On January 20 , an email from Lynn Jurich , CEO of San Francisco-based solar firm Sunrun , popped up in a payroll department employee 's inbox . The CEO was requesting copies of all employee W-2 forms , which were about to be sent out in preparation for tax season . The employee responded quickly as requested , not realizing the W-2 forms — containing the addresses , social security numbers , and salary information for Sunrun 's nearly 4,000 employees — were actually being delivered Attack.Databreach to a scam artist . Tax season is always a busy time for scammers seeking to gain access Attack.Databreach to sensitive information , but this year attacks are coming earlier and in greater numbers than usual . The uptick has caused the IRS to release an urgent alert warning employers to be on the lookout for what they 're refering to as `` one of the most dangerous email phishing scams Attack.Phishing we ’ ve seen in a long time . '' By using email spoofing techniques , criminals are able to draft Attack.Phishing emails that look as though they are coming directly from Attack.Phishing a high-level executive at your organization . They send Attack.Phishing the message to an employee in the payroll department or HR and include a request for a list of the organization 's employees along with their W-2 forms . Their initial goal is to use the W-2 information to file fraudulent tax returns and claim refunds . But not all criminals are stopping there . Once they 've found a responsive victim , a portion are also following up with additional email requesting a wire transfer be made to an account they provide . Also referred to as business email compromise (BEC) Attack.Phishing , these attacks Attack.Phishing have claimed more than 15,000 victims and cost organizations more than $ 1 billion over the past three years . More than 100 organizations have already fallen victim to W-2 phishing scams Attack.Phishing in 2017

DDoS extortionists have already pounced on the Memcached DDoS attack vector in attempts to extract payments Attack.Ransom from attacked companies . Akamai revealed earlier today that it detected DDoS attacks executed via Memcached servers that were different from others . Instead of blasting targets with UDP packets containing random data , one group of attackers is leaving short messages inside these packets . This one group is asking Attack.Ransom victims to pay Attack.Ransom 50 Monero —around $ 17,000— to a Monero address . The group does n't say it will stop the attack but only implies it . Such attacks have first appeared in 2015 and were initially referred to as DDoS-for-Bitcoin after the DD4BTC group that pioneered such tactics . The group would send emails to various companies , threatening to launch DDoS attacks unless they paid a ransom fee Attack.Ransom . Even if the group 's members were arrested , other factions appeared in subsequent years , using unique names such as Armada Collective or XMR Squad , but also mimicking hacker groups such as Anonymous or LulzSec . The tactic , now known as ransom DDoS (RDoS) Attack.Ransom , has become quite popular among cybercriminal groups , and there have been too many RDoS campaigns Attack.Ransom to remember in the past years . In most past cases , attackers did n't have the firepower to launch DDoS attacks if victims ignored the ransom demand Attack.Ransom . But the Memcached-based DDoS extortions Attack.Ransom are different . Attackers clearly have the DDoS cannon to take down companies , mainly due to the large number of unsecured Memcached servers they can abuse to launch these attacks Attack.Ransom . Victims are also more likely to pay Attack.Ransom , seeing that they 're under a heavy attack Attack.Ransom and this is n't just an empty threat . But according to Daniel Smith , a Radware security researcher who spoke with Bleeping Computer , paying the Monero ransom Attack.Ransom wo n't help companies at all.That 's because attackers have used the same Monero address for multiple DDoS attacks against different targets . Here 's the same Monero address from the Akamai attacks , but spotted by a different security researcher . Attackers would n't have the ability to tell which of the multiple targets they attacked paid the ransom Attack.Ransom . The general consensus is that this group is using a carpet bombing technique , hitting Attack.Ransom as many targets as possible for short bursts , hoping to scare one into paying Attack.Ransom . `` Multiple targets are sent the same message in hopes that any of them will pay the ransom Attack.Ransom , '' Akamai said in a report today , echoing Smith 's recommendation not to pay the ransom Attack.Ransom . `` There is no sign to suggest that they are actively tracking the targets reaction to the attacks , no contact information , no detailed instructions on payment notification , '' Akamai added . `` If a victim were to deposit the requested amount Attack.Ransom into the wallet , we doubt the attackers would even know which victim the payment Attack.Ransom originated from , let alone stop their attacks as a result . ''

A wave of cyberattacks is targeting organisations ' financial departments with a social engineering and phishing campaign Attack.Phishing designed to trick Attack.Phishing victims into downloading credential-stealing malware and other threats . Detailed by researchers at Barracuda Networks , the invoice impersonation attacks aim to persuade Attack.Phishing the victim that the messages are from trusted sources , or to act on impulse -- planting the idea that the target has lost money is a common tactic in phishing emails , as it creates panic for the user . The victim thinks they are reacting to an important request when all they 're doing is playing right into the hands of the attackers . A new wave of these attacks Attack.Phishing involves attackers sending Attack.Phishing status updates for invoices -- but these do n't just involve threat actors firing off millions of messages at random and hoping for the best ; they 're specially crafting the attacks Attack.Phishing to look authentic and crucially , from someone the target might trust . In one example of this attack Attack.Phishing , the target receives Attack.Phishing an email asking for a reply to a query about the payment status of an invoice . A legitimate-looking invoice number is provided in the subject line and the sender 's name is chosen to be Attack.Phishing someone the recipient knows . Mimicking Attack.Phishing someone the victim knows suggests the attackers are already familiar with the target and their network -- this information could simply have been scraped from a public profile such as LinkedIn or it could indicate that the attackers already have a foothold in the network which they 're looking to exploit for further gains . The message might look legitimate at first glance -- especially for someone quickly scanning emails in a high-paced financial environment -- but the invitation to click on a link to respond to the supposed status should be treated with suspicion . But if a recipient does click through , the link will download a Word document supposedly containing the invoice -- which then goes onto install malware onto the system . It could be subtle , like a trojan or the victim could recognise their error immediately if faced with ransomware . The attackers are n't just using a single template in the campaign , researchers have spotted other lures used in an effort to distribute a malicious payload . A second invoice impersonation attack uses the subject 'My current address update ' and claims to contain Attack.Phishing information from a trusted contact about a change of address , along with details of a new invoice . Once again , the victim is encouraged Attack.Phishing to click through a link to download the document from a malicious host with the end result again being an infection with malware , credential theft or a compromised account . The attacks might seem simple , but those behind them would n't be deploying them if they did n't work . `` Impersonation is a proven tactic that criminals are regularly using to attract Attack.Phishing victims into believing that they are acting on an important message , when that could n't be further from the truth , '' said Lior Gavish , VP at Barracuda Networks . When it comes to protection against this type of attack , employee training can go a long way , especially if they 're provided with a sandbox environment .

At last count , 110 organizations have reported successful Phishing attacks Attack.Phishing targeting W-2 records , placing more than 120,000 taxpayers at risk for identity fraud . Many of those working for the victimized firms have had a stressful time dealing with the fallout . Those who have experienced this unique type of crime say it 's a nightmare . Some of those affected have had fraudulent returns filed under their name , in addition to issues with educational expenses . In one case , the scammers created flexible spending accounts with their stolen identities . The Phishing attacks Attack.Phishing causing so much damage , also known as BEC (Business Email Compromise) attacks Attack.Phishing , are simple and effective . They exploit trust relationships within the office , and in many cases , exploit the routine practice of sharing data via email . According to the IRS , these attacks Attack.Phishing are some of the most dangerous email scams Attack.Phishing the agency has seen in a long time . `` It can result in the large-scale theft Attack.Databreach of sensitive data that criminals can use to commit various crimes , including filing fraudulent tax returns . We need everyone ’ s help to turn the tide against this scheme , '' IRS Commissioner , John Koskinen , remarked in a warning issued last month . In 2016 , Databreaches.net tracked 145 BEC victims . With more than five weeks left in the current tax season , the count sits at 110 ( as of 03-13-17 ) and shows no signs of slowing . As mentioned , those impacted by the BEC attacks Attack.Phishing have described the aftermath as a frustrating nightmare , one that drains them of time and in some cases money when their returns are delayed .

Business Email Compromise (BEC) attacks Attack.Phishing jumped 45 % in the final quarter of 2016 , compared to the previous three months , according to new stats from Proofpoint . The security vendor claimed such attacks have grown both in volume and sophistication . Also known as “ CEO fraud ” and “ whaling ” , these attacks Attack.Phishing typically involve fraudsters spoofing Attack.Phishing the email addresses of company CEOs to trick Attack.Phishing staff members into transferring funds outside the company . However , Proofpoint also includes attempts to target HR teams for confidential tax information and sensitive employee data , as well as engineering departments which may have access to a wealth of lucrative corporate IP . In its analysis of over 5000 global enterprise customers , it claimed that in two-thirds of cases the attacker spoofed Attack.Phishing the “ from ” email domain to display the same as that of the targeted company . These attacks Attack.Phishing can thwart some systems , because they don ’ t feature malware as such – just a combination of this domain spoofing Attack.Phishing and social engineering of the victim to force them to pay up . Part of the trick is to harry the target , rushing them so they have less time to think about what they ’ re doing . That ’ s why over 70 % of the most common BEC Attack.Phishing subject line families appraised by Proofpoint featured the words “ Urgent ” , “ Payment ” and “ Request ” . The vendor claimed that firms in the manufacturing , retail and technology sectors are especially at risk , as cyber-criminals repeatedly look to take advantage of more complex supply chains and SaaS infrastructures . Vice-president of products , Robert Holmes , argued that although employee education was important , it needs to be complemented by the right set of tools to weed out fraudulent emails . “ When it comes to BEC attacks Attack.Phishing , employees should never be an organization ’ s first line of defense . It is the organization ’ s responsibility to ensure that security technologies are in place , so that BEC attacks are stopped before they can reach their intended target , ” he told Infosecurity Magazine . BEC Attack.Phishing has become so popular among the black hats that the FBI warned organizations last year the scams had cost billions since 2013 . Trend Micro predicted that 2017 would see more and more cyber-criminals turn to BEC Attack.Phishing given the potential rich pickings – claiming the average pay-out is $ 140,000 , versus just $ 722 for a typical ransomware attack Attack.Ransom . However , Holmes argued that ransomware and BEC actors are likely “ two distinct types of criminal ” . “ While ransomware attacks Attack.Ransom require technical infrastructure to launch campaigns at scale , BEC attacks Attack.Phishing are socially engineered and highly targeted in nature , conducted by a single actor rather than teams , and generally launched from shared email platforms , ” he explained . “ While cyber-criminals will always go where the money is , we do not envision a drastic change in tactics such as traditional purveyors of ransomware transitioning to BEC Attack.Phishing . As long as ransomware and trojans continue to pay , cyber-criminals with technical skillsets are unlikely to down tools and pivot towards such a fundamentally different type of attack vector . ”

Research conducted by both cyber security firm shows that the attacks first appeared in July 2015 and since then , cybercriminals behind these attacks have targeted hundreds of organizations within the region . According to the research , hackers were using KasperAgent and Micropsia malware to target Windows operating system while SecureUpdate and Vamp malware were being used to target Android OS . The cybercriminals behind these attacks used two different techniques to achieve their goal . One technique involved using an URL shortener service Bit.ly to disguise Attack.Phishing the original malicious links . The motive behind these attacks Attack.Databreach was to steal Attack.Databreach credentials and spy Attack.Databreach on the victims . As per the research , hackers were targeting Educational institutes , Military organization and media companies from Palestine , Israel , Egypt , and the US . SecureUpdate , a malware disguised as Attack.Phishing an Android update was designed to download malicious payloads into the victim ’ s device while the Vamp was focused on stealing Attack.Databreach data from victims ’ smartphones including call recordings , contact information , and stealing Attack.Databreach other important documents . The malware designed to target Windows operating systemsKasperAgent and Micropsia were capable of downloading other payloads , executing arbitrary commands , stealing Attack.Databreach files , capturing Attack.Databreach a screenshot , logging Attack.Databreach keystrokes and much more . Essentially the hackers were interested in stealing Attack.Databreach credentials of the infected devices . At first , no connection was established between the attacks since all the malware were different from each other . On close inspection , however , the security firms found a link . The Same email address was used to register infectious domains which eventually revealed that the attacks were linked after all . Researchers revealed that more than 200 samples of the Windows malware and at least 17 samples of Android malware were discovered which means that potential victims of this malware could be numerous . The researchers at Palo Alto firm stated “ Through this campaign , there is little doubt that the attackers have been able to gain Attack.Databreach a great deal of information from their targets , ” The campaign also illustrates that for some targets old tricks remain sufficient to run a successful espionage campaign , including the use of URL shortening services , classic phishing techniques as well as using archive files to bypass some simple file checks . This is not the first time when a sophisticated malware attack was aimed at the Middle Eastern countries . Just last month StoneDrill malware was discovered targeting not only the Middle East but also Europe . Also , Shamoon malware from Iran is currently targeting Saudi Arabian cyber infrastructure

A lot of things can go wrong on your holidays , like losing luggage or missing a flight , forgetting your travel documents or getting sick at the worst possible time . But have you ever been locked out of your hotel room because of a cyberattack ? That ’ s just what happened to guests at a luxury hotel in Austria when they were left stranded outside of their rooms after a ransomware attack Attack.Ransom that overrode electronic key systems . This concept , which can be summed up as “ if you don ’ t pay , your guests won ’ t be able to get into their rooms ” , underscores a strategy shift in ransomware . Instead of directly attacking Attack.Ransom the hotel chain directly , cybercriminals are looking to increase profitability by compromising Attack.Databreach the well-being of paying customers . Infected computers and POS systems , credit card theft Attack.Databreach , access Attack.Databreach to confidential information… in the age of the Internet of Things and smart homes , these attacks Attack.Databreach are becoming commonplace or even antiquated . Clearly the attacks Attack.Databreach that this industry has been experiencing are not something casual or fleeting . Behind them lies a real economic interest and a preoccupation with stealthy operations . The hotel sector has become a major target for organized cybercriminals in possession of malware specifically designed to harm its running smoothly , not only in payment systems , but also by sealing off access to your room , turning lights on and off , or locking your blinds . This is , undoubtedly , a worrisome situation that could cause significant harm not only on an economic level , but also a PR level , sowing fear among clientele .

Cybercriminals that specialize in ransomware , which affects thousands of computers and mobile devices every year , are ramping up their attacks against businesses . It is here that they can get their hands on valuable information and large sums of cash . This particular kind of malware , which hijacks devices and demands a ransom Attack.Ransom for their return , has managed to conquer another kind of technology : smart TVs . Last December , the American developer Darren Cauthon announced on Twitter that a family member ’ s television had fallen victim to one of these attacks Attack.Ransom . The television in question was an LG model that came out in 2014 that is compatible with Google TV , a version of Android tailored to televisions . Once it had infiltrated the device , the malicious software demanded a ransom Attack.Ransom of $ 500 dollars to unlock the screen , which simulated a warning from the Department of Justice . pic.twitter.com/kNz9T1kA0p — Darren Cauthon ( @ darrencauthon ) December 25 , 2016 The appearance of the false message would lead you to believe that it ’ s a version of the ransomware known as Cyber.police , also known as FLocker . Ordinarily this ransomware affects smartphones with Google ’ s operating system . After hijacking the device , the malware collects Attack.Databreach information from the user and the system , including contact information and the location of the device , to be sent encrypted to cybercriminals .