What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-02-16 01:23:04 | Lutter contre le stalking grâce à l\'OSINT (lien direct) | Tags: OSINTviolencesstalkingLes lignes qui suivent sont le résultat d'un travail collaboratif, sous l'impulsion de Justin Seitz. Nous sommes plusieurs à travailler ensemble, dont Heartbroken et Nanardon.
L'OSINT est l'acronyme d'Open Source Intelligence. Il s'agit d'un ensemble de techniques d'investigation, permettant de récupérer des informations à partir de sources dites ouvertes. Utilisé en sécurité informatique, dans les enquêtes de police et de journalistes, l'OSINT permet non seulement de récupérer des informations, mais aussi de se protéger contre des gens mal intentionnés. Les violences contre les personnes, en particulier les violences faites aux femmes, ont augmenté et se sont diversifiées. Harcèlement en ligne, raids numériques, divulgation de données personnelles, photomontages, revenge porn, usurpations d'identité, les faits sont multiples. Comment réagir si cela vous arrive ? Comment prévenir au maximum la survenance de ces faits ? Notre objectif est de vous fournir un kit clef en main, simple, à la portée technique de toutes les personnes concernées. Ces kits ne se substituent pas aux associations, aux forces de police, aux avocats ni aux professionnels de santé. Nous vous croyons. Vous n'êtes pas responsables de ce qui vous arrive. Les faits et les situations dont nous allons nous servir pour illustrer nos propos sont tous pénalement et civilement répréhensibles. Vous n'êtes pas seuls. Lorsque l'on parle de stalking, on désigne le fait de surveiller ou d'épier quelqu'un à distance, grâce aux outils numériques. On peut distinguer deux hypothèses : • Le cas où la victime et le stalkeur se connaissent personnellement et intimement ; • Le cas où la victime ne connaît pas personnellement la personne qui la surveille en ligne. À noter que cette surveillance peut déborder des outils numériques et se traduire également par des actions dans la vraie vie Relever tous les éléments Le point commun pour les deux cas évoqués est le même que dans les articles précédents : avant de supprimer quoi que ce soit, collectez et archivez tous les éléments. Si vous trouvez des logiciels espions dans vos appareils, faites a minima des captures d'écran des applications trouvées, avec tous les détails techniques. |
Spam | ||
 |
2021-02-15 11:00:00 | CISOs report that ransomware is now the biggest cybersecurity concern in 2021 (lien direct) | This blog was written by an independent guest blogger. As the number of remote working arrangements rose substantially in the last year, cybercriminals were quick to take advantage of these new opportunities. Spam and phishing emails increased in number even more rapidly than telecommuting, and company cybersecurity officers found themselves struggling to keep up. Phishing emails often came with a sinister sidekick - a ransomware attack. It is not surprising then that a recent survey of IT and cybersecurity officers revealed that ransomware attacks are the primary security concern for these professionals in 2021. Organizations have good reason to be concerned about ransomware attacks. Not only are they highly effective, but often companies find that it is simply easier to pay the ransom than try to rectify the problem. This is far from the best solution as it encourages the criminals to continue their attacks, fails to provide any long-term sense of security for the organization, and may incur liability for the organization. This article provides an overview of the rise of ransomware attacks and discusses how security professionals can prepare for and prevent attacks. The anatomy of a ransomware attack Ransomware is essentially a virus that loads onto a user’s computer, where it scans connected drives for files that it then encrypts. The user is also typically locked out of their machine and can only view a screen showing how to make a ransom payment. Ransomware attacks can take many forms, although the most common is to prevent a user from accessing encrypted files or using their machine until the ransom is paid (cryptocurrencies preferred). More malicious ransomware attacks threaten to release sensitive data to the internet broadly (doxware) or to delete data permanently. Ransomware can reach a user’s machine using a number of vectors, the most common of which is a phishing attack. However, malicious websites or popups may also provide access for ransomware attacks. Ransomware attacks can also be directly injected into an organization’s network through unsecured network connections (i.e. if no VPN is used). Or, even more simply, criminals may simply use brute force to hack weak passwords and directly insert the ransomware themselves. Ransomware can also attack vulnerabilities in applications arising during the software development process. It is therefore important to use testing methods, such as static and dynamic application security testing (SAST/DAST), that identify these security vulnerabilities continuously while your applications are running. The prevalence of ransomware attacks Overall ransomware constitutes a small portion of all malware attacks; however, they are also some of the most damaging forms of malware-based attacks as the financial and operational consequences can be devastating. The FBI saw a 37% increase in the reporting of ransomware attacks from 2018-2019, and an associated increase of 147% in financial losses. Average ransom demands also soared, reaching nearly $200,000 by the end of 2019. And the total average business costs resulting from a ransomware attack (post-attack costs, lost business costs, new cybersecurity investments, etc.) reached nearly $4.5 million as of early 2020. Exacerbating the ransomware concern is the fact that cybercriminals are now offering | Ransomware Spam Malware Hack | ||
 |
2021-02-12 00:00:00 | New Bazar Trojan Variant is Being Spread in Recent Phishing Campaign – Part I (lien direct) | FortiGuard Labs recently noticed a suspicious email through our SPAM monitoring system designed to entice victims into opening a web page to download an executable file. Learn more about our research on this new variant of the Bazar malware.
|
Spam | ||
 |
2021-02-11 15:03:54 | Various Malware Lurking in Discord App to Target Gamers (lien direct) | Research from Zscaler ThreatLabZ shows attackers using spam emails and legitimate-looking links to gaming software to serve up Epsilon ransomware, the XMRrig cryptominer and various data and token stealers. | Spam Malware | ||
 |
2021-02-10 11:00:01 | Hit block caller: 75% of Americans were targeted by scammers (lien direct) | While it's logical to assume seniors would be primary targets, a new report revealed that millennials were actually the most targeted demographic group of the more than 50 billion spam calls made in 2020. | Spam | ||
 |
2021-02-09 15:18:06 | Critical flaws in NextGen Gallery WordPress plugin still impact over 500K installs (lien direct) | The development team behind the NextGen Gallery plugin has addressed two severe CSRF vulnerabilities that could have allowed site takeover. The developers behind the NextGen Gallery plugin have fixed two critical Cross-site request forgery (CSRF) vulnerabilities, their exploitation could lead to a site takeover, malicious redirects, spam injection, phishing, and other malicious activities. The NextGEN […] | Spam Guideline | ||
 |
2021-02-09 05:30:03 | PyPI, GitLab dealing with spam attacks (lien direct) | Both sites have been flooded over the weekend with garbage content. | Spam | ||
 |
2021-02-05 10:30:00 | Financial Regulator Hit by 240,000 Malicious Emails in Q4 2020 (lien direct) | Financial Conduct Authority swats away spam and malware | Spam | ||
 |
2021-02-02 23:04:00 | Threat Actors Capitalize on COVID-19 Vaccine News to Run Campaigns, AWS Abused to Host Malicious PDFs (lien direct) | Key Findings
Malicious actors have targeted the vaccine supply chain and leaked materials stolen from the European Medicines Agency (EMA).
Phishing campaigns have evolved alongside the pandemic, with the latest observed themes being vaccine-related topics.
Users should remain cautious of possible phishing attacks via email, text messages (SMS), or just click through search results.
Overview
Threat actors change and adapt their campaigns to mirror themes prevalent in the public eye. When they leverage high-urgency trends, their success levels rise. Since the beginning of the pandemic, Anomali has focused resources to detect malicious cyber campaigns using COVID-19 themes. In this blog, Anomali Threat Research presents several malicious samples that represent simple tactics, techniques, and procedures (TTPs) used by actors in COVID-themed malspam campaigns. Less-sophisticated threat actors can be easier to monitor and block if the TTPs utilized by the actors are well known.
New Discoveries
The majority of this research centers on analysis of known threat actors and indicators of compromise (IOCs). There are several samples that we believe are newly discovered by our researchers (we haven’t seen them discussed elsewhere). Among these are several malicious PDFs hosted on Amazon Web Services (AWS) and other hosting websites. We discuss this campaign below in the chapter named “2.c. Alternative channel: Online PDF Search Engine Optimization (SEO)”, detailing samples with titles “Adenovirus vector pdf” and “Illinois coronavirus october 15”.
Details
1. Targeted Supply Chain Attacks
On December 28, 2020, the US Treasury Department's Financial Crimes Enforcement Network (FinCEN) published a notice entitled, “COVID-19 Vaccine-Related Scams and Cyberattacks.” That report provided evidence of actors conducting scams asking for a fee to provide potential victims with the vaccine sooner than permitted. Furthermore, FinCEN assessed that cybercriminals will likely continue to exploit the COVID-19 pandemic to target financial institutions, vaccine delivery operations, and vaccine manufacture supply chains. FinCEN is aware of ransomware directly targeting vaccine research and has pushed for awareness of these phishing schemes luring victims with fraudulent information about COVID-19 vaccines.[1]
Other threats to vaccine research have been reported by US and European intelligence agencies. In December 2020, threat actors breached the European Medicines Agency (EMA) whilst it was in the COVID-19 vaccine evaluation process. On January 12, 2021, threat actors leaked a portion of the stolen materials with regards to Pfizer/BioNTech vaccine (Figure 1).[2] On the same day in an unrelated event, the Director of the National Counterintelligence and Security Center (NCSC), William Evanina, confirmed the existence of threats from China and Russia to disrupt the US coronavirus vaccine supply chain.[3]
Figure 1 – Screenshot of the Files in the EMA Vaccine Breach
The publication of the EMA vaccine breach on RaidForums was taken down by forum administrators only to resurface on other platforms. Later, the EMA claimed that at least some of the leaked correspondence had “been manipulated by the perpetrators prior to publication in a way which could undermine trust in vaccines.”[4]
2. Non-targeted Adoption by Phishing Campaigns
Below are three examples of COVID-19 vaccine-related phishing campaigns utilizing different delivery methods: email, SMS, and search engine traffic. As COVID-19 vaccination is a newsworthy topic, it would be consistent with observed activity for so |
Ransomware Spam Malware Threat Guideline | ||
 |
2021-01-28 01:41:53 | European Authorities Disrupt Emotet - World\'s Most Dangerous Malware (lien direct) | Law enforcement agencies from as many as eight countries dismantled the infrastructure of Emotet, a notorious email-based Windows malware behind several botnet-driven spam campaigns and ransomware attacks over the past decade.
The coordinated takedown of the botnet on Tuesday - dubbed "Operation Ladybird" - is the result of a joint effort between authorities in the Netherlands, Germany, the U.S. |
Ransomware Spam Malware | ||
|
2021-01-26 17:59:36 | How to quickly block spam SMS in Android (lien direct) | Jack Wallen shows you how easy it is to block and report spam SMS messages on the Android platform. | Spam | ||
|
2021-01-06 16:02:12 | Fake Trump sex video used to spread QNode RAT (lien direct) | Researchers uncovered a malspam campaign that spreads the QNode remote access Trojan (RAT) using fake Trump’s sex scandal video as bait. Security experts from Trustwave uncovered a malspam campaign that is delivering the QNode remote access Trojan (RAT) using fake Trump’s sex scandal video as bait. The spam messages use the subject “GOOD LOAN OFFER!!” […] | Spam | ||
|
2021-01-01 11:00:04 | Inbox Attacks: The Miserable Year (2020) That Was (lien direct) | Reflecting on 2020's record-breaking year of spam and inbox threats. | Spam | ||
|
2020-12-26 14:27:33 | The Emotet botnet is back and hits 100K recipients per day (lien direct) | Emotet is back on Christmas Eve, cybercrime operators are sending out spam messages to deliver the infamous Trickbot Trojan. Emotet is back on Christmas Eve, after two months of silence, cybercrime operators are sending out spam messages to deliver the infamous Trickbot Trojan. The recent Emotet campaign uses updated payloads and is targeting over 100,000 […] | Spam | ||
 |
2020-12-25 10:15:15 | Fake Amazon gift card emails deliver the Dridex malware (lien direct) | The Dridex malware gang is delivering a nasty gift for the holidays using a spam campaign pretending to be Amazon Gift Cards. [...] | Spam Malware | ||
|
2020-12-22 11:00:00 | \'Tis the season for session hijacking - Here\'s how to stop it (lien direct) | This blog was written by an independent guest blogger. The air is getting colder, leaves are falling from the trees, and people everywhere are settling in for the holiday season. Which means one thing - increased cybersecurity vulnerability. With more aspects of the winter holidays relegated to online platforms this year, people everywhere are more susceptible to cyberattacks. Luckily, there are plenty of simple steps you can take to protect yourself from digital threats and online scams. But there is one particularly nefarious type of cyberattack that you might not be aware of. This is session hijacking. In this article, we will take a look at what session hijacking is, how the holidays make you extra vulnerable to this type of attack, and how to prevent it from happening to you. What is Session Hijacking? Let’s start with the terms. A session is the period of time when a user is actively accessing an application, website, or other online service. Each user session begins when you log into a website or app and ends when you log out of it. For example, when you type your username and password into a banking application, that begins your session on that online application. When you log into an online application, the server typically generates a temporary session cookie in your browser. This cookie tells your browser that you are logged in and have been authenticated on the server. Each temporary session cookie is marked by a unique session ID, or key. If a hacker is able to access your unique session ID, they can access your session. Session hijacking, also called “cookie hijacking”, can follow several patterns. One method, cross-site scripting, or XSS, essentially works like this. An attacker implants a script into the web server the victim is trying to access. The victim then authenticates their presence on the tampered-with server, creating a unique session ID that includes the attacker’s script. The server returns the page code with the attacker’s script to the victim, whose own browser enacts the script, sending the victim’s unique session cookie to the attacker. The attacker is then granted access to the user’s session, meaning they can witness any interaction taking place there and steal any sensitive information revealed in the session. Malvertising is another current “hot” technique that induces a victim to click on an ad infected with malicious code that snags the session ID, thus granting the hacker access to the victim’s unique session key. Here again, the victim is authenticated on the server and the hacker can hijack the victim’s session. All the attacker has to do is input the victim’s session ID on their own browser, tricking the server into reading the hacker’s browser connection as the victim’s already authenticated session. Holidays under threat The coronavirus pandemic has had many wide-ranging effects on all of us. One result of this global situation is the massive increase in cybersecurity vulnerability. Studies have shown precipitous rises in spam attempts, as opportunistic hackers seek to prey on widespread uncertainty. But the pandemic places cybersecurity at risk on another level as well. This year, the holidays have gone digital to an extent never seen bef | Spam Studies | ||
 |
2020-12-09 11:00:52 | November 2020\'s Most Wanted Malware: Notorious Phorpiex Botnet Returns As Most Impactful Infection (lien direct) | Check Point Research reports new surge in attacks using the Phorpiex Botnet delivering the Avaddon ransomware in malicious spam campaigns Our latest Global Threat Index for November 2020 has revealed that there has been a new surge in infections by the well-known Phorpiex botnet which has made it the month's most prevalent malware, impacting 4%… | Ransomware Spam Threat | ||
|
2020-12-02 17:10:46 | HMRC phishing scam abuses mail service to bypass spam filters (lien direct) | Threat actors are exploiting legitimate SendGrid mailing service to send HMRC phishing emails that bypass spam filters. [...] | Spam Threat | ||
|
2020-12-01 12:01:30 | Microsoft Teams Calling gets CarPlay support, SPAM id service, more (lien direct) | The new Microsoft Teams additions include call transfer, spam reduction, CarPlay support, streamlined calling experience, and more. [...] | Spam | ||
 |
2020-11-30 11:11:07 | November spam roundup: Stalkers, property tips, porn, stern words and PayPal (lien direct) |
We look at some of the more recent spam mails taking up space in mailboxes.
Categories: CybercrimeSocial engineering
Tags: emailmailphishphishingroundupspam
(Read more...)
|
Spam | ||
 |
2020-11-12 10:00:54 | Spam and phishing in Q3 2020 (lien direct) | The COVID-19 topic, which appeared in Q1 this year, is still in play for spammers and phishers. In our view, the so-called second wave could lead to a surge in mailings offering various coronavirus-related treatments. | Spam Guideline | ||
 |
2020-11-09 04:58:19 | Body Found in Canada Identified as Neo-Nazi Spam King (lien direct) | The body of a man found shot inside a burned out vehicle in Canada three years ago has been identified as that of Davis Wolfgang Hawke, a prolific spammer and neo-Nazi who led a failed anti-government march on Washington, D.C. in 1999, according to news reports. | Spam | ||
|
2020-10-31 16:39:09 | Emotet operators are running Halloween-themed campaigns (lien direct) | Crooks behind Emotet malware attempt to take advantage of the Halloween festivity, a new campaign could invite you to a Halloween party. Threat actors are attempting to take advantage of the Halloween festivities, a recent Emotet malware campaign spotted by BleepingComputer employed spam emails that invite recipients to a Halloween party. The Emotet banking trojan has […] | Spam Malware Threat | ||
 |
2020-10-28 13:00:00 | Among Us Was Hit With Pro-Trump Spam (lien direct) | The attack comes just days after US representative Alexandria Ocasio-Cortez played the game in a wildly popular Twitch stream. | Spam | ||
|
2020-10-28 11:00:00 | LokiBot Malware: What it is and how to respond to it (lien direct) | This blog was written by an independent guest blogger. The Cybersecurity and Infrastructure Agency (CISA) of the U.S. Department of Homeland Security recently announced that activity in LokiBot, a form of aggressive malware, has increased dramatically over the last two months. The activity increase was discovered by an automated intrusion detection system referred to as EINSTEIN, which the Department of Homeland Security uses for collecting and analyzing security information across numerous government agencies. Following the detection, CISA issued a security advisory warning to Federal agencies and private sector entities alike about the malware. Malware is essentially a piece of software or firmware that is intentionally placed into a system (or host) for malicious purposes (hence the term ‘malware’). It has long been a major problem, but it’s only become worse since the coronavirus pandemic began as hackers and cybercriminals have sought to take advantage of the chaos created by the situation. LokiBot is one such example. In this article, we will dive into what exactly LokiBot is and the threat it poses, the techniques that were used to deploy this malware, and then the steps you can take to remove it from an infected system. What is Lokibot? LokiBot was first released on underground forums for hackers to target Microsoft Android phones in early 2016. Since then, it has grown to become a much more widespread and dangerous threat than it originally was, as it has been widely distributed via torrent files and email spam (among other techniques) by low-to-mid level hackers targeting passwords. At this point, LokiBot is among the most prevalent forms of malware, and for 2020 has actually been the single most common form of malware used to attack command-and-control servers. LokiBot can infect computers and mobile devices alike by searching for locally installed applications. The malware then searches for credentials from the internal databases of those applications and attempts to extract them. LokiBot also comes with a keylogging feature that allows it to capture keystrokes in order to determine the passwords used for accounts that may not be stored in those internal databases as well. As a result of these capabilities, mobile applications, cryptocurrency wallets, emails, and browsers alike are all vulnerable to LokiBot. The good news is that LokiBot is far invincible. For example, storing your data in the cloud will be one of the best defense measures that you can make because your data will be stored encrypted, decentralized, and ultimately harder to obtain. How big of a threat does LokiBot pose? Even though LokiBot has become much more prominent than it once was, the real question that needs to be asked is: even though it’s common, how big of a threat actually is it? One of the biggest concerns with LokiBot isn’t just the fact that it can target everything from emails to cryptocurrency wallets, it’s also that it can create a backdoor to allow a hacker to install additional malicious software and steal information. LokiBot also makes use of a very simple codebase that makes it easy for lower level cybercriminals to use. If anything, it’s for this reason that it’s become so widely used. Furthermore, LokiBot utilizes methods to make it seem like nothing is hap | Spam Malware Threat | ||
 |
2020-10-26 15:20:14 | \'Among Us\' players hit by major spam attack (lien direct) | In-game chats were flooded with messages from somebody who tried to coerce players into subscribing to a dubious YouTube channel | Spam | ||
|
2020-10-24 13:10:38 | Did a Security Researcher Guess Trump\'s Twitter Password? (lien direct) | Plus: An Among Us spam attack, China's favorite vulnerabilities, and more of the week's top security news. | Spam | ||
 |
2020-10-22 11:28:00 | DOJ Says Iran Targeted American Voters with Threatening Emails (lien direct) | The U.S. Department of Justice (DOJ) said Iran was responsible for an attack campaign that targeted American voters with threatening emails. On October 21, the Justice Department held a press conference in which FBI Director Christopher Wray and Director of National Intelligence John Ratcliffe linked Iran to a spam campaign making the rounds in the […]… Read More | Spam | ||
|
2020-10-22 11:00:00 | SPAM text messages vs SMiShing and defending against it (lien direct) | The rise of SPAM text messages Businesses want to connect to their users and meet them where they are. One growing way to communicate to them is through text messages including providing coupons, recent news, and other marketing materials. When these marketing efforts are unwanted by the customer, this is when they cross the line into the SPAM category. SPAM has taken many forms throughout history such as junk mail in your mailbox and robocalls. Then, with the birth of the internet, digital SPAM emerged in the form of email and has now expanded to the web, social media, text messages, and more. These digital spam efforts are very easy and low-cost methods to reach large amounts of people. Legitimate businesses honor and respect this line between wanted and unwanted communications through opt-in/opt-out and subscribe/unsubscribe capabilities to allow users to manage how and when they want communications. But beyond managing the sheer number of text communications, what happens when a malicious actor decides to use these texting techniques to target you with a phishing expedition? What is SMiShing? SMiShing is phishing that uses texting to lead you to fake websites and phone numbers that imitate real companies. This is a type of social engineering that fraudsters use to get personal information from you with malicious intent. Today, phishing is the number one security threat and the worst part is- when it comes to phishing attempts on a mobile device, it works! For example, according to Lookout, 56% of mobile users have received and tapped on a URL that bypassed existing layers of phishing defense. And on average, a user will click on approximately six phishing links from their mobile device each year. You may be asking yourself, how could someone be fooled by these? Part of the reason is the form factor of a mobile device which makes it harder for the user to spot these social engineering techniques. Another reason is we’re often in a hurry or distracted while using the mobile device. And finally, many people believe they are safer on their mobile device than traditional laptops and desktops which in today’s world may not be the case. Mobile device manufacturers, wireless carriers, and regulators have all been working closely together to curb the issues around SPAM and SMiShing. For example, AT&T monitors the network 24/7 and supports legislation to end text spam. Also, AT&T will never ask someone to send personal or account information via email or text message. But with many types of security efforts, combating social engineering attempts like SMiShing is a shared responsibility, and both the individual and business owners need to take measures to help protect themselves and their data. Defend yourself against SPAM and SMiShing AT&T is vigilant about protecting customers from unsolicited text message spam but there is no simple fix to block these. As individuals, we can all take certain steps to help protect ourselves such as: If you are an AT&T customer, report them: Alert AT&T by forwarding the suspicious text to 7726 (SPAM) on your device. Messages forwarded to 7726 are free. They don't count toward your AT&T text plan. If you're not able to view the number, forward the entire message to abuse@att.net. On AT&T’s website: | Spam Threat Guideline | ||
 |
2020-10-22 10:27:03 | Iran blamed for voting spam emails (lien direct) | The US is blaming Iran for the email shot sent from the far-right group, Proud Boys, urging Democratic voters to vote for Trump. In these emails, the extremist group where threatening registered Democrats with consequences if they didn’t vote for Trump in the upcoming election. Although the group claimed to have sent this email to […] | Spam | ||
|
2020-10-19 09:41:19 | New Emotet campaign uses a new \'Windows Update\' attachment (lien direct) | After a short pause, a new Emotet malware campaign was spotted by the experts on October 14th, crooks began using a new ‘Windows Update’ attachment. After a short interruption, a new Emotet malware campaign was spotted by the experts in October. Threat actors began using new Windows Update attachments in a spam campaign aimed at […] | Spam Malware Threat | ||
|
2020-10-15 14:00:00 | COVID-19 Attacks – Defending Your Organization (lien direct) | Overview The Coronavirus 2019 (COVID-19) global pandemic has caused widespread fear of the unknown and deadly aspects of this novel virus, generated growth in certain industries to combat it, and created a shift toward remote work environments to slow the spread of the disease. Defending Your Organization Against COVID-19 Cyber Attacks. In this webinar, AJ, and I describe COVID-19 attacks in January through March, the groups behind them, and key MITRE ATT&CK techniques being employed. We then discuss ways an organization can keep themselves safe from these types of attacks. Pandemic Background COVID-19 is a pandemic viral respiratory disease, originally identified in Wuhan, China in December 2019. At the time of the webinar, it had infected around 1.5 million people worldwide. Within the first month, cyber actors capitalized on the opportunity. COVID Attack Timeline December 2019 - January 2020 At the end of December 2019, China alerted the World Health Organization (WHO) that there was an outbreak in Wuhan, China. Within a month, the first cyber events were being recorded. Around January 31, 2020, malicious emails (T1566.001) using the Emotet malware (S0367) and a phishing campaign (T1566.001) using LokiBot (S0447) were tied to TA542 alias Mummy Spider. Emotet, in particular, was prolific. It originally started as a banking Trojan, then evolved into a delivery mechanism for an initial payload that infected systems to download additional malware families such as TrickBot (S0266). Around this same time, there was a marked increase in the registration of domain names with COVID-19 naming conventions, a key indicator of an uptick in phishing campaigns. February 2020 In early February, the progression of adversaries using uncertainty about and thirst for information regarding the COVID-19 pandemic became apparent. New malware variants and malware families were reported employing coronavirus related content, including NanoCore RAT (S0336) and Parallax RAT, a newer remote-access Trojan, to infect unsuspecting users. Throughout February, cybercrime actors launched several phishing campaigns (T1566.001) to deliver information stealer AZORult (S0344). With worldwide government health agencies giving advice on cyber and physical health, threat actors aligned with nation-states such as Russia (Hades APT), China (Mustang Panda), and North Korea (Kimsuky - G0094) used this messaging to lure individuals to download and/or execute malicious files disguised as legitimate documents. These state-sponsored groups used convincing lures to impersonate organizations such as the United Nations (UN), the World Health Organization (WHO), and various public health government agencies to achieve short- and long-term national objectives. March 2020 In March, we observed a flurry of nation-state and cybercrime attributed malicious activity seeking to exploit the COVID-19 pandemic. Cybercrime actors distributed a range of malware families, including NanoCore (S0336), | Ransomware Spam Malware Threat | APT 36 | ★★★ |
|
2020-10-14 10:28:18 | Twitter suspends accounts claiming to be Black Trump supporters (lien direct) | Several Twitter accounts claiming to be owned by Black Trump supporters have been suspended for breaking the platform’s rules on spam and manipulation. Many of the accounts were using similar language and phrases such as “YES IM BLACK AND IM VOTING FOR TRUMP!!!”. Twitter is still investigating the accounts and has yet to finalise the number […] | Spam | ||
 |
2020-10-02 01:52:00 | Avez-vous été ciblé par le virulent malware Emotet ? Ce service en ligne vous le dira (lien direct) | Le site HaveIBeenEmotet.com permet de savoir si son adresse e-mail a été impliqué dans une campagne de spam de ce cheval de Troie, que ce soit en tant que destinataire victime ou expéditeur involontaire.  |
Spam Malware | ||
|
2020-10-01 20:00:41 | How to check if an email or a domain was used in Emotet attacks? (lien direct) | Cyber security firm launches a new service that allows users to check if an email domain or address was part of an Emotet spam campaign. Experts worldwide warn about a surge in the Emotet activity, recently Microsoft along Italy and the Netherlands CERT/CSIRT agencies reported a significant increase of Emotet attacks targeting the private sector and public […] | Spam | ||
|
2020-09-24 12:58:23 | ICO fines profiteering UK firm for touting coronavirus products over spam texts (lien direct) | The UK company sent cold texts offering products “effective against coronavirus.” | Spam | ||
|
2020-09-24 07:01:03 | Microsoft, Italy and the Netherlands agencies warn of EMOTET campaigns (lien direct) | Experts worldwide warn about a surge in the Emotet activity, this time the alerts are from Microsoft, Italy and the Netherlands agencies. Two weeks ago, cybersecurity agencies across Asia and Europe warned of Emotet spam campaigns targeting businesses in France, Japan, and New Zealand. The French national cyber-security agency published an alert to warn of […] | Spam | ||
|
2020-09-18 17:16:00 | Spammers use hexadecimal IP addresses to evade detection (lien direct) | Links in spam emails looked like http://0xD83AC74E instead of "domain.com." | Spam | ||
 |
2020-09-17 16:15:54 | Emotet Malware Attacks – Why Are They So Successful? (lien direct) | Over the past week, global cybersecurity agencies have published security alerts warning about a large uptick in Emotet malware attacks targeting their respective countries. The recent Emotet activity includes email spam campaigns originating from their own infrastructure, targeting companies and government agencies. Targeted organisations who received the emails and opened the attachments were at risk … The ISBuzz Post: This Post Emotet Malware Attacks – Why Are They So Successful? | Spam Malware | ||
|
2020-09-09 06:40:05 | France, Japan, and New Zealand warn of a surgein Emotet attacks (lien direct) | Cybersecurity agencies from multiple countries are warning of the surge of Emotet attacks targeting the private sector and public administration entities. Cybersecurity agencies across Asia and Europe are warning of Emotet spam campaigns targeting businesses in France, Japan, and New Zealand. The French national cyber-security agency published an alert to warn of a significant increase […] | Spam | ||
 |
2020-09-04 22:18:43 | Menace Intel |Cyberattaques tirant parti de la pandémie Covid-19 / Coronavirus Threat Intel | Cyber Attacks Leveraging the COVID-19/CoronaVirus Pandemic (lien direct) |
Chez Sentinel Labs, nous avons suivi de près le comportement adversaire en ce qui concerne le Covid-19 / Coronavirus.À ce jour, nous avons observé un nombre important de campagnes de logiciels malveillants, de campagnes de spam et de pure…
At Sentinel Labs, we have been closely tracking adversarial behavior as it pertains to COVID-19/Coronavirus. To date, we have observed a significant number of malware campaigns, spam campaigns, and outright… |
Spam Malware Threat | ★★★ | |
|
2020-09-02 11:00:00 | How Covid-19 has increased vulnerabilities in Industrial Control Systems (lien direct) | This blog was written by an independent guest blogger. By now, most are aware that the Covid-19 pandemic has led to a spike in cyberattacks. This sharp increase in malicious activity related to COVID has taken the typical form of adversaries seeking to benefit financially, gain unauthorized access to networks for immediate and long-term strategic benefit, and spread misinformation with political agendas. Much of this is a direct result of the work from home (WFH) phenomenon. With organizations and businesses rapidly deploying systems and networks to support remote staff, criminals can’t help themselves. Increased security vulnerabilities have offered the opportunity to steal data, generate profits, and generally cause havoc. In one four-month period (January to April) some 907,000 spam messages, 737 incidents related to malware, and 48,000 malicious URLs – all related to COVID-19 – were detected by one of INTERPOL’s private sector partners. There are a number of other threats, though, that have also been caused by the pandemic but that are less visible. One of these is the increased vulnerability of industrial control systems. The threat The most up to date data on the vulnerability of industrial control systems, and how this has been affected by the pandemic, comes courtesy of the ICS Risk & Vulnerability Report, released this week by Claroty. This research contains an assessment of 365 ICS vulnerabilities published by the National Vulnerability Database (NVD) and 139 ICS advisories issued by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) during the first half of 2020, affecting 53 vendors. The findings are striking, and particularly so given how many systems engineers now work from home. Fully 70% of the vulnerabilities published by the NVD can be exploited remotely, while the most common potential impact is remote code execution, which is possible with 49% of the vulnerabilities. When combined with the fact that recent research has found that 83% of firms are simultaneously struggling to ensure the security of remote working systems, this is highly concerning. In practice, this means that if an organization’s remote working systems are insecure – which seems likely, given the difficulties that many have reported in recent months – then hackers may be granted an increased capability to remotely execute malicious code on industrial systems. The Impact The increased likelihood of this kind of attack should concern all organizations working with industrial control systems, but especially those companies employing centralized systems such as DCS, SCADA, or PLS. In recent years, these solutions have been used for networking previously discrete industrial systems together. While this has allowed organizations to dramatically increase their efficiency and productivity, it potentially leaves these systems open to laterally-deployed cyberattacks. This risk is compounded by a similarly worrying trend in international cyber warfare. Tho | Spam Hack Vulnerability Guideline | ||
|
2020-08-30 13:09:17 | (Déjà vu) Emotet botnet has begun to use a new \'Red Dawn\' template (lien direct) | In August, the Emotet botnet operators switched to a new template, named ‘Red Dawn,’ for the malicious attachments employed in new campaigns. The notorious Emotet went into the dark since February 2020, but after months of inactivity, the infamous trojan has surged back in July with a new massive spam campaign targeting users worldwide. The Emotet banking trojan […] | Spam | ||
 |
2020-08-24 13:55:50 | Comment les cybercriminels ont utilisé des spams sur le thème de la COVID-19 pour répandre le malware Emotet (lien direct) | Partout dans le monde, la pandémie de Covid-19 sème la peur et l'incertitude. Ces inquiétudes sont une bénédiction pour les cybercriminels, qui surfent sans vergogne sur cette tendance en utilisant le malware bien connu Emotet, pour mener des campagnes sur le thème de la Covid-19 contre des entreprises démunies. Ainsi, depuis le début de la crise sanitaire, Akamai a observé des volumes élevés de trafic Emotet associés au spam COVID-19. Comment fonctionne Emotet et comment se prémunir contre ces attaques (...) - Points de Vue | Spam Malware | ||
|
2020-08-17 05:45:27 | Researchers Exploited A Bug in Emotet to Stop the Spread of Malware (lien direct) | Emotet, a notorious email-based malware behind several botnet-driven spam campaigns and ransomware attacks, contained a flaw that allowed cybersecurity researchers to activate a kill-switch and prevent the malware from infecting systems for six months.
"Most of the vulnerabilities and exploits that you read about are good news for attackers and bad news for the rest of us," Binary Defense's |
Ransomware Spam Malware | ||
|
2020-08-15 17:56:03 | Emotet malware employed in fresh COVID19-themed spam campaign (lien direct) | The Emotet malware has begun to spam COVID19-themed emails to U.S. businesses after not being active for most of the USA pandemic. The infamous Emotet malware is back, operators have begun to spam COVID-19 themed emails to the U.S. businesses. Early this year, the Emotet malware was employed in spam COVID19-themed campaigns that targeted those countries that were […] | Spam Malware | ||
|
2020-08-13 11:59:05 | Signal adds message requests to stop spam and protect user privacy (lien direct) | New feature lets Signal users control who can text or voice call, add them to groups. | Spam | ||
|
2020-08-07 16:00:00 | \'Ultima\' Fandom Is Still Going Strong (lien direct) | Need proof? 'Spam Spam Spam Humbug,' a podcast dedicated to the computer role-playing games, is now in its fifth year. | Spam | ||
|
2020-08-07 10:00:12 | July\'s Most Wanted Malware: Emotet Strikes Again After Five-Month Absence (lien direct) | Check Point Research finds sharp increase in the Emotet botnet spreading spam campaigns after period of inactivity, aiming to steal banking credentials and spread inside targeted networks Our latest Global Threat Index for July 2020 has revealed that after a five-month absence, Emotet has surged back to 1st place in the Index, impacting 5% of… | Spam Threat | ||
|
2020-08-07 10:00:07 | Spam and phishing in Q2 2020 (lien direct) | In Q2 2020, the largest share of spam (51.45 percent) was recorded in April. The average percentage of spam in global email traffic was 50,18%, down by 4.43 percentage points from the previous reporting period. | Spam |
To see everything:
Our RSS (filtrered)
