Tag: Threat Intelligence

Don’t Get Caught in a SMiShing Scam

The word ‘SMiShing’ may sound like gibberish — we think it’s a weird one — but some of the world’s largest enterprises are losing millions of dollars to these scams every year. Similar to phishing, the fraudulent act of sending imitation emails claiming to be a corporation in order to obtain personal information from customers, SMiShing uses SMS (short message service) to achieve the same outcome.

Scammers are taking to SMS to prey on people’s trust, panic or sense of urgency. These messages are disguised as a warning from your bank about an unauthorized charge or an alert about an unidentified user accessing one of your accounts. The goal? To lure you into providing account information  by tapping on a link and entering your information into a look-alike website.

Read more about SMiShing scams and learn how to avoid them on Tripwire.

Hijacking Online Accounts Via Hacked Voicemail Systems

Voicemail systems are vulnerable to compromise via brute-force attacks against the four-digit personal identification numbers (PINs) that protect them. Researchers say a malicious user can thus access the voicemail system to then take over online accounts for services like WhatsApp, PayPal, LinkedIn and Netflix.

Martin Vigo, a mobile security expert who presented his research at 35C3, warns that PINs that protect voicemail systems are far easier to crack than traditional passwords. “Automated phone calls are a common solution for password resets, account verification and other services,” Vigo said. “These can be compromised by leveraging old weaknesses and current technology to exploit this weakest link – voicemail systems.”

Read more about the vulnerabilities of voicemail systems on Threatpost.

Beware of American Express Emails With Attached Phishing Form

A phishing campaign is underway that pretends to be from American Express and states that there is a security issue with your credit card. It then prompts you to open an attached HTML phishing form that will send the inputted information back to the scammers.

Numerous variants have been sent since October 2018.  All of these variants utilize the same theme of there being a security review of your credit card that found issues that require you to send your information through an attached form and create a new online account. These emails are being sent out from mail domains that are based off of the “American Express” keyword such as AmExpress@amnex.com, AmericanExpress@ampress.com, and AmericanExpress@aemail.com.

Read more about the phishing campaign on BleepingComputer.

FTC Warns of Netflix Phishing Scam Making Rounds

The Federal Trade Commission (FTC) is warning of a new phishing scam reeling in Netflix customers and stealing their payment information. The spotted scam purports to be an email from Netflix.

“Police in Ohio shared a screenshot of a phishing email designed to steal personal information,” said Colleen Tressler, consumer education specialist with the FTC in a post. “The email claims the user’s account is on hold because Netflix is ‘having some trouble with your current billing information’ and invites the user to click on a link to update their payment method.” In reality, the bad actors who sent the email are pocketing that payment information.

Read more about the new Netflix phishing scam on Threatpost.

Doxxing: What It Is How You Can Avoid It

Doxxing means publishing private information about someone online to harass or intimidate them. It has ruined reputations and caused untold distress to hundreds of people. On occasion, doxxing has resulted in injury or even death. Being doxxed can have serious consequences for your safety and privacy. How can you prevent it?

Doxxing and cyberbullying often go hand in hand, although doxxing has also been used — controversially — by journalists in pursuit of public interest stories. It’s a relatively new phenomenon grown out of early internet subculture, but it’s gaining both popularity and efficacy, driven partly by social media.

Read more about Doxxing and learn how to avoid this threat on Tripwire.

JungleSec Ransomware Infects Victims Through IPMI Remote Consoles

A ransomware called JungleSec is infecting victims through unsecured IPMI (Intelligent Platform Management Interface) cards since early November.

When originally reported in early November, victims were seen using Windows, Linux, and Mac, but there was no indication as to how they were being infected. Since then, BleepingComputer has spoken to multiple victims whose Linux servers were infected with the JungleSec Ransomware and they all stated the same thing; they were infected through unsecured IPMI devices.

Read more about JungleSec ransomware on BleepingComputer.

Automated Cyber Attacks Are the Next Big Threat. Ever Hear of ‘Review Bombing’?

If you think hacks are bad now, just wait a few more years– because “the machines” are coming. In the next few years, artificial intelligence, machine learning and advanced software processes will enable cyber attacks to reach an unprecedented new scale, wreaking untold damage on companies, critical systems and individuals.

As dramatic as Atlanta’s March 2018 cyber “hijacking” by ransomware was, this was nothing compared to what is coming down the pike once ransomware and other malware can essentially “think” on their own. This is not a theoretical risk, either. It is already happening.

Read more about the risk of automated cyber attacks on Entrepreneur.

Memes on Twitter Used to Communicate With Malware

A new and otherwise ordinary malware tool is garnering some attention from security researchers for its ability to retrieve malicious commands via code hidden in a couple of Twitter memes.

The malware (TROJAN.MSIL.BERBOMTHUM.AA) targets Windows systems and, like more than 90% of all malicious code, is distributed via phishing attacks. Once installed on a system, the malware can perform several common functions like capturing local screen shots, enumerating applications on the system, checking for vulnerabilities in them, capturing clipboard content, and sending files back to the attacker. What’s noteworthy about the new Trojan is its use of the Twitter memes to retrieve malicious instructions, according to Trend Micro, the first to report on the threat.

Read more about the new malware on DarkReading.

Shamoon 3 Attacks Targeted Several Sectors

New details have emerged about the recent Shamoon 3 attacks, including information on several malware samples, targets in additional sectors, and some links to threat groups believed to be operating out of Iran.

Several new samples of the notorious Shamoon malware emerged recently. While initially researchers could not say who had been targeted, an increasing number of targets have come to light in the past days following the analysis of several cybersecurity firms. Alphabet-owned Chronicle discovered one sample that had been uploaded to its VirusTotal service from Italy on December 10.

Read more about the recent Shamoon 3 attacks on SecurityWeek.

The year ahead: More breaches, bolstered regulation and the rise of AI

This time of the year is always exciting for infosec experts, as they get to take a step back, analyze how they did throughout the year, and look ahead at what the coming year will bring. The experts from Help Net Security have decided to take a different approach this time around and focus on three key, and overriding trends they see taking center stage in 2019.

2018 brought with it the proliferation of both data and application security events and, as they predicted, data breaches grew in size and frequency and cloud security took center stage globally.

Read more about the infosec predictions for 2019 on Help Net Security.