Analysis, Encryption and Phishing - Information Management Today

Phishing, the campaigns that are targeting Italy

Security Affairs

OCTOBER 12, 2023

This post analyzed the numerous phishing campaigns targeting users and organizations in Italy. Phishing is a ploy to trick users into revealing personal or financial information through an e-mail, Web site, and even through instant messaging. Phishing can also be used as a precursor attack to drop malware. Just to name a few.

Phishing

Phishing Education Passwords Information Security

A new phishing scam targets American Express cardholders

Security Affairs

SEPTEMBER 5, 2022

Cybersecurity firm Armorblox discovered a new phishing campaign aimed at American Express customers. Armorblox researchers uncovered a new phishing campaign that is targeting American Express customers. ” reads the analysis published by the Armorblox. ” reads the analysis published by the Armorblox.

Phishing

Phishing Authentication Passwords Encryption

Catches of the Month: Phishing Scams for April 2023

IT Governance

APRIL 11, 2023

Welcome to our April 2023 review of phishing attacks, in which we explore the latest email scams and the tactics that cyber criminals use to trick people into handing over personal data. YouTube warns of monetisation scam Content creators on YouTube are being warned about a phishing campaign regarding an apparent “new monetisation policy”.

Phishing

Phishing Passwords Ransomware Insurance

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

iNSYNQ Ransom Attack Began With Phishing Email

Krebs on Security

AUGUST 9, 2019

A ransomware outbreak that hit QuickBooks cloud hosting firm iNSYNQ in mid-July appears to have started with an email phishing attack that snared an employee working in sales for the company, KrebsOnSecurity has learned. “For these infections hackers take sometimes days, weeks, or even months to encrypt your data.”

Phishing

Phishing Ransomware Sales Encryption

Researchers Quietly Cracked Zeppelin Ransomware Keys

Krebs on Security

NOVEMBER 17, 2022

He’d been on the job less than six months, and because of the way his predecessor architected things, the company’s data backups also were encrypted by Zeppelin. “We’ve found someone who can crack the encryption.” Then came the unlikely call from an FBI agent. “Don’t pay,” the agent said.

Ransomware

Ransomware Encryption Manufacturing Phishing

Phishing attacks using the topic “Azovstal” targets entities in Ukraine

Security Affairs

APRIL 23, 2022

Ukraine CERT-UA warns of phishing attacks on state organizations of Ukraine using the topic “Azovstal” and Cobalt Strike Beacon. The analysis of encryption techniques employed in the attack allowed the government experts to associate the campaign with the cybercrime group Trickbot. To nominate, please visit:?

Phishing

Phishing Military Ransomware Encryption

Caffeine, a new Phishing-as-a-Service toolkit available in the underground

Security Affairs

OCTOBER 11, 2022

Researchers warn of a new phishing-as-a-service (PhaaS) toolkit, called Caffeine, which is being used by cybercriminals. In March 2022, Mandiant researchers discovered threat actors using a shared Phishing-as-a-Service (PhaaS) platform called Caffeine. ” reads the report published by Mandiant.

Phishing

Phishing Analytics Encryption Authentication

Phishing Campaign Used Morse Code to Evade Detection: Microsoft

eSecurity Planet

AUGUST 16, 2021

A phishing campaign that Microsoft security researchers have been tracking for about a year highlights not only the ongoing success of social engineering efforts by hackers to compromise systems, but also the extent to which the bad actors will go to cover their tracks while stealing user credentials. Whitelisting vs. Blacklisting.

Phishing

Phishing Passwords Encryption Cloud

Exclusive: Welcome “Frappo” – Resecurity identified a new Phishing-as-a-Service

Security Affairs

MAY 10, 2022

“Frappo” acts as a Phishing-as-a-Service and enables cybercriminals the ability to host and generate high-quality phishing pages which impersonate major online banking, e-commerce, popular retailers, and online-services to steal customer data. The last update of the service was registered May 1, 2022.

Phishing

Phishing Retail Financial Services Data breaches

DeathRansom ransomware evolves encrypting files, but experts identified its author

Security Affairs

JANUARY 5, 2020

DeathRansom was considered fake ransomware due to the fact that it did not implement an effective encryption process, but now things are changing. DeathRansom is a ransomware family that was initially classified as a joke because it did not implement an effective encryption scheme. ” continues the report. Pierluigi Paganini.

Encryption

Encryption Ransomware IT Phishing

StrelaStealer targeted over 100 organizations across the EU and US

Security Affairs

MARCH 25, 2024

The infection chain was continuously updated, current StrelaStealer version is distributed via spear phishing emails containing a ZIP file attachment. “The JScript file then drops a Base64-encrypted file and a batch file. Upon downloading and opening the archive, a JScript file is dropped onto the system.

Encryption

Encryption Manufacturing Archiving Phishing

ScrubCrypt used to drop VenomRAT along with many malicious plugins

Security Affairs

APRIL 9, 2024

Fortinet researchers observed a threat actor sending out a phishing email containing malicious Scalable Vector Graphics (SVG) files. The developers used AES encryption and implemented techniques to bypass the anti-malware scan interface (AMSI). ” concludes the report that also includes indicators of compromise (IoCs).

Phishing

Phishing Sales Encryption Cybersecurity

Phishing campaign targets LATAM e-commerce users with Chaes Malware

Security Affairs

NOVEMBER 18, 2020

” reads the analysis published by Cybereason. The kill chain starts with phishing messages that use a.docx file that once is opened triggers a template injection attack. Experts observed several variants over the recent months, it authors have improved encryption and implemented new functionality of the final Node.js

Phishing

Phishing Mining Libraries Encryption

GUEST ESSAY: Everything you should know about the cybersecurity vulnerabilities of AI chatbots

The Last Watchdog

FEBRUARY 20, 2024

Health care relies on it for intelligent symptom analysis and health information dissemination. Malicious intent or manipulation: AI chatbots can be exploited to spread misinformation, execute social engineering attacks or launch phishing. Customer support experiences a boost with its ability to understand complex queries.

Cybersecurity

Cybersecurity Authentication Communications Privacy

Recently discovered IceFire Ransomware now also targets Linux systems

Security Affairs

MARCH 9, 2023

In an attack observed by the experts, the ransomware successfully encrypted a CentOS host running a vulnerable version of IBM Aspera Faspex file server software. The ransomware encrypts files and appends the “.ifire” IceFire doesn’t encrypt the files with “.sh” IceFire doesn’t encrypt the files with “.sh”

Ransomware

Ransomware Encryption Phishing IT

Spotting RATs: Delphi wrapper makes the analysis harder

Security Affairs

JULY 8, 2019

Experts observed an increase of the malware spreading using less-known archive types as dropper,in particular ISO image.Delphi wrapper makes analysis harder. Technical Analysis. Phishing email content. As expected, the malicious payload is stored in the resource section in encrypted way (probably using a simple XOR-encryption).

File names

File names Encryption Archiving Phishing

YouTube creators’ accounts hijacked with cookie-stealing malware

Security Affairs

OCTOBER 20, 2021

A Cookie Theft malware was employed in phishing attacks against YouTube creators, Google’s Threat Analysis Group (TAG) warns. Financially motivated threat actors are using Cookie Theft malware in phishing attacks against YouTube creators since late 2019. ” reads the analysis published by Google TAG.

Phishing

Phishing Archiving Encryption Authentication

Experts spotted a new undetectable PowerShell Backdoor posing as a Windows update

Security Affairs

OCTOBER 20, 2022

The experts believe the backdoor is distributed as a part of a spear phishing campaign conducted by a sophisticated threat actor. ” reads the analysis published by SafeBreach. The command is encrypted using AES-256 CBC. The analysis of the ID count revealed that the attackers C2 have compromised a total of 70 computers.

Encryption

Encryption Cybersecurity Phishing IT

What is a Cyberattack? Types and Defenses

eSecurity Planet

JUNE 16, 2022

Cyber criminals may damage, destroy, steal, encrypt, expose, or leak data as well as cause harm to a system. Encrypted threats spiked 167%, ransomware increased 105%, and 5.4 In May, cybersecurity researchers revealed that ransomware attacks are increasing their aggressive approach by destroying data instead of encrypting it.

Ransomware

Ransomware Cybersecurity Phishing Encryption

ZINC Hackers Leverage Open-source Software to Lure IT Pros

eSecurity Planet

OCTOBER 3, 2022

The spear phishing campaigns have targeted engineers and technical support operators, and the cybercriminals have pretended to be IT recruiters. Then they moved the conversation away from the platform to encrypted messaging apps like WhatsApp. They used LinkedIn to connect with the victims and gain their trust.

IT

IT Phishing Encryption Archiving

Dark Pink APT targets Govt entities in South Asia

Security Affairs

MARCH 13, 2023

The KamiKakaBot malware spreads via phishing emails that contain a malicious ISO file as an attachment. “The ISO file also contains a decoy Word document that has an XOR-encrypted section. ” reads the analysis published by EclecticIQ. dll), and a decoy Microsoft Word document. . ” concludes the report.

Phishing

Phishing Encryption Military Government

China-linked APT uses a new backdoor in attacks at Russian defense contractor

Security Affairs

APRIL 30, 2021

The state-sponsored hackers sent spear-phishing messages to a general director working at the Rubin Design Bureau , in Saint Petersburg, which is one of three main Russian centers of submarine design. The spear-phishing messages used a malicious Rich Text File (RTF) document that included descriptions of an autonomous underwater vehicle. .

Phishing

Phishing Encryption Security IT

Stayin’ Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?

Security Affairs

OCTOBER 13, 2023

The threat actors leverage spear-phishing emails to deliver archive files utilizing DLL side-loading schemes. ” reads the analysis published by Checkpoint. shell – Sends the computer name in a JSON format encrypted with simple XOR encryption and base64 encoded to the C2.

Government

Government IT Encryption Libraries

Security Affairs newsletter Round 422 by Pierluigi Paganini – International edition

Security Affairs

JUNE 4, 2023

Xplain hack impacted the Swiss cantonal police and Fedpol Zyxel published guidance for protecting devices from ongoing attacks Kimsuky APT poses as journalists and broadcast writers in its attacks New Linux Ransomware BlackSuit is similar to Royal ransomware CISA adds Progress MOVEit Transfer zero-day to its Known Exploited Vulnerabilities catalog (..)

Security

Security Ransomware Phishing Authentication

How situational analysis helps your school become #BreachReady

IT Governance

AUGUST 17, 2018

In this blog, we’ll consider situational analysis, how to assess what’s happening in the school and how to support staff to protect the data in their care. Situational analysis – understand what’s happening now. Introduce device encryption. Training also teaches staff to identify common threats such as phishing emails.

GDPR

GDPR Encryption Data breaches Compliance

Ryuk Ransomware Gang Uses Zerologon Bug for Lightning-Fast Attack

Threatpost

OCTOBER 19, 2020

Researchers said the group was able to move from initial phish to full domain-wide encryption in just five hours.

Phishing

Phishing Encryption Ransomware Security

Anubis Networks is back with new C2 server

Security Affairs

JULY 11, 2022

A large-scale phishing campaign leveraging the Anubis Network is targeting Brazil and Portugal since March 2022. A large-scale phishing campaign is targeting Internet-end users in Brazil and Portugal since March 2022. Figure 1: High-level diagram of the ANUBIS phishing network and its components (2020). The Phishing template.

Phishing

Phishing Access Information Security Encryption

12 Data Loss Prevention Best Practices (+ Real Success Stories)

eSecurity Planet

APRIL 12, 2024

Conduct content analysis to improve safety measures. Customize training materials to address these specific concerns, including data handling protocols, password management , and phishing attempt identification. Encrypt data at rest with encryption algorithms and secure storage techniques.

Encryption

Encryption Risk Data breaches Access

Steganography in targeted attacks on industrial enterprises in Japan and Europe

Security Affairs

MAY 29, 2020

Hackers targeted suppliers of equipment and software for industrial enterprises with spear-phishing messages using malicious Microsoft Office documents. Attackers used PowerShell scripts, as well as various techniques to evade the detection and avoid the analysis of the malware. ” continues the analysis.

Phishing

Phishing Encryption Authentication IT

New Coronavirus-themed attack uses fake WHO chief emails

Security Affairs

MARCH 21, 2020

Day after day the number of Coronavirus-themed attacks increases, fraudsters have launched a phishing campaign to deliver keyloggers on users’ PC. Experts from IBM X-Force have uncovered a new Coronavirus-themed phishing campaign aimed at delivering keyloggers on users’ PC. ” continues the analysis.

Phishing

Phishing Archiving Encryption IT

Lancefly APT uses powerful Merdoor backdoor in attacks on Asian orgs

Security Affairs

MAY 15, 2023

” reads the analysis published by Symantec. The instances of the Merdoor backdoor analyzed by the researchers only differ for the embedded and encrypted configuration, which includes C2 communication method, service details, and the installation directory. pak) containing final payload (Merdoor backdoor).

Encryption

Encryption Phishing Communications Education

Crooks target Healthcare facilities involved in Coronavirus containment with Ransomware

Security Affairs

APRIL 14, 2020

PaloAlto Networks experts warn of malicious Coronavirus themed phishing campaigns targeting government and medical organizations. The attacks against the Canadian healthcare organizations were discovered between March 24 and March 26, they started with coronavirus -themed phishing campaigns that were carried out in the last months.

Ransomware

Ransomware Phishing File names Encryption

New Rook Ransomware borrows code from Babuk

Security Affairs

DECEMBER 25, 2021

The attack chain starts with phishing messages, experts also reported attacks leveraging third-party framework, such as Cobalt Strike, to drop the malware. Upon execution, the Rook ransomware attempts to terminate processes related to security software or other application that could interfere with the encryption process.

Ransomware

Ransomware Encryption Phishing Security

What Is DNS Security? Everything You Need to Know

eSecurity Planet

NOVEMBER 10, 2023

To help clarify DNSSEC, we will explore both the DNSSEC features and benefits and compare it against DNS Security, DNS Crypt, and Encrypted DNS. DNSSEC adds data origin authentication and data integrity protection through the publishing of public encryption keys along with the IP address and URL directory.

Security

Security Encryption Authentication Communications

Crooks use hidden directories of compromised HTTPS sites to deliver malware

Security Affairs

APRIL 2, 2019

Hacked websites were used for several malicious purposes, experts observed compromised WordPress and Joomla websites serving Shade /Troldesh ransomware, coin miners, backdoors, and some times were involved in phishing campaigns. ” reads the analysis from Zscaler. WordPress sites compromised by hackers were running versions 4.8.9

CMS

CMS Phishing Ransomware File names

Brazilian trojan impacting Portuguese users and using the same capabilities seen in other Latin American threats

Security Affairs

MARCH 14, 2022

Although there are no significant differences and sophistication in contrast to other well-known trojans such as Maxtrilha , URSA , and Javali , an analysis of the artifacts and IOCs obtained from this campaign is presented below. The trojan has been disseminated via phishing templates impersonating Tax services in Portugal.

Encryption

Encryption Phishing Communications IT

US govt agencies released a joint alert on the Lockbit 3.0 ransomware

Security Affairs

MARCH 18, 2023

Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing & Analysis Center (MS-ISAC) released a joint advisory that provides indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with the notorious LockBit 3.0

Ransomware

Ransomware Encryption Passwords Cybersecurity

The new maxtrilha trojan is being disseminated and targeting several banks

Security Affairs

SEPTEMBER 12, 2021

A new banking trojan dubbed maxtrilha (due to its encryption key) has been discovered in the last few days and targeting customers of European and South American banks. The campaign has been leveraged by Brazilian criminals’ gangue, who use customized phishing templates to spread the trojan maxtrilha according to the target country.

Communications

Communications Phishing Encryption Access

Astaroth Trojan leverages Facebook and YouTube to avoid detection

Security Affairs

SEPTEMBER 15, 2019

Researchers at Cofense have uncovered a phishing campaign targeting Brazilian citizens with the Astaroth Trojan that uses Facebook and YouTube in the infection process. The attach chain appears to be very complex and starts with phishing messages that come with an.htm file attached. ” reads the analysis published by Cofense.”

Phishing

Phishing Encryption Archiving Security

Iran-linked APT TA453 targets Windows and macOS systems

Security Affairs

JULY 8, 2023

The spear-phishing message appears as a benign conversation lure masquerading as a senior fellow with the Royal United Services Institute (RUSI) to the public media contact for a nuclear security expert at a US-based think tank focused on foreign affairs. ” reads the analysis published by Proofpoint.

Archiving

Archiving Cloud File names Metadata

GO#WEBBFUSCATOR campaign hides malware in NASA’s James Webb Space Telescope image

Security Affairs

AUGUST 31, 2022

The phishing emails contain a Microsoft Office attachment that includes an external reference in its metadata which downloads a malicious template file. ” reads the analysis published by the experts. The binary employs multiple obfuscation techniques to avoid detection and make analysis hard. ” continues the report.

Metadata

Metadata Phishing Encryption IT

Most Organizations Do DMARC Wrong. Here’s How to Do It Right.

eSecurity Planet

AUGUST 8, 2022

Without the more restrictive enforcement policy, organizations place an unnecessary burden on email security applications and increase the likelihood of a phishing attack successfully impersonating a brand. Barracuda notes that attackers use brand impersonation in more than 80% of spear-phishing attacks. What is DMARC? What is SPF?

IT

IT Phishing Authentication Encryption

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

M]uch of InfoSec management falls back on employee training and avoiding employee error – particularly with respect to phishing , spear phishing, and encryption lapses.”. A] lot of companies [still] do the compliance auditing and analysis piece manually,” said Luria. The result is arguably a perverse jumble of priorities.

Data Privacy

Data Privacy Compliance Privacy Security

Group-IB detects a series of ransomware attacks by OldGremlin

Security Affairs

SEPTEMBER 23, 2020

The operators use a suite of custom tools with the ultimate goal of encrypting files in the infected system and holding it for a ransom of about $50,000. As the initial vector of their attacks, OldGremlin use spear phishing emails, to which the group adopted creative approach. Up-to-date phishing. Unsought invoice.

Ransomware

Ransomware Phishing Encryption Authentication

Phishing, the campaigns that are targeting Italy

A new phishing scam targets American Express cardholders

Webinars

Trending Sources

Catches of the Month: Phishing Scams for April 2023

Webinars

iNSYNQ Ransom Attack Began With Phishing Email

Researchers Quietly Cracked Zeppelin Ransomware Keys

Phishing attacks using the topic “Azovstal” targets entities in Ukraine

Caffeine, a new Phishing-as-a-Service toolkit available in the underground

Phishing Campaign Used Morse Code to Evade Detection: Microsoft

Exclusive: Welcome “Frappo” – Resecurity identified a new Phishing-as-a-Service

DeathRansom ransomware evolves encrypting files, but experts identified its author

StrelaStealer targeted over 100 organizations across the EU and US

ScrubCrypt used to drop VenomRAT along with many malicious plugins

Phishing campaign targets LATAM e-commerce users with Chaes Malware

GUEST ESSAY: Everything you should know about the cybersecurity vulnerabilities of AI chatbots

Recently discovered IceFire Ransomware now also targets Linux systems

Spotting RATs: Delphi wrapper makes the analysis harder

YouTube creators’ accounts hijacked with cookie-stealing malware

Experts spotted a new undetectable PowerShell Backdoor posing as a Windows update

What is a Cyberattack? Types and Defenses

ZINC Hackers Leverage Open-source Software to Lure IT Pros

Dark Pink APT targets Govt entities in South Asia

China-linked APT uses a new backdoor in attacks at Russian defense contractor

Stayin’ Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?

Security Affairs newsletter Round 422 by Pierluigi Paganini – International edition

How situational analysis helps your school become #BreachReady

Ryuk Ransomware Gang Uses Zerologon Bug for Lightning-Fast Attack

Anubis Networks is back with new C2 server

12 Data Loss Prevention Best Practices (+ Real Success Stories)

Steganography in targeted attacks on industrial enterprises in Japan and Europe

New Coronavirus-themed attack uses fake WHO chief emails

Lancefly APT uses powerful Merdoor backdoor in attacks on Asian orgs

Crooks target Healthcare facilities involved in Coronavirus containment with Ransomware

New Rook Ransomware borrows code from Babuk

What Is DNS Security? Everything You Need to Know

Crooks use hidden directories of compromised HTTPS sites to deliver malware

Brazilian trojan impacting Portuguese users and using the same capabilities seen in other Latin American threats

US govt agencies released a joint alert on the Lockbit 3.0 ransomware

The new maxtrilha trojan is being disseminated and targeting several banks

Astaroth Trojan leverages Facebook and YouTube to avoid detection

Iran-linked APT TA453 targets Windows and macOS systems

GO#WEBBFUSCATOR campaign hides malware in NASA’s James Webb Space Telescope image

Most Organizations Do DMARC Wrong. Here’s How to Do It Right.

Security Compliance & Data Privacy Regulations

Group-IB detects a series of ransomware attacks by OldGremlin

Stay Connected