25 Nov 2019

Extensive hacking operation discovered in Kazakhstan

Security researchers with Qihoo 360 have uncovered a large cyber campaign targeting Kazakhstan. According to the report, a threat actor with considerable financial and technical resources is targeting government agencies, businesses, educational institutions as well as numerous individuals including members of the military, foreign diplomats, researchers, journalists religious figures and

Read More
15 Nov 2019

New phishing email campaign impersonates US postal service to deliver malware

A report published on Thursday by Proofpoint states that a phishing campaign that has been targeting Europe has now been attacking the United States with the goal of spreading Trojan malware onto computers. The latest phishing attacks impersonate the US Postal Service and contain a Word document that, when opened,

Read More
12 Nov 2019

TrickBot Malware Uses Fake Sexual Harassment Complaints as Bait

Recently, attackers have formulated fake sexual harassment complaints that appear to come from the U.S. Equal Employment Opportunity Commission to disperse TrickBot malware, which targets financial data and acts to deploy other malware. This spearphishing campaign utilizes social engineering tactics to convince targets into exposing sensitive information. The customized phishing

Read More
08 Nov 2019

PayPal Upsets Microsoft as Phishers’ Favorite Brand

A new report by Vade Secure indicates that PayPal was the most impersonated brand in phishing attacks last quarter, which is rather surprising since Microsoft usually dominates these campaigns. PayPal-themed phishing URLs have been on the rise in the past year and in Q3 they surged by 69.6%. By contrast,

Read More
07 Nov 2019

Phishing attacks at highest level in three years

In the third quarter of this year, phishing campaigns were more prevalent than in any other quarter since Q4 of 2016, according to a new report by APWG. The number of phishing domains surged by 46% compared to last quarter. Threat actors not only launched more phishing campaigns, but they also

Read More
07 Nov 2019

Cybercriminals using Google Analytics to enhance phishing efforts

Threat actors are increasingly leveraging Google Analytics and other web analytics tools in order to optimize their phishing campaigns, a recent Akamai study reveals. Attackers use these tools in order to keep track of “technical markers, like browser identification, geo-location, and operating system,” that “can help adjust the phishing website’s

Read More
05 Nov 2019

Europol: Spear phishing the most prevalent cyber threat affecting orgs across the EU

A new report[pdf] by Europol identifies spear phishing, i.e. targeted phishing, as the top threat to organizations in European Union (EU) member states. According to the study, spear phishing is the most common attack vector used by cybercriminals to compromise organizations. Steven Wilson of Europol’s European Cybercrime Centre added that

Read More
04 Nov 2019

People are the very first element in a pragmatic cybersecurity strategy

A new survey by Avertium shows that as many as 39% of organizations are under-prepared to respond to a data breach, and about three in four are having difficulty dealing with the rising number of increasingly sophisticated cyber threats, as well as the growing complexity of the cyber tech stack.

Read More
01 Nov 2019

Cybercriminals using custom phishing tools to target the world’s largest tech brands

A new report by Akamai shows that the most popular companies targeted in phishing campaigns are Microsoft, PayPal, DHL, and Dropbox, which together accounted for 42.63% of all observed phishing domains. Microsoft, which accounted for 21.88% of domains alone, is highly popular among cybercriminals selling Phishing as a service (PaaS)

Read More
31 Oct 2019

Office 365 users targeted with fake voicemail alerts in suspected whaling campaign

McAfee researchers have uncovered a phishing campaign that targets major enterprises with fake voicemail messages. Since the targeted individuals include company executives, the researchers suggest that the the attack could be considered “whaling.” The phishing emails impersonate Microsoft and inform users about a missed call. The message includes an HTML

Read More