LinkedIn ads used to spread malware
The context of contacting the victim via LinkedIn may be all that was needed to trick one job seeker into installing malware on the network of a bank. Sometimes credible sites are avenues of malware distribution.
Imagine you’re on LinkedIn and you see an ad for an open position that you’re perfect for. See anything wrong with that? Given you’re on a website that knows your job title, industry sector, location, etc. I’d say none of us would give it a second thought and assume it was legitimate.
That was exactly what hackers were hoping for when they used LinkedIn ads to target employees of the victim bank (which include company as a part of their ad filtering). A bank employee responded ... Read More
Cybersecurity training kids can understand
KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform is offering an interactive, no-cost, children’s cybersecurity activity kit to the public. A workbook, poster and video module available to help families teach children how to protect themselves from online dangers
The activity kit consists of two workbooks with puzzles and games, a poster and a video module featuring KnowBe4’s security awareness hero Captain Awareness.
The workbook also includes a cyber hero pledge consisting of helpful tips to help children stay safe online, along with a family agreement that parents can review with their children to set guidelines for using online devices.
Concrete tools
With this activity kit, parents, teachers and other guardians have some concrete tools to help teach their children about online ... Read More
Anatova game tricks users into downloading ransomware
The anatova ransomware strain was discovered in a private peer-to-peer (p2p) network and targets consumers by using the icon of a game or application to trick the user into downloading it.
McAfee researchers today announced the discovery of a new ransomware family, “Anatova” that is targeting consumers at scale across the globe. The ransomware was discovered in a private peer-to-peer (p2p) network and targets consumers by using the icon of a game or application to trick the user into downloading it.
Creating a quick and fast piece of ransomware is fairly easy
Beek, Lead Scientist & Principle Engineer at McAfee said, “Creating a quick and fast piece of ransomware is fairly easy for those with basic know-how. Ransomware packed with functionality that is also ... Read More
Phishing attack when selling a house
Cyber thieves stole $150,000 from a woman during a real estate transaction last year, according to Lisa Vaas at Naked Security. Mireille Appert, a Swiss woman who lives in the United States, inherited her uncle’s house in Australia when he passed away in 2014. She fell victim to a phishing attack.
In 2018, Appert decided to sell the house and got in touch with an Australian law firm, KF Solicitors, on July 1st. On July 18th, she received a phishing email that read, “The sellers [sic] authority just needs to be emailed back to us and not posted.” She emailed her bank details to the company in a PDF.
Wrong bank account number
Over the next month, Appert and her son worked with ... Read More
Phishing has moved above simple fake email
Phishing has grown above and beyond email and into your online experience as a whole. This is an effort to collect personal details and share out the attack on social networks, according to a new report from Akamai Enterprise Threat Research.
In a world where millennials have grown up with a device in their hand, inherently trusting everything they interact with on the web, cybercriminals are meeting victims where they are online, using a new type of phishing attack that gets the user to give up personal details.
Users surfing the web are unexpectedly redirected to a “Congratulations” page with either a roulette-looking wheel or a 3-question quiz. It’s an attack designed to gather email addresses and personal information to be used ... Read More
CEO fraud nets $18.6 Million
A talented group of Fraudsters used phishing, social engineering, and CEO fraud to convince the India arm of Italian engineering company Tecnimont to part with millions of dollars.
We’ve all heard of phishing or whaling stories where someone is sent an email pretending to be the CEO of an organization, asking the recipient to perform an action that benefits the cybercriminal. The attack on Tecnimont takes these kinds of attacks to a new level and is something right out of a Mission: Impossible movie.
A series of conference calls
Chinese fraudsters sent Tecnimont’s head of India operations an email from an account that spoofed that of group CEO Pierroberto Folgiero. Rather than simply asking for money to be transferred, the cybercriminals instead arranged for not one, ... Read More
Office Depot found malware in scans...not really
Office Depot and its tech partner tricked customers into buying unneeded tech support services by offering malware scans that gave fake results, according to the FTC (Federal Trade Commission). Consumers paid up to $300 each for unnecessary services.
The FTC yesterday announced that Office Depot and its software supplier, Support.com, have agreed to pay a total of $35 million in settlements with the agency. Office Depot agreed to pay $25 million while Support.com will pay the other $10 million. The FTC said it intends to use the money to provide refunds to wronged consumers.
Office Depot caught claiming out-of-box PCs showed “symptoms of malware”
Between 2009 and 2016, Office Depot and OfficeMax offered computer scans inside their stores using a "PC Health Check" ... Read More
Triton got into a petrochemical plant
In the summer of 2017, a petrochemical plant in Saudi Arabia experienced a worrisome security incident that cybersecurity experts consider to be the first-ever cyber attack carried out with “a blatant, flat-out intent to hurt people.” The attack involved a highly sophisticated new malware strain called Triton, which was capable of remotely disabling safety systems inside the plant with potentially catastrophic consequences. It all started when someone launched a spear phishing attack and someone else clicked a link they should not have clicked.
Luckily, a flaw in the Triton code triggered a safety system that responded by shutting down the plant. If it hadn’t been for that flaw, the hackers could have released toxic hydrogen sulfide gas or caused explosions. As ... Read More
Phishing and File Sharing
Internet thieves have long used file sharing sites and services to host their malicious files. When they do this, they typically use the underlying service to generate download links that anyone can click without logging in to the hosting service.
Over the past month we started noticing apparently legitimate Dropbox emails pushing links to files with names suspiciously similar to those routinely used by the bad guys. When we clicked the links to check, however, we were greeted with a demand to log in to the service. That's typically been a sign that the files involved were legit.
Still, something wasn't right here. Given the file names presented, we reckoned there was little chance those files were innocuous. So, we decided to log in to ... Read More
Ransomware knocked most systems offline
Officials in Jackson County, Georgia, paid $400,000 to cyber-criminals this week to get rid of a ransomware infection and regain access to their IT systems. The County hired cyber-security consultant to negotiate ransom fee with hacker group. Jackson County officials have not yet confirmed how hackers breached their network.
The infection forced most of the local government's IT systems offline, with the exception of its website and 911 emergency system.
"Everything we have is down," Sheriff Janis Mangum told StateScoop in an interview. "We are doing our bookings the way we used to do it before computers. We're operating by paper in terms of reports and arrest bookings. We've continued to function. It's just more difficult."
Jackson County officials notified the FBI and hired a cyber-security consultant. ... Read More