12 Nov 2019

TrickBot Malware Uses Fake Sexual Harassment Complaints as Bait

Recently, attackers have formulated fake sexual harassment complaints that appear to come from the U.S. Equal Employment Opportunity Commission to disperse TrickBot malware, which targets financial data and acts to deploy other malware. This spearphishing campaign utilizes social engineering tactics to convince targets into exposing sensitive information. The customized phishing

Read More
08 Nov 2019

PayPal Upsets Microsoft as Phishers’ Favorite Brand

A new report by Vade Secure indicates that PayPal was the most impersonated brand in phishing attacks last quarter, which is rather surprising since Microsoft usually dominates these campaigns. PayPal-themed phishing URLs have been on the rise in the past year and in Q3 they surged by 69.6%. By contrast,

Read More
07 Nov 2019

Phishing attacks at highest level in three years

In the third quarter of this year, phishing campaigns were more prevalent than in any other quarter since Q4 of 2016, according to a new report by APWG. The number of phishing domains surged by 46% compared to last quarter. Threat actors not only launched more phishing campaigns, but they also

Read More
07 Nov 2019

Cybercriminals using Google Analytics to enhance phishing efforts

Threat actors are increasingly leveraging Google Analytics and other web analytics tools in order to optimize their phishing campaigns, a recent Akamai study reveals. Attackers use these tools in order to keep track of “technical markers, like browser identification, geo-location, and operating system,” that “can help adjust the phishing website’s

Read More
05 Nov 2019

Europol: Spear phishing the most prevalent cyber threat affecting orgs across the EU

A new report[pdf] by Europol identifies spear phishing, i.e. targeted phishing, as the top threat to organizations in European Union (EU) member states. According to the study, spear phishing is the most common attack vector used by cybercriminals to compromise organizations. Steven Wilson of Europol’s European Cybercrime Centre added that

Read More
04 Nov 2019

People are the very first element in a pragmatic cybersecurity strategy

A new survey by Avertium shows that as many as 39% of organizations are under-prepared to respond to a data breach, and about three in four are having difficulty dealing with the rising number of increasingly sophisticated cyber threats, as well as the growing complexity of the cyber tech stack.

Read More
01 Nov 2019

Cybercriminals using custom phishing tools to target the world’s largest tech brands

A new report by Akamai shows that the most popular companies targeted in phishing campaigns are Microsoft, PayPal, DHL, and Dropbox, which together accounted for 42.63% of all observed phishing domains. Microsoft, which accounted for 21.88% of domains alone, is highly popular among cybercriminals selling Phishing as a service (PaaS)

Read More
31 Oct 2019

Office 365 users targeted with fake voicemail alerts in suspected whaling campaign

McAfee researchers have uncovered a phishing campaign that targets major enterprises with fake voicemail messages. Since the targeted individuals include company executives, the researchers suggest that the the attack could be considered “whaling.” The phishing emails impersonate Microsoft and inform users about a missed call. The message includes an HTML

Read More
28 Oct 2019

Ransomware, Mobile Malware Attacks to Surge in 2020

A recent study by Check Point predicts some of the major cybersecurity trends that will shape 2020. In terms of threats, the firm projects that 5G will play a major role in increasing the attack surface because it is bound to lead to a surge in Internet-of-things devices as well

Read More
28 Oct 2019

Microsoft Office Bug Remains Top Malware Delivery Vector

A recent report by Cofense shows that in the third quarter of this year, the most common technique for distributing malware via phishing campaigns is the exploitation of CVE-2017-11882, a critical flaw in Microsoft Office that was patched in 2017, but has been around for almost two decades. Attackers embed

Read More