Tag: phishing
Blockchains lose $1.8 billion to cybercrime
Web 3.0, the blockchain version of the traditional internet that hosts decentralized blockchain crypto-currencies, lost over US$1.8 billion in 2023 to cybercrime. Newly released findings from cybersecurity firm Certik’s latest Hack3D Annual Report cast a pall over the US Securities and Exchange Commission (SEC)’s much-anticipated approval of up to a dozen Bitcoin ETFs (exchange-traded funds) on Wednesday. It will also cast a long shadow over the hoped-for institutional acceptance of crypto-currencies by influential financial entities, including Swift, the Hong Kong Monetary Authority, and the Australia and New Zealand Banking Group (ANZ). In the second half of last year, the SEC scrutinized a series of proposals, notably extending review periods for Bitcoin ETF applications from major firms like BlackRock, ARK, and Fidelity.
Financial Sector Sees Most Cyberattacks in 2023 – December 20th
Based on a Netwrix survey, the financial sector in 2023 experienced the most cyberattacks among any other sector in 2023. Surveying 1,610 IT and security professionals from more than 100 countries, the survey also revealed phishing and malware to be the most common attacks across all sectors.
MongoDB’s Data Breach Confirmed – December 18th
MongoDB revealed a data breach exposing customer metadata and sensitive information in an email announcement to their customers. The email, alerting MongoDB's customers of the cyberattack, also informed customers to be aware of heightened phishing email risk due to the data breach, and to set up multi-factor authentication for their accounts as a phishing safety measure.
Ukraine’s Largest Telecom Crippled by Russian Cyberattack – December 13th
Kyivstar, Ukraine's largest telecom provider announced it was hit by a devastating cyberattack, disrupting internet access for over 26 million users. Kyivstar's parent company, VEON Ltd confirmed the devastating cyberattack, claiming it to be “one of the largest cyberattacks in the history of the global telecom market.”
AutoSpill Attack May Lead to Stolen Android Credentials – December 11th
Researchers from the International Institute of Information Technology (IIIT) presented a new attack named 'AutoSpill' that enables attackers to steal account credentials on Android devices via an autofill operation, during the Black Hat Europe security conference. IIIT researchers pinpointed WebView, the Android feature used to open external links through an internal browser view as the starting point of the security flaw, leaving autofilled usernames and passwords vulnerable.
US aerospace company hit by cyber-attack
An unknown threat actor has breached an as-yet-unnamed US aerospace company. According to BlackBerry, who first highlighted the attack, the threat actor’s weaponization of a phishing attack became operational around September 2022, with the offensive phase of the attack occurring almost a year later in July of this year. The cybercriminals responsible, whom BlackBerry has christened “AeroBlade,” are believed to have used the intervening nine months to develop the additional resources necessary to ensure access to the aerospace company’s systems to exfiltrate potentially highly valuable information - pointing to a high degree of professionalism and persistence on the part of the attacker.
New Sophisticated Attacks Demonstrated by Disney+ Impersonators – December 6th
Abnormal Security published a study revealing a Disney+ impersonation attack, demonstrating never-before-seen phishing tactics. The cybercriminals initiated the impersonation attack through an auto-generated notification email, about pending charges for their Disney+ subscription. The emails also demonstrated customized PDFs, with legitimate numbers & emails, inflated charges, and believable branding.
IT security responsible for 14% of cyber-breaches
A staggering 14 percent of cyber incidents are due to senior IT security staff errors, compounded by a further 15% of errors caused by other IT staff. According to a new study published by cybersecurity firm Kaspersky, over the last two years, 77 percent of companies experienced between one and six cybersecurity breaches, with IT security staff being directly culpable for almost a third of all cybersecurity breaches.
FBI targets casino cybercrime
The attacks first identified by the FBI frequently targeted small and tribal casinos, encrypting servers and the personally identifying information (PII) of employees and patrons. As of June 2023, the FBI also reports that the Silent Ransom Group (SRG), also called Luna Moth, conducted callback phishing data theft and extortion attacks by sending victims a phone number in a phishing attempt, usually relating to pending charges on the victim’s account. When the victims called the provided phone number, cybercriminals directed them to a legitimate system management tool via a link provided in a follow-up email.
Beware the poisoned search
Conducting an innocent online search for any business-related document, such as a legal contract, has become as potentially risky as opening a link in an unsolicited email. Ransomware gangs, usually outside US, UK, and EU jurisdiction, are now luring business users of popular search engines to compromised websites designed to look like professional forums, creating a back door into the searcher’s entire organization.
Massive hike in phishing and malware attacks in Q3 – October 18th
Reports show that phishing and malware attacks have spiked by 173% and 110% respectively in the third quarter of this year, compared with the second quarter of the year. A staggering 493.2 million phishing attacks and 125.7 million malware attacks were logged during this period.
BunnyLoader is up for sale in the cyber underground market – October 3rd
A new malware threat, identified as BunnyLoader, is being sold in the cyber underground market. This Malware-as-a-Service (MaaS) threat has various capabilities, including stealing browser credentials, and system information as well as executing a second-stage payload.