Anatova game tricks users into downloading ransomware
The anatova ransomware strain was discovered in a private peer-to-peer (p2p) network and targets consumers by using the icon of a game or application to trick the user into downloading it.
McAfee researchers today announced the discovery of a new ransomware family, “Anatova” that is targeting consumers at scale across the globe. The ransomware was discovered in a private peer-to-peer (p2p) network and targets consumers by using the icon of a game or application to trick the user into downloading it.
Creating a quick and fast piece of ransomware is fairly easy
Beek, Lead Scientist & Principle Engineer at McAfee said, “Creating a quick and fast piece of ransomware is fairly easy for those with basic know-how. Ransomware packed with functionality that is also ... Read More
Phishing attack when selling a house
Cyber thieves stole $150,000 from a woman during a real estate transaction last year, according to Lisa Vaas at Naked Security. Mireille Appert, a Swiss woman who lives in the United States, inherited her uncle’s house in Australia when he passed away in 2014. She fell victim to a phishing attack.
In 2018, Appert decided to sell the house and got in touch with an Australian law firm, KF Solicitors, on July 1st. On July 18th, she received a phishing email that read, “The sellers [sic] authority just needs to be emailed back to us and not posted.” She emailed her bank details to the company in a PDF.
Wrong bank account number
Over the next month, Appert and her son worked with ... Read More
September 30, 2024Mark Anthony Germanos
Phishing has moved above simple fake email
Phishing has grown above and beyond email and into your online experience as a whole. This is an effort to collect personal details and share out the attack on social networks, according to a new report from Akamai Enterprise Threat Research.
In a world where millennials have grown up with a device in their hand, inherently trusting everything they interact with on the web, cybercriminals are meeting victims where they are online, using a new type of phishing attack that gets the user to give up personal details.
Users surfing the web are unexpectedly redirected to a “Congratulations” page with either a roulette-looking wheel or a 3-question quiz. It’s an attack designed to gather email addresses and personal information to be used ... Read More
September 30, 2024Mark Anthony Germanos
CEO fraud nets $18.6 Million
A talented group of Fraudsters used phishing, social engineering, and CEO fraud to convince the India arm of Italian engineering company Tecnimont to part with millions of dollars.
We’ve all heard of phishing or whaling stories where someone is sent an email pretending to be the CEO of an organization, asking the recipient to perform an action that benefits the cybercriminal. The attack on Tecnimont takes these kinds of attacks to a new level and is something right out of a Mission: Impossible movie.
A series of conference calls
Chinese fraudsters sent Tecnimont’s head of India operations an email from an account that spoofed that of group CEO Pierroberto Folgiero. Rather than simply asking for money to be transferred, the cybercriminals instead arranged for not one, ... Read More
September 30, 2024Mark Anthony Germanos
Phishing trends that persisted throughout 2018
In reviewing the Q4 2018 most clicked subject lines, Knowbe4 identified these trends. Five subject line categories appeared quarter-over-quarter throughout 2018, including:
Deliveries
Passwords
Company Policies
Vacation
IT Department (in-the-wild)
(You can compare past quarterly findings here.)
Additionally, three “in-the-wild subject lines” were clicked three out of four quarters and included Amazon, Wells Fargo and Microsoft as keywords.
Users are concerned about security
“Clicking an email is as much about human psychology as it is about accomplishing a task,” said Perry Carpenter, chief evangelist and strategy officer at KnowBe4. “The fact that we saw ‘password’ subject lines clicked four out of four quarters shows us that users are concerned about security. Likewise, users clicked on messages about company policies and deliveries each quarter showing a general curiosity about ... Read More
September 30, 2024Mark Anthony Germanos
Social engineering creates $1.8 Million dispute
Dentons Canada LLP is locked in a $1.7 Millon dispute with its insurer after staff at the firm’s Vancouver office fell victim to an alleged social engineering attack.
Here is an extract from the article with a link to the full article below: "According to Ontario Superior Court Justice Carole Brown’s recent decision in Dentons Canada LLP v. Trisura Guarantee Insurance Company, an associate at the firm was duped into transferring $2.5 million intended to clear the mortgage on a client’s property into a fraudster’s Hong Kong bank account as part of an alleged “social engineering” fraud.
Transfer of funds not fraudulent
Although the law firm managed to recover around $800,000, it made a claim for its net loss under a computer fraud ... Read More
September 30, 2024Mark Anthony Germanos
The risks that worry us
What keeps you up at night? These are the biggest risks facing our world in 2019. Top world leaders were surveyed for the latest edition of the World Economic Forum's Global Risks Report. Environmental threats dominate the list for the third year in row - both in terms of impact and likelihood.
“Of all risks, it is in relation to the environment that the world is most clearly sleepwalking into catastrophe,” the report warns. What are the Top 10 biggest ? The report offers a unique perspective on the threats facing our world, by looking at not only those that are most likely, but also those that would have the biggest impact. Check out #4:
What worries IT leaders?
When KnowBe4 recently asked IT leaders ... Read More
September 30, 2024Mark Anthony Germanos
Tax season is new window of opportunity...for cybercriminals
Experts warn of uptick in phishing attacks against businesses leveraging Office 365 as the tax season begins, tensions run high, and opportunities to trick off-guard users will be plenty.
Cybercriminals want two things to exist when they attack: First, they want a gullible victim who will fall for a scam email. Second, they want either an immediate payoff, or a quick way to gain access to data that will turn into money quickly.
So, the combination of Office 365 users and tax season create a volatile and dangerous mix for businesses. Phishing scams related to taxes not being filed, unexpected refunds, changes to banking details, or huge tax bills are sufficient enough to get unsuspecting users to click on malicious ... Read More
September 30, 2024Mark Anthony Germanos
The phish attack obtained banking details
Three Wichita State University employees fell prey to a common phish attack asking for their credentials, giving cybercriminals access to change banking details.
We’ve said it time and time again: the cybercriminals do their homework. In the case of the attack on WSU employees, cybercriminals spoofed the university’s payroll system and sent emails to employees tricking them into providing their university ID and password. That was all the attackers needed to gain full control to the employee’s profile, personal data, and most importantly – banking information.
Where's my paycheck?
It wasn’t until a number of employees did not receive their paychecks that the scam was found out. At least three members of the WSU staff fell for the scam, allowing cybercriminals to alter the ... Read More
September 30, 2024Mark Anthony Germanos
Cybersecurity starts with your users
Your cybersecurity trained employees are a central component of your security posture, according to Freaky Clown (FC), CEO and Head of Ethical Security at Cygenta.
FC is a professional red teamer who tests the security of organizations by breaking into them. FC talked to Carole Theriault in part two of an interview on the CyberWire’s Hacking Humans podcast.
FC says that managers are often surprised by how far he can get without being caught, because employees don’t know to watch out for threats. He describes a number of unusual situations in which he has convinced employees to participate in strange activities, such as building teepees with their coats as a team building exercise, or setting up a bar in a government building. “You can ... Read More
September 30, 2024Mark Anthony Germanos