Government, IT, Manufacturing and Phishing - Information Management Today

Catches of the Month: Phishing Scams for October 2023

IT Governance

OCTOBER 13, 2023

Given the huge proportion of cyber attacks that rely on phishing to gain a foothold in victims’ systems, it’s hardly surprising that one of the four ways of staying safe online advocated by the US campaign is recognising and reporting phishing. You can find everything you might want to know about phishing on our website.

Phishing

Phishing Financial Services Manufacturing Personal data

Ransomware at IT Services Provider Synoptek

Krebs on Security

DECEMBER 27, 2019

based Synoptek is a managed service provider that maintains a variety of cloud-based services for more than 1,100 customers across a broad spectrum of industries , including state and local governments, financial services, healthcare, manufacturing, media, retail and software. A now-deleted Tweet from Synoptek on Dec.

Ransomware

Ransomware IT Phishing Financial Services

Catches of the month: Phishing scams for July 2021

IT Governance

JULY 7, 2021

Welcome to July’s review of phishing scams, in which we look at criminals’ latest tactics and provide examples of successful frauds. The number of officially reported HMRC-branded phishing scams increased from 572,029 in the 2019–2020 fiscal year to 1,069,522 in 2020–2021, according to data obtained under the Freedom of Information Act.

Phishing

Phishing Manufacturing Insurance Data breaches

Facebook links cyberespionage group APT32 to Vietnamese IT firm

Security Affairs

DECEMBER 11, 2020

The APT32 group has been active since at least 2012, it has targeted organizations across multiple industries and foreign governments, dissidents, and journalists. Threat actors were contacting people of interest with romantic lures, they set up pages that were specifically designed to target followers with malware and phishing attacks.

Agriculture

Agriculture IT Retail Manufacturing

COVID-19 Has United Cybersecurity Experts, But Will That Unity Survive the Pandemic?

Krebs on Security

APRIL 15, 2020

“The group is also using its web of contacts in internet infrastructure providers to squash garden-variety phishing attacks and another financial crime that is using the fear of COVID-19 or the desire for information on it to trick regular internet users,” wrote Reuters’ Joe Menn.

Cybersecurity

Cybersecurity Phishing Government Ransomware

US indicted 4 Russian government employees for attacks on critical infrastructure

Security Affairs

MARCH 25, 2022

has indicted four Russian government employees for their involvement in attacks on entities in critical infrastructure. has indicted four Russian government employees for their role in cyberattacks targeting hundreds of companies and organizations in the energy sector worldwide between 2012 and 2018. ” continues the DoJ.

Energy and Utilities

Energy and Utilities Government Cybersecurity Military

Think you’re not susceptible to phishing? Think again

IT Governance

JUNE 11, 2019

On average, one in ten emails is a phishing scam. Very few respondents said they were likely to be lured by the most common pitfalls of phishing scams: Urgency: 10.7%. To see whether respondents really weren’t tempted by such scams, PhishMe sent them a series of simulated phishing emails. How does phishing work? >>

Phishing

Phishing Insurance Manufacturing Government

Ferrari Hits a Roadblock as Cyber Criminals Hold it to Ransom

IT Governance

MARCH 23, 2023

The supercar manufacturer said that its systems were compromised and that customer data has been stolen. And now that criminals have their names and contact details, you imagine they will be a prime target for phishing attacks and other scams. Ferrari is racing to contain the damage after it was targeted by cyber criminals this week.

IT

IT Manufacturing Personal data Phishing

China-linked APT Curious Gorge targeted Russian govt agencies

Security Affairs

MAY 3, 2022

China-linked Curious Gorge APT is targeting Russian government agencies, Google Threat Analysis Group (TAG) warns. Google Threat Analysis Group (TAG) reported that an APT group linked to China’s People’s Liberation Army Strategic Support Force (PLA SSF), tracked as Curious Gorge , is targeting Russian government agencies.

Manufacturing

Manufacturing Phishing Passwords Military

D-Link confirms data breach, but downplayed the impact

Security Affairs

OCTOBER 18, 2023

Taiwanese manufacturer D-Link confirmed a data breach after a threat actor offered for sale on BreachForums stolen data. The stolen data includes information for many Taiwanese government officials, as well as the CEOs and employees of the company. . D-Link pointed out that the incident did not impact its operations.

Data breaches

Data breaches Sales Phishing Manufacturing

APT29 is targeting Ministries of Foreign Affairs of NATO-aligned countries

Security Affairs

AUGUST 17, 2023

Russia-linked APT29 used the Zulip Chat App in attacks aimed at ministries of foreign affairs of NATO-aligned countries EclecticIQ researchers uncovered an ongoing spear-phishing campaign conducted by Russia-linked threat actors targeting Ministries of Foreign Affairs of NATO-aligned countries. ” concludes the report.

Phishing

Phishing Manufacturing Government Authentication

5 ways to detect a phishing email – with examples

IT Governance

JUNE 6, 2019

Phishing is one of the most longstanding and dangerous methods of cyber crime. Despite what people think they know about phishing, they consistently fall victim. According to Verizon’s 2019 Data Breach Investigations Report , 32% of all cyber attacks involved phishing. The message is sent from a public email domain.

Phishing

Phishing IT Communications Access

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs

FEBRUARY 28, 2024

“As early as 2022, APT28 actors had utilized compromised EdgeRouters to facilitate covert cyber operations against governments, militaries, and organizations around the world.” and foreign governments and military, security, and corporate organizations. ” reads the joint report.

Energy and Utilities

Energy and Utilities Military Government Phishing

Microsoft seized 41 domains used by Iran-linked Bohrium APT

Security Affairs

JUNE 6, 2022

Microsoft’s Digital Crimes Unit (DCU) announced the seizure of domains used by Iran-linked APT Bohrium in spear-phishing campaigns. Microsoft’s Digital Crimes Unit (DCU) announced to have taken legal action to disrupt a spear-phishing operation linked to Iran-linked APT Bohrium. Middle East, and India.

Phishing

Phishing Manufacturing Education Cybersecurity

The City of Durham shut down its network after Ryuk Ransomware attack

Security Affairs

MARCH 8, 2020

According to the local media, the City of Durham was hit with a phishing attack aimed at delivering the Ryuk Ransomware on the victims’ systems. The City of Durham, North Carolina, was the last victim in order of time of the infamous Ryuk ransomware that infected its systems. 911 calls, though, are being answered.”

Ransomware

Ransomware IT Computer and Electronics Mining

FBI and CISA warn of attacks by Rhysida ransomware gang

Security Affairs

NOVEMBER 15, 2023

The ransomware gang hit organizations in multiple industries, including the education, healthcare, manufacturing, information technology, and government sectors. According to the advisory, the threat actors have been observed exploiting Zerologon ( CVE-2020-1472 ) in Microsoft’s Netlogon Remote Protocol in phishing attempts.

Ransomware

Ransomware Manufacturing Education Passwords

Hackers target German Task Force for COVID-19 PPE procurement

Security Affairs

JUNE 9, 2020

Hackers are targeting executives of a German multinational corporation involved in the government supply of personal protective equipment (PPE) against COVID-19. Hackers are targeting executives of a German multinational corporation involved in the government supply of personal protective equipment (PPE).

Phishing

Phishing Healthcare Manufacturing Government

Elections 2024, artificial intelligence could upset world balances

Security Affairs

DECEMBER 27, 2023

Governments should recognize electoral processes as critical infrastructure and enact laws to regulate the use of generative Artificial Intelligence. Various state actors will attempt to interfere with voting operations by supporting candidates whose policies align with the interests of their governments.

Artificial Intelligence

Artificial Intelligence Government Manufacturing IT

Balikbayan Foxes group spoofs Philippine gov to spread RATs

Security Affairs

NOVEMBER 1, 2021

Experts uncovered a new threat actor, tracked as Balikbayan Foxes, that is impersonating the Philippine government to spread malware. . The group focuses on Shipping/Logistics, Manufacturing, Business Services, Pharmaceutical, and Energy entities, among others. ” reads the analysis published by the experts. .

Healthcare

Healthcare Phishing Manufacturing Government

Defense contractor Belcan leaks admin password with a list of flaws

Security Affairs

AUGUST 22, 2023

US Government and defense contractor Belcan left its super admin credentials open to the public, Cybernews research team reveals. Belcan is a government, defense, and aerospace contractor offering global design, software, manufacturing, supply chain, information technology, and digital engineering solutions.

Passwords

Passwords Military Manufacturing Analytics

Grandoreiro banking malware targets Mexico and Spain

Security Affairs

AUGUST 21, 2022

The campaign began in June 2022 and is still ongoing, the attacks hit organizations in multiple industries, such as Automotive, Chemicals Manufacturing, and others. ” reads the post published by Zscaler. ” reads the post published by Zscaler.

Archiving

Archiving Phishing Communications Manufacturing

New TA2101 threat actor poses as government agencies to distribute malware

Security Affairs

NOVEMBER 15, 2019

A new threat actor tracked as TA2101 is conducting malware campaigns using email to impersonate government agencies in the United States, Germany, and Italy. The phishing campaigns delivering malicious attachments were observed since the end of October. . Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Government

Government Ransomware Manufacturing Phishing

Researchers found alleged sensitive documents of NATO and Turkey

Security Affairs

OCTOBER 12, 2020

Researchers from the US-based firm Cyble recently came across a post shared by an unknown threat actor that goes online with the moniker Spectre123, where he has allegedly leaked the sensitive documents of NATO and Havelsan (Turkish Military/defence manufacturer). ” reads the post published by Cyble.

Military

Military Manufacturing Phishing Government

Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition

Security Affairs

OCTOBER 1, 2023

million newborns and pregnancy care patients Xenomorph malware is back after months of hiatus and expands the list of targets Smishing Triad Stretches Its Tentacles into the United Arab Emirates Crooks stole $200 million worth of assets from Mixin Network A phishing campaign targets Ukrainian military entities with drone manual lures Alert!

Artificial Intelligence

Artificial Intelligence Security Ransomware Data breaches

Microsoft seized 42 domains used by the China-linked APT15 cyberespionage group

Security Affairs

DECEMBER 7, 2021

APT15 has been active since at least 2010, it conducted cyber espionage campaigns against targets worldwide in several industries, including defense, high tech, energy, government, aerospace, and manufacturing. ” reads the post published by Microsoft. Follow me on Twitter: @securityaffairs and Facebook.

Manufacturing

Manufacturing Phishing Government Security

Cuba Ransomware received over $60M in Ransom payments as of August 2022

Security Affairs

DECEMBER 2, 2022

Dollars (USD) and received more than $60 million in ransom payments from over 100 victims worldwide as of August 2022, the US government states. entities Financial Services, Government Facilities, Healthcare and Public Health, Critical Manufacturing, and Information Technology. ” reads the report.

Ransomware

Ransomware Financial Services Manufacturing Phishing

The Scammers’ Playbook: How Cybercriminals Get Ahold of Your Data

eSecurity Planet

SEPTEMBER 14, 2022

As a matter of fact, the most-reported crime in the 2021 Internet Crime Report report was phishing , a social engineering scam wherein the victim receives a deceptive message from someone in an attempt to get the victim to reveal personal information or account credentials or to trick them into downloading malware. Here’s How to Do It Right.

Energy and Utilities

Energy and Utilities Phishing Blockchain Cybersecurity

North Korea compromised Russian missile engineering firm NPO Mashinostroyeniya

Security Affairs

AUGUST 7, 2023

NPO Mashinostroyeniya (JSC MIC Mashinostroyenia, NPO Mash) is a leading Russian manufacturer of missiles and military spacecraft. Treasury Department in July 2014 due to its support to the Russian government in attempting of destabilizing eastern Ukraine and its ongoing occupation of Crimea. The Russian firm was sanctioned by the U.S.

Military

Military Communications Manufacturing Phishing

Security Affairs newsletter Round 357 by Pierluigi Paganini

Security Affairs

MARCH 13, 2022

Is it fake news? CVE-2022-0492 flaw in Linux Kernel cgroups feature allows container escape Charities and NGOs providing support in Ukraine hit by malware. Follow me on Twitter: @securityaffairs and Facebook.

Security

Security Data breaches Ransomware Manufacturing

UNC2529, a new sophisticated cybercrime gang that targets U.S. orgs with 3 malware

Security Affairs

MAY 5, 2021

The group targeted the organization with phishing attacks aimed at spreading at least three new sophisticated malware strains. The phishing messages include links to a malicious website that serves the malware, experts pointed out that the emails had subject lines that were customized for each targeted organization.

Manufacturing

Manufacturing Phishing Military Retail

List of Data Breaches and Cyber Attacks in February 2023 – 29.5 Million Records Breached

IT Governance

MARCH 1, 2023

IT Governance is dedicated to helping organisations tackle the threat of cyber crime and other information security weaknesses. Our research identified 106 publicly disclosed incidents accounting for 29,582,356 breached records this month.

Data breaches

Data breaches Ransomware e-Delivery Government

Multinational ICICI Bank leaks passports and credit card numbers

Security Affairs

APRIL 20, 2023

In 2022, the ICICI Bank’s resources were named a “critical information infrastructure” by the Indian government – any harm to it can impact national security. Last year, with a total share of 18% of all cyberattacks, it was the second most targeted industry, following manufacturing. million files belonging to ICICI Bank.

Personal data

Personal data Phishing Risk Financial Services

APT32 state hackers target human rights defenders with spyware

Security Affairs

FEBRUARY 24, 2021

“Amnesty Tech’s Security Lab found technical evidence in phishing emails sent to two prominent Vietnamese human rights defenders, one of whom lives in Germany, and a Vietnamese NGO based in the Philippines, showing that Ocean Lotus is responsible for the attacks between 2018 and November 2020.”

Phishing

Phishing Manufacturing Government Privacy

List of data breaches and cyber attacks in June 2020 – 7 billion records breached

IT Governance

JULY 1, 2020

University of Utah Health notifies patients of phishing attack (unknown). Phishing scam targets German coronavirus task force (100+). Florence, AL, government hit by cyber attack (unknown). com impersonated in year-long phishing attack (unknown). Australian government bombarded by cyber attacks (unknown).

Data breaches

Data breaches Ransomware Retail Personal data

Cuba ransomware gang hacked 49 US critical infrastructure organizations

Security Affairs

DECEMBER 4, 2021

. “The FBI has identified, as of early November 2021 that Cuba ransomware actors have compromised at least 49 entities in five critical infrastructure sectors, including but not limited to the financial, government, healthcare, manufacturing, and information technology sectors.”

Ransomware

Ransomware Encryption Communications Manufacturing

Kraken fileless attack technique abuses Microsoft Windows Error Reporting (WER)

Security Affairs

OCTOBER 7, 2020

The threat actor that employed the Kraken technique, likely an APT group, launched a phishing attack that used messages with a.ZIP file attachment. The APT32 group has been active since at least 2012, it has targeted organizations across multiple industries and foreign governments, dissidents, and journalists.

Phishing

Phishing Manufacturing Archiving Government

TrickGate, a packer used by malware to evade detection since 2016

Security Affairs

JANUARY 31, 2023

The attack chain observed by the experts can vary significantly, but in most cases, threat actors used phishing messages with malicious attachments or malicious links. The TrickGate packer was primarily used in attacks aimed at the manufacturing sector, and other attacks aimed at the education, healthcare, government, and finance industries.

Manufacturing

Manufacturing Archiving Education Phishing

List of Data Breaches and Cyber Attacks in March 2023 – 41.9 Million Records Breached

IT Governance

APRIL 3, 2023

The most concerning aspect of this breach is that Latitude Financial originally reported that only 300,000 people had been affected. This suggests that it had a poor understanding of the attack and rushed to disclose the breach. Until recently, these details were coming from GoAnywhere or its parent company, Fortra, but individual victims.

Data breaches

Data breaches Ransomware Phishing Government

Top 10 Governance, Risk and Compliance (GRC) Vendors

eSecurity Planet

JANUARY 21, 2021

Governance, risk, and compliance (GRC) software helps businesses manage all of the necessary documentation and processes for ensuring maximum productivity and preparedness. Third-party governance. IT governance and security. The RSA Archer Suite can be customized for organizations of all sizes and industries. Audit management.

Compliance

Compliance Risk Government Retail

The U.S. CISA and FBI warn of Royal ransomware operation

Security Affairs

MARCH 3, 2023

According to government experts, the Royal ransomware attacks targeted numerous critical infrastructure sectors including, manufacturing, communications, healthcare and public healthcare (HPH), and education. ” reads the alert. The malware changes the extension of the encrypted files to ‘.royal’.

Ransomware

Ransomware Encryption Cybersecurity Communications

Group-IB detects a series of ransomware attacks by OldGremlin

Security Affairs

SEPTEMBER 23, 2020

Since March, the attackers have been trying to conduct multistage attacks on large corporate networks of medical labs, banks, manufacturers, and software developers in Russia. As the initial vector of their attacks, OldGremlin use spear phishing emails, to which the group adopted creative approach. Up-to-date phishing.

Ransomware

Ransomware Phishing Encryption Authentication

Security Affairs newsletter Round 282

Security Affairs

SEPTEMBER 20, 2020

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Security

Security Ransomware Data breaches Manufacturing

Ranzy Locker ransomware hit tens of US companies in 2021

Security Affairs

OCTOBER 26, 2021

The victims include the construction subsector of the critical manufacturing sector, the academia subsector of the government facilities sector, the information technology sector, and the transportation sector.” ” reads the flash alert.

Ransomware

Ransomware Manufacturing Access Phishing

Vietnam-linked APT32 group launches COVID-19-themed attacks against China

Security Affairs

APRIL 23, 2020

The APT32 group has been active since at least 2012, it has targeted organizations across multiple industries and foreign governments, dissidents, and journalists. Since at least 2014, experts at FireEye have observed APT32 targeting foreign corporations with an interest in Vietnam’s manufacturing, consumer products, and hospitality sectors.

Phishing

Phishing Government Manufacturing Cybersecurity

Catches of the Month: Phishing Scams for October 2023

Ransomware at IT Services Provider Synoptek

Trending Sources

Catches of the month: Phishing scams for July 2021

Facebook links cyberespionage group APT32 to Vietnamese IT firm

COVID-19 Has United Cybersecurity Experts, But Will That Unity Survive the Pandemic?

US indicted 4 Russian government employees for attacks on critical infrastructure

Think you’re not susceptible to phishing? Think again

Ferrari Hits a Roadblock as Cyber Criminals Hold it to Ransom

China-linked APT Curious Gorge targeted Russian govt agencies

D-Link confirms data breach, but downplayed the impact

APT29 is targeting Ministries of Foreign Affairs of NATO-aligned countries

5 ways to detect a phishing email – with examples

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Microsoft seized 41 domains used by Iran-linked Bohrium APT

The City of Durham shut down its network after Ryuk Ransomware attack

FBI and CISA warn of attacks by Rhysida ransomware gang

Hackers target German Task Force for COVID-19 PPE procurement

Elections 2024, artificial intelligence could upset world balances

Balikbayan Foxes group spoofs Philippine gov to spread RATs

Defense contractor Belcan leaks admin password with a list of flaws

Grandoreiro banking malware targets Mexico and Spain

New TA2101 threat actor poses as government agencies to distribute malware

Researchers found alleged sensitive documents of NATO and Turkey

Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition

Microsoft seized 42 domains used by the China-linked APT15 cyberespionage group

Cuba Ransomware received over $60M in Ransom payments as of August 2022

The Scammers’ Playbook: How Cybercriminals Get Ahold of Your Data

North Korea compromised Russian missile engineering firm NPO Mashinostroyeniya

Security Affairs newsletter Round 357 by Pierluigi Paganini

UNC2529, a new sophisticated cybercrime gang that targets U.S. orgs with 3 malware

List of Data Breaches and Cyber Attacks in February 2023 – 29.5 Million Records Breached

Multinational ICICI Bank leaks passports and credit card numbers

APT32 state hackers target human rights defenders with spyware

List of data breaches and cyber attacks in June 2020 ­– 7 billion records breached

Cuba ransomware gang hacked 49 US critical infrastructure organizations

Kraken fileless attack technique abuses Microsoft Windows Error Reporting (WER)

TrickGate, a packer used by malware to evade detection since 2016

List of Data Breaches and Cyber Attacks in March 2023 – 41.9 Million Records Breached

Top 10 Governance, Risk and Compliance (GRC) Vendors

The U.S. CISA and FBI warn of Royal ransomware operation

Group-IB detects a series of ransomware attacks by OldGremlin

Security Affairs newsletter Round 282

Ranzy Locker ransomware hit tens of US companies in 2021

Vietnam-linked APT32 group launches COVID-19-themed attacks against China

Stay Connected

List of data breaches and cyber attacks in June 2020 – 7 billion records breached