24 Sep 2021

Large-Scale Phishing-as-a-Service Operation Exposed

Microsoft has uncovered a new large-scale phishing campaign that is targeting companies with custom campaigns and sophisticated phishing techniques. The phishing-as-a-service operation is marketed by cybercriminals as BulletProofLink. Researchers allegedly found the operation by detecting a high volume of newly created subdomains. Microsoft posted a statement via the 365 Defender

Read More
21 Sep 2021

Malicious Email Surge Predicted for Q4

According to new research produced by Tessian, corporate and end-users should be wary of an uptick in phishing attacks for the final quarter of 2021. Tessian found that this is when the most malicious emails are likely to be distributed after analyzing four billion messages sent between July 2020 and

Read More
21 Sep 2021

Europol Breaks Open Extensive Mafia Cybercrime Ring

International law enforcement efforts have led to the takedown of an extensive cybercrime operation run by a gang with ties to the Italian Mafia. According to Europol, the gang utilized violence and intimidation as tactics and collected $12 million in online fraud profits. The group used phishing attacks to defraud

Read More
17 Sep 2021

Cyberattacks against the aviation industry linked to Nigerian threat actor

Researchers have uncovered a campaign against the aviation sector and tracked it back to Nigeria-based threat actors. Microsoft Intelligence released a series of tweets outlining the campaign, which it determined to target aerospace and travel sectors with spear-phishing emails distributing an actively developed loader. The loader then delivers two different

Read More
15 Sep 2021

Attackers Impersonate DoT in Two-Day Phishing Scam

Threat actors allegedly impersonated the US Department of Transportation in a two-day phishing campaign, leveraging the recent $1 trillion infrastructure bill. The cyber attackers created new domains mimicking the real DoT site. The campaign combined a series of tactics, such as creating seemingly legitimate domains to evade security detections and

Read More
03 Aug 2021

Chipotle Emails Serve Up Phishing Lures

According to new information, a breach of Chipotle’s restaurant email marketing service last month has lead to customers being targeted with phishing lures in seemingly legitimate emails that then harvested users’ credentials. This attack mirrors earlier Nobelium attacks, according to researchers at Inky, who first reported that Chipotle’s email vendor

Read More
15 Jul 2021

Phishing continues to be one of the easiest paths for ransomware

According to a new survey from Cloudian, ransomware gangs are still using phishing attacks as one of the main methods to gain the initial access into organizations’ systems. Cloudian’s report contains the insight of 200 IT decision-makers who have experienced a ransomware attack in the past two years. According to

Read More
01 Jul 2021

Impersonation Becomes Top Phishing Technique

New research by Avanan reveals that impersonation and credential harvesting attacks are the most common among phishing attackers this year. Avanan’s 2021 Global Phish Cyber Attack Report found that credential harvesting is used in over half of all phishing attacks, up nearly 15% since 2019. Researchers at Avanan also found

Read More
30 Jun 2021

Reported HMRC-Branded Phishing Scams Grew by 87% During COVID-19

Official figures obtained by accountancy group Lanop Outsourcing reveal that HMRC-branded phishing scams grew by 87% during the Covid-19 pandemic. The company gained access to the information after filing a Freedom of Information request. The data revealed that reports of phishing scams impersonating the UK’s tax, payments, and customs authority

Read More
04 Jun 2021

‘Battle for the Galaxy’ Mobile Game Leaks 6M Gamer Profiles

An unprotected server hosting AMT Games user data has been discovered by security researchers at WizCase. The researchers found that the Elasticsearch server contained the personal data of 6 million players of AMT’s popular game Battle for the Galaxy. The server contained over 1 terabyte of unencrypted data, meaning that

Read More