Cybersecurity experts and companies on Long Island are looking for ways to shore up the weakest link on company computer networks : the employee . Local cybersecurity professionals are creating interactive comic books , testing employees with simulated phishing emails — tailored messages that seek to obtain key information , such as passwords — and seeking to convince top executives that the threat of business disruption from hacking requires their attention . “ The biggest problem is not the technology ; it ’ s the people , ” said Laurin Buchanan , principal investigator at Secure Decisions , a division of Northport software developer Applied Visions Inc. Sixty percent of cyber-assaults on businesses can be traced to insiders ’ actions , either inadvertent or malicious , according to a 2016 study by IBM Security . The average cost of a data breach Attack.Databreach for U.S. companies is $ 7.4 million , or $ 225 per lost or stolen record , a June 2017 study by IBM and the Ponemon Institute , a Traverse City , Michigan , researcher , found . Costs related to data breaches Attack.Databreach can include the investigation , legal costs to defend against and settle class-action lawsuits , credit monitoring for affected customers , and coverage of fraud losses . Harder to gauge is the cost to a company ’ s reputation . One of the largest hacks Attack.Databreach ever was disclosed this month , when credit reporting company Equifax Inc. revealed that sensitive data from 143 million consumers , including Social Security numbers and birth dates , was exposed Attack.Databreach . A stock analyst from Stifel Financial Corp. estimated that the attack will cost Equifax about $ 300 million in direct expenses . Investors seem to think the incident will have a much greater impact on At a seminar in Garden City this month , Henry Prince , chief security officer at Shellproof Security in Greenvale , explained how in a ransomware attack Attack.Ransom — one of many types — cybercriminals can buy specialized tools such as those used to send Attack.Phishing phishing emails . The easy availability of that software means that hackers require “ no programming experience , ” Prince said . Phishing emails can be blocked by company email filters , firewalls and anti-virus software . But if one gets through Attack.Phishing and an employee clicks on the link in the phishing email , the business ’ network is compromised . Hackers can then encrypt files , preventing access to them by the company and crippling the business , Prince said at the seminar . Hackers then can demand payment Attack.Ransom , typically in an untraceable cryptocurrency like Bitcoin — a digital asset that uses encryption — before agreeing to decrypt the files . “ Ransomware is a business to these people , ” Prince said . “ Ninety-nine percent of the time , ransomware requires user interaction to infect. ” Della Ragione echoed that sentiment : “ The greatest risk at a company is the employees . Training employees is one of the best steps in shoring up your defenses. ” In response , many local experts and companies focus on teaching employees how to resist hackers ’ tricks . Secure Decisions has developed interactive comics to teach employees ways of detecting “ phishing ” emails and other hacking attempts . The company has gotten more than $ 1 million for research related to the interactive comic project , known as Comic-BEE , from the Department of Homeland Security , as well as a grant for $ 162,262 from the National Science Foundation . The comics , inspired by children ’ s “ Choose Your Own Adventure ” books , feature different plots depending on the reader ’ s choices . “ If you can give people the opportunity to role-play , some of the exhortations by the experts will make more sense , ” Buchanan said . The comics are being field-tested at several companies and Stony Brook University . They were featured in July at a DHS cybersecurity workshop in Washington , D.C. Radu Sion , a computer science professor at Stony Brook and director of its National Security Institute , which studies how to secure digital communications , acknowledged that security is far from a priority for most users . “ Ultimately , the average Joe doesn ’ t care , ” he said . “ You [ should ] treat the vast majority of your users as easily hackable. ” Northwell Health , the New Hyde Park-based health care system that is the largest private employer in New York State , is trying to find and get the attention of those inattentive employees . Kathy Hughes , Northwell vice president and chief information security officer , sends out “ phishing simulations ” to the workforce . The emails are designed to mimic Attack.Phishing a real phishing campaign Attack.Phishing that seeks passwords and personal information . In April , for instance , Northwell sent out Attack.Phishing phishing emails with a tax theme . Hughes collects reports on which employees take the bait Attack.Phishing by user , department and job function . “ We present them with a teachable moment , ” she said . “ We point out things in the email that they should have looked at more carefully. ” The emails are supplemented with newsletters , screen savers and digital signage reminding users that hackers are lurking . Another tool : Non-Northwell emails have an “ external ” notation in the subject line , making it harder for outsiders to pretend to be Attack.Phishing a colleague . “ We let [ the employees ] know that they are part of the security team , ” she said . “ Everybody has a responsibility for security. ” One of the most important constituencies for security is top executives . Drew Walker , a cybersecurity expert at Vector Solutions in Tampa , Florida , said many executives would rather not know about vulnerabilities to their computer systems , because knowledge of a hole makes them legally vulnerable and casts them in a bad light . “ Nine times out of 10 , they don ’ t want to hear it , ” he said . “ It makes them look bad. ” Richard Frankel , a former FBI special agent who is of counsel at Ruskin Moscou , said that company tests of cybersecurity readiness often snare CEOs who weren ’ t paying attention to training . But attorney Della Ragione said high-profile attacks are getting notice from executives . “ Everyone ’ s consciousness is being raised , ” she said . Data leaks Attack.Databreach at Long Island companies have caused executives to heighten security . In 2014 , Farmingdale-based supermarket chain Uncle Giuseppe ’ s Marketplace said that foreign hackers had breached Attack.Databreach the credit card database of three stores . Joseph Neglia , director of information technology at Uncle Giuseppe ’ s , said that after the data breach Attack.Databreach , which affected about 100 customers , the company began scheduling “ monthly vulnerability scans ” and upgraded its monitoring and security systems . For businesses , Stony Brook ’ s Sion said , the cybersecurity threat is real and immediate . “ I need one second with your machine to compromise it forever and ever , ” he said . “ It ’ s an uphill battle . ”

Banks in Russia today were the target of a massive phishing campaign Attack.Phishing that aimed to deliver a tool used by the Silence group of hackers . The group is believed to have a background in legitimate infosec activities and access to documentation specific to the financial sector . The fraudulent emails purported to come Attack.Phishing from the Central Bank of Russia ( CBR ) and contained a malicious attachment . The message body lured Attack.Phishing the recipients to open the attachment in order to check the latest details on the `` standardization of the format of CBR 's electronic communications . '' Email authentication mechanism saves the day International cybersecurity company Group-IB investigated the attack and noticed that the style and format of the fake communication were very similar to the official CBR correspondence . This supports the theory that the attackers had access Attack.Databreach to legitimate emails from CBR . If Silence hackers have any ties with the legal side of reverse engineering and penetration testing , it is very likely that they are familiar with the documentation used by financial institutions and with how banking systems work . In a report published today , Group-IB says that the attackers spoofed Attack.Phishing the sender 's email address but the messages did not pass the DKIM ( DomainKeys Identified Mail ) validation . DKIM is a solution specifically designed to prevent forged email addresses by adding to the message a signature that confirms its authenticity . Banks see more spear-phishing Attack.Phishing from a different group The Silence hackers are not the only ones trying their spear-phishing Attack.Phishing game on Russian banks . On October 23 , another notorious group , MoneyTaker , ran a similar campaign against the same type of targets . Their message spoofed Attack.Phishing an email address from the Financial Sector Computer Emergency Response Team ( FinCERT ) and contained five attachments disguised as Attack.Phishing documents from CBR . `` Three out of five files were empty decoy documents , but two contained a download for the Meterpreter Stager . To carry out the attack , hackers used self-signed SSL certificates , '' says Rustam Mirkasymov , Group-IB Head of Dynamic Analysis of malware department and threat intelligence expert . These clues , along with server infrastructure associated with the MoneyTaker group , allowed the security experts to identify the perpetrator . As in the case of Silence , this attacker is also thought to have had access Attack.Databreach to CBR documents , most likely from compromised inboxes of Russian banks employees . This allowed them to craft Attack.Phishing messages that would pass even eyes trained in spotting fraudulent emails . Silence and MoneyTaker are the most dangerous threats to banks According to Group-IB , multiple groups use the Central Bank of Russia in spear-phishing Attack.Phishing operations , and for good reason , since the organization dictates regulations to financial institutions in the country and maintains a constant communication flow with them . Mirkasymov says that Silence and MoneyTaker are the most dangerous of all groups that threaten financial organizations . Referring to the latter , the expert says that its repertoire also includes drive-by attacks and testing the network for vulnerabilities . The goal is to access the internal nodes that enable them to withdraw money from ATMs , process cards or interbank transfers . Although Silence uses mainly phishing Attack.Phishing , they are more careful about crafting Attack.Phishing the message , paying attention to both content and design , adds Group-IB 's threat intelligence expert .

A wave of cyberattacks is targeting organisations ' financial departments with a social engineering and phishing campaign Attack.Phishing designed to trick Attack.Phishing victims into downloading credential-stealing malware and other threats . Detailed by researchers at Barracuda Networks , the invoice impersonation attacks aim to persuade Attack.Phishing the victim that the messages are from trusted sources , or to act on impulse -- planting the idea that the target has lost money is a common tactic in phishing emails , as it creates panic for the user . The victim thinks they are reacting to an important request when all they 're doing is playing right into the hands of the attackers . A new wave of these attacks Attack.Phishing involves attackers sending Attack.Phishing status updates for invoices -- but these do n't just involve threat actors firing off millions of messages at random and hoping for the best ; they 're specially crafting the attacks Attack.Phishing to look authentic and crucially , from someone the target might trust . In one example of this attack Attack.Phishing , the target receives Attack.Phishing an email asking for a reply to a query about the payment status of an invoice . A legitimate-looking invoice number is provided in the subject line and the sender 's name is chosen to be Attack.Phishing someone the recipient knows . Mimicking Attack.Phishing someone the victim knows suggests the attackers are already familiar with the target and their network -- this information could simply have been scraped from a public profile such as LinkedIn or it could indicate that the attackers already have a foothold in the network which they 're looking to exploit for further gains . The message might look legitimate at first glance -- especially for someone quickly scanning emails in a high-paced financial environment -- but the invitation to click on a link to respond to the supposed status should be treated with suspicion . But if a recipient does click through , the link will download a Word document supposedly containing the invoice -- which then goes onto install malware onto the system . It could be subtle , like a trojan or the victim could recognise their error immediately if faced with ransomware . The attackers are n't just using a single template in the campaign , researchers have spotted other lures used in an effort to distribute a malicious payload . A second invoice impersonation attack uses the subject 'My current address update ' and claims to contain Attack.Phishing information from a trusted contact about a change of address , along with details of a new invoice . Once again , the victim is encouraged Attack.Phishing to click through a link to download the document from a malicious host with the end result again being an infection with malware , credential theft or a compromised account . The attacks might seem simple , but those behind them would n't be deploying them if they did n't work . `` Impersonation is a proven tactic that criminals are regularly using to attract Attack.Phishing victims into believing that they are acting on an important message , when that could n't be further from the truth , '' said Lior Gavish , VP at Barracuda Networks . When it comes to protection against this type of attack , employee training can go a long way , especially if they 're provided with a sandbox environment .

Criminals are attempting to trick Attack.Phishing consumers into handing over passwords and credit card details by taking advantage of the flood of emails being sent out Attack.Phishing ahead of new European privacy legislation . The European Union 's new General Data Protection Regulation ( GDPR ) come into force on 25 May and the policy is designed to give consumers more control over their online data . As a result , in the run-up to it , organisations are sending out Attack.Phishing messages to customers to gain their consent for remaining on their mailing lists . With so many of these messages being sent out Attack.Phishing , it was perhaps only a matter of time before opportunistic cybercriminals looked to take advantage of the deluge of messages about GDPR and privacy policies arriving in people 's inboxes . A GDPR-related phishing scam Attack.Phishing uncovered by researchers at cyber security firm Redscan is doing just this in an effort to steal data with emails claiming to be Attack.Phishing from Airbnb . The attackers appear to be Attack.Phishing targeting business email addresses , which suggests the messages are sent Attack.Phishing to emails scraped from the web . The phishing message addresses the user as an Airbnb host and claims Attack.Phishing they 're not able to accept new bookings or send Attack.Phishing messages to prospective guests until a new privacy policy is accepted . `` This update is mandatory because of the new changes in the EU Digital privacy legislation that acts upon United States based companies , like Airbnb in order to protect European citizens and companies , '' the message says , and the recipient is urged Attack.Phishing to click a link to accept the new privacy policy . Those who click the link are asked to enter their personal information , including account credentials and payment card information . If the user enters these , they 're handing the data straight into the hands of criminals who can use it for theft , identity fraud , selling on the dark web and more . `` The irony wo n't be lost on anyone that cybercriminals are exploiting the arrival of new data protection regulations to steal Attack.Databreach people 's data , '' said Mark Nicholls , Director of Cyber Security at Redscan . `` Scammers know that people are expecting exactly these kinds of emails this month and that they are required to take action , whether that 's clicking a link or divulging personal data . It 's a textbook phishing campaign Attack.Phishing in terms of opportunistic timing and having a believable call to action '' . Airbnb is sending messages to users about GDPR , but the messages contain far more detail and do n't ask the users to enter any credentials , merely agree to the new Terms of Service . While the phishing messages might look legitimate at first glance , it 's worth noting they do n't use the right domain - the fake messages come from Attack.Phishing ' @ mail.airbnb.work ' as opposed to ' @ airbnb.com ' . Redscan has warned that attackers are likely to use GDPR as bait Attack.Phishing for other phishing scams Attack.Phishing , with messages claiming to be Attack.Phishing from other well-known companies . `` As we get closer to the GDPR implementation deadline , I think we can expect to see a lot a lot more of these types of phishing scams Attack.Phishing over the next few weeks , that 's for sure , '' said Nicholls , who warned attackers could attempt to use the ploy to deliver malware in future . `` In the case of the Airbnb scam email , hackers were attempting to harvest Attack.Databreach credentials . Attack vectors do vary however and it 's possible that other attacks may attempt to infect hosts with keyloggers or ransomware , for example . '' he said . Airbnb said those behind the attacks have n't accessed Attack.Databreach user details in order to send Attack.Phishing emails and that users who receive Attack.Phishing a suspicious message claiming to be Attack.Phishing from Airbnb should send it to their safety team . `` These emails are a brazen attempt at using our trusted brand to try and steal Attack.Databreach user 's details , and have nothing to do with Airbnb . We 'd encourage anyone who has received Attack.Phishing a suspicious looking email to report it to our Trust and Safety team on report.phishing @ airbnb.com , who will fully investigate , '' an Airbnb spokesperson told ZDNet . Airbnb also provided information on how to spot a fake email to help users to determine if a message is genuine or not .

Yesterday we wrote about a “ Google Docs ” phishing campaign Attack.Phishing that aimed to trick Attack.Phishing you into authorising a malicious third-party Gmail app so that it could take over your email account and your contact list for its own ends . One of those ends seems to have been to spam out Attack.Phishing another wave of those same fraudulent emails to your friends and colleagues , in the hope of getting them to authorise the imposter app , and thus to send Attack.Phishing out another wave of emails , and another , and so on . Technically , that made it more than just a “ phish Attack.Phishing ” , which we ’ ll define very loosely here as an email that aims to trick Attack.Phishing , coerce or cajole Attack.Phishing you into performing an authentication task , or giving away personal data , that you later wish you hadn ’ t . The classic old-school example of a phish Attack.Phishing is an email that tells you that you have lost money to fraud Attack.Phishing , or gained money from a tax refund , so please use this web link to login to your bank account to sort this out . These days , however , the word phishing Attack.Phishing is generally understood much more broadly , describing any sort of misdirection Attack.Phishing that gets you to authorise or to give away something you should have kept private . Many users have learned to avoid login links in emails , so the crooks have broadened the range of threats and incentives by which they phish Attack.Phishing for access to your online life . This week ’ s so-called “ Google Docs ” attack could spread all by itself , helped on by users giving it the permission it needed along the way , just like the infamous Love Bug virus from 2000 , or the pernicious FriendGreetings adware from 2002 . Technically , then , that makes the “ Google Docs ” attack a virus , or more specifically a worm , which is a special sort of virus that spreads by itself , without needing pre-existing host files to hook onto .

PhishMe security researchers warn that the Locky ransomware is relying on the same delivery infrastructure which was previously used for the Sage ransomware distribution . Cybercriminals often share infrastructure between one another , so the fact that Locky and Sage use the same recourses is not that surprising . However , the fact also shows that the crooks behind Locky are working on securing new distribution venues after the main Locky distributor – Necurs botnet – recently went silent . The Sage ransomware first appeared on the malware stage at the end of last year and was analyzed early this year . The first distribution email messages relied on racy or explicit narratives to fool Attack.Phishing victims into opening the malicious attachments . Later , the operators abandoned this tactic and starting using business-related themes and random numbers in the subjects to avoid spam filters . Some of the delivery emails didn ’ t come with a subject at all but they did use the victim ` s name in the file attachment name . This file attachment was usually a double-zipper archive that contained a malicious .js file or an Office document . Other messages posed as Attack.Phishing a rejected financial transaction , failed deposit/refund or canceled order alerts in order to trick Attack.Phishing the users into opening them . The campaign , according to PhishMe , used a .zip file ( named “ document_1.zip ” ) , containing a JavaScript application in it , which would download the Sage ransomware in the form of a Windows executable . The payload was retrieved from the domain affections [ . ] top , and the malware relied on the same payment gateway ’ s Tor site as before , as well as the Tor2Web gateway addresses on rzunt3u2 [ . Then , however , on January 26th , another phishing campaign Attack.Phishing was spotted to distribute the Locky ransomware , leveraging the same email messages and metadata . ] top was used as a part of the distribution for this infection on January 30th . “ This connection pushes the narrative forward in yet another way as the Locky distribution in question was yet another example of that ransomware being paired with the Kovter Trojan ” . The connection between Kovter and Locky has been already analyzed a couple of times . Most recently , Microsoft discovered a two-step delivery technique which intended to drip Locky first , but if that failed , it switched to dropping the Kovter Trojan . This sharing of infrastructure between Locky and Sage once again proves how cybercriminals often reuse delivery infrastructure and malware support . The overlapping distribution of these two ransomware pieces can be seen as evidence of the commodity status for such infections .

In a new blog post researchers from Proofpoint have tracked a phishing campaign Attack.Phishing leveraging the concept of “ Twitter Brand Verification ” . Because the actors in this case are relying on paid , targeted ads on Twitter , users don ’ t need to do anything to see the phishing link . Attackers are increasing the sophistication of social engineering approaches and extending them across social channels . Users and brands need to be increasingly savvy to avoid getting snared by ads , accounts , and messages that initially look legitimate . While this attack was observed on Twitter , such a scam could be implemented on any social media platform that implements some form of account verification . The full blog post can be found here , however key takeouts include : “ Verified accounts ” are a powerful tool on Twitter to help brands differentiate themselves from fraudulent , impersonation , and parody accounts on the social media site . When an account is officially verified , it displays a special badge intended to reassure Twitter users that they are interacting with a genuine brand and not an impostor . Recently , however , threat actors are using the promise of verified accounts to lure Attack.Phishing users into a credit card phishing scheme Attack.Phishing . Account verification is a process that Twitter manages for “ accounts of public interest ” and requires brands to go through multiple verification steps . The promise , then , of a quick verification process is attractive , especially to smaller businesses that potentially lack the resources to meet Twitter ’ s requirements for account verification . In this phishing attack Attack.Phishing , discovered by Proofpoint researchers in December , attackers place legitimate ads targeting brand managers and influencers with a link to a phishing site purporting Attack.Phishing to offer account verification . The ads themselves come from Attack.Phishing an account that mimics Attack.Phishing the official Twitter support account , @ support . The fraudulent account , @ SupportForAll6 , uses Twitter branding , logos , colors , etc. , to increase the sense of authenticity , despite a very low number of followers and a suspect name

Last week I ran across a very successful phishing campaign Attack.Phishing , what ’ s odd in most ways it was nothing special . The attacker was using this more like a worm , where stolen Attack.Databreach credentials would be used within the hour to start sending out Attack.Phishing a mass amount of more phishes Attack.Phishing . I 've decided to call this `` Dynamite Phishing Attack.Phishing `` because there is nothing quiet about this at all . It seems about 40 % of the credentials were used for more mailings , and the other account 's credentials had not been used . The initial phishes Attack.Phishing came in Attack.Phishing from a K12 domain from several affected individuals . The email subject was “ You have an Incoming Document Share With You Via Google Docs ” . The contents of the email were base64 encoded , while it appears to be common Content-Transfer-Encoding , it 's not something I typically run into especially when looking at Phishes . The link in the document went to `` hxxp : //bit.ly/2kZJbW3 '' which went to hxxp : //jamesrichardsquest.co.nf/lib The landing page was setup as a generic Outlook Web Access 2013 login page . It appears the EM_Client is a pretty popular email client , but it maybe something you can block on depending on your environment . user-agent : eM_Client/7.0.27943.0 While most people have good protections from Emails coming from external entities into their email environment , many don ’ t push the same protections intra-domain . The volume of email sent from Attack.Phishing the Phished accounts to other Internal accounts is what made this so successful

The SANS Internet Storm Center published a warning on Wednesday about an active phishing campaign Attack.Phishing that utilizes PDF attachments in a novel ploy to harvest email credentials from victims . According to the SANS bulletin , the email has the subject line “ Assessment document ” and the body contains a single PDF attachment that claims to be locked . A message reads : “ PDF Secure File UNLOCK to Access File Content ” . Clicking on a link to unlock the document opens the PDF document using the computer ’ s default viewer . A dialogue box then appears above the PDF prompting the user to input their email address and password . They are not going after the most sophisticated users . They are going after Joe Cubicle that may not think twice about entering credentials to unlock a PDF , ” said John Bambenek , handler at SANS Internet Storm Center . Bambenek suspects that attackers are harvesting Attack.Databreach credentials in hopes of gaining a small foothold into a company via an email account or to perpetuate further phishing scams . The email says it ’ s from VetMeds and the PDF is identified as a VetMeds assessment . Once opened , the contents of the one-page PDF indicates that the document is a SWIFT ( Society for Worldwide Interbank Financial Telecommunication ) banking transaction . “ It doesn ’ t matter what email address or password you input into the fake unlocking mechanism . The document is opened and anything you input is transmitted to the spammer , ” Bambenek said .