Tag: phishing
Geopolitical Tensions are Changing the Cybersecurity Landscape – June 13th
Political tensions are prompting nations to re-strategize cybersecurity. Countries that once sought international cooperation and joint strategies are now prioritizing domestic cyber capacities and national interests as a result of geopolitical instabilities.
White House phone hack rings alarm bells
An attempt to impersonate White House Chief of Staff Susie Wiles is currently being investigated by US federal agencies. The incident highlights the ongoing dangers posed by key individuals using their personal phones to store the phone numbers of important contacts, now that voice cloning enables cybercriminals to mimic anyone’s voice with ease.
Deepfake Phishing Targets Trump’s Chief of Staff – May 30th
In today's daily roundup - Deepfake Phishing Targets Trump’s Chief of Staff, ConnectWise Breached by Suspected Nation-State Actor, and Unbound Security Raises $4M Seed Funding.
“Panda Shop” Takes “Smishing” to a New Level
‘Smishing’ - cybercrime involving sending deceptive SMS text messages - has just been taken to a new and dangerous level by China’s crime syndicates. Cybersecurity company, Resecurity, has discovered a devastating new smishing kit known as "Panda Shop," which comes complete with interactive manuals on how to use it.
From deepfakes to in-person fraudsters
Boeing Employees' Credit Union (BECU) is a not-for-profit credit union based in Washington, dedicated to improving the financial well-being of its members and communities. It has grown beyond serving Boeing’s employees to more than 1.5 million members and $29 billion in assets. In an exclusive interview, Sean Murphy, Chief Information Security Officer (CISO) at BECU, explains the changing cyber-threats now facing consumers. The cybersecurity challenges faced by all consumers have escalated with the growth of artificial intelligence (AI). We have witnessed the growing use of botnets, and AI is at such a stage that it can be used to attempt to gain access to accounts on an individual level. The use of virtual private networks (VPNs) simplifies this process and makes it difficult to track. Remember – while organizations are constantly monitoring for threats and attacks, the cybercriminals only have to get it right one time to cause a highly damaging breach. Advanced persistent threats (APTs) have now become a major ongoing threat. Financial institution employees are the first line of defense against cyber attackers and play a key role in protecting consumers. As such, a robust cybersecurity team and the regular training of employees is crucial.
Advanced Persistent Threats Rise by 74% in 2024 Report – March 6th
The frequency of Advanced Persistent Threats (APTs) has surged, with Kaspersky's latest report revealing a 74% increase in such attacks compared to last year. APTs were detected in 25% of organizations, accounting for 43% of high-severity security incidents, highlighting a sharp rise in sophisticated cyber threats. Kaspersky's analysis suggests attackers are refining their tactics to bypass security measures, leveraging human-operated techniques rather than automated exploits. The report underscores the growing persistence of APT actors, emphasizing the need for proactive defense strategies across industries.
Companies complacent about AI-generated cyber-attacks
Companies are largely ignorant of the looming threat of increased artificial intelligence (AI) identity theft, despite the fact that 93 per cent of companies surveyed suffered two or more identity-related breaches in 2024. According to leading identity management company CyberArk Software, executives and employees alike are overconfident of their ability to spot ongoing ID-theft and subsequent cyber breaches, with over 75 per cent of respondents to a recent survey saying that they are confident their employees can identify deepfake videos or audio of their leaders. “Employees are [also] largely confident in their ability to identify a deepfake video or audio of the leaders in their organization. Whether we chalk it up to the illusion of control, planning fallacy, or just plain human optimism, this level of systemic confidence is misguided,” warns Cyberark following a survey of 4,000 US-based employees.
Darcula can suck the blood out of any brand
Cybercrime just got easier. A new artificial intelligence off-the-shelf phishing kit named darcula now enables even inexperienced cyber criminals to impersonate any corporate brand with a complex, customizable campaign. Phishing generally refers to a form of online fraud where attackers attempt to steal sensitive information such as passwords, credit card numbers, or bank account details. “The criminals at darcula are back for more blood, and they mean business with one of the more impactful innovations in phishing in recent years. The new version of their “Phishing-as-a-Service” (PhaaS) platform, darcula-suite adds first-of-its-kind personalization capabilities …to allow criminals to build advanced phishing kits that can now target any brand with the click of a button,” says Cybersecurity company, Netcraft.
The coming St Valentine’s Day cyber-massacre
This coming Friday is St Valentine’s Day and cybercriminals all over the world are rubbing their hands together with glee at the harvest they intend to reap. Developments in artificial intelligence and the widespread availability of off-the-shelf cybercrime software have enabled a new generation of cyber-scams specifically designed around St Valentine’s Day. In the recent past, cybercriminals typically used February 14th as an excuse to introduce themselves to lonely people with a view to patiently winning their victims’ trust in the short-term and cruelly robbing them of their savings in the longer term.
“Crazy Evil” Threatens Cryptocurrency Ecosystem
A new and rising threat to decentralized financing has been identified. Threat intelligence researcher, the Insikt group, has uncovered “Crazy Evil,” a rapidly growing Russian crypto-scam gang that targets cryptocurrency users and influencers. According to Insikt Group, over ten active social media scams are linked directly to Crazy Evil, garnering millions of dollars in illicit funds and infiltrating tens of thousands of devices. Crazy Evil is what is referred to as a “traffer” team, which Insikt describes as “a collective of social engineering specialists tasked with redirecting legitimate traffic to malicious landing pages.” Allegedly operating since 2021 on dark web forums and amassing thousands of followers on their public Telegram channels, Crazy Evil’s primary targets are cryptocurrency users, non-fungible token (NFT) traders and gaming professionals - all of whom often use decentralized platforms with little or no regulatory oversight.
Mercedes Benz Vulnerability Places Risk of Remote Access – January 20th
CERT-UA warns of attackers impersonating the agency via fake AnyDesk requests for "security audits." Remote access should only occur with prior approval through official channels to mitigate these risks. Amid ongoing cyberattacks linked to the Russo-Ukrainian war, over 1,042 incidents were detected in 2024, including espionage and malware campaigns by groups like Gamaredon and Sticky Werewolf. Pro-Russian and pro-Ukrainian actors continue targeting each other with phishing and credential theft efforts.
$1bn Korean bust is tip of SE Asian cybercrime iceberg
Authorities in Korea and Beijing dismantled a sprawling voice phishing syndicate responsible for financial losses totaling US$ 1.1 billion. But South-East Asian observers believe this to be only the tip of an impenetrable iceberg of cybercrime in South-East Asia that is rapidly starting spread around the globe. The Korean bust was part of an Interpol-co-ordinated global operation involving law enforcement from 40 countries, territories, and regions and has ended with the arrest of over 5,500 financial crime suspects and the seizure of more than US$400 million in virtual assets and government-backed currencies.