source:  technewsworld.com

With much of the workforce conducting business from home to escape the pandemic, scammers have revved up their trickery to scare victims into falling for credential harvesting schemes.

Two new reports lay bare the new twists digital scammers are putting on old approaches to get you to unwittingly give up login credentials for your personal or company online banking and server portals. The two reports focus on how to avoid becoming a corporate or consumer victim.

One new twist detailed by Armorblox threatens to recycle inactive addresses unless the would-be victims immediately update and confirm their account details. This results in fearful recipients entering their legitimate email addresses and password information.

The second report, by email phishing protection firm INKY, reveals the intricate directives of a credential harvesting phishing email. These emails impersonate the United States Department of Justice by using a malicious link with real logos mimicking government websites.

phishing email pretending to be the DoJ

A phishing email scam which gives the appearance that the sender is the U.S. Department of Justice.

Credential harvesting is largely considered the foundation of email phishing. It is the easiest way for anyone to get into your secure files. They simply use your password that you gave them, explained Dave Baggett, CEO and co-founder of INKY.

“In terms of the overall rate of phishing generally, we have seen nearly a three-times increase in phishing emails since the pandemic started,” Baggett told TechNewsWorld.

 

Banking on Phishing

Last week, Armorblox, a cloud office security platform that protects inbound and outbound enterprise communications, released its latest discovery of a new credential phishing attempt. The report details how cybercriminals use an email with a malicious link leading to a fake website. The landing page painstakingly resembles the Bank of America login page.

Continue reading “EMAIL SCAMMERS USING OLD TRICKS WITH NEW TWISTS”

source: threatpost.com

 

A new devilish malware is targeting Windows systems with cryptojacking and DDoS capabilities.

Security experts have identified a self-propagating malware, dubbed Lucifer, that targets Windows systems with cryptojacking and distributed denial-of-service (DDoS) attacks.

The never-before-seen malware initially tries to infect PCs by bombarding them with exploits in hopes of  taking advantage of an “exhaustive” list of unpatched vulnerabilities. While patches for all the critical and high-severity bugs exist, the various companies impacted by the malware had not applied the fixes.

“Lucifer is a new hybrid of cryptojacking and DDoS malware variant that leverages old vulnerabilities to spread and perform malicious activities on Windows platforms,” said researchers with Palo Alto Networks’ Unit 42 team, onWednesday in a blog post. “Applying the updates and patches to the affected software are strongly advised.”

The vulnerabilities targeted by Lucifer include Rejetto HTTP File Server (CVE-2014-6287), Oracle Weblogic (CVE-2017-10271), ThinkPHP RCE (CVE-2018-20062), Apache Struts (CVE-2017-9791), Laravel framework  CVE-2019-9081), and Microsoft Windows (CVE-2017-0144CVE-2017-0145, and CVE-2017-8464).

Continue reading “SELF-PROPAGATING LUCIFER MALWARE TARGETS WINDOWS SYSTEMS”

source: nakedsecurity.sophos.com

If you’re a Naked Security Podcast listener, you’ll have heard Sophos’s own Peter Mackenzie telling some fairly wild ransomware stories.

Peter works in the Managed Threat Response (MTR) part of our business – in his own words, if your network’s on fire, he’s one of the people who will rush in to try to fix it.

As you can imagine, plenty of his deployments come in the aftermath of ransomware attacks.

A few years ago ransomware criminals typically used what’s called the “spray-and-pray” approach – or what might more appropriately be called “spray-and-prey”, given the entirely predatory nature of these attacks.

A ransomware gang might have emailed a malicious attachment to ten million people, relying on ten thousand of them opening it up and getting scrambled, and then banking (figuratively and literally) on three thousand or so of the victims being stuck with little alternative but to pay up $350 each, for a total criminal pay-check of $1,000,000.

Make no mistake, those early ransomware criminals, such as the crooks behind malware such as CryptoLockerLocky and Teslacrypt, extorted millions of dollars, and their crimes were no less odious or destructive overall than what we see today.

But today’s ransomware criminals tend to pick entire organisations as victims.

Continue reading “INSIDE A RANSOMWARE GANG’S ATTACK TOOLBOX”

source:  securityweek.com

 

The U.S. National Security Agency says the same Russian military hacking group that interfered in the 2016 presidential election and unleashed a devastating malware attack the following year has been exploiting a major email server program since last August or earlier.

The timing of the agency’s advisory Thursday was unusual considering that the critical vulnerability in the Exim Mail Transfer Agent — which mostly runs on Unix-type operating systems — was identified 11 months ago, when a patch was issued.

Exim is so widely used — though far less known than such commercial alternatives as Microsoft’s proprietary Exchange — that some companies and government agencies that run it may still not have patched the vulnerability, said Jake Williams, president of Rendition Infosec and a former U.S. government hacker.image - hacking

It took Williams about a minute of online probing on Thursday to find a potentially vulnerable government server in the U.K.

He speculated that the NSA might have issued to advisory to publicize the IP addresses and a domain name used by the Russian military group, known as Sandworm, in its hacking campaign — in hopes of thwarting their use for other means.

The Exim exploit allows an attacker to gain access using specially crafted email and install programs, modify data and create new accounts — gaining a foothold on a compromised network.

Continue reading “NSA: RUSSIAN AGENTS HAVE BEEN HACKING MAJOR EMAIL PROGRAM”