ external ” notation in the subject line , making it harder for outsiders to pretend to beAttack.Phishinga colleague . “ We let [ the employees ] know that they are part of the security team , ” she said . “ Everybody has a responsibility for security. ” One of the most important constituencies for security is top executives . Drew Walker , a cybersecurity expert at Vector Solutions in Tampa , Florida , said many executives would rather not know about vulnerabilities to their computer systems , because knowledge of a hole makes them legally vulnerable and casts them in a bad light . “ Nine times out of 10 , they don ’ t want to hear it , ” he said . “ It makes them look bad. ” Richard Frankel , a former FBI special agent who is of counsel at Ruskin Moscou , said that company tests of cybersecurity readiness often snare CEOs who weren ’ t paying attention to training . But attorney Della Ragione said high-profile attacks are getting notice from executives . “ Everyone ’ s consciousness is being raised , ” she said . Data leaksAttack.Databreachat Long Island companies have caused executives to heighten security . In 2014 , Farmingdale-based supermarket chain Uncle Giuseppe ’ s Marketplace said that foreign hackers had breachedAttack.Databreachthe credit card database of three stores . Joseph Neglia , director of information technology at Uncle Giuseppe ’ s , said that after the data breachAttack.Databreach, which affected about 100 customers , the company began scheduling “ monthly vulnerability scans ” and upgraded its monitoring and security systems . For businesses , Stony Brook ’ s Sion said , the cybersecurity threat is real and immediate . “ I need one second with your machine to compromise it forever and ever , ” he said . “ It ’ s an uphill battle . ”
The site now includes a malicious link that infects the computers of anyone visiting , Arctos contends . Palani Bala , Arctos ' CTO , claims that HPCL 's site was compromised by a series of attacks by the pseudo-Darkleech campaign , which exposes users to Nemucod malware that , in turn , downloads Cerber ransomware onto their machines . Darkleech is a long-running campaign that uses exploit kits to deliver malware . The executable downloaded logs delivered by exploit kits were analyzed through a behavior analysis engine , which identified the executable file as Cerber ransomware based on behavior classification , Bala says . Landing page deobfuscated by Arctos Ateles engine . Source : Arctos Threat Research Co. Bala claims the attackers run automated bots that look for vulnerable sites and then tamper with them by adding additional content that delivers malware to visitors ' computers . Experts say hackers using Cerber ransomware usually demandAttack.Ransom$ 1,000 in bitcoin from infected users . Cerber ransomware and its encryption components are updated daily on the site , he adds . First appearing in March 2016 , Cerber often contains an audio file with a ransom message . The ransomware largely spreads via spear-phishing campaignsAttack.Phishing, security experts say . Arctos suspectsVulnerability-related.DiscoverVulnerabilitythe HPCL attackers ' bot might have exploitedVulnerability-related.DiscoverVulnerabilityvulnerabilities in an old Apache web-server or any additional services/plug-ins running in the server , Bala says . He recommends that HPCL 's webserver infrastructure perimeter be protected around the clock by advanced security monitoring solutions to detect such compromises . In the meantime , it 's time CERT-In made a recommendation to HPCL and others on how to avoid infections .
In a new blog post researchers from Proofpoint have tracked a phishing campaignAttack.Phishingleveraging the concept of “ Twitter Brand Verification ” . Because the actors in this case are relying on paid , targeted ads on Twitter , users don ’ t need to do anything to see the phishing link . Attackers are increasing the sophistication of social engineering approaches and extending them across social channels . Users and brands need to be increasingly savvy to avoid getting snared by ads , accounts , and messages that initially look legitimate . While this attack was observed on Twitter , such a scam could be implemented on any social media platform that implements some form of account verification . The full blog post can be found here , however key takeouts include : “ Verified accounts ” are a powerful tool on Twitter to help brands differentiate themselves from fraudulent , impersonation , and parody accounts on the social media site . When an account is officially verified , it displays a special badge intended to reassure Twitter users that they are interacting with a genuine brand and not an impostor . Recently , however , threat actors are using the promise of verified accounts to lureAttack.Phishingusers into a credit card phishing schemeAttack.Phishing. Account verification is a process that Twitter manages for “ accounts of public interest ” and requires brands to go through multiple verification steps . The promise , then , of a quick verification process is attractive , especially to smaller businesses that potentially lack the resources to meet Twitter ’ s requirements for account verification . In this phishing attackAttack.Phishing, discovered by Proofpoint researchers in December , attackers place legitimate ads targeting brand managers and influencers with a link to a phishing site purportingAttack.Phishingto offer account verification . The ads themselves come fromAttack.Phishingan account that mimicsAttack.Phishingthe official Twitter support account , @ support . The fraudulent account , @ SupportForAll6 , uses Twitter branding , logos , colors , etc. , to increase the sense of authenticity , despite a very low number of followers and a suspect name
Microsoft has seenVulnerability-related.DiscoverVulnerabilityits share of issues as of late , and now a seemingly simple patch is causing serious issues to certain laptops running the 2016 Anniversary Update . The update was originally releasedVulnerability-related.PatchVulnerabilityto prevent a zero-day attack on IE . Per Microsoft , this was the issue being fixedVulnerability-related.PatchVulnerability: A remote code execution vulnerability exists inVulnerability-related.DiscoverVulnerabilitythe way that the scripting engine handles objects in memory in Internet Explorer . The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user . An attacker who successfully exploitedVulnerability-related.DiscoverVulnerabilitythe vulnerability could gain the same user rights as the current user . If the current user is logged on with administrative user rights , an attacker who successfully exploitedVulnerability-related.DiscoverVulnerabilitythe vulnerability could take control of an affected system . An attacker could then install programs ; view , change , or delete data ; or create new accounts with full user rights . In a web-based attack scenario , an attacker could host a specially crafted website that is designedAttack.Phishingto exploit the vulnerability through Internet Explorer and then convinceAttack.Phishinga user to view the website , for example , by sendingAttack.Phishingan email . The security update addressesVulnerability-related.PatchVulnerabilitythe vulnerability by modifying how the scripting engine handles objects in memory . But now that fix is causing a pretty big problem of its own : it ’ s preventing certain laptops from booting . The affected machines are part of a pretty small bunch—only Lenovo laptops with less than 8 GB of RAM running the 2016 Anniversary Update ( 1607 ) —but it ’ s still a pretty bad problem to have . Fortunately , there ’ s a way to bypass the failed boot by restarting into the UEFI and disabling Secure Boot . It ’ s also noted that if BitLocker is enabled that you may have to go through BitLocker recovery after disabling Secure Boot . On the upside , Microsoft is working with Lenovo to correctVulnerability-related.PatchVulnerabilitythe issue and will releaseVulnerability-related.PatchVulnerabilitya fix sometime in the future . I just wouldn ’ t count on it before the end of the year . Until then , be careful when updating devices , especially if they happen to be Lenovo laptops with limited RAM .
The UK 's Foreign Office was targeted by highly motivated and well-resourced hackers over several months in 2016 . The BBC understands the government has investigated the previously unreported attack that began in April last year . The UK 's National Cyber Security Centre would not say whether data was stolenAttack.Databreach. But a source told the BBC that the most sensitive Foreign Office information is not kept on the systems targeted by the hackers . Research published on Thursday by cybersecurity firm F-Secure suggested the attackAttack.Phishingwas a "spear-phishing" campaignAttack.Phishing, in which people were sentAttack.Phishingtargeted emails in attempts to foolAttack.Phishingthem into clicking a rogue link or handing over their username and password . To do this , the attackers created a number of web addresses designed to resembleAttack.Phishinglegitimate Foreign Office websites , including those used for accessing webmail . F-Secure does not know whether the attack was successful . The company says the domains were created by hackers that it calls the Callisto Group , which it says is still active . However the UK 's National Cyber Security Centre ( NCSC ) declined to say who was behind the attack on the Foreign Office . The targeted emails that were sent outAttack.Phishingtried to foolAttack.Phishingtargets into downloading malware which was first developed for law enforcement by the Italian software company Hacking Team . Hacking Team 's surveillance tools were previously exposed in a cyberattack , first reported in 2015 . There is no suggestion that Hacking Team had any involvement in the attacks . F-Secure said that the use of the software should remind governments that they `` do n't have monopolies on these [ surveillance ] technologies '' , and that once created the software can fall into the hands of hackers . The BBC has not seen evidence conclusively identifying the origin of the attack . A cybersecurity expert at another company , who wished to remain anonymous , found a link to information uncovered in the investigation of Russian efforts to influence the US election . Two of the phishing domains used by the hackers were once linked to an IP address mentioned in a US government report into Grizzly Steppe . Grizzly Steppe is the name given by the US government to efforts by `` Russian civilian and military intelligence services to compromise and exploit networks and endpoints associated with the US election '' . However , the cybersecurity expert noted that this connection between the phishing domain and Grizzly Steppe may be a coincidence , as over 300 other domains - many of them not hacking-related - were linked to the same IP address . F-Secure told the BBC that it did notice some similarity between the Callisto Group 's hacking and previous attacks that have been linked to Russia . However , it said despite some similarities in the tactics , techniques , procedures and targets of the Callisto Group , and the Russia-linked group known as APT28 , it believed the two were `` operationally '' separate . It noted that the Callisto Group was also less `` technically capable '' than APT28 .
Called Chrysaor , the Android variant can stealAttack.Databreachdata from messaging apps , snoop overAttack.Databreacha phone ’ s camera or microphone , and even erase itself . On Monday , Google and security firm Lookout disclosed the Android spyware , which they suspect comes from NSO Group , an Israeli security firm known to develop smartphone surveillance products . Fortunately , the spyware never hit the mainstream . It was installed less than three dozen times on victim devices , most of which were located in Israel , according to Google . Other victim devices resided in Georgia , Mexico and Turkey , among other countries . Users were probably trickedAttack.Phishinginto downloading the malicious coding , perhaps though a phishing attackAttack.Phishing. Once it installs , the spyware can act as keylogger , and stealAttack.Databreachdata from popular apps such as WhatsApp , Facebook and Gmail . In addition , it possesses a suicide function that ’ ll activate if it doesn ’ t detect a mobile country code on the phone -- a sign that the Android OS is running on an emulator . The surveillance features are similar to those found in Pegasus , which has also been linked with NSO Group . At the time , Lookout called the spyware the most sophisticated attack it ’ s ever seen on a device . The iOS variant exploited three previously unknown vulnerabilities to take over a phone and surveil the user . The spyware was uncovered when a human rights activist in the United Arab Emirates was found infected by it . His phone had receivedAttack.Phishingan SMS text message , which contained a malicious link to the spyware . But Lookout had also been investigating into whether NSO Group developed an Android version . To find out , the security firm compared how the iOS version compromises an iPhone and matched those signatures with suspicious behavior from a select group of Android apps . Those findings were then shared with Google , which managed to identify who was affected . However , unlike the iOS version , the Android variant doesn ’ t actually exploit any unknown vulnerabilities . Instead , it taps known flaws in older Android versions . Chrysaor was never available on Google Play , and the small number of infected devices found suggests that most users will never encounter it , the search giant said
Noticed more emails and texts lately claiming to beAttack.Phishingfrom your bank – and not just yours ? You ’ re not the only one . Action Fraud , the UK police ’ s dedicated fraud tracking team , has revealed a significant increase in reports about phishing attacksAttack.Phishingconnected to TSB ’ s massive IT outage have been reported . A total of 176 complaints have been received , or around ten a day since April 30 . “ There has been an uptick in phishing attemptsAttack.Phishingacross the piece , ” says an Action Fraud spokesperson . TSB ’ s banking meltdown , caused by a botched IT upgrade , still has not been remedied – nearly four weeks on . And the crisis has become paydirt for scammers and hackers , who have waded into a confusing , chaotic situation and are making out with thousands of pounds worth of savings from people ’ s accounts . And it ’ s not just TSB - the number of phishing texts claiming to beAttack.Phishingfrom other banks such as Barclays and NatWest also seems to be on the rise . “ When a ‘ change ’ goes wrong and so publicly like TSB ’ s , it ’ s like cyber blood in the water , ” explains Ian Thornton-Trump , chief technical officer of Octopi Managed Services , an IT company . “ Cyber criminals pay attention to companies rocked by internal scandals or public ‘ ball drops ’ and react accordingly. ” With the bank ’ s staff overloaded trying to fix the problems that caused the outage in the first place , fraudulent transactions aren ’ t being tracked or checked as quickly as they should be . “ It is a sad fact that fraudsters might try to take advantage of situations like these , ” says a TSB spokesperson . The scammers are using one of the most common tools in their arsenal : phishing attacksAttack.Phishing. They send outAttack.Phishingmass texts and emails to customers – many of whom identify themselves as TSB ’ s customers in increasingly irate social media posts – with links to legitimate-sounding but fraudulent websites . Customers are encouraged to click a link and input their username and password to process their complaints against the company – and lose control of their bank account . Lucy Evans , 23 , is one customer who has had her cash stolen . Her TSB current account was looted , and she ’ s receivedAttack.Phishinga number of texts purporting to beAttack.Phishingfrom TSB . She was defraudedAttack.Phishingby a combination of phone calls and texts . “ I think I was targeted whilst we couldn ’ t actually view our money , ” says Evans . “ Criminals are happy to exploit people ’ s misery , whatever form that might take , ” says professor Alan Woodward , a cybersecurity specialist from the University of Surrey . “ Criminals can pretend to beAttack.Phishingthe bank and ask customers to undertake strange actions that under normal operations would seem suspicious . Customers might be so delighted to actually be able to access their web banking that they might just let their guard down that little bit more than usual. ” TSB has to act more proactively to shut down fraudulent domains and to make the public more aware of the scams circulating , Woodward argues . “ TSB need to up their game in responding to customers – as that very lack of response can be used to lure customers in. ” For those who have fallen victim , the loss of money is adding insult to injury . “ I ’ m certain I ’ ll move banks , ” says Evans , who lost the contents of her current account . “ Most of the staff have been helpful and apologetic , but this should have been resolved by now . It seems they are not fit for purpose . ”
An effective new phishing attackAttack.Phishingis hittingAttack.PhishingGmail users and trickingAttack.Phishingmany into inputing their credentials into a fake login page . The phishers startAttack.Phishingby compromising a Gmail account , then they rifle through the emails the user has recently receivedAttack.Phishing. After finding one with an attachment , they create an image ( screenshot ) of it and include it in a reply to the sender . They use the same or similar subject line for the email , to invoke recognition and automatic trust . “ You click on the image , expecting Gmail to give you a preview of the attachment . Instead , a new tab opens up and you are prompted by Gmail to sign in again , ” WordFence CEO Mark Maunder warns . The phishing page is a good copy of Gmail ’ s login page , and its URL contains the accounts.google.com subdomain , which is enough to foolAttack.Phishingmany into believing that they are on a legitimate Google page . “ This phishing techniqueAttack.Phishinguses something called a ‘ data URI ’ to include a complete file in the browser location bar . When you glance up at the browser location bar and see ‘ data : text/html… .. ’ that is actually a very long string of text , ” Maunder explained .
One tried-and-true technique continues to be hiding malware inside fake versions of popular files , then distributingAttack.Phishingthose fake versions via app stores . Doing the same via peer-to-peer BitTorrent networks has also long been popular . But as with so many supposedly free versions of paid-for applications , users may get more than they bargained for . To wit , last week researchers at the security firm ESET spotted new ransomware - Filecoder.E - circulating via BitTorrent , disguised asAttack.Phishinga `` patcher '' that purports to allow Mac users to crack such applications as Adobe Premiere Pro CC and Microsoft Office 2016 . As Toronto-based security researcher Cheryl Biswas notes in a blog post : `` For those who torrent , be careful . ESET says the ransomware can also encrypt any Time Machine backups on network-connected volumes that are mounted at the time of the attackAttack.Ransom. If the ransomware infects a system , it demandsAttack.Ransom0.25 bitcoins - currently worth about $ 300 - for a decryption key . But ESET security researcher Marc-Etienne M.L Éveillé , in a blog post , says the application is so poorly coded that there 's no way that a victim could ever obtain a decryption key . So far , ESET reports that the single bitcoin wallet tied to the ransomware has received no payments . `` There is one big problem with this ransomware : It does n't have any code to communicate with any C & C ; server , '' says Éveillé , referring to a command-and-control server that might have been used to remotely control the infected endpoint . `` This means that there is no way the key that was used to encrypt the files can be sent to the malware operators . This also means that there is no way for them to provide a way to decrypt a victim 's files . '' The longstanding ransomware-defense advice , of course , is to never pay ransomsAttack.Ransom, because this directly funds cybercrime groups ' ongoing research and development . Instead , stay prepared : Keep complete , disconnected backups of all systems , and periodically test that they can be restored , and thus never have to consider paying a ransomAttack.Ransom. `` We advise that victims never pay the ransomAttack.Ransomwhen hit by ransomware , '' Éveillé says . In other ransomware news , new ransomware known as Trump Locker - not to be confused with Trumpcryption - turns out to be a lightly repackaged version of VenusLocker ransomware , according to Lawrence Abrams of the security analysis site Bleeping Computer , as well as the researchers known as MalwareHunter Team . `` Unfortunately , you are hacked , '' the start of the malware's ransom demandAttack.Ransomreportedly reads . VenusLocker first appeared in October 2016 ; it got a refresh two months later . The researchers do n't know if the group distributing Trump Locker is the same group that distributed VenusLocker , or if another group of attackers reverse-engineered the code . But they say that functionally , the two pieces of malware appear to be virtually identical , Bleeping Computer reports . For example , both Trump Locker and VenusLocker will encrypt some files types in full , while only encrypting the first 1024 bytes of other file types , including PDF , XLS , DOCX , and MP3 file formats . Fully encrypted files have `` .TheTrumpLockerf '' appended to their filename , while partially encrypted files get a `` .TheTrumpLockerp '' extension added , the researchers say . Finally , ransomware gangs ' use of customer service portals - to help and encourage victims to pay their ransomsAttack.Ransom- continues , says Mikko Hypponen , chief research officer of Finnish security firm F-Secure . One chief function of this support appears to be to help victims who do n't know their Windows from their ASP to find a way to remit bitcoinsAttack.Ransomto attackers , according to research into crypto-ransomware called Spora and its related customer-support operation , conducted by F-Secure 's Sean Sullivan .
SCAMMERS are using fake websites to lureAttack.Phishingin Cyber Monday and Christmas shoppers and take their money . Be wary of `` too good to be true '' offers on Fingerlings toys , iPhones and fashion as they 're the most common items sold by fraudsters , according to the City of London Police . With shoppers set to spend £2.96billion by the end of Cyber Monday , fraud experts have warned that scammers will temptAttack.Phishingshoppers with suspiciously good deals so they buy their counterfeit items and hand over their card details . They 'll also set upAttack.Phishingfake websites that look likeAttack.Phishinggenuine retailers to trickAttack.Phishingpeople into giving away their data and payment details , according to a new report by Action Fraud and the City of London Police . Phishing emails containing tempting deals which enticeAttack.Phishingshoppers to click on links to fake websites are also on the rise on Cyber Monday and over the Christmas period , the report said . Scammers are using social media websites such as Facebook , re-selling websites such as Gumtree and online auction websites such as eBay to target Christmas shoppers , experts revealed . Mobile phones - particularly Apple iPhones - are the most common item that people try to buy from fraudsters , according to the report . Seventy-four per cent of all mobiles bought from fraudsters were iPhones , the study said . Electrical and household items , computers , fashion and accessories are also commonly sold to fraud victims , including Apple MacBooks , Ugg boots and Fingerlings toys - so be wary of `` too good to be true '' offers for these items . Women aged between 20 and 29 are the most likely to be caught out by scammers , according to the report , with 30 per cent of fraud reports coming from young women . But the police have warned that everyone should stay on their guard as anyone can fall victim to Christmas shopping fraudsters . More than 15,000 shoppers lost a total of £11million to scammers over the Christmas period last year . Detective Chief Superintendent Pete O ’ Doherty , of the City of London Police , said : “ Unfortunately , at what is an expensive time of year for many , the internet has provided fraudsters with a platform to lureAttack.Phishingpeople in with the promise of cheap deals . He added : “ To stop fraudsters in their tracks , be cautious of where and from whom you ’ re buying , especially if it is technology at a reduced price . '' Tony Neate , CEO of Get Safe Online , a free fraud awareness website , said : “ It can be easy to rush into making a quick purchase online to secure a must have gift or bargain without taking the time to check that everything is as it seems . “ But taking a couple of minutes to familiarise yourself with a few simple online safety tips can be the difference between getting all your shopping done in time and becoming a victim of online fraud . '' There are plenty of Black Friday and Cyber Monday scams around at the moment - we 've revealed the latest tricks used by fraudsters . Meanwhile scammers claiming to beAttack.Phishingfrom Tesco are running a fake competition in an attempt to steal your bank details .
There ’ s a new LinkedIn scamAttack.Phishingdoing the rounds , involving phishing emails and a fake website designedAttack.Phishingto harvest the information you have in your CV . In the first stage of the scam , you receiveAttack.Phishinga phishing email disguised asAttack.Phishinga LinkedIn email . Here are just a few of the giveaways that this is a phishing email : Clicking either of the two links in the spam email will send you to https : //linkedinjobs ( dot ) jimdo ( dot ) com . We scanned the link with VirusTotal , and most of the security solutions found it to be clean , with the exception of a less well known scanner , AutoShun . Clicking on the website itself will take you to a simple page , where the main focus falls on a form for uploading your CV . Your CV contains a wealth of personal data which a cybercriminal uses to make a profit at your expense . Phone numbers can be sold for companies doing promotional cold calling . Or , the cybercriminal might call you himself in a vishing attackAttack.Phishing. Sometimes however , the attacker targets a company you worked at ( or a future company you want to work for ) . Using the information found within your CV , the attacker might impersonateAttack.Phishingyou in order to launch spear phishing emails against people in those companies , such as the CEO or the accounting department , in order to illegally obtain funds or money transfers . In 2016 for instance , the CEO of an Austrian airplane component manufacturer was fired after he got trickedAttack.Phishingby a spear phishing attackAttack.Phishingthat led him to transfer around 40 million euros to the scammer ’ s account . This isn ’ t the first time LinkedIn has been used a cover for a phishing campaignAttack.Phishing. Another similar situation was encountered in 2016 , which we also covered . It ’ s difficult ( if not impossible ) for companies alone to prevent these scams from taking place . In these cases , users too should contribute to keeping the Internet safe . In cases involving LinkedIn , the best course of action is to report these to the company : LinkedIn itself also offers a thorough set of tips and advice on how to recognize various scams over the network , such as inheritance or dating scams . When you ’ re actively searching for a job , being offered one in such a compelling tone might seem appealing . Because you expect to receive such messages ( indeed , you welcome them ) you ’ re tempted to let your guard down , and that ’ s exactly when a scammer strikes .
EdgeWave , Inc.® , a leading provider in cybersecurity and compliance , today revealedVulnerability-related.DiscoverVulnerabilitya new , malicious exploit embedded in popular URL shorteners , which are being mistaken as legitimate URLs . URL shorteners may be susceptible to this new exploit when a change is allowed to the long URL after the shortened URL is created . The malicious parties fabricateAttack.Phishingan email that appears to beAttack.Phishinga legitimate marketing email which includes the shortened URL -- - passing by any in-transit virus scanning and potentially other spam checking tools . `` Several days ago , we detectedVulnerability-related.DiscoverVulnerabilitythis new exploit while performing our real-time , human analysis on spam campaigns , '' said Blake Tullysmith , Principal Engineer at EdgeWave . `` With over 100 million URLs being shortened per day , this new exploit can potentially impact billions of users across email and social media campaigns . '' Here is how the EdgeWave ePrism team explains the exploit : Some URL shorteners will allow users to change the long URL after they have already created the shortened URL . The malicious parties will then fabricateAttack.Phishinga seemingly legitimate email and include a shortened URL that passes in-transit virus scanning as well as other filtering solutions , which will allow the shortened URL to be delivered right into the inbox . Once the spam campaign is embedded in the message , the URL is redirected to a site that contains malicious content like a virus or malware . However , the delivered message is already in the inbox ; so unfortunately , there is no protection at this point . Attached is an image of a sample email message extracted from an email campaign while in-transit with a link from http : //tiny.cc pointing to a clean website . After the campaign was delivered , it points to a compromised website including malicious content . The EdgeWave team is still conducting further investigations on this exploit and recommends all URL shortening users utilize services that do not allow the URL to be edited after its creation . EdgeWave customers are being protected by its ePrism Email Security solution . EdgeWave ePrism is an award-winning , hosted cloud email security solution with Zero-Minute Defense against phishing , spam and malware campaigns using our unique combination of automated intelligence and 24/7/365 human analysis in a simple-to-use security suite for all email compliance and business needs .
Sensors used to detect the level of ambient light can be used to stealAttack.Databreachbrowser data , according to privacy expert Lukasz Olejnik . Over the past decade , ambient light sensors have become quite common in smartphones , tablets , and laptops , where they are used to detect the level of surrounding light and automatically adjust a screen 's intensity to optimize battery consumption ... and other stuff . The sensors have become so prevalent , that the World Wide Web Consortium ( W3C ) has developed a special API that allows websites ( through a browser ) to interact with a device 's ambient light sensors . Browsers such as Chrome and Firefox have already shipped versions of this API with their products . Last month , in a discussion of the W3C Generic Sensor specification , the Google team proposed that ambient light sensors ( ALS ) , together with gyroscope , magnetometer , and accelerometer sensors , should be exempt from the browser permissions system . In other words , websites using these sensors wo n't have to ask users for explicit permission before accessing the any of these four sensors . Google 's opinion is that by removing this permission requirement , browsers will be on par with mobile applications , which also do n't have to ask the user for permission before accessing these sensors . This proposal did n't go well with Olejnik and fellow researcher Artur Janc , who in a series of demos , have proved that light radiating from the device 's screen , is often picked up by the ambient light sensors . A determined attacker that can lureAttack.Phishingvictims to his site , or one that can insert malicious code on another site , can determine which URLs a user has visited in the past . The whole attack relies on using different colors for normal and previously visited links , which produce a small light variation that ambient light sensors can pick up . Furthermore , Olejnik and Janc also proved that ambient light sensors can stealAttack.DatabreachQR codes , albeit this attack takes longer to perform . Right now , ambient light sensors readings are blocked in Chrome behind settings flags , as the API is experimental , but they 're supported in Firefox via DeviceLight events . According to Olejnik , mitigating this attack is simple , as it only requires browser makers and the W3C to adjust the default frequency at which the sensors report their readings . Furthermore , the researcher also recommends that browser makers quantize the result by limiting the precision of the sensor output to only a few values in a preset range . Both attacks Olejnik and Janc devised take from seconds to minutes to execute . With these mitigations in place , the attacks would n't be stopped , but they would take even longer to perform , making any of them impractical in the real world . In the long run , Olejnik and Janc hope to see access to these sensors behind a dedicated browser permission . The two researchers filedVulnerability-related.DiscoverVulnerabilitybug reports with both Chrome and Firefox in the hopes their recommendations will be followed . Olejnik has previously showed how battery readouts can allow advertisers to track users online , how the new W3C Web Bluetooth API is riddled with privacy holes , and how the new W3C Proximity Sensor API allows websites and advertisers to query the position of nearby objects .
A recent lull in the distribution of spam spreading information-stealing malware via the Hancitor downloader has been snapped . Researchers at the SANS Internet Storm Center are currently tracking an increase in spam purporting to beAttack.Phishinga forwarded parking ticket notification . The message promptsAttack.Phishingthe recipient to click a link to pay a parking ticket ; the hyperlink is to a Microsoft Word document . “ The document contains a malicious VB macro described has Hancitor , Chanitor or Tordal , ” wrote Brad Duncan , handler at the SANS Internet Storm Center in blog post warning of the spam campaignAttack.Phishing. “ If you enable macros , the document retrieves a Pony downloader DLL . The Pony downloader then retrieves and installs Vawtrak malware ” .
Last week , we reported about these alarming cryptocurrency scams spreading via Twitter . These were n't your garden-variety spam posts either , but rather , fraudsters were hacking into the verified accounts of celebrities and brands in an attempt to lureAttack.Phishingunsuspecting victims . But it looks like these crypto-scammers are moving on and are now targeting other social media platforms , as well . This time , they 're gaming Facebook 's official sponsored ad system to foolAttack.Phishingeager people who are looking to make a quick profit . Read on and see what this new scheme is all about . Cybercriminals are relentlessly coming up with new tactics all the time , and it 's always good to be aware of their latest schemes . This new ploy is a classic phishing scamAttack.Phishingthat 's meant to steal your personal information like your name , email and credit card numbers . And similar to other elaborate phishing scamsAttack.Phishing, these cybercriminals createdAttack.Phishinga bunch of fake websites , news articles and ads for that purpose . The whole ploy starts with a fake Facebook sponsored ad promoting an easy `` wealth building '' scheme . Accompanying the post is an embedded report that appears to originate from the news site CNBC . If you take the baitAttack.Phishingand click through the ad , the ruse gets more obvious . First , the link 's web address does n't belong to any CNBC domain . However , the fraudsters mimickedAttack.Phishingthe look and feel of the real CNBC site so there 's a chance an unsuspecting eye might get dupedAttack.Phishing. But yes sir , the entire news article is completely fraudulent , the fakest of fake news . Basically , it states that Singapore has officially adopted a certain cryptocurrency and has anointed a firm , dubbed the CashlessPay Group , to market and purchase it . Nevermind that CashlessPay sounds just like another third-rate pyramid scheme , but let 's go along for the ride , shall we ? You probably know by now that there are tons of bogus information going on in Facebook at any given time . The social media giant is trying to clean up its act , though . If you can recall , Facebook banned blockchain and cryptocurrency ads earlier this year but softened its stance by allowing pre-approved cryptocurrency advertisers to post sponsored ads . ( Ca n't resist the revenue , eh ? ) But as always , scammers have found a way to exploit this loophole to spread their scams .
The attack was discovered when the perpetrators attempted a fraudulent wire transfer of money . A link has been posted to your Facebook feed . A phishing email attackAttack.Phishingpotentially compromised the accounts of as many as 18,000 current and former employees of media company Gannett Co. As of Tuesday there was no indication of accessAttack.Databreachto or acquisition of any sensitive personal data from employees ’ accounts , said the company . Gannett Co. ( GCI ) is the owner of USA TODAY , the publisher of this report , and 109 local news properties across the United States . The attack was discovered on March 30 and investigated by Gannett ’ s cybersecurity team . It appeared to originate in emails to human resources staff . The 18,000 current and former employees of the company will be sent notices about the incident and offer of credit monitoring via the US Postal Service . No customer account information was touchedAttack.Databreachby the phishing attackAttack.Phishing. They will be provided with an offer of credit monitoring because employee information was potentially available through some of the affected account login credentials before the accounts were locked down . Phishing attacksAttack.Phishingare a common method used by attackers to infiltrate computer networks . They typically consist of faked emails sent toAttack.Phishingan employee that enticeAttack.Phishingthem to click on a link that unleashes malicious software that can compromiseAttack.Databreachtheir computer accounts . Once in a network , attackers can then leapfrog to other accounts , working their way deeper into the system . In the Gannett attack , the infiltration was discovered when the perpetrator attempted to use a co-opted account for a fraudulent corporate wire transfer request . The attempt was identified by Gannett 's finance team as suspicious and was unsuccessful .
A recent phishing scamAttack.Phishingis targeting businesses and consumers who use Office 365 email services . Fraudsters are gaining accessAttack.Databreachto Office 365 accounts by stealingAttack.Databreachlogin credentials obtainedAttack.Databreachusing convincing fake login screens . Fraudster email attacksAttack.Phishingare becoming increasingly sophisticated – often appearing to be sent fromAttack.Phishinga business , organization , or individual the victim normally emails or does business with . The fictitious emails contain malicious links or attachments that redirectAttack.Phishingthe victim to a fake login page asking for their email username and password . Once the information is entered , fraudsters then use the stolen credentials to log into Office 365 and sendAttack.Phishingfraudulent emails to the victim ’ s contact list , perpetuating the scam . If you use Office 365 for email , we encourage you to be extra vigilant . Emails containing hyperlinks or attachments that require additional actions by you should be carefully vetted before proceeding . If you are unsure if an email you received is legitimate , do not click on any links , attachments , or provide any information . We also encourage you to contact any of your email contacts via phone or a safe email address to inform them that your email account has been compromisedAttack.Databreachand to let them know they may receiveAttack.Phishingfraudulent emails appearing to be sentAttack.Phishingby you . While Office 365 is the most recent phishing target , these types of scams regularly impact other email applications and platforms as well . Always be cautious when opening any emails that were not expected , are coming from someone you do not know , and contain links or attachments you were not expecting . Take advantage of added security measures that your email provider offers .. If you ever feel information related to your financial accounts with us has been compromisedAttack.Databreach, please notify us immediately so that we can assist you with protecting your accounts and notifying the appropriate authorities .
Bitcoin-seeking hackers are using old-school tricks to socially engineer would-be cryptocurrency exchange executives , researchers warn . An attack group tied to North Korea has `` launched a malicious spear-phishing campaignAttack.Phishingusing the lureAttack.Phishingof a job opening for the CFO role at a European-based cryptocurrency company , '' researchers at Secureworks Counter Threat Unit warn in a report . The CTU researchers refer to the group behind the attack as `` Nickel Academy , '' although it is perhaps better known as the Lazarus Group ( see Kaspersky Links North Korean IP Address to Lazarus ) . The group has been tied to numerous attacks , including the attempted theft of nearly $ 1 billion from the central bank of Bangladesh 's New York Federal Reserve account , leading to $ 81 million being stolen ; the WannaCry ransomware outbreakAttack.Ransomin May ; as well as the use of cryptocurrency mining malware named Adylkuzz to attack the same flaw in Windows server block messaging that WannaCry also targeted ( see Cybercriminals Go Cryptocurrency Crazy : 9 Factors ) . Security researchers say Lazarus has also been running a series of job lure phishing attacksAttack.Phishingsince at least 2016 , with the latest round being delivered around Oct. 25 of this year . The malicious code has `` solid technical linkages '' to attacks previously attributed to Lazarus , CTU says ( see Report : North Korea Seeks Bitcoins to Bypass Sanctions ) . Researchers at Israeli cybersecurity startup Intezer also believe the code has been reused by Lazarus , based on a review of attack code that 's been seen in the wild since 2014 . The fake job advertisement pretends to beAttack.Phishingfor Luno , a bitcoin wallet software and cryptocurrency exchange based in London , according to an analysis of the phishing messages published Tuesday by Jay Rosenberg , a senior security researcher at Intezer . Luno says it 's been alerted to the fake emails bearingAttack.Phishingits name . `` We 're aware of this issue and are investigating thoroughly , '' Luno tells ISMG . If recipients of the latest CFO job lureAttack.Phishingphishing emails open an attached Microsoft Word document , it triggersAttack.Phishinga pop-up message inviting them to enable editing functions . The CTU researchers say this is an attempt to enable macros in Word , so that a malicious macro hidden inside the document can execute . If it does , the macro creates a decoy document - the fake CFO job lure - as well as installs a first-stage remote access Trojan RAT in the background . Once the RAT is running on the victim 's PC , attackers can use it to install additional malware onto the system , such as keystroke loggers and password stealers ( see Hello ! Can You Please Enable Macros ? ) . The CTU researchers say the job listing appears to have been stolenAttack.Databreachfrom a legitimate CFO job listing posted to LinkedIn by a cryptocurrency firm in Asia . While the researchers say that Lazarus has done this previously , unusually in this case , some typographical errors in the original listing were expunged . The researchers add that this phishing campaignAttack.Phishingdoes not appear to target any specific firm or individual , but rather to be more broadly aimed . `` There are common elements in the macro and in the first-stage RAT used in this campaign with former campaigns , '' the researchers write . The custom command-and-control network code that controls infected endpoints also includes components that were seen in previous attacks tied to Lazarus , they add .
The traditional model of hacking a bank is n't so different from the old-fashioned method of robbing one . But one enterprising group of hackers targeting a Brazilian bank seems to have taken a more comprehensive and devious approach : One weekend afternoon , they rerouted all of the bank 's online customers to perfectly reconstructed fakes of the bank 's properties , where the marks obediently handed over their account information . Researchers at the security firm Kaspersky on Tuesday described an unprecedented case of wholesale bank fraud , one that essentially hijacked a bank 's entire internet footprint . In practice , that meant the hackers could stealAttack.Databreachlogin credentials at sites hosted at the bank 's legitimate web addresses . Kaspersky researchers believe the hackers may have even simultaneously redirected all transactions at ATMs or point-of-sale systems to their own servers , collectingAttack.Databreachthe credit card details of anyone who used their card that Saturday afternoon . `` Absolutely all of the bank 's online operations were under the attackers ' control for five to six hours , '' says Dmitry Bestuzhev , one of the Kaspersky researchers who analyzed the attack in real time after seeing malware infecting customers from what appeared to be the bank 's fully valid domain . From the hackers ' point of view , as Bestuzhev puts it , the DNS attack meant that `` you become the bank . Kaspersky is n't releasing the name of the bank that was targeted in the DNS redirect attack . But the firm says it 's a major Brazilian financial company with hundreds of branches , operations in the US and the Cayman Islands , 5 million customers , and more than $ 27 billion in assets . And though Kaspersky says it does n't know the full extent of the damage caused by the takeover , it should serve as a warning to banks everywhere to consider how the insecurity of their DNS might enable a nightmarish loss of control of their core digital assets . `` This is a known threat to the internet , '' Bestuzhev says . `` But we ’ ve never seen it exploited in the wild on such a big scale . '' But attacking those records can take down sites or , worse , redirect them to a destination of the hacker 's choosing . In 2013 , for instance , the Syrian Electronic Army hacker group altered the DNS registration of The New York Times to redirect visitors to a page with their logo . More recently , the Mirai botnet attack on the DNS provider Dyn knocked a major chunk of the web offline , including Amazon , Twitter , and Reddit . But the Brazilian bank attackers exploited their victim 's DNS in a more focused and profit-driven way . Kaspersky believes the attackers compromised the bank 's account at Registro.br . That 's the domain registration service of NIC.br , the registrar for sites ending in the Brazilian .br top-level domain , which they say also managed the DNS for the bank . And those sites even had valid HTTPS certificates issued in the name of the bank , so that visitors ' browsers would show a green lock and the bank 's name , just as they would with the real sites . Kaspersky found that the certificates had been issued six months earlier by Let 's Encrypt , the non-profit certificate authority that 's made obtaining an HTTPS certificate easier in the hopes of increasing HTTPS adoption . `` If an entity gained control of DNS , and thus gained effective control over a domain , it may be possible for that entity to get a certificate from us , '' says Let 's Encrypt founder Josh Aas . `` Such issuance would not constitute mis-issuance on our part , because the entity receiving the certificate would have been able to properly demonstrate control over the domain . '' Ultimately , the hijack was so complete that the bank was n't even able to send email . `` They couldn ’ t even communicate with customers to send them an alert , '' Bestuzhev says . `` If your DNS is under the control of cybercriminals , you ’ re basically screwed . '' Aside from mere phishingAttack.Phishing, the spoofed sites also infected victims with a malware download that disguisedAttack.Phishingitself as an update to the Trusteer browser security plug-in that the Brazilian bank offered customers . According to Kaspersky 's analysis , the malware harvestsAttack.Databreachnot just banking logins—from the Brazilian banks as well as eight others—but also email and FTP credentials , as well as contact lists from Outlook and Exchange , all of which went to a command-and-control server hosted in Canada . The Trojan also included a function meant to disable antivirus software ; for infected victims , it may have persisted far beyond the five-hour window when the attack occurred . And the malware included scraps of Portugese language , hinting that the attackers may have themselves been Brazilian . After around five hours , Kaspersky 's researchers believe , the bank regained control of its domains , likely by calling up NIC.br and convincing it to correct the DNS registrations . But just how many of the bank 's millions of customers were caught up in the DNS attack remains a mystery . Kaspersky says the bank has n't shared that information with the security firm , nor has it publicly disclosed the attack . But the firm says it 's possible that the attackers could have harvestedAttack.Databreachhundreds of thousands or millions of customers ' account details not only from their phishing scheme and malware but also from redirecting ATM and point-of-sale transactions to infrastructure they controlled . Kaspersky 's Bestuzhev argues that , for banks , the incident should serve as a clear warning to check on the security of their DNS . He notes that half of the top 20 banks ranked by total assets do n't manage their own DNS , instead leaving it in the hands of a potentially hackable third party . And regardless of who controls a bank 's DNS , they can take special precautions to prevent their DNS registrations from being changed without safety checks , like a `` registry lock '' some registrars provide and two-factor authentication that makes it far harder for hackers to alter them . Without those simple precautions , the Brazilian heist shows how quickly a domain switch can undermine practically all other security measures a company might implement .
The same group of hackers that intelligence officials believe swung the US election in favour of Donald Trump has also attacked Norwegian targets within the military and foreign service . Called “ Fancy Bear , ” computer security experts believe Russia is behind the hacking that ’ s aimed at political manipulation and destablization of western democracies . Norway ’ s foreign ministry has been among the targets of hackers , also abroad . DN reported that the list of targets is long , including embassies and ministries in more than 40 countries , several NATO and EU institutions , political and military leaders , well-known journalists , activists and academics . Most haven ’ t been aware they were attackedAttack.Phishingwhen they clicked on links in email that seemed to come fromAttack.Phishingpeople they knew . The attacksAttack.Databreachenabled the hackers to stealAttack.Databreachconfidential information by penetrating email accounts and internal systems . The attacks in Norway only make up 2 percent of attacks on military and political institutions , DN reported , but local authorities are on high alert for more . The US ’ FBI , CIA and NSA have all described the attacks as the largest Russian attempt to gain influence in the US ever . Russian authorities from President Vladimir Putin ’ s office on down have vigorously denied they ’ re behind the hacking . In addition to the attacks on foreign ministry and military interests , email accounts at Norway ’ s Greens Party ( Miljøpartiet De Grønne , MDG ) were hacked last June and the attacker gained access to the party ’ s membership register . A few weeks later , Norway ’ s Socialist Left party ( SV ) was also attacked , with the hackers gaining access to SV ’ s membership register as well . A false profile was established ono the party ’ s internal debate forum . Both attacks remain under investigation , according to the Oslo Police District . “ It can seem that security is not good enough , ” Grandhagen told DN , but it ’ s demanding and expensive for such organizations to fend off the hackers . Norwegian political parties aren ’ t required by law to test their data systems for possible penetration . “ Information that should not or must never come out should never be sent via Hotmail or email that ’ s not classified , ” Bernsen said .
A flaw in Safari – that allows an attacker to spoofAttack.Phishingwebsites and trickAttack.Phishingvictims into handing over their credentials – has yet to be patchedVulnerability-related.PatchVulnerability. A browser address bar spoofing flaw was foundVulnerability-related.DiscoverVulnerabilityby researchers this week in Safari – and Apple has yet issueVulnerability-related.PatchVulnerabilitya patch for the flaw . Researcher Rafay Baloch on Monday disclosedVulnerability-related.DiscoverVulnerabilitytwo proof-of-concepts revealingVulnerability-related.DiscoverVulnerabilityhow vulnerabilities in Edge browser 42.17134.1.0 and Safari iOS 11.3.1 could be abused to manipulate the browsers ’ address bars , tricking victims into thinking they are visiting a legitimate website . Baloch told Threatpost Wednesday that Apple has promised to fixVulnerability-related.PatchVulnerabilitythe flaw in its next security update for Safari . “ Apple has told [ me ] that the latest beta of iOS 12 also addressesVulnerability-related.PatchVulnerabilitythe issue , however they haven ’ t provided any dates , ” he said . Apple did not respond to multiple requests for comment from Threatpost . Microsoft for its part has fixedVulnerability-related.PatchVulnerabilitythe vulnerability Baloch foundVulnerability-related.DiscoverVulnerabilityin the Edge browser , ( CVE-2018-8383 ) in its August Patch Tuesday release . According to Microsoft ’ s vulnerability advisory releasedVulnerability-related.PatchVulnerabilityAugust 14 , the spoofing flaw exists because Edge does not properly parse HTTP content . Both flaws stem from the Edge and Safari browsers allowing JavaScript to update the address bar while the page is still loading . This means that an attacker could request data from a non-existent port and , due to the delay induced by the setInterval function , trigger the address bar spoofing . The browser would then preserve the address bar and load the content from the spoofed page , Baloch said in his blog breaking down both vulnerabilities . From there , the attacker could spoofAttack.Phishingthe website , using it to lureAttack.Phishingin victims and potentially gather credentials or spread malware . For instance , the attacker could sendAttack.Phishingan email message containing the specially crafted URL to the user , convince the user to click it , and take them to the link which could gather their credentials or sensitive information . “ As per Google , Address bar is the only reliable indicator for ensuring the identity of the website , if the Address bar points to Facebook.com and the content is hosted on attacker ’ s website , there is no reason why someone would not fall for this , ” Baloch told Threatpost . In a video demonstration , Baloch showed how he could visit a link for the vulnerable browser on Edge ( http : //sh3ifu [ . ] com/bt/Edge-Spoof.html ) , which would take him to a site purporting to beAttack.PhishingGmail login . However , while the URL points to a Gmail address , the content is hosted on sh3ifu.com , said Baloch . The Safari proof-of-concept is similar , except for one constraint where it does not allow users to type their information into the input boxes while the page is in a loading state . However , Bolach said he was able to circumvent this restriction by injecting a fake keyboard using Javascript – a common practice in banking sites . No other browsers – including Chrome or Firefox – were discoveredVulnerability-related.DiscoverVulnerabilityto have the flaw , said Baloch . Baloch is known for discoveringVulnerability-related.DiscoverVulnerabilitysimilar vulnerabilities in Chrome , Firefox and other major browsers in 2016 , which also allowed attackers to spoof URLs in the address bar . The vulnerabilities were disclosedVulnerability-related.DiscoverVulnerabilityto both Microsoft and Apple and Baloch gave both a 90-day deadline before he went publicVulnerability-related.DiscoverVulnerabilitywith the flaws . Due to the Safari browser bug being unpatchedVulnerability-related.PatchVulnerability, Baloch said he has not yet released a Proof of Concept : “ However considering there is a slight difference between the Edge browser POC and Safari , anyone with decent knowledge of Javascript can make it work on Safari , ” he told us .
Consumers are being left vulnerable to increasingly sophisticated cybercriminals because major companies are not taking measures to protect them from plagues of fake emails , a leading cyber-crime expert has claimed . Billions of “ phishing ” emails purporting to beAttack.Phishingfrom companies we trust such as Apple and Amazon , or banks , charities and even government departments , are reaching consumers ’ inboxes . Their intention is to trickAttack.Phishingrecipients into visiting a website – specially created to mirrorAttack.Phishinga legitimate business ’ s site – and entering personal details such as email addresses and passwords . These can be used by criminals in a number of ways , including accessing bank accounts , making payments or applying for credit or other services . Phishing emails are cleverly designed to mimicAttack.Phishingthe firm ’ s real emails . They are increasingly well-written . Worryingly , as fraudsters invest more in their processes , the emails are also more likely to bypass spam filters . To add to the convincing effect , criminals are buying domain names similar to the companies they are impersonatingAttack.Phishing, so recipients are more likely to think the emails real . Since January Action Fraud , the national cybercrime reporting service , has issued alerts about scams involving fake correspondence from HMRC , Amazon , and the Department of Education , among others . But now the proliferation of these emails is causing some to question whether the real businesses are doing enough to protect their customers . Chris Underhill , chief technical officer at Cyber Security Partners , a consultancy , said firms that communicate by email have a “ corporate responsibility ” to prevent fraudsters impersonating them online . He said many firms were failing to take the basic – and inexpensive – precaution of buying up domain names similar to their own . He said : “ The technology is there for little cost but sadly the adoption rate is low . “ The responsibility is now placed on the consumer to check the sender of the emails is real. ” Telegraph Money found it was possible , for example , to buy domain names such as amazonuk.org , amazon.eu.co.uk or amazonuk.tech for as little as £5.99 per year . Andrew Goodwill , of The Goodwill Group , a fraud-prevention consultancy , said consumers should “ be incredibly sceptical ” about any unsolicited digital communication even from familiar companies . If they contained links or asked for personal information they were “ more than likely to be fake ” , he said . He added : “ It ’ s a difficult situation . Why wouldn ’ t you expect to receive an email from a service you use ?
The 21.5 million current and former federal employees impacted by the massive d ata breach Attack.Databreachin 2015 may never know if they will be targeted based on t he information stolen Attack.Databreachfrom the Office of Personnel Management . Bill Evanina , the director of the National Counterintelligence and Security Center and the National Counterintelligence Executive , said the rate of attacks and the amount of information out there from public and private sector b reaches,Attack.Databreachmeans hackers likely will bring together a host of data to use in s pear phishing attacks.Attack.Phishing“ If a foreign entity is using the data s tolen Attack.Databreachfrom OPM , they will use it as one variable in a big matrix of targeting , ” Evanina said on Ask the CIO . “ It ’ s really not going to be reality to say if Bill Evanina is targeted a year from now by a foreign government , I ’ m never going to be able to say it ’ s because of the OPM d ata breach.Attack.DatabreachIt ’ s one set of data that is being used against those who would be targeted . We really haven ’ t seen any anecdotal evidence about anything and at the end of the day I don ’ t think we will . If it w as stolen Attack.Databreachfor the reason which we believe it was , you ’ ll never be able to point to the fact it was the OPM d ata breach”Attack.Databreach. Evanina said federal employees should understand the difference between targeting . If they are getting phone calls at home , that likely isn ’ t a foreign adversary targeting them .
If your paycheck hits your bank account through direct deposit , be on the lookout for emails requesting personal information including log-in credentials -- they could be a phishing scamAttack.Phishingby hackers who want to access your bank account . The FBI warning comes as cyber criminals target the online payroll accounts of employees in a variety of industries , especially those in education , healthcare and commercial aviation . What is phishingAttack.Phishing? It 's a scam that involves targeting employees through phony emails designed to baitAttack.Phishingthe reader -hence the word `` phishingAttack.Phishing`` - and capture their login credentials . The login credentials are used to access individual payroll accounts in order to change bank account information , according to the agency ; the cyber thieves then block alerts to consumers warning of changes to their direct deposits , which are then redirected to another account , often a prepaid card controlled by scammers . Employees should hover their cursor over hyperlinks in any emails to view the URL to ensure it 's actually related to the company it purports to be from , and any suspicious requests should be forwarded to company IT or HR departments , the FBI advised . Most importantly , do not supply login credentials or personally identifying information in response to any email , the agency said .
As thousands of freshmen move into their dorms for the first time , there are plenty of thoughts rushing through their minds : their first time away from home , what cringey nickname they 're gon na try to make a thing , if there are any parties before orientation kicks off . One thing that probably is n't on their minds is whether they 're going to get hacked . But that 's all Carnegie Mellon University 's IT department thinks about . Back-to-school season means hordes of vulnerable computers arriving on campus . The beginning of the semester is the most vulnerable time for a campus network , and every year , with new students coming in , schools have to make sure everything runs smoothly . Carnegie Mellon 's network gets hit with 1,000 attacks a minute -- and that 's on a normal day . Cybersecurity is an increasingly important aspect of our everyday lives , with technology playing a massive role in nearly everything we do . Universities have been vulnerable to attacksAttack.Databreachin the past , with cybercriminals stealingAttack.Databreachstudent and faculty databases and hackers vandalizing university websites . Students are often targets for hackers , even before they 're officially enrolled . Considering how much money flows into a university from tuition costs , along with paying for room and board , criminals are looking to cash in on weak campus cybersecurity . A bonus for hackers : Admissions offices often hold data with private information like student Social Security numbers and addresses , as well as their families ' data from financial aid applications . PhishingAttack.Phishinghappens when hackers stealAttack.Databreachyour passwords by sendingAttack.Phishingyou links to fake websites that look likeAttack.Phishingthe real deal . It 's how Russians hacked the Democratic National Committee during the presidential election , and it 's a popular attack to use on universities as well . The latest warning , sent Monday , called out malware hidden in a document pretending to beAttack.Phishingfrom Syracuse University 's chancellor . Digging through my old emails , I found about 20 phishingAttack.Phishingwarnings that had gone out during the four years I 'd been there . Syracuse declined to comment on phishing attacksAttack.Phishingagainst the school , but in a 2016 blog post , it said the attacks were `` getting more frequent , cunning and malicious . '' The school is not alone . Duo Security , which protects more than 400 campuses , found that 70 percent of universities in the UK have fallen victim to phishing attacksAttack.Phishing. Syracuse , which uses Duo Security , fights phishing attacksAttack.Phishingwith two-factor authentication , which requires a second form of identity verification , like a code sent to your phone . But it just rolled out the feature last year . Kendra Cooley , a security analyst at Duo Security , pointed out that students are more likely to fall for phishing attacksAttack.Phishingbecause they have n't been exposed to them as frequently as working adults have . Also , cybercriminals know how to target young minds . `` You see a lot of click-bait phishing messages like celebrity gossip or free travel , '' Cooley said . All students at Carnegie Mellon are required to take a tech literacy course , in which cybersecurity is a focus , said Mary Ann Blair , the school 's chief information security officer . The school also runs monthly phishing campaignsAttack.Phishing: If a student or faculty member fallsAttack.Phishingfor the friendly trapAttack.Phishing, they 're redirected to a training opportunity . When your network is being hit with at least two phishing attemptsAttack.Phishinga day , Blair said , it 's a crucial precaution to keep students on guard . `` It 's just constantly jiggling the doorknobs to see if they 're unlocked , '' Blair said . `` A lot of it is automated attacks . '' It 's not just the thousands of new students that have university IT departments bracing for impact , it 's also their gadgets . `` All these kids are coming on campus , and you do n't know the security level of their devices , and you ca n't manage it , because it 's theirs , '' said Dennis Borin , a senior solutions architect at security company EfficientIP . A lot of university IT teams have their hands tied because they ca n't individually go to every student and scan all their computers . Borin 's company protects up to 75 campuses across the United States , and it 's always crunch time at the beginning of the semester . `` If I was on campus , I would n't let anybody touch my device , '' Borin said . `` So if somebody has malware on their device , how do you protect against an issue like that ? '' Instead of going through every single student , Borin said , his company just casts a wide net over the web traffic . If there 's any suspicious activity coming from a specific device , they 're able to send warnings to the student and kick him or her off the network when necessary . Keeping school networks safe is important for ensuring student life runs smoothly . A university that had only two people on its team reached out to EfficientIP after it suffered an attack . All of the school 's web services were down for an entire week while recovering from the attack , Borin said . Scam artists love to take advantage of timing , and the back-to-school season is a great opportunity for them . There was an influx of fake ransomware protection apps when WannaCry hitAttack.Ransom, as well as a spike in phony Pokemon Go apps stuffed with malware during the height of the game 's popularity . If there 's a massive event going on , you can bet people are flooding the market with phony apps to trickAttack.Phishingvictims into downloading viruses . A quick search for `` back to school apps '' in August found 1,182 apps that were blacklisted for containing malware or spyware , according to security firm RiskIQ . Researchers from the company scanned 120 mobile app stores , including the Google Play store , which had more than 300 blacklisted apps . They found apps for back-to-school tools ; themes and wallpapers for your device ; and some apps that promised to help you `` cheat on your exams . '' Though most of the blacklisted apps are poorly made games , others pretend to help you be a better student . Other warning signs to watch out for when it comes to sketchy apps are poorly written reviews and developers using public domain emails for contacts , Risk IQ said . For any educational apps , like Blackboard Learn , you should always check the sources and look for the official versions . New students coming to school have enough to worry about . Let 's hope a crash course in cybersecurity is enough to ensure they make it to graduation without getting hit by hacks .
Digital payments have gained popularity among consumers but have also brought in the threat of cyber criminals placing fake e-wallet apps to dupeAttack.Phishingusers . According to cyber security solution firm Kaspersky , no such incidentAttack.Phishinghas been reported yet but the probability of cyber criminals adding fake apps on app stores remains high . “ Digital payment companies ensure that the transactions are safe on their apps . Besides , there are checks like two-factor authentication for ensuring secure transactions for consumers , ” Altaf Halde , Managing Director at Kaspersky Lab , South Asia , told . In such a scenario , cyber criminals could look at trickingAttack.Phishingconsumers into downloading fake apps that look almost likeAttack.Phishingthe genuine one , allowing a backdoor entry into their smartphone . While financial institutions like banks and mobile m-wallet companies take steps to protect customer information , users also need to take precautions as negative experiences could lead to losing trust in digital transactions .
Ransomware is costingAttack.RansomUK companies a whopping £346 million every year , despite Britain being labelled ‘ the most resolute ’ country for dealing with the cyber attacksAttack.Ransom. In fact , more than 40 per cent of mid-large UK business suffered on average five ransomware attacksAttack.Ransomduring the last year , according to research by Vanson Bourne . However , 92 per cent of security professionals feel confident in their ability to combat ransomware in the future . And there was more good news for British . The survey found the UK to be the most resolute , both in refusing to pay ransom demandsAttack.Ransom, as well as the most effective in combatting them . They experience the fewest number of attacks : 40 per cent , versus 70 per cent in Germany , 59 per cent in France and 55 per cent in the USA and enjoy a 43 per cent success rate in successfully defending against attacks . The research , commissioned by SentinelOne , reveals that ransomware is costingAttack.Ransomindividual businesses around the globe an average of £591,238 per annum . The research all concluded that the number of companies ravaged by ransomware is on the rise . Results show that the overall percentage of companies experiencing ransomware has increased from 48 per cent in 2016 to 56 per cent in 2018 , however the average number per year has fallen from six to five attacks . The amount of time spent decrypting ransomware attacksAttack.Ransomhas also increased from 33 to 40 man-hours . The study also reveals that employees are considered the major culprits responsible for introducing the malware into the business . This was further supported by the fact that phishingAttack.Phishing, which seeks to socially engineer employees , was the top attack vector by which ransomware infiltrated the business in 69 per cent of instances . Migo Kedem , director of Product Management at SentinelOne said : “ It ’ s staggering to see the cost to British businesses of £346 million . This figure shows that businesses are becoming increasingly aware that it ’ s not just the ransom demandAttack.Ransom, but rather the ancillary costs of downtime , staff time , lost business , as well as the data recovery costs and reputational damage that are the biggest concern to British businesses. ” He added : “ On a more positive note , it ’ s good to see CISOs feeling more bullish about their ability to tackle ransomware using the latest behavioural AI-based end-point technology . It ’ s also encouraging to see a clear movement against companies caving in to ransomware demandsAttack.Ransom, preferring instead to take more proactive measure such as back-ups and patchingVulnerability-related.PatchVulnerabilityof vulnerable systems . However , the volume of ransomware attacksAttack.Ransomis still increasing and their speed , scale , sophistication and success in evading detection with the growth in file-less and memory-based malware , explains why ransomware will continue to be a major threat to CISOs in 2018 and beyond . ”
The Indiana Department of Revenue ( DOR ) and the Internal Revenue Service ( IRS ) are warning folks of fraudulent emails impersonatingAttack.Phishingeither revenue agency and encouraging individuals to open files corrupted with malware . These scam emails use tax transcripts as baitAttack.Phishingto enticeAttack.Phishingusers to open the attachments . The scam is particularly problematic for businesses or government agencies whose employees open the malware infected attachments , putting the entire network at risk . This software is complex and may take several months to remove . This well-known malware , known as Emotet , generally poses asAttack.Phishingspecific banks or financial institutions to trickAttack.Phishingindividuals into opening infected documents . It has been described as one of the most costly and destructive malware to date . Emotet is known to constantly evolve , and in the past few weeks has masqueraded asAttack.Phishingthe IRS , pretending to beAttack.Phishing“ IRS Online. ” The scam email includes an attachment labeledAttack.Phishing“ Tax Account Transcript ” or something similar , with the subject line often including “ tax transcript. ” Both DOR and IRS have several tips to help individuals and businesses not fall prey to email scams : Remember , DOR and the IRS do not contact customers via email to share sensitive documents such as a tax transcript . Use security software to protect against malware and viruses , and be sure it ’ s up-to-date . Never open emails , attachments or click on links when you ’ re not sure of the source . If an individual is using a personal computer and receivesAttack.Phishingan email claiming to beAttack.Phishingthe IRS , it is recommended to delete or forward the email to phishing @ irs.gov orto investigations @ dor.in.gov Business receiving these emails should also be sure to contact the company ’ s technology professionals .
High street banks are losing the battle against fraud as criminals switch tactics to directly target customers . Efforts by lenders to bolster their IT defences against hackers have simply encouraged fraudsters to bombard individual customers with scams , according to Financial Fraud Action UK . Despite investing millions in tackling fraud , losses from fraud rose last year as banks became less effective at preventing scams . Financial Fraud Action UK said this was ‘ largely due to criminals shifting their methods away from using malware attacks on online banking systems , which bank security processes identified ’ . Increasingly , it said , fraudsters are focussing on targeting individuals directly , which is harder for banks to stop . The report said the main ploy used by criminals is the ‘ impersonation and deception scam ’ whereby they pretend to beAttack.Phishingfrom a ‘ legitimate and trusted organisation ’ such as a bank , the police , a utility company or a government department . These scams typically involve the fraudster contactingAttack.Phishingthe customer through a phone call , text message or email . Often the fraudster will claimAttack.Phishingthere has been suspicious activity on an account , ask the individual to verify or update their account details , or claimAttack.Phishingthey are due a refund . The criminal then attempts to trickAttack.Phishingthe target into giving away their personal or financial information , such as passwords , payment card details or bank account information . Financial Fraud Action UK – which represents banks - said its intelligence suggests criminals have also recently increased their focus on ‘ phishing ’ emails claiming to beAttack.Phishingfrom major online retailers and internet companies . It warned these emails are an ‘ increasingly sophisticated ’ attempt to trickAttack.Phishingrecipients into giving away personal and financial details , or into downloading malware software which hacks into their computers . Several banks have been targeted by high profile cyber attacks that have attempted to exploit weaknesses in their IT systems . Last November criminals launched an online attack against Tesco Bank that resulted in the loss of £2.5million from 9,000 accounts . Others to have been targeted include Royal Bank of Scotland and NatWest , Lloyds and HSBC . The threat to Britain ’ s financial infrastructure from persistent cyber-attacks prompted chancellor Philip Hammond to commit an extra £1.9billion in the autumn statement to boost Britain ’ s defences against the growing online threat .
On January 20 , an email from Lynn Jurich , CEO of San Francisco-based solar firm Sunrun , popped up in a payroll department employee 's inbox . The CEO was requesting copies of all employee W-2 forms , which were about to be sent out in preparation for tax season . The employee responded quickly as requested , not realizing the W-2 forms — containing the addresses , social security numbers , and salary information for Sunrun 's nearly 4,000 employees — were actually being deliveredAttack.Databreachto a scam artist . Tax season is always a busy time for scammers seeking to gain accessAttack.Databreachto sensitive information , but this year attacks are coming earlier and in greater numbers than usual . The uptick has caused the IRS to release an urgent alert warning employers to be on the lookout for what they 're refering to as `` one of the most dangerous email phishing scamsAttack.Phishingwe ’ ve seen in a long time . '' By using email spoofing techniques , criminals are able to draftAttack.Phishingemails that look as though they are coming directly fromAttack.Phishinga high-level executive at your organization . They sendAttack.Phishingthe message to an employee in the payroll department or HR and include a request for a list of the organization 's employees along with their W-2 forms . Their initial goal is to use the W-2 information to file fraudulent tax returns and claim refunds . But not all criminals are stopping there . Once they 've found a responsive victim , a portion are also following up with additional email requesting a wire transfer be made to an account they provide . Also referred to as business email compromise (BEC)Attack.Phishing, these attacksAttack.Phishinghave claimed more than 15,000 victims and cost organizations more than $ 1 billion over the past three years . More than 100 organizations have already fallen victim to W-2 phishing scamsAttack.Phishingin 2017
Just a friendly reminder that phishing scamsAttack.Phishingwhich spoofAttack.Phishingthe boss and request W-2 tax data on employees are intensifying as tax time nears . The latest victim shows that even cybersecurity experts can fall prey to these increasingly sophisticated attacks . On Thursday , March 16 , the CEO of Defense Point Security , LLC — a Virginia company that bills itself as “ the choice provider of cyber security services to the federal government ” — told all employees that their W-2 tax data was handedAttack.Databreachdirectly to fraudsters after someone inside the company got caughtAttack.Phishingin a phisher ’ s net . Alexandria , Va.-based Defense Point Security ( recently acquired by management consulting giant Accenture ) informed current and former employees this week via email that all of the data from their annual W-2 tax forms — including name , Social Security Number , address , compensation , tax withholding amounts — were snaredAttack.Databreachby a targeted spear phishing email . “ I want to alert you that a Defense Point Security ( DPS ) team member was the victim of a targeted spear phishing email that resulted in the external releaseAttack.Databreachof IRS W-2 Forms for individuals who DPS employed in 2016 , ” Defense Point CEO George McKenzie wrote in the email alert to employees . “ Unfortunately , your W-2 was among those released outside of DPS . ” W-2 scamsAttack.Phishingstart with spear phishing emails usually directed at finance and HR personnel . The scam emails will spoofAttack.Phishinga request from the organization ’ s CEO ( or someone similarly high up in the organization ) and request all employee W-2 forms . Defense Point did not return calls or emails seeking comment . An Accenture spokesperson issued the following brief statement : “ Data protection and our employees are top priorities . Our leadership and security team are providing support to all impacted employees. ” Fraudsters who perpetrate tax refund fraud prize W-2 information because it contains virtually all of the data one would need to fraudulently file someone ’ s taxes and request a large refund in their name . Scammers in tax years past also have massively phishedAttack.Phishingonline payroll management account credentials used by corporate HR professionals . This year , they are going after people who run tax preparation firms , and W-2 ’ s are now being openly sold in underground cybercrime stores . Tax refund fraud affects hundreds of thousands , if not millions , of U.S. citizens annually . Victims usually first learn of the crime after having their returns rejected because scammers beat them to it . Even those who are not required to file a return can be victims of refund fraud , as can those who are not actually due a refund from the IRS .
Do you trust your tax preparer not to fall for this simple phishing scamAttack.Phishing? The Internal Revenue Service is warning tax preparers about a new scam designed to stealAttack.Databreachtheir usernames and passwords . The hacker ’ s goal is to break in to the preparer ’ s computer system and stealAttack.Databreachclient information . The IRS advises the bogus email appears to come fromAttack.Phishingthe recipient ’ s software provider and typically has a subject line that reads something like : “ Software Support Update ” or “ Important Software System Upgrade. ” The message tells the preparer they need to revalidate their login credentials and it provides a link to a “ fictitious website that mirrors the software provider ’ s actual login page , ” according to an IRS bulletin issued last month . “ Instead of upgrading software , the tax professionals are providing their information to cybercriminals who use the stolen credentials to access the preparers ' accounts and to steal client information . '' This phishing attackAttack.Phishingwas cleverly designed to launch at the time of year when many software providers release upgrades to professional preparers . It ’ s also a busy time for preparers who are working to meet the Oct. 15 deadline for clients who filed for extensions . “ This sophisticated scam yet again displays cybercriminals ’ tax savvy and underscores the need for tax professionals to take strong security measures to protect their clients and protect their business , ” the IRS alert said . Mike Wyatt , a threat researcher with RiskIQ , a digital threat management firm , told NBC News he ’ s not surprised to see this current attack . Getting people to click on malicious links requires social engineering — and launching a phishing campaign related to calendar events can be a successful tactic . “ Cybercriminals very often leverage holidays , events and other important dates in their threat campaigns , so it makes perfect sense that a group is capitalizing on the extended tax deadlines coming up , ” he said . The IRS said it had received reports of “ multiple takeover incidents ” in the past year in which the criminals accessed client tax returns , completed those returns , e-filed them and secretly directed refunds to their own accounts . The phishing emails that made these takeovers possible “ can look convincingAttack.Phishing, appearingAttack.Phishingto originate from IRS e-Services ” the IRS warned . They have subject lines designed to get a quick response , such as : “ Account Closure Now , ” “ Avoid Account Shutdown , ” or “ Unlock Your Account Now. ” IRS screen captures show that the fake login pages createdAttack.Phishingby the crooks look just likeAttack.Phishingthose on the real IRS site . “ We urge tax professionals to be on the lookout for the warning signs of these schemes and many others that can contribute to data loss and identity theft , ” IRS Commissioner John Koskinen said in a statement . “ A few simple steps can protect tax professionals as well as their clients . ”
Bristol Airport authorities were recently forced to take their flight information system displays offline for two days to contain a ransomware attackAttack.Ransom. The authorities dismissed the ransom demandAttack.Ransomand decided to rebuild the affected systems . For two days , flight status information was displayed on whiteboards and there was an increase in announcements over the speakers . Similarly , in the last few months there have been several cyberattacks targeting hospitals , city administration and sporting events . The servers of the US-based PGA were reportedly hit by ransomwareAttack.Ransomattacks right before the PGA Championship in the first week of August . A new ransomware called Everlasting Blue Blackmail Virus , which targets Windows PCs using spam and phishing campaignsAttack.Phishing, flashes former US President Barrack Obama ’ s image with the ransom message . Once the ransomware gains entry into the system , its looks for all .exe ( executable ) files and encrypts them , preventing users from running apps until the ransom is paidAttack.Ransom. Hot on the heels of the cyberattackAttack.Ransomon the town of Valdez in Alaska , Canadian town Midland in Ontario was hit by a ransomware attackAttack.Ransomin the first week of September . Hackers broke into the city database involving fire , water , and waste management and blocked access , demanding ransomAttack.Ransom. A major concern for cybersecurity experts is the fileless attacks , which are hard to detect . These attacks do not install a malicious software to infiltrate a victim ’ s computer , which makes it difficult for anti-virus solutions to detect them . According to Ponemon Institute , 35 % of all cyberattacks in 2018 were fileless , while security solution provider Carbon Black claims that fileless attacks accounted for 50 % of all successful data breachesAttack.Databreachtargeting financial businesses . Fileless attacks target legitimate Windows tools such as PowerShell ( a scripting language which can provide hackers unrestricted access to Windows API ) and Windows Management Instrumentation ( used by admins ) . By latching on to these tools , hackers gain control over the PC and eventually the organization ’ s database . In another recent development , researchers at F-Secure have come across a new vulnerability affecting PCs . Dubbed as cold boot , the attack can be carried off using a special programme through a USB drive connected to a PC . Using the programme , the hacker can disable the memory overwriting by rebooting the system , without a proper shutdown . The attack can be used to break into company system which might have access to the company network .
Cyber crooks have come up with a new way to infect your computer with financial and banking malware . The process starts by randomly sendingAttack.Phishingusers spam emails disguised asAttack.Phishinga payment confirmation email from Delta Air . The choice to mask the email as coming fromAttack.Phishingan airline wasn ’ t random , since many this time of year is when many consumers purchase flight tickets at discounted rates for the summer . However , no transaction actually took place ! The email is designed to scareAttack.Phishingyou into thinking someone bought an airplane ticket using your identity . You then panic and click on one of the links in the email in order to figure out how someone could do an unauthorized purchase with your credentials . The links then redirect you to several compromised websites , which host Word documents infected with the Hancitor malware . Hancitor is a versatile malware frequently used in phishing attacksAttack.Phishingthat specializes initially infecting a PC , and then acting as a bridge for further malware downloads . If you download the malicious Word document and open it , then Hancitor will activate and infect legitimate system processes in your PC using a PowerShell code . Afterwards , your PC will connect to one or more malicious Command and Control ( C & C ) servers . These C & C servers will then download additional malware on your PC , which belong to the Pony family . Pony malware is specifically designed to stealAttack.Databreachsensitive information such as passwords and usernames from VPNs , web browsers , FTP , messaging apps and many more . On top of that , the C & C servers also download and spread another Pony-based malware called Zloader . Unlike Pony , Zloader is a banking malware designed to clean upAttack.Databreachyour bank account and stealAttack.Databreachfinancial information . Once the information harvestingAttack.Databreachis complete , the malware connects to another set of C & C servers and sends them all of your credentials and financial information .
The email or letter looks official , and it contains an attention-grabbing message : The state is holding on to your unclaimed property , which may be worth hundreds of thousands of dollars . All you have to do is pay a fee upfront or provide your personal information and the money is yours . But the letters and emails are the work of scammers , not state officials . A growing number of people across the country are receivingAttack.Phishingthese messages and some are falling for them , losing thousands of dollars or becoming victims of identity theft in the process . “ These scams are just rampant , ” said David Milby , director of the National Association of Unclaimed Property Administrators ( NAUPA ) , which represents state unclaimed property programs . “ The email from the public we ’ ve been getting about this has increased tenfold in the past year. ” Some scammers pretendAttack.Phishingthey work for NAUPA and have even used its letterhead to make their pitch . Besides costing victims money , consumer advocates say this kind of fraud diminishes public trust in state agencies that handle unclaimed property and makes it harder for them to do their jobs . Unclaimed property is cash or other financial assets considered lost or abandoned when an owner can ’ t be found after a certain period of time . It includes dormant savings accounts and CDs , life insurance payments , death benefits , uncashed utility dividends and the contents of abandoned safe deposit boxes . There is plenty of it . In 2015 , unclaimed property agencies in the U.S. collected $ 7.8 billion and returned $ 3.2 billion to rightful owners , according to NAUPA . At last count in 2013 , states were holding on to $ 43 billion in unclaimed property . The treasurer , comptroller or auditor of each state maintains a list of abandoned property and runs an online database that anyone can search by name for free . Forty states and the District of Columbia also provide that information to a NAUPA-endorsed national website that the public can search . But fraudsters don ’ t bother reviewing or collectingAttack.Databreachthat data . They simply contact people at random , using email , letters or phone calls , hoping to snare a victim . The scams play on the idea that people are simply getting back assets they ’ re owed . “ There ’ s an air of legitimacy to them , ” said John Breyault , a vice president at the National Consumers League . “ People think it ’ s their money . ”