08 Jan 2021

Emotet Tops Malware Charts in December After Reboot

The Emotet Trojan, after undergoing a makeover, is back at the top of malware charts, according to Check Point’s Global Threat Index for December 2020. Emotet was re-designed to boast more evasive strategies that prevent detection. The malware was in fifth place in the Global Threat Index in November but

Read More
29 Dec 2020

Phishers Spoof New York Department of Labor

Scammers were able to spoof the New York Department of Labor, sending out emails to thousands of residents from the domain “noreply@labor.ny .gov,” claiming to be sending Covid-19 relief money. The emails bear the NY state logo and capitalize on struggling Americans seeking to claim Covid-19 stimulus checks. The email

Read More
17 Dec 2020

BEC Hits Double Digits as COVID-19 Scams Abound

According to Barracuda Networks, business email compromise attacks have surged in 2020, alongside Covid-19 related scams seeking to lure victims into surrendering passwords or money. During the period of August to October 2020, Barracuda Networks found that the total number of targeted email threats was a whopping 2.3 million. Spear

Read More
10 Dec 2020

SideWinder APT Targets Nepal, Afghanistan in Wide-Ranging Spy Campaign

The advanced persistent threat (APT) group SideWinder has allegedly launched a campaign targeting Nepal and Afghanistan. The group has also brought new techniques onboard, creating convincing phishing emails, backdoors, and malicious mobile apps to lure targets into handing over valuable information. The APT is leveraging recent territorial disputes between China,

Read More
30 Nov 2020

Three Nigerians Arrested for Cybercrime Operation Targeting 150 Countries

In Lagos, Nigeria, three Nigerian nationals were arrested for their involvement in a widespread Business Email Compromise (BEC) campaign. The three men were also allegedly involved with a large organized crime group known as TMT, which is known to be involved in cybercrime such as phishing attacks, malware distribution, and

Read More
23 Nov 2020

Google Services Weaponized to Bypass Security in Phishing, BEC Campaigns

Cybercriminals are increasingly exploiting Google Services to conduct phishing and business email compromise (BEC) attacks, according to research firm Armorblox. Attackers are leveraging services provided by Google, such as Forms, Firebase, Docs, and more. A report from Armorblox shows how Google Forms and Docs are being used by malicious actors

Read More
23 Nov 2020

GoDaddy staff fall prey to social engineering scam in cryptocurrency exchange attack wave

GoDaddy employees have allegedly fallen victim to a series of social engineering phishing scams that led them to facilitate attacks on multiple cryptocurrency exchanges. The scam duped employees into changing email and registration records which were then used by cyberattackers to launch attacks on other organizations. The incident was reported

Read More
16 Nov 2020

Scams Ramp Up Ahead of Black Friday Cybercriminal Craze

Cybercriminals are preparing for one of the largest hacking days in the US, Black Friday, and Cyber Monday. The shopping holidays attract scammers and hackers due to their nature in pushing a high volume of traffic through eCommerce sites in preparation for the holiday season. Due to the pandemic, shoppers

Read More
06 Nov 2020

This hacking group is using previously unknown tools to target defence contractors

McAfee security researchers first released detailed information on Operation North Star earlier this year, highlighting the campaigns conducted by Lazarus Group (Hidden Cobra) targeting defense and aerospace companies in a social engineering and phishing campaign. McAfee’s coverage showed that the campaign was larger than previously thought. In the McAfee report,

Read More
05 Nov 2020

Google Forms Abused to Phish AT&T Credentials

A new campaign utilizing Google Forms to impersonate popular brands such as Office 365, Wells Fargo, and Microsoft OneDrive has been discovered. The phishing attacks aim to collect credentials from targets, utilizing a common technique in which recipients of the phishing emails are re-directed to fraudulent login pages masquerading as

Read More