Phishing news & analysis | SC Media

Phishing

Adobe fixes zero-day Flash bug after attackers target Russian clinic with exploit

By

Adobe Systems today issued an emergency security update for Flash Player following the discovery of a critical vulnerability that attackers were actively exploiting in a Nov. 29 phishing operation targeting a Russian state health care institution. The zero-day arbitrary code execution exploit was specifically employed against Moscow-based “Polyclinic No. 2” of the Administrative Directorate of…

Pied Piper phishing scheme infests victims with FlawedAmmyy, RMS RATs

By

The cybercriminal threat group TA505 is a key suspect in an ongoing phishing campaign that’s been attempting to infect victims with the FlawedAmmyy and Remote Manipulator (RMS) remote access trojans. Dubbed Pied Piper, the campaign was observed targeting a supplier to several well-known food chains, including Godiva Chocolates, Yogurtland and Pinkberry, according to a Nov. 29 blog…

Four Iranian nationals indicted in SamSam attacks

By

The Justice Department has indicted two Iranian men behind the SamSam ransomware attacks – that infected the cities of Atlanta, San Diego and Newark, N.J. – as well as two others who converted the ransom into Iranian riyals. Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri, “extorted victims by leaving a ransom note in the…

‘Cannon’ downloader tool added to Fancy Bear’s APT arsenal

By

A new cyber espionage campaign from the Russian APT group Fancy Bear has added some firepower in the form of a new malicious first-stage downloader tool called Cannon. Cannon diverges from Fancy Bear’s (aka Sofacy, APT28) usual downloader trojan, Zebrocy, in that it leverages email protocols for C2 communication as opposed to HTTP or HTTPS.…

fancy-bear

Cozy Bear tracks: Phishing campaign looks like work of Russian APT group

By

Recently detected spear phishing activity suggests that the Russian APT group Cozy Bear may have emerged from its hibernation and become officially operative once more. Last last week, respected cybersecurity firms CrowdStrike and FireEye both issued warnings referencing a widespread phishing campaign targeting multiple industry sectors, while implementing the tactics, techniques and procedures of Cozy…

Report reveals struggles of SMBs navigating cyber threat landscape

By

A recent survey of just over 1,000 small- and medium-sized businesses found that 58 percent of respondents experienced a data breach in the previous 12 months, according to a new SMB cybersecurity research report from Keeper Security and the Ponemon Institute. An even larger number, 67 percent, said they experienced at least one form of cyberattack,…

Phishing extortion campaign using new, more effective methods

By

Kaspersky Labs researchers have noticed a recent switch in tactics by malicious actor’s intent on conducting blackmail operations. The primary scare tactic in these phishing operations is to tell the recipient the extortionist has embarrassing or damaging evidence against the target with a demand to pay a set amount in order for the malicious actor…

Spyware disguised as Spanish banking apps removed from Google Play

By

A spyware program fraudulently disguised as a Spanish-language banking app was found last month collecting users’ device data and messages, which were later leveraged in smishing schemes. Advertised as “Movil Secure,” the fake app pretends to be associated with multinational Spanish banking group Banco Bilbao Vizcaya Argentaria (BBVA). Published on Oct. 19, the app was discovered by Trend…

Phishing campaign used Brazilian elections as a lure

By

The 2018 Brazilian general election provided the perfect backdrop for cybercriminals to create a phishing campaign designed to infect citizens of the South American country with the Astaroth WMIC Trojan. In the days leading up to the Oct. 7 vote, the malicious campaign used subject lines suggesting that then-presidential candidate Jair Bolsonaro, was embroiled in a scandal,…

‘Narwhal Spider’ group’s spam campaign targets Japanese recipients with URLZone malware

By

A newly discovered spam campaign powered by version two of the well-known Cutwail botnet has been found targeting Japanese users in an attempt to infect them with the URLZone (aka Bebloh) banking trojan. In a company blog post yesterday, Crowdstrike researchers Sebastian Eschweiler, Brett Stone-Gross and Bex Hartley note that the operation leverages the art of…

Next post in Cybercrime