Banks in Russia today were the target of a massive phishing campaign that aimed to deliver a tool used by the Silence group of hackers. The group is believed to have a background in legitimate infosec activities and access to documentation specific to the financial sector.
The fraudulent emails purported to come from the Central Bank of Russia (CBR) and contained a malicious attachment. The message body lured the recipients to open the attachment in order to check the latest details on the “standardization of the format of CBR’s electronic communications.” International cybersecurity company Group-IB investigated the attack.
An extensive testing session carried out by bank security experts at Positive Technologies has revealed that most ATMs can be hacked in under 20 minutes, and even less, in certain types of attacks. Experts tested ATMs from NCR, Diebold Nixdorf, and GRGBanking, and detailed their findings in a 22-page report published this week.
The attacks they tried are the typical types of exploits and tricks used by cyber-criminals seeking to obtain money from the ATM safe or to copy the details of users’ bank cards (also known as skimming). Experts said that 85 percent of the ATMs they tested allowed an attacker access to the network.
Read more about the disturbing findings of the new report on ZDNet.
As the Black Friday post-Thanksgiving buying bonanza looms, many are opting to stay at home and take advantage of the same deals online. But they may get an unwanted extra with their purchase. Banking trojan malware families Betabot, Panda, Gozi, Zeus, Chthonic, TinyNuke, Gootkit2, IcedID and SpyEye are targeting online shoppers.
According to Kaspersky Lab, these and other banking trojans have spiked in detections lately, and are hunting for user credentials such as user names, passwords, payment-card numbers and phone numbers. At least 14 malware families have been found actively targeting a total of 67 consumer e-commerce sites between them, the firm said.
Read more about the findings of the Kaspersky Lab analysis on Threatpost.
Anti-phishing firm Cofense has discovered an uptick in the use of .com file extensions in phishing emails. The .com file extension designated executable files in DOS and Windows 95, 98 and Me. It has been replaced by .exe in later versions of the OS. However, for backwards compatibility, Windows will still attempt to execute a file with the .com extension.
Throughout October, Cofense analyzed 132 unique phishing samples with the .com extension. To put this uptick in context, it found only 34 samples in the entire preceding nine months of 2018. The most popular subject line lures in the new campaign (or campaigns) are ‘payment’ and ‘purchase order’ themes.
Read more about the findings of the new Cofense report on SecurityWeek.
The epidemic of Twitter-based Bitcoin scams took another twist this week as attackers tweeted scams directly from two verified high-profile accounts. Cryptocurrency giveaway scams work by offering money to victims. There’s a catch, of course: They must first send a small amount of money to ‘verify their address’. The money in return never shows up and the attackers cash out.
Authenticity is a key factor in these scams. Accounts with verified status shown by a blue tick carry more of that. This week, criminals managed to compromise the official accounts of Google’s G Suite and Target and use these for Bitcoin giveaway scams.
Sophos today launched its 2019 Threat Report providing insights into emerging and evolving cybersecurity trends. The report explores changes in the threat landscape over the past 12 months, uncovering trends and how they are expected to impact cybersecurity in 2019.
The SophosLabs 2019 Threat Report found that capitalist cybercriminals are turning to targeted ransomware attacks that are premeditated and reaping millions of dollars in ransom -2018 saw the advancement of hand-delivered, targeted ransomware attacks that are earning cybercriminals millions of dollars. These attacks are different than ‘spray and pray’ style attacks that are automatically distributed through millions of emails.
Read more about the findings of the new Sophos report on AP News.
If exploits and malware were stocks and bonds, the third quarter of 2018 would have been a bull market. That’s the broad takeaway from Fortinet’s Q3 2018 “Global Threat Landscape Report,” which found malware, exploits, and threats all on the increase. From July through September, unique malware variants grew 43%, while the number of malware families grew by nearly 32%.
Despite those numbers, Anthony Giandomenico, senior security strategist/researcher at FortiGuard Labs, says cryptojacking is one of the more serious threats he’s seeing. Giandomenico realizes that many researchers view crypto-jacking as more of an annoyance, but he sees two problems with that view.
Read more about the findings of the Fortinet report on DarkReading.
While 50 nations and 150 global companies gathered in Paris last week to boost the call for better cybersecurity, European IT security professionals this week are registering their concerns that the region isn’t ready for an anticipated attack on critical infrastructure. The 2018 Black Hat Europe Attendee Survey found that nearly two-thirds (65%) of security pros in Europe believe a successful cyberattack affecting the critical infrastructure of multiple EU nations will occur in the next two years.
And concerns are not limited to critical infrastructure. Some three-quarters of European security pros said a major data breach will occur in their own organizations in the coming year.
Read more about the findings of the Black Hat survey on DarkReading.
Recent attacks on an engineering company in the United Kingdom were attributed to a China-related cyber-espionage group despite the use of techniques usually associated with Russian threat actors. The hacking group, which is referred to as TEMP.Periscope and is also known as Leviathan, has been active for half a decade and was observed targeting engineering and maritime entities earlier this year
In July 2018, the group targeted the employees of a U.K.-based engineering company in a spear-phishing campaign, Recorded Future reports. As part of this campaign, the group is believed to have reused publicly reported, sophisticated Tactics, Techniques and Procedures (TTPs) from Russian threat groups Dragonfly and APT28.
Read more about the TEMP.Periscope attack campaigns on SecurityWeek.
It was not a good week for the Pathé cinema chains. First, their UK branch’s Twitter account was hacked and used in a cryptocurrency scam and then it became known that their Dutch branch had lost more than 19 million euros (US$21.5m) trough a business email compromise (BEC) scam.
The scam began in March with an email to the company’s CFO, allegedly from Pathé’s French parent firm, which told him to transfer more than 800,000 euros as part of a “strictly confidential” acquisition, Dutch business site Quote reports. Though the CFO and the CEO did discuss among themselves that the request was rather strange, they dutifully obliged.
Read more about this elaborate and successful BEC scam on Forbes.