18 Dec 2019

Industrial Cyber-Espionage Campaign Targets Hundreds of Companies

An advanced threat actor, nicknamed Gangnam Industrial Style, targeted hundreds of industrial companies across the globe, using a new version of an old info-stealer to extract sensitive data. The spear-phishing campaign comprises of malicious attachments disguised as PDF files, which drop Separ malware when clicked. Separe malware steals login data

Read More
16 Dec 2019

Over 100 Phishing Sites Spotted in Global Government Campaign

According to the security vendor Anomali, sources of domains and over 120 phishing sites have been detected as involved with a major global campaign that is targeting government procurement services. Anomali stated that the credential harvesting campaign consisted of spoofed sites for international government departments as well as spoofed email

Read More
03 Dec 2019

Report: ‘Smishing,’ Deepfakes to Continue to Rise in 2020

Experian, an American credit reporting company, published a 2020 data breach industry forecast that stated “smishing” or text-based phishing, would be the next danger to consumers and agencies. Following smishing is drones that steal customer data, disruptive deepfakes, hacktivism, and identity theft through mobile payment systems. The report claims that

Read More
26 Nov 2019

They See You When You’re Shopping: Holiday Cybercrime Starts Early

This year, cybercriminal activity related to the holiday season has started earlier than was the case in previous years, researchers with Avira Protection Lab warn. In 2018, phishing rose by 61% during the September-December holiday shopping season. This year, phishing activity has been rising since July and in September the

Read More
25 Nov 2019

Extensive hacking operation discovered in Kazakhstan

Security researchers with Qihoo 360 have uncovered a large cyber campaign targeting Kazakhstan. According to the report, a threat actor with considerable financial and technical resources is targeting government agencies, businesses, educational institutions as well as numerous individuals including members of the military, foreign diplomats, researchers, journalists religious figures and

Read More
15 Nov 2019

New phishing email campaign impersonates US postal service to deliver malware

A report published on Thursday by Proofpoint states that a phishing campaign that has been targeting Europe has now been attacking the United States with the goal of spreading Trojan malware onto computers. The latest phishing attacks impersonate the US Postal Service and contain a Word document that, when opened,

Read More
12 Nov 2019

TrickBot Malware Uses Fake Sexual Harassment Complaints as Bait

Recently, attackers have formulated fake sexual harassment complaints that appear to come from the U.S. Equal Employment Opportunity Commission to disperse TrickBot malware, which targets financial data and acts to deploy other malware. This spearphishing campaign utilizes social engineering tactics to convince targets into exposing sensitive information. The customized phishing

Read More
08 Nov 2019

PayPal Upsets Microsoft as Phishers’ Favorite Brand

A new report by Vade Secure indicates that PayPal was the most impersonated brand in phishing attacks last quarter, which is rather surprising since Microsoft usually dominates these campaigns. PayPal-themed phishing URLs have been on the rise in the past year and in Q3 they surged by 69.6%. By contrast,

Read More
07 Nov 2019

Phishing attacks at highest level in three years

In the third quarter of this year, phishing campaigns were more prevalent than in any other quarter since Q4 of 2016, according to a new report by APWG. The number of phishing domains surged by 46% compared to last quarter. Threat actors not only launched more phishing campaigns, but they also

Read More
07 Nov 2019

Cybercriminals using Google Analytics to enhance phishing efforts

Threat actors are increasingly leveraging Google Analytics and other web analytics tools in order to optimize their phishing campaigns, a recent Akamai study reveals. Attackers use these tools in order to keep track of “technical markers, like browser identification, geo-location, and operating system,” that “can help adjust the phishing website’s

Read More