Banks in Russia today were the target of a massive phishing campaign Attack.Phishing that aimed to deliver a tool used by the Silence group of hackers . The group is believed to have a background in legitimate infosec activities and access to documentation specific to the financial sector . The fraudulent emails purported to come Attack.Phishing from the Central Bank of Russia ( CBR ) and contained a malicious attachment . The message body lured Attack.Phishing the recipients to open the attachment in order to check the latest details on the `` standardization of the format of CBR 's electronic communications . '' Email authentication mechanism saves the day International cybersecurity company Group-IB investigated the attack and noticed that the style and format of the fake communication were very similar to the official CBR correspondence . This supports the theory that the attackers had access Attack.Databreach to legitimate emails from CBR . If Silence hackers have any ties with the legal side of reverse engineering and penetration testing , it is very likely that they are familiar with the documentation used by financial institutions and with how banking systems work . In a report published today , Group-IB says that the attackers spoofed Attack.Phishing the sender 's email address but the messages did not pass the DKIM ( DomainKeys Identified Mail ) validation . DKIM is a solution specifically designed to prevent forged email addresses by adding to the message a signature that confirms its authenticity . Banks see more spear-phishing Attack.Phishing from a different group The Silence hackers are not the only ones trying their spear-phishing Attack.Phishing game on Russian banks . On October 23 , another notorious group , MoneyTaker , ran a similar campaign against the same type of targets . Their message spoofed Attack.Phishing an email address from the Financial Sector Computer Emergency Response Team ( FinCERT ) and contained five attachments disguised as Attack.Phishing documents from CBR . `` Three out of five files were empty decoy documents , but two contained a download for the Meterpreter Stager . To carry out the attack , hackers used self-signed SSL certificates , '' says Rustam Mirkasymov , Group-IB Head of Dynamic Analysis of malware department and threat intelligence expert . These clues , along with server infrastructure associated with the MoneyTaker group , allowed the security experts to identify the perpetrator . As in the case of Silence , this attacker is also thought to have had access Attack.Databreach to CBR documents , most likely from compromised inboxes of Russian banks employees . This allowed them to craft Attack.Phishing messages that would pass even eyes trained in spotting fraudulent emails . Silence and MoneyTaker are the most dangerous threats to banks According to Group-IB , multiple groups use the Central Bank of Russia in spear-phishing Attack.Phishing operations , and for good reason , since the organization dictates regulations to financial institutions in the country and maintains a constant communication flow with them . Mirkasymov says that Silence and MoneyTaker are the most dangerous of all groups that threaten financial organizations . Referring to the latter , the expert says that its repertoire also includes drive-by attacks and testing the network for vulnerabilities . The goal is to access the internal nodes that enable them to withdraw money from ATMs , process cards or interbank transfers . Although Silence uses mainly phishing Attack.Phishing , they are more careful about crafting Attack.Phishing the message , paying attention to both content and design , adds Group-IB 's threat intelligence expert .

Science Inc. , the company behind the popular online poll creation app Wishbone , has suffered a data breach Attack.Databreach . As a consequence , personal and account information of over 2.2 million of the app ’ s users is being circulated Attack.Databreach on underground forums . The compromised records include names , usernames , email addresses and telephone numbers of the users , but also their gender and birth date ( if they chose to share that info when they set up the account ) . According to Troy Hunt , who received a copy of the compromised MongoDB database , 2,326,452 full names , 2,247,314 unique email addresses , and 287,502 cellphone numbers were included . Most importantly , the great majority of Wishbone users are teenagers and young adults , and predominantly female . “ I ’ d be worried about the potential for kids to abuse the data , ” Hunt told Motherboard . “ There ’ s a lot of young people in there and finding , say , young females and being able to contact them by phone is a worry ” . Not only that , but the data could be used to ferret out additional information about these persons , either via phishing Attack.Phishing or by searching the Internet for unsecured social media accounts that can be tied to them . Armed with all this information , fraudsters could easily perpetrate identity theft schemes . And perhaps the stolen data has already been misused . Hunt say that the data breach Attack.Databreach dates back to August 2016 , but according to the notification letter the Wishbone team sent out , they “ became aware that unknown individuals may have had access Attack.Databreach to an API without authorization and were able to obtain Attack.Databreach account information of its users ” only on March 14 , 2017 . Since then , they “ rectified Vulnerability-related.PatchVulnerability ” the vulnerability that allowed the information to be slurped Attack.Databreach by the attackers , and are now advising users to consider changing their passwords ( even though they have not been compromised Attack.Databreach in the incident Attack.Databreach ) .

The mobile phone company Three has experienced a fresh data breach Attack.Databreach after some customers logging into their accounts were presented with the names , addresses , phone numbers and call histories of strangers . Three said Vulnerability-related.DiscoverVulnerability it was investigating Vulnerability-related.DiscoverVulnerability a technical issue with its systems and urged those affected to contact its customer service department . One customer , Andy Fidler , told the Guardian he was presented with the data usage and full call and text history of another named customer when he logged in on Sunday night . Another , Mark Thompson , said on Facebook he received a call from a complete stranger who said she had logged on to her account and was shown his details . Thompson said it was a “ shocking breach of data privacy Attack.Databreach ” . He wrote on Three UK ’ s Facebook page : “ Care to explain just how my details have been shared , how many people have had access Attack.Databreach to my personal information , for how long , and how many of your other customers have had their details leaked Attack.Databreach by yourselves to other members of the public as well ? ” Other customers also wanted to know why they were being presented with other people ’ s information when they logged in . Three UK , which is owned by the telecoms giant Hutchinson and has 9 million customers in Britain , said it was investigating . “ We are aware of a small number of customers who may have been able to view the mobile account details of other Three users using My3 , ” a spokesman said . “ No financial details were viewable during this time and we are investigating the matter ” . The Information Commissioner ’ s Office said it “ will be looking into this potential incident involving Three ” . A spokeswoman for the regulator said : “ Data protection law requires organisations to keep any personal information they hold secure . It ’ s our job to act on behalf of consumers to see whether that ’ s happened and take appropriate action if it has not ” . The problem comes four months after three men were arrested after fraudsters accessed Attack.Databreach personal data of thousands of Three customers , including names and addresses , by using authorised logins to its database of customers eligible for an upgraded handset . Customer information from more than 133,000 users was compromised Attack.Databreach in the incident Attack.Databreach .