Bitcoin-seeking hackers are using old-school tricks to socially engineer would-be cryptocurrency exchange executives , researchers warn . An attack group tied to North Korea has `` launched a malicious spear-phishing campaign Attack.Phishing using the lure Attack.Phishing of a job opening for the CFO role at a European-based cryptocurrency company , '' researchers at Secureworks Counter Threat Unit warn in a report . The CTU researchers refer to the group behind the attack as `` Nickel Academy , '' although it is perhaps better known as the Lazarus Group ( see Kaspersky Links North Korean IP Address to Lazarus ) . The group has been tied to numerous attacks , including the attempted theft of nearly $ 1 billion from the central bank of Bangladesh 's New York Federal Reserve account , leading to $ 81 million being stolen ; the WannaCry ransomware outbreak Attack.Ransom in May ; as well as the use of cryptocurrency mining malware named Adylkuzz to attack the same flaw in Windows server block messaging that WannaCry also targeted ( see Cybercriminals Go Cryptocurrency Crazy : 9 Factors ) . Security researchers say Lazarus has also been running a series of job lure phishing attacks Attack.Phishing since at least 2016 , with the latest round being delivered around Oct. 25 of this year . The malicious code has `` solid technical linkages '' to attacks previously attributed to Lazarus , CTU says ( see Report : North Korea Seeks Bitcoins to Bypass Sanctions ) . Researchers at Israeli cybersecurity startup Intezer also believe the code has been reused by Lazarus , based on a review of attack code that 's been seen in the wild since 2014 . The fake job advertisement pretends to be Attack.Phishing for Luno , a bitcoin wallet software and cryptocurrency exchange based in London , according to an analysis of the phishing messages published Tuesday by Jay Rosenberg , a senior security researcher at Intezer . Luno says it 's been alerted to the fake emails bearing Attack.Phishing its name . `` We 're aware of this issue and are investigating thoroughly , '' Luno tells ISMG . If recipients of the latest CFO job lure Attack.Phishing phishing emails open an attached Microsoft Word document , it triggers Attack.Phishing a pop-up message inviting them to enable editing functions . The CTU researchers say this is an attempt to enable macros in Word , so that a malicious macro hidden inside the document can execute . If it does , the macro creates a decoy document - the fake CFO job lure - as well as installs a first-stage remote access Trojan RAT in the background . Once the RAT is running on the victim 's PC , attackers can use it to install additional malware onto the system , such as keystroke loggers and password stealers ( see Hello ! Can You Please Enable Macros ? ) . The CTU researchers say the job listing appears to have been stolen Attack.Databreach from a legitimate CFO job listing posted to LinkedIn by a cryptocurrency firm in Asia . While the researchers say that Lazarus has done this previously , unusually in this case , some typographical errors in the original listing were expunged . The researchers add that this phishing campaign Attack.Phishing does not appear to target any specific firm or individual , but rather to be more broadly aimed . `` There are common elements in the macro and in the first-stage RAT used in this campaign with former campaigns , '' the researchers write . The custom command-and-control network code that controls infected endpoints also includes components that were seen in previous attacks tied to Lazarus , they add .

LabCorp experienced a breach this past weekend , which it nows says was a ransomware attack Attack.Ransom . The intrusion has also prompted concerns that patient data may have also been stolen Attack.Databreach . One of the biggest clinical lab testing companies in the world , LabCorp , was hit Attack.Ransom with a `` new variant of ransomware '' over the weekend . `` LabCorp promptly took certain systems offline as a part of its comprehensive response to contain and remove the ransomware from its system , '' the company told PCMag in an email . `` We are working to restore additional systems and functions over the next several days . '' LabCorp declined to say what variant of ransomware was used . But according to The Wall Street Journal , the company was hit Attack.Ransom with a strain known as SamSam . In March , the same strain attacked Attack.Ransom the city of Atlanta 's IT network . Like other ransomware variants , SamSam will effectively lock down a computer , encrypting all the files inside , and then demand Attack.Ransom the victim pay up Attack.Ransom to free the system . In the Atlanta attack Attack.Ransom , the anonymous hackers demanded Attack.Ransom $ 51,000 , which the city government reportedly refused to pay Attack.Ransom . How much the hackers are demanding Attack.Ransom from LabCorp is n't clear ; the company declined to answer further questions about the attack Attack.Ransom or if it will pay the ransom Attack.Ransom . The lab testing provider first reported the breach on Monday , initially describing it as `` suspicious activity '' on the company 's IT systems that relate to healthcare diagnostics . This prompted fears that patient data may have been stolen Attack.Databreach . The North Carolina-based company processes more than 2.5 million lab tests per week and has over 1,900 patient centers across the US . `` LabCorp also has connections to most of the hospitals and other clinics in the United States , '' Pravin Kothari , CEO of cybersecurity firm CipherCloud , said in an email . `` All of this presents , at some point , perhaps an increased risk of cyber attacks propagating and moving through this expanded ecosystem . '' On Thursday , LabCorp issued a new statement and said the attack Attack.Ransom was a ransomware strain . At this point , the company has found `` no evidence of theft Attack.Databreach or misuse of data , '' but it 's continuing to investigate . `` As part of our in-depth and ongoing investigation into this incident , LabCorp has engaged outside security experts and is working with authorities , including law enforcement , '' the company added .

Millions of student , staff and faculty email addresses and passwords from 300 of the largest universities in the United States have been stolen Attack.Databreach and are being circulated by cyber criminals on the dark web , according to a recent report . Hacktivists , scam artists and even terrorists intend to sell , trade or just give away the addresses and passwords , said the Digital Citizens Alliance report . During eight years of scanning the dark web—the portion of the Internet not indexed for open searches , where criminals covertly operate—researchers from the security firm ID Agent discovered nearly 14 million addresses and passwords belonging to faculty , staff , students and alumni available to cyber criminals . Of those , 79 percent of the credentials were placed there within the last year . The nonprofit Digital Citizens Alliance , based in Washington , D.C. , wanted to demonstrate in its recent report the scale and complexity of the problem facing large organizations that try to protect email users . `` Higher education institutions have deployed resources and talent to make university communities safer , but highly skilled and opportunistic cyber criminals make it a challenge to protect large groups of highly desirable digital targets , '' the group 's Deputy Executive Director , Adam Benson , says in a statement . `` We shared this information from cybersecurity researchers to create more awareness of just what kinds of things threat actors are capable of doing with a .edu account . '' ID Agent noted that large Midwestern institutions appear to be the most vulnerable , although it is not clear why they are targets . Topping the list is the University of Michigan , with 122,556 email addresses found on the dark web , followed by Penn State University , the University of Minnesota , Michigan State University , Ohio State University and the University of Illinois . `` Cyber criminals are motivated to be successful , so it 's not surprising to see a significant number of stolen .edu accounts attributed to large and prestigious technical schools , '' Brian Dunn , ID Agent 's managing partner , says in a statement . Criminals and hacktivists can use the fake emails to scam Attack.Phishing others or take advantage of discounts offered to students and faculty on products such as software . Higher education institutions have taken steps to beef up their cybersecurity postures , especially after the Research and Education Networking Information Sharing and Analysis Center last year alerted officials to compromised credentials . `` Universities are aware of the reuse problem and have worked hard to educate members of the university community how to protect themselves , '' according to the Digital Citizens Alliance . `` We saw examples of pages on [ university-operated ] websites explaining how to create effective passphrases and use two-factor authentication . ''

With more than 980+ cyber security breaches Attack.Databreach across all online businesses and 35 million accounts exposed Attack.Databreach . In a 2016 report , disclosed that more than 1 billion accounts have been stolen Attack.Databreach . $ 400 billion was reportedly lost to cyber attacks Attack.Databreach across all industries this year . With this trend , the losses are set to top out at around $ 2.1 Trillion by 2019 .

The breach indicates even more capable Asian states are struggling to confront cyber threats . On February 28 , Singapore ’ s defense ministry ( MINDEF ) disclosed that a breach Attack.Databreach in an Internet-connected system earlier this month had resulted in the personal data of 850 national servicemen and employees being stolen Attack.Databreach . Though the impact of the breach was quite limited , it nonetheless highlights the difficulties that Singapore faces as it confronts its growing cyber challenge . According to MINDEF , the I-net system used by personnel to access the Internet through terminals at the ministry and other facilities was breached Attack.Databreach by an attack Attack.Databreach in early February . While personal data , including identification numbers , phone numbers , and date of birth , were believed to have been stolen Attack.Databreach during the incident Attack.Databreach , the ministry said no classified information was compromised Attack.Databreach because it is stored on a separate system not connected to the Internet . As I have noted before , it has been paying keen attention to the cyber domain as a developed , highly-networked country . Singapore is particularly vulnerable as it relies on its reputation for security and stability to serve as a hub for businesses and attract talent . Indeed , last year , Deloitte found that Singapore was among the five Asian countries most vulnerable to cyber attacks ( See : “ Singapore Among Most Vulnerable to Cyberattacks in Asia ” ) . In response , Singapore has unveiled a series of initiatives aimed at boosting cybersecurity , including creating new institutions , safeguarding critical infrastructure , training cyber security personnel , and collaborating more with the private sector ( See : “ Singapore ’ s Cyber War Gets a Boost ” ) . And as I noted before , Prime Minister Lee Hsien Loong also outlined Singapore ’ s overall cybersecurity strategy at the inaugural Singapore International Cyber Week in October last year ( See : “ Singapore Unveils New ASEAN Cyber Initiative ” ) . Nonetheless , the cyber attack this week is a reminder that even the more capable states in the Asia-Pacific continue to struggle with confronting threats in the cyber realm . This was the first publicly disclosed cyber attack that MINDEF has experienced , and the ministry has described it as “ targeted and carefully planned , ” with the purpose of gaining access to official secrets . And based on what Singaporean officials have discovered so far , the attack appears to be less like the work of regular hackers and more along the lines of sophisticated state or state-backed actors