Think you’re not susceptible to phishing? Think again

IT Governance

On average, one in ten emails is a phishing scam. Very few respondents said they were likely to be lured by the most common pitfalls of phishing scams: Urgency: 10.7%. How does phishing work? >> These weren’t the only types of phishing scam that proved successful, though.

5 ways to detect a phishing email – with examples

IT Governance

Phishing is one of the most longstanding and dangerous methods of cyber crime. Despite what people think they know about phishing, they consistently fall victim. According to Verizon’s 2019 Data Breach Investigations Report , 32% of all cyber attacks involved phishing.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

BEST PRACTICES: Mock phishing attacks prep employees to avoid being socially engineered

The Last Watchdog

Social engineering, especially phishing, continues to trigger the vast majority of breach attempts. Lucy’s’s software allows companies to easily set-up customizable mock attacks to test employees’ readiness to avoid phishing, ransomware and other attacks with a social engineering component.

Phishing emails and malicious attachments responsible for 34% of cyber attacks

IT Governance

A recent F-Secure report has found that phishing emails (16%) and malicious attachments (18%) together accounted for 34% of cyber attacks. Financial and manufacturing organisations were equally affected by both.

Experts devised advanced SMS phishing attacks against modern Android-based phones

Security Affairs

Experts warn of advanced phishing attacks in certain modern Android-based phones that can trick users into accepting new malicious phone settings. The issue affects several modern Android-based phones, including devices manufactured by Samsung, Huawei, LG and Sony.

How Microsoft Word “Protected View” Stops Information Leaks

Perficient Data & Analytics

Someone engaging in spear phishing could employ Word-based web trackers to learn more about the type of desktop computer and operating system a target is using, helping the spear phisher tune his or her strategy for further attack.

LokiBot info stealer involved in a targeted attack on a US Company

Security Affairs

Security researchers at Fortinet uncovered a malspam campaign aimed distributing the LokiBot malware at a US manufacturing company. FortiGuard SE Team experts uncovered a malspam campaign aimed distributing the LokiBot malware at a US manufacturing company. manufacturing company.

Cyber mercenaries and insiders hired by Chinese intelligence to hack aerospace and tech firms

Security Affairs

The turbofan engine was manufactured by a French aerospace company, which also had offices in the Jiangsu province with a U.S.-based ” The Chinese spies also targeted companies involved in the manufacturing of components for the jet engine, including US-based firms.

Ransomware at IT Services Provider Synoptek

Krebs on Security

based Synoptek is a managed service provider that maintains a variety of cloud-based services for more than 1,100 customers across a broad spectrum of industries , including state and local governments, financial services, healthcare, manufacturing, media, retail and software.

The Growing Presence (and Security Risks) of IoT

Thales eSecurity

In the absence of IoT security regulations, many smart product manufacturers simply release new devices that lack built-in security measures and have not undergone proper security review and testing. Take manufacturing, for instance.

IoT 127

The Unsexy Threat to Election Security

Krebs on Security

The report notes that concerns about the security of these channels is hardly theoretical: In 2010, intruders hijacked ACRE’s election results Web page, and in 2016, cyber thieves successfully breached several county employee email accounts in a spear-phishing attack.

A Year Later, Cybercrime Groups Still Rampant on Facebook

Krebs on Security

Researchers at Cisco Talos discovered the groups using the same sophisticated methods I employed last year — running a search on Facebook.com for terms unambiguously tied to fraud, such as “spam” and “phishing.”

Using the Human Factor in Cyber Attacks

Security Affairs

When implementing a security tool within a company, it is necessary to pay attention to some points that go beyond the implementation project, some of these points are maintenance and updating of the tool following the good practices of the manufacturer.

Experts found 36 vulnerabilities in the LTE protocol

Security Affairs

An attacker could target either the network (remote de-registration of the victim device, SMS phishing) or the victim device (forcing the device to connect to a rogue LTE network). The experts also discovered vulnerabilities in baseband chipsets manufactured by Qualcomm and HiSilicon.

Hackers Breached Virginia Bank Twice in Eight Months, Stole $2.4M

Krebs on Security

Hackers used phishing emails to break into a Virginia bank in two separate cyber intrusions over an eight-month period, making off with more than $2.4

APT40 cyberespionage group supporting growth of China’s naval sector

Security Affairs

“[In 2017] APT40 was observed masquerading as a UUV manufacturer, and targeting universities engaged in naval research.

DHS issued an alert on attacks aimed at Managed Service Providers

Security Affairs

critical infrastructure sectors, including Information Technology (IT), Energy, Healthcare and Public Health, Communications, and Critical Manufacturing.”

New TA2101 threat actor poses as government agencies to distribute malware

Security Affairs

The phishing campaigns delivering malicious attachments were observed since the end of October. A new threat actor tracked as TA2101 is conducting malware campaigns using email to impersonate government agencies in the United States, Germany, and Italy.

US DoJ indicts Chinese hackers over state-sponsored cyber espionage

Security Affairs

In July 2018, FireEye observed a series of new attacks of the group leveraging spear-phishing emails using weaponized Word documents that attempt to deliver the UPPERCUT backdoor, also tracked as ANEL. The US Department of Justice charged two Chinese hackers for hacking numerous companies and government agencies in a dozen countries, US Indicts Two Chinese Government Hackers Over Global Hacking Campaign.

GhostDNS malware already infected over 100K+ devices and targets 70+ different types of home routers

Security Affairs

Attackers have already hijacked over 100,000 home routers, the malicious code allows to modify DNS settings to hijack the traffic and redirect users to phishing websites. Shell DNSChanger is written in the Shell programming language and combines 25 Shell scripts that allow the malware to carry out brute-force attacks on routers or firmware packages from 21 different manufacturers.

List of data breaches and cyber attacks in July 2018 – 139,731,894 million records leaked

IT Governance

Clark University notifies students of phishing incident. Tennessee hospice notifying patients whose information was accessed after employees fell for phishing attacks. Lake Oswego School District warns students about phishing email after employee account hacked.

Group-IB presented latest cybercrime and nation-state hacking trends in Asia

Security Affairs

The threats that are notable for the Asian region are represented by a significant number of attacks aimed at manufacturing of chips, microprocessors and system control boards of different IT vendors, whose principal manufacturing operations are located in Asia. To infiltrate critical infrastructure networks hackers will continue to use phishing as one of their main tools, but the focus of attacks might shift to vulnerable network equipment connecting the network to the Internet.

MY TAKE: Massive Marriott breach continues seemingly endless run of successful hacks

The Last Watchdog

Customer-facing commerce and financial institutions seeking to thwart credential stuffing are increasingly seeking to migrate beyond PII authentication to more advanced methods that do not require the user to know, manufacture or receive and manually enter a verification factor, in order to eliminate the ability for bad actors to guess, phish, credential-stuff, socially engineer, mimic or capture their way into the network.

Everteam Solutions for Enhanced Cyber Security

Everteam

Below are some common cyber threats: Malware: A malicious software performs activities on the attacked device without the owner’s knowledge, these activities might include stealing, encrypting or deleting sensitive data, Phishing: A cyberattack with devastating results, phishing is a type of social engineering attack used often to steal someone’s data, including login credentials and credit card numbers, which allows the attackers to perform unauthorized purchases, stealing funds and identities.

GreyEnergy: Welcome to 2019

Security Affairs

It typically spreads through two different vectors: perimeter breach, for instance compromising company’s websites; spear-phishing emails and malicious attachments. The remote destination ends to the 217.12.204.100 IP address, owned by an Ukrainian contractor and manufacturer company.

Username (and password) free login with security keys

Imperial Violet

This is an effective defense against phishing, phone number takeover, etc. Of course, there are other manufacturers who make security keys and, if it advertises “CTAP2” support, there's a good chance that it'll work too.

Weekly podcast: Meltdown and Spectre SCADA problems, Apple text bomb and WEF cyber risks

IT Governance

US ICS-CERT provides links to a number of advisories from industrial-equipment manufacturers, including ABB, Rockwell and Siemens. Test and patch as soon as you can – and beware of phishing scams.

U.S. Blames Russia for Cyber Attacks on Energy Infrastructure

Hunton Privacy

critical infrastructure sectors, including “organizations in the energy, nuclear, commercial facilities, water, aviation and critical manufacturing sectors.”. The attacks involved the Russian government gaining remote access to energy sector networks and other intended targets via malware and spear phishing of “staging targets” that had preexisting relationships with the intended targets.

Cobalt crime gang is using again CobInt malware in attacks on former soviet states

Security Affairs

Cobalt crime gang has been active since at least 2016, it targeted banks worldwide, the group leveraged spear-phishing emails to compromise target systems, spoofed emails from financial institutions or a financial supplier/partner.

Spotting RATs: Delphi wrapper makes the analysis harder

Security Affairs

Recently, our monitoring operations discovered an interesting attack wave leveraging this technique, especially due to the particular impersonification the attacker was trying: he/they was mimicking an important Italian Manufacturing company. Phishing email content.

OCR Provides Insight into Enforcement Priorities and Breach Trends

HL Chronicle of Data Protection

Severino specifically recommended that organizations “really consider” testing employees about phishing, describing such training as “almost becoming standard,” and that organizations “really consider two-factor authentication.”

Too Much Holiday Cheer? Here’s Something to Fear: Cybersecurity Predictions for 2020

Adam Levin

As long as humans are well……human, phishing attacks will lead to ransomware infecting more and more networks, and businesses, municipalities and other organizations will continue to pay whatever they must in order to regain control of their data and systems. Unfortunately, many are not secure because they are protected by nothing more than manufacturer default passwords readily available online.

Managing Digital Security as Risk and Complexity Rise

Thales eSecurity

billion worth of academic research by performing a phishing scam on university professors.” Enterprises in finance, government, manufacturing and technology use the data security foundation Thales e-Security provides for digital transformation security of their organizations.

Risk 62

Zero-knowledge attestation

Imperial Violet

Security Keys”) are a solid contender for doing something about the effectiveness of phishing and so I believe they're pretty important. With support for only a single level of signatures, manufacturers would have to publish their intermediates too. U2F/FIDO tokens (a.k.a.

How not to respond to cyber threats

IT Governance

Incidents like this are far from rare, with toy manufacturer Spiral Toys providing another example. For example, your priorities and course of action will be substantially different when hit by a phishing attack as opposed to, say, a power outage.

DHS And FBI Issue Joint Warning – Hackers Have Targeted Critical Sector Industries Since March 2016

Privacy and Cybersecurity Law

government entities and organizations in the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors since at least March 2016. ” The joint alert identifies a variety of tactics used by the threat actors, including spear-phishing campaigns, watering-hole domain attacks, and collecting publicly available information: Spear-Phishing.

Weekly podcast: National Lottery, Russian cyber warfare and Cambridge Analytica

IT Governance

And the US has accused Russia of launching cyber attacks on its government agencies and “organizations in the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors”.

Security Keys

Imperial Violet

These, if used correctly, can also solve the password reuse problem and significantly help with phishing, since passwords will not be auto-filled on the wrong site. The FIDO Alliance is a group of major relying parties, secure token manufacturers, and others which defines many of the standards around Security Keys. A phishing site will operate on a look-alike domain, but when the browser hashes that domain, the result will be different. Introduction.

Treating cybersecurity like workplace safety

CGI

When I worked with a major global chemical manufacturer, every meeting began with a PowerPoint presentation on safety, highlighting the importance of the topic. Treating cybersecurity like workplace safety. premanath.puch…. Fri, 07/06/2018 - 00:40.

Treating cybersecurity like workplace safety

CGI

When I worked with a major global chemical manufacturer, every meeting began with a PowerPoint presentation on safety, highlighting the importance of the topic. Conduct unannounced phishing exercises to test how susceptible your organization is to an attack (and train your employees to spot fake email messages!). Treating cybersecurity like workplace safety. pallavi.m@cgi.com. Tue, 05/15/2018 - 04:16.