Tag: proofpoint
Disgruntled ex-Disney employee highlights insider threat
The Walt Disney Company, which has long had a history of troubled labor relations, recently found itself the victim of a disgruntled former employee. According to an affidavit in support of a criminal complaint against the former employee, Michael Scheuer, Disney discovered a security breach allegedly used to make its menus unusable, together with the redirection of QR codes to direct Disney customers to a website calling for a boycott of Israel. More seriously, it alleged that the threat actor manipulated allergen information on Disney menus, indicating that certain menu items were safe for people with peanut allergies when, in fact, they could have been potentially deadly for some diners. Scheuer is also alleged to have conducted denial of service attacks on four former colleagues and to have paid visits outside the home of one of them.
“Voldemort” impersonates tax authorities worldwide
A threat actor named “Voldemort” is impersonating tax authorities from governments in Europe, Asia, and the US – targeting dozens of organizations worldwide. Cybersecurity company Proofpoint believes “with moderate confidence” that Voldemort’s ultimate goal is cyber-espionage. Since August 5 this year, Voldemort, named after the main villain in J. K. Rowling’s Harry Potter children’s books, has sent over 20,000 messages purported to be from various tax authorities to over 70 organizations around the world. The threat actor poses as the US Internal Revenue Services, the UK’s HM Revenue & Customs, France’s Direction Générale des Finances Publiques, Germany’s Bundeszentralamt für Steuern, Italy’s Agenzia delle Entrate, India‘s Income Tax Department and Japan’s National Tax Agency.
Organizations’ staff are their biggest security risk
Careless employees are the main root cause of data loss in organizations. According to the cybersecurity and compliance company Proofpoint, almost three-quarters (74 percent) of CISOs believe human error is their biggest cyber vulnerability. This is up from 60 percent in 2023 and 56 percent in 2022. Even more (80 percent) believe human risk and employee negligence will be the key cybersecurity concerns for the next two years. “Our research shows that CISOs generally believe their people are aware of their critical role in defending the business from cyber threats. That CISOs still see their people as the primary risk factor suggests a disconnect between employees’ understanding of cyber threats and their ability to keep them at bay,” says Proofpoint.
Millions of emails distributing LockBit ransomware
Affiliates of the infamous ransomware group LockBit have launched a potentially devastating new weaponized email tactic designed to cause maximum disruption to millions of companies in the US and around the world. At the end of April this year, researchers at cybersecurity firm Proofpoint began to observe high-volume ransomware campaigns sending out millions of fraudulent emails over a one-week period, facilitated by the Phorpiex botnet. In all cases, email messages purported to come from “Jenny Green” with the email address Jenny@gsd[.]com. These contained an attached ZIP file capable of downloading the LockBit Black ransomware payload from Phorpiex botnet infrastructure.
High level executives targeted in ongoing attacks
Highly organized cybercriminals suspected to be based in Russia and Nigeria are targeting hundreds of executives in dozens of organizations in an ongoing Microsoft Azure cloud account takeover (ATO) campaign. According to US cybersecurity firm Proofpoint: “As part of this campaign, which is still active, threat actors target users with individualized phishing lures within shared documents.” Innocent but weaponized documents sent to key executives include embedded links to “View Document”, which automatically directs them to a malicious site. The users affected by the attacks occupy a variety of trusted positions within their organizations. Victims include chief financial officers (CFOs), finance managers, account managers, corporate vice presidents, and sales directors. Proofpoint believes that targeting this variety of executive positions is far from being a series of random phishing attacks.