Cyber attack closes bank's doors Reuters reported that the Bank of Valetta, which accounts for almost half of Malta’s banking transactions, had to shut down all of its operations last month after hackers broke into its systems and shifted funds overseas. "Prime Minister Joseph Muscat told parliament the cyber attack involved the creation of false international payments totaling 13 million euros ($14.7 million) to banks in Britain, the United States, the Czech Republic and Hong Kong. The funds have been traced and the Bank of Valletta is seeking to have the fraudulent transactions reversed. Muscat said the attack was detected soon after the start of business on Wednesday when discrepancies were noticed during the reconciliation of international transactions. Shortly after, the bank was informed by state security services that it had received ... Read More

Cyber thieves sending fake security alerts Con artists are targeting thousands of people with tech support scams that pose as security alerts from Norton Security, researchers at Symantec have found. The phony alerts pop up in the browser and urge the victim to run a quick scan of their computer. If the user clicks “OK,” they’ll see a very realistic-looking fake Norton scan running, which tells them their computer is infected. They’ll then be prompted to download an “update” for their antivirus software, which is actually a potentially unwanted application (PUA). The scammers use HTML and JavaScript to create a very convincing illusion that a Norton scan is taking place. The source code contains several invisible HTML div elements which are progressively made visible by JavaScript code. ... Read More

Real-estate phishing scam took $123,000 from a home buyer A man in Portland, Oregon lost $123,000 after falling victim to a phishing real-estate scam, according to Michele Lerner at The Washington Post. In December, Aaron Cole and his family were about to buy a new house through WFG National Title Insurance Company. Shortly before the deal was supposed to take place, Cole received an email that purported to come from WFG which told him to wire the $123,000 down payment to a different address. Cole complied, and the money was laundered through multiple banks and sent out of the country before anyone realized it had been sent to a scammer. Never rely solely on email Fortunately, WFG hired Cole as a spokesperson to raise awareness about cybercrime and scams, ... Read More

Malwarebytes releases State of Malware report Growth in attacks designed to obfuscate access and purpose should put organizations on alert as cybercriminals gain control over endpoints to do just about anything they want. The most dangerous cyberattack is the one you don’t know about. That’s exactly what cybercriminals are focusing on, according to Malwarebytes’ 2019 State of Malware report. If an attack can either run completely in stealth, or simply hide their true intention, in many ways, they’ve already won. According to the report, two very specific types of attacks are on the rise from 2017 to 2018: Trojans saw a 132% increase Backdoors saw a 173% increase Trojans and backdoors Malwarebytes defines each of these separately. Trojans are programs "that claim to perform one function but actually do another", with Backdoors defined as "a type ... Read More

Scammers using hijacked GoDaddy domains to launch large-scale spam campaigns GoDaddy took steps in January, 2019 to address the authentication flaw exploited by the attackers, according to Brian Krebs. Krebs first reported on the authentication weakness on January 22nd, when he outlined two massive spam campaigns during 2018 that were very successful at getting into people’s inboxes. Their success was due to the fact that the emails were sent through trusted but dormant domains, many of which were registered and owned by Fortune 500 companies. Anti-spam researcher Ron Guilmette discovered that nearly all of these domains had used GoDaddy’s DNS service at some point. The scammers had realized that they could add domains to their GoDaddy accounts without proving that they owned the domains. GoDaddy quickly addressed the ... Read More

Social engineering on Wikipedia Social engineering scammers are selectively editing Wikipedia pages. These lend credibility to tech support scams, according to Rob VandenBrink at the SANS Internet Storm Center. The Wikipedia page for the SpyEye banking Trojan was changed in mid-December to include a typo-ridden paragraph which claims that only three tech companies can remove the malware, and that “Best buy, Geek squad, Office Depo will not be able to fix it at all.” <sic> VandenBrink says that the scammer made these edits to convince victims that “only we can help you fix this (fake of course) infection you have on your computer.” The edit history of the Wikipedia user who made the changes shows that the account made similar edits to the “Macro virus” Wikipedia page, ... Read More

In-house phishing tests identify at-risk users As compliance mandates and consumer privacy laws get tougher, businesses are taking matters into their own hands, launching internal phishing attacks to identify at-risk users. Phishing remains a profitable tactic for cybercriminal organizations. The ability to gain access to internal systems, compromise credentials, or convince a user to wire money is well within the cybercriminals reach, accomplishing these attack results and more on a daily basis. Organizations like UNC Health Care in Chapel Hill, NC receive over 91 million suspicious emails a every quarter, with a little more than 8 million still getting past security scanners. Even with 30,000 employees, that still represents an average of about 4 phishing emails a day per user. University of North Carolina sends 3,000 phishing tests a ... Read More

Sextortion is the newest cyber crime Sextortion scam emails are circulating. They claim that a popular adult site has been hacked, allowing an attacker to record videos of you through your webcam, according to Lawrence Abrams at BleepingComputer. The attacker claims that these videos will be sent to all of the victim’s contacts unless the victim pays the equivalent of $969 to the attacker’s Bitcoin address. The emails also include a victim’s old password obtained from a past data breach in an attempt to frighten the victim. Victims Additionally, some of the emails contain links, supposedly leading to sample videos of the victim as proof of the attacker’s claims. These links have been known to install malware, such as ransomware, in past campaigns. BleepingComputer observes that the Bitcoin address in ... Read More