Phishing | SC Media

Phishing

Phishing campaign targets remote workers with fake voicemail notifications

Looking for new angles to socially engineer employees working from home under COVID-19 conditions, attackers have devised a new phishing campaign that distributes emails that look as if they were generated by  Private Branch Exchange (PBX), a legacy technology that integrates with employees’ email clients so they can receive their voicemail recordings. In a company…

‘Enterprise-grade’ BazarBackdoor malware delivered via spear phishing emails

Researchers have uncovered a new “enterprise-grade” backdoor malware program that they say shares code with the notorious modular banking trojan TrickBot and is used to gain unauthorized access to and compromise corporate networks. Dubbed BazarBackdoor, the malware has been distributed via spear phishing campaigns that leverage a variety of lure topics, including customer complaints, coronavirus-related…

Email phishing scam impersonates LogMeIn to trick remote workers

Add LogMeIn to the list of remote services and collaboration platforms whose users are being targeted by phishing scammers seeking to take advantage of businesses’ current work-from-home policies under COVID-19. In a company blog post, Abnormal Security researchers reported witnessing an influx of campaigns targeting LogMeIn — provider of cloud-based remote connectivity services for collaboration,…

Six need-to-know takeaways from the Verizon breach report

Phishing attacks and stolen credentials have become attackers’ most popular avenues of network compromise, and employee errors are helping pave the way according to Verizon’s newly released 2020 Data Breach Investigations Report (DBIR). Verizon researchers analyzed 157,525 known “incidents” (defined as a security event that results in the compromise of an information asset) and 3,950…

Tor network remains unsure how feds discovered and shut down Silk Road 2.0

COVID-19 inspires Nigerian scammers to launch waves of BEC campaigns

Nigerian cybercriminal actors are shamelessly exploiting the COVID-19 pandemic to infect government health care agencies, academic medical programs, medical publishing firms and more with malware, largely for the purpose of conducting Business Email Compromise operations. In a company blog post, researchers with Palo Alto Networks’ Unit 42 threat intelligence team have reported observing three prominent…

Cyber gangs battle to take down Xbox and PlayStation gaming networks for Christmas.

Roblox hacker enabled by insider threats; expert offers tips to curb rogue employees

A hacker reportedly used both bribery and social engineering to gain unauthorized access to a customer support system operated by the popular video game Roblox — illustrating why companies must be on the lookout for employees who fit the mold of an insider threat. The unnamed hacker told Motherboard that they paid one insider to…

Aggah malspam campaign updated with new payloads

An updated Aggah malspam campaign is distributing malicious Microsoft Office documents designed to trigger a multi-stage infection in order to a target a user’s endpoint. The campaign is depositing Agent Tesla, njRAT and Nanocore RAT in a attack that is being run out of several Pastebin accounts, reported Cisco Talos. As with previous Aggah attacks,…

COVID-19’s impact on package deliveries creates golden opportunity for scammers

Cybercriminals are posing as delivery companies and pretending to be affected by the COVID-19 pandemic as a means to trick potential victims into opening malicious emails attachments or revealing credentials on phishing websites. Spam and phishing schemes that use postal- and shipping-themed lures are nothing new, but the coronavirus outbreak allows attackers to put a…

APT32 actively spearphishing Chinese officials in a search for COVID-19 data

The suspected Vietnamese threat group APT32 has been conducting a spearphishing campaign against Chinese targets in an attempt to glean information on COVID-19. FireEye’s Mandiant Threat Intelligence Team reported the attacks have been conducted throughout the pandemic, from early January to date, with the targets including China’s Ministry of Emergency Management as well as the…

Next post in Coronavirus