Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2023-01-30 13:52:25 |
Russian and Iranian Spear Phishing Campaigns are Running Rampant in the UK (lien direct) |
The UK's National Cyber Security Centre (NCSC) has described two separate spear phishing campaigns launched by Russia's SEABORGIUM threat actor and Iran's TA453 (also known as Charming Kitten). The NCSC says both threat actors have targeted entities in the UK, including “academia, defence, governmental organisations, NGOs, think-tanks, as well as politicians, journalists, and activists." |
Threat
Conference
|
APT 35
|
★★
|
|
2022-12-14 11:12:35 |
(Déjà vu) Ughh. FBI\'s Vetted Threat Sharing Network \'InfraGard\' Hacked (lien direct) |
Investigative reported Brian Krebs reported December 13, 2022 that "InfraGard, a program run by the U.S. Federal Bureau of Investigation (FBI) to build cyber and physical threat information sharing partnerships with the private sector, this week saw its database of contact information on more than 80,000 members go up for sale on an English-language cybercrime forum. Meanwhile, the hackers responsible are communicating directly with members through the InfraGard portal online - using a new account under the assumed identity of a financial industry CEO that was vetted by the FBI itself." |
Threat
|
|
★
|
|
2022-08-15 13:07:30 |
Initial Access Broker Phishing (lien direct) |
Cisco has disclosed a security incident that occurred as a result of sophisticated voice phishing attacks that targeted employees, according to researchers at Cisco Talos. The researchers believe the attack was carried out by an initial access broker with the intent of selling access to the compromised accounts to other threat actors. |
Threat
|
|
★★★
|
|
2022-08-03 15:28:49 |
On-Demand Webinar: New 2022 Phishing By Industry Benchmarking Report: How Does Your Organization Measure Up (lien direct) |
As a security leader, you have a lot on your plate. Even as you increase your budget for sophisticated security software, your exposure to cybercrime keeps going up. IT security seems to be a race between effective technology and ever evolving attack strategies from the threat actors. However, there's an often-overlooked security layer that can significantly reduce your organization's attack surface: New-school security awareness training. |
Threat
Guideline
|
|
|
|
2022-06-28 13:04:02 |
CyberheistNews Vol 12 #26 [Heads Up] The FBI Warns That LinkedIn Fraudsters Are Now a Significant Threat (lien direct) |
|
Threat
|
|
|
|
2022-06-20 14:10:51 |
Less Than 40% of Asia-Pacific Organizations Are Confident to Stop Cyber Threats as 83% Experience At Least One Ransomware Attack a Year (lien direct) |
|
Ransomware
Threat
|
|
|
|
2022-06-09 16:02:12 |
Approaching Ransomware Victims Privately (lien direct) |
Researchers at KELA warn that ransomware gangs are increasingly refraining from mentioning their victims' names after the initial attack, giving the victims a chance to pay up before the attack is publicized. This puts an additional layer of pressure on the victim to pay quickly, because it may allow them to avoid the reputational damage that's among the biggest threats a victim faces. If the victim refuses to pay, the attackers can then publish their name and threaten to release the stolen data. |
Ransomware
Threat
|
|
|
|
2022-06-06 15:39:00 |
Understanding the Threat of NFT and Cryptocurrency Cyber Attacks and How to Defend Against Them (lien direct) |
|
Threat
|
|
|
|
2022-06-01 22:09:19 |
Phishing Attacks Rise 54% as the Initial Attack Vector Across All Threat Incidents (lien direct) |
|
Threat
|
|
★★★★★
|
|
2022-05-17 13:30:09 |
Spear Phishing a Diplomat (lien direct) |
Researchers at Fortinet observed a spear phishing attack that targeted a Jordanian diplomat late last month. The researchers attribute this attack to the Iranian state-sponsored threat actor APT34 (also known as OilRig or Helix Kitten). The body of the phishing email isn't particularly detailed, but the attackers put a significant amount of effort into impersonating an employee at the targeted individual's organization. |
Threat
|
APT 34
|
|
|
2022-05-10 13:49:56 |
Mustang Panda Uses Spear Phishing to Conduct Cyberespionage (lien direct) |
The China-based threat actor Mustang Panda is conducting spear phishing campaigns against organizations in NATO countries and Russia, as well as entities in the US and Asia, according to researchers at Cisco Talos. The goal of this activity is cyberespionage. |
Threat
|
|
★★★★
|
|
2022-05-09 13:11:25 |
Business Email Compromise Shouldn\'t Be the Cost of Doing Business (lien direct) |
The FBI last week published a public service announcement updating its warnings about the continuing threat of business email compromise (BEC, also called CEO fraud). The problem has reached shocking proportions: between June of 2016 and December of 2021, the Bureau counted 241,206 domestic and international incidents of business email compromise. The “exposed dollar loss” (which includes both actual and attempted losses) is the real shocker: $43,312,749,946, more than forty-three-billion dollars. |
Threat
|
|
★★★
|
|
2022-05-05 13:08:59 |
Cozy Bear Goes Typosquatting (lien direct) |
Researchers at Recorded Future's Insikt Group warn that the Russian threat actor NOBELIUM (also known as APT29 or Cozy Bear) is using typosquatting domains to target the news and media industries with phishing pages. |
Threat
|
APT 29
|
|
|
2022-05-04 13:28:52 |
FIN12 Threat Group Speeds Up Ransomware Attacks to Just Two Days After Initial Access (lien direct) |
As detection times are reducing across the board, threat groups are improving their craft and are prioritizing speed as the key ingredient in ransomware attacks. |
Ransomware
Threat
|
|
|
|
2022-05-04 13:28:05 |
Organizations Have a 76% Likelihood of a Successful Cyberattack in the Next Year (lien direct) |
New data from TrendMicro and Ponemon shows how almost organizations globally are not fully prepared for the looming threat of almost-certain cyberattacks. |
Threat
|
|
|
|
2022-04-26 12:49:59 |
More_eggs Malware Distributed Via Spear Phishing (lien direct) |
Threat actors are sending out the stealthy “more_eggs” malware in spear phishing emails that target hiring managers, according to researchers at eSentire's Threat Response Unit (TRU). |
Malware
Threat
|
|
|
|
2022-04-21 14:14:00 |
Critical: CISA Warns of Potential Attacks on Infrastructure by Russian State-Sponsored and Criminal Cyber Gangs (lien direct) |
In a joint multi-country cybersecurity advisory (CSA), governments are warning their respective critical infrastructure organizations to be vigilant against increased malicious cyber threat activity. |
Threat
|
|
|
|
2022-04-07 12:28:50 |
“Human Error” Ranked as the Top Cybersecurity Threat While Budgets Remain Misaligned (lien direct) |
New insights into the state of data security show a clear focus on the weakest part of your security stance – your users – and organizations doing little to address it. |
Threat
|
|
|
|
2022-04-05 18:36:44 |
Ransomware Victims See Ransom Demands and Payments Increase as The Number of Published Data Victims Spikes (lien direct) |
Cybercriminals Groups and “as a Service” threat actor affiliates alike seem to be doing well, according to a new report on the state of ransomware from Palo Alto Networks' Unit42. |
Threat
|
|
|
|
2022-04-05 12:48:00 |
(Déjà vu) CyberheistNews Vol 12 #14 [EYE OPENER] A Lack of Employee Cyber Hygiene is the Next Big Threat (lien direct) |
[EYE OPENER] A Lack of Employee Cyber Hygiene is the Next Big Threat
Email not displaying? |
CyberheistNews Vol 12 #14 | Apr. 5th., 2022
[EYE OPENER] A Lack of Employee Cyber Hygiene is the Next Big Threat
A new report suggests that everything from endpoints, to passwords, to training, to security policies, to a lack of awareness is all contributing to much higher risk of cyberattack.
Employee cyber risk is a multifaceted issue that revolves a lot around cyber hygiene, according to new data in Mobile Mentor's inaugural Endpoint Ecosystem Report. It involves a number of issues that organizations are going to need to address effectively and quickly.
|
Threat
|
|
|
|
2022-03-30 12:16:33 |
A Lack of Employee Cyber Hygiene is the Next Big Threat (lien direct) |
A new report suggests that everything from endpoints, to passwords, to training, to security policies, to a lack of awareness is all contributing to much higher risk of cyberattack. |
Threat
|
|
|
|
2022-03-24 19:05:50 |
Fidelity: "Why cybersecurity is material to all industries" (lien direct) |
Fidelity just published an article titled "Cybersecurity: A growing risk". They note that the threat of Russian cyberattacks highlights vulnerabilities across industries. I'm quoting a small section and I suggest you read the rest of the article here. |
Threat
|
|
|
|
2022-03-24 14:20:53 |
Initial Access Broker Group Relies on Social Engineering (lien direct) |
Google's Threat Analysis Group (TAG) describes a cybercriminal group it calls “EXOTIC LILY” that acts as an initial access broker for numerous financially motivated threat actors, including FIN12 and the Conti ransomware gang. EXOTIC LILY uses phishing attacks to gain access to organizations' networks, then sells this access to other gangs for further exploitation. |
Ransomware
Threat
|
|
|
|
2022-03-22 15:06:15 |
(Déjà vu) CyberheistNews Vol 12 #12 [New White House Alert] Train Your Users Against Threat of Russian Cyberattacks (lien direct) |
[New White House Alert] Train Your Users Against Threat of Russian Cyberattacks
Email not displaying? |
CyberheistNews Vol 12 #12 | Mar. 22nd., 2022
[New White House Alert] Train Your Users Against Threat of Russian Cyberattacks
With the recent cyber attacks between Russia and Ukraine and the current intelligence coming from the U.S. Government, organizations want to shore up their defenses to reduce the risk of a successful attack by any nation-state.
|
Threat
|
|
|
|
2022-03-10 14:31:15 |
Phishing and Scam Pages Increase by 153% as Cybercriminals Seek to Establish Credibility (lien direct) |
As part of either impersonating known brands or simply leveraging credible cloud services, the use of a web page as part of an attack has become a staple for threat actors. |
Threat
|
|
|
|
2022-03-09 14:05:47 |
Domains Associated with Phishing Directed Against Ukraine (lien direct) |
Researchers from Secureworks' Counter Threat Unit (CTU) are tracking phishing domains used by the “MOONSCAPE” threat actor to target users in Ukraine. The researchers note that Ukraine's Computer Emergency Response Team (CERT-UA) has attributed this campaign to the Belarusian threat actor UNC1151, but Secureworks hasn't yet confirmed this attribution. Belarus is one of Russia's closest allies, and is assisting in Moscow's war against Ukraine. |
Threat
|
|
|
|
2022-03-02 18:31:47 |
FBI: SIM Swapping Attacks See More Than 500% Increases in The Number of Attacks and Monetary Losses (lien direct) |
With mobile devices used as secondary authentication, threat actors have been stepping up activity, looking for ways to transfer phone numbers to cybercriminal-controlled devices. |
Threat
|
|
|
|
2022-02-17 15:08:48 |
Scammers Use a Mix of Stolen Credentials, Inbox Rules, and a Rogue Outlook Client Install to Phish Internal and External Victims (lien direct) |
Organizations that are not using Microsoft's multi-factor authentication are finding themselves victims of credential attacks that involve threat actors installing Outlook on a controlled device. |
Threat
|
|
|
|
2022-02-15 14:24:51 |
CyberheistNews Vol 12 #07 [Heads Up] FBI Warns Against New Criminal QR Code Scams (lien direct) |
[Heads Up] FBI Warns Against New Criminal QR Code Scams
Email not displaying? |
CyberheistNews Vol 12 #07 | Feb. 15th., 2022
[Heads Up] FBI Warns Against New Criminal QR Code Scams
QR codes have been around for many years. While they were adopted for certain niche uses, they never did quite reach their full potential. They are a bit like Rick Astley in that regard, really popular for one song, but well after the boat had sailed. Do not get me wrong, Rick Astley achieved a lot. In recent years, he has become immortalized as a meme and Rick roller, but he could have been so much more.
However, in recent years, with lockdown and the drive to keep things at arms length, QR codes have become an efficient way to facilitate contactless communications, or the transfer of offers without physically handing over a coupon. As this has grown in popularity, more people have become familiar with how to generate their own QR codes and how to use them as virtual business cards, discount codes, links to videos and all sorts of other things.
QRime Codes
As with most things, once they begin to gain a bit of popularity, criminals move in to see how they can manipulate the situation to their advantage. Recently, we have seen fake QR codes stuck to parking meters enticing unwitting drivers to scan the code, and hand over their payment details believing they were paying for parking, whereas they were actually handing over their payment information to criminals.
The rise in QR code fraud resulted in the FBI releasing an advisory warning against fake QR codes that are being used to scam users. In many cases, a fake QR code will lead people to a website that looks like the intended legitimate site. So, the usual verification process of checking the URL and any other red flags apply.
CONTINUED with links and 4 example malicious QR codes on the KnowBe4 blog:
https://blog.knowbe4.com/qr-codes-in-the-time-of-cybercrime
|
Ransomware
Data Breach
Spam
Malware
Threat
Guideline
|
APT 15
APT 43
|
|
|
2022-02-08 14:23:51 |
CyberheistNews Vol 12 #06 [Heads Up] Beware of New Quickbooks Payment Scams (lien direct) |
[Heads Up] Beware of New QuickBooks Payment Scams
Email not displaying? |
CyberheistNews Vol 12 #06 | Feb. 8th., 2022
[Heads Up] Beware of New QuickBooks Payment Scams
Many small and mid-sized companies use Intuit's popular QuickBooks program. They usually start out using its easy-to-use base accounting program and then the QuickBooks program aggressively pushes other complimentary features. One of those add-on features is the ability to send customers' invoices via email.
The payee can click on a “Review and pay” button in the email to pay the invoice. It used to be a free, but less mature, feature years ago, but these days, it costs extra. Still, if you are using QuickBooks for your accounting, the ability to generate, send, receive and electronically track invoices all in one place is a pretty easy sell.
Unfortunately, phishing criminals are using QuickBooks' popularity to send business email compromise (BEC) scams. The emails appear as if they are coming from a legitimate vendor using QuickBooks, but if the potential victim takes the bait, the invoice they pay will be to the scammer.
Worse, the payment request can require that the payee use ACH (automated clearing house) method, which requires the payee to input their bank account details. So, if the victim falls for the scam, the criminal now has their bank account information. Not good.
Note: Some other QuickBooks scam warnings will tell you that QuickBooks will never ask for your ACH or banking details. This is not completely true. QuickBooks, the company and its support staff, never will, but QuickBooks email payment requests often do. Warn your users in Accounting.
CONTINUED at the KnowBe4 blog with both legit and malicious example screenshots:
https://blog.knowbe4.com/beware-of-quickbooks-payment-scams
|
Malware
Hack
Threat
Conference
|
APT 35
|
|
|
2022-02-01 19:40:07 |
8 New Malware Payloads Spotted As Part of Attacks Against Ukrainian Targets (lien direct) |
Security Threat Researchers at Symantec have published details about malware being put out by the “Gamaredon” threat group (who have been tied to Russian Federal Security Service), responsible for attacks in the Ukraine since 2013. |
Malware
Threat
|
|
|
|
2022-02-01 14:37:29 |
CyberheistNews Vol 12 #05 [Heads Up] DHS Sounds Alarm on New Russian Destructive Disk Wiper Attack Potential (lien direct) |
|
Ransomware
Malware
Hack
Tool
Threat
Guideline
|
NotPetya
NotPetya
Wannacry
Wannacry
APT 27
APT 27
|
|
|
2022-01-31 14:16:14 |
Increased “Shipping Delays” Now Served as Phishbait (lien direct) |
Attackers are exploiting pandemic-related supply-chain disruptions to launch phishing campaigns, according to Troy Gill, senior manager of threat intelligence at Zix. In an article for Threatpost, Gill describes a phishing attack that impersonated a major shipping company. |
Threat
|
|
|
|
2022-01-20 14:25:55 |
Half of All Organizations Hit by Ransomware Experience Productivity Loss (lien direct) |
According to new data, ransomware is expected to be a larger and more likely threat in the next year, making the impacts felt today very relevant as the impetus for improved cybersecurity. |
Ransomware
Threat
|
|
|
|
2022-01-19 13:33:29 |
A Cyberespionage Group Uses Social Engineering (lien direct) |
A sophisticated China-aligned threat actor is using social engineering to carry out cyberespionage and financially motivated attacks, according to researchers at Trend Micro. |
Threat
|
|
|
|
2022-01-18 16:59:26 |
North Korean Cryptocurrency Theft Relies on Social Engineering (lien direct) |
A North Korean threat actor being called “BlueNoroff,” a subunit of Pyongyang's Lazarus Group, has been targeting cryptocurrency startups with financially motivated attacks, researchers at Kaspersky have found. The campaign, “SnatchCrypto,” is using malicious documents to gain access to internal communications, then using social engineering to manipulate employees. |
Threat
Medical
|
APT 38
APT 28
|
|
|
2022-01-06 18:20:04 |
Obvious, but Probably Effective: Konni RAT Screensaver (lien direct) |
A North Korean threat actor is targeting users in Russia with a New Year's Eve-themed phony screensaver file, the Record reports. Researchers at Cluster25 spotted the activity, and say the campaign “started at least from August 2021 aimed at Russian targets operating in the diplomatic sector.” The researchers note that the threat actor used a ZIP file in this spear phishing attack, as opposed to a document with malicious macros. |
Threat
|
|
|
|
2022-01-01 16:59:12 |
2022 Resolution: "I\'ll Be A Certified Security Awareness and Culture Professional (SACP)™" (lien direct) |
|
Threat
Guideline
|
|
|
|
2021-12-30 20:58:33 |
New “Karakurt” Threat Group is Gaining Attention Through Multiple and Frequent Extortion Attacks (lien direct) |
A new warning from Accenture Security highlights this new cybercriminal group making waves that focuses on a "data breach and extortion” MO rather than relying on ransomware. |
Threat
|
|
|
|
2021-12-15 21:24:13 |
NSA: Cyberattacks are Putting the “Security of our Nation” at Stake (lien direct) |
When most see cyberattacks as something that is impactful at the organizational level, the head of the National Security Agency sees cyberattacks as being a threat to the entire nation. |
Threat
|
|
|
|
2021-12-07 15:15:15 |
SideCopy: How an Intelligence Service Uses Phishbait (lien direct) |
Researchers at Malwarebytes offer more details on a spear phishing campaign run by a Pakistani threat actor that's come to be known as “SideCopy.” The campaign was first reported by Facebook earlier this year. |
Threat
|
|
|