“These campaigns attempted to deceive recipients into believing they were emailed by large accounting, tax and payroll services firms and carried malicious Microsoft Excel attachments,” IBM’s John Zorabedian, Dr. Martin Steigemann and Ashkan Vila wrote in today’s blog post.
“The size of the spoofed firms suggests the criminals are likely to have some success in snagging individual users and businesses that are customers of these well-known companies.” All three of the sample emails that were analyzed were written in English, indicating that the attackers were targeting victims in the United States.
A new report from Microsoft found that phishing attacks increased 250% over the course of 2018. According to Microsoft’s Security Intelligence Report (SIR) volume 24, attackers have shifted tactics and are now targeting multiple points of attacks within one campaign.
“Hacking is a multi-billion-dollar industry. If it was being run by one company rather than a mix of organized crime syndicates, lone wolves and governments, it would be comparable to a major NASDAQ tech business,” said Colin Bastable, CEO of cybersecurity test and training company Lucy Security.
Alas, malicious actors continue to find success using new tactics, like transitioning from URLs, domains and servers to dispersing emails and hosting phishing forms.
Last month I thought I’d try something new, so I focused on three stories rather than putting together a long list of breaches. It wasn’t a very popular approach.
So the list is back.
I count this month’s total of known leaked records to be 251,286,753. No particular stories stand out this month, but one thing I did notice is that there weren’t as many healthcare breaches as there normally are.
Looking back at the first spam messages sent in the 1800s, Virus Bulletin editor Martijn Grooten said that in the 1980s spam was impolite, in the 1990s it was a nuisance, in the 2000s it was a threat but in the 2010s spam was apparently ‘solved.’
He said that statistics have proved that email spam was “something we could not keep up with no matter how good your spam filter is.”
Grooten said that spam “exists as people like to break the law” and the issue of dealing with unsolicited bulk email remains a challenge as solutions do not work.
He pointed to “solutions” such as only accepting email from people you have previously approved, calling this “unworkable as you would need global approval system, and some sort of PKI.”
However, the number of phishing attacks increased – the Kaspersky Lab anti-phishing system was triggered 246 million times on the computers of Kaspersky Lab users, which is 59% higher than in 2016.
According to Kaspersky Lab’s Spam and Phishing in 2017 report, spammers have shown themselves to be thoughtful actors, instantly monitoring global issues and major events worldwide with one main purpose: to capture and capitalize on their victim’s attention. These cybercriminals have been following a global agenda by using hot topics such as the FIFA World Cup and Bitcoin to fool users and steal their money or personal information in the last 12 months.
In 2017 we saw a slight decrease in spam activities, but spammers haven’t missed any reason to steal users’ personal information, keeping their eyes on what’s happening in the world.
Annual sales on Black Friday and Cyber Monday offer incredible savings opportunities for consumers, but according to Kaspersky Lab these are also peak days for financial phishing attacks.
Kaspersky Lab’s annual review of phishing attacks during the holiday sales season found that consumers are significantly safer on Gray Saturday, when the number of such attacks can decrease by as much as 33%, despite it being a top shopping day.
With US consumers expected to spend an average of $967.13 during the holiday season this year, cyber-criminals will be looking for ways to divert some of that money into their own wallets. Impersonating a retail brand through phishing attacks is one way that cyber-criminals can effectively target consumers during the holiday shopping season.
Traditionally distributed by email, phishing attacks can also lure consumers through web links, ad banners, social media and more.
These attacks aim to persuade people to provide their personal financial data, such as bank account information, credit card details or account passwords, under the assumption that they are dealing with the actual, reputable brand.
According to Kaspersky Lab, Black Friday and Cyber Monday are peak days for financial phishing attacks.
Cyber-criminals start attacking servers newly set up online about an hour after they are switched on, suggests research.
The servers were part of an experiment the BBC asked a security company to carry out to judge the scale and calibre of cyber-attacks that firms face every day.
About 71 minutes after the servers were set up online, they were visited by automated attack tools that scanned them for weaknesses they could exploit, found security firm Cyber Reason.
Once the machines had been found by the bots, they were subjected to a “constant” assault by the attack tools.
The attack bots look for well-known weaknesses in widely used web applications
Thin skin
The servers were accessible online for about 170 hours to form a cyber-attack sampling tool known as a honeypot, said Israel Barak, head of security at Cyber Reason. The servers were given real, public IP addresses and other identifying information that announced their presence online.
“We set out to map the automatic attack activity,” said Mr Barak.
To make them even more realistic, he said, each one was also configured to superficially resemble a legitimate server. Each one could accept requests for webpages, file transfers and secure networking.
After 21 hours, the first booby-trapped phishing email landed in the email inbox for the fake employees, said Mr Barak. It was followed by a steady trickle of messages that sought, in many different ways, to trick people into opening malicious attachments.
Well, this month’s total number of leaked records looked like it was going to be very low, but in fact it’s the highest one we’ve ever done. The discovery of the Onliner spambot has added 711 million records to the list.
August was – relatively speaking – a pretty quiet month. As far as I’m aware, just 4.6 million records were leaked, which is 139 million fewer than in July.
However, while the overall number this month is far lower, there were still plenty of incidents, including quite a few healthcare data breaches – one of which exposed the HIV status of 12,000 people.
When it comes to organizations’ digital defense posture, many enterprise security practitioners are overwhelmed by the scale and tenacity of external digital threats—and they lack confidence in their processes, systems and tools.
That’s according to RiskIQ’s 2017 State of Enterprise Digital Defense Report, which found that an average of 40% of organizations experienced five or more significant security incidents in the past 12 months among most cited external threats: malware, ransomware, phishing, domain and brand abuse, online scams, rogue mobile apps and social impersonation.
Across industries, an average of 35 tools are employed to thwart web, social and mobile threats.
Big brands in banking, retail and consumer goods had the most prevalence of attacks, and digital threat management appears more progressive among organizations in financial services, manufacturing and consumer goods, as expressed by overall expenditure.
68% of respondents express no to modest confidence to manage digital threats
Larger companies felt that they were better able to update control systems and collaborate across departments, perhaps showing the benefits of scale; while smaller companies felt best able to inform others about the status of external attacks, perhaps reflecting the benefits of having a smaller base to worry about.
Although confidence in IT security management appears optimistic, overall survey findings showed a contradiction in efficacy and likely investment compared to where incidents have been most impactful.
About 68% of respondents express no to modest confidence to manage digital threats, and 70% of respondents have no to modest confidence in reducing their digital attack surface, expressing the least confidence in threats against web, brand and ecosystem assessment.
From a vertical perspective, about a quarter (24%) of healthcare and pharmaceutical respondents felt little to no confidence in their ability to assess digital risk.
Security Management gap grows as digital threats outstrip defense capabilities
“While the results were both eye-opening and disturbing, the survey findings and insights should empower corporate leadership and IT security professionals to examine how their organizations are protecting their businesses, customers, and brands, and fortifying digital transformation,” said Martin Veitch, editorial director at IDG Connect, which carried out the research.
The DEFCON conference happened in Las Vegas last week, and roughly 18,000 security researchers, IT professionals and hacking enthusiasts attended, so now feels like as appropriate a time as any to list July’s data breaches and cyber attacks.
This month’s list is rather short, but I calculate the number of known leaked records in the month to be 143,072,758. As always, remember that this number represents events that became apparent, not necessarily those that took place, this month.
Teenagers caught carrying out hacking and cyber-attacks could soon be attending a rehab camp that aims to divert them away from a life of crime.
The first weekend camp for offenders was held in Bristol this month as part of the National Crime Agency‘s (NCA) work with young computer criminals.
Attendees learned about responsible use of cyber-skills and got advice about careers in computer security. If the trial proves successful, it will be rolled out across the UK.
The people picked to attend the residential weekend were known to police because they had been caught carrying out one or more computer crimes, said Ethan Thomas, an operations officer in the NCA’s Prevent team, which engages with young cyber-offenders.
‘Attacks, attacks, attacks’
Many of those attending the rehab weekend first got into trouble hacking their school network.
Hundreds of fledgling cyber-criminals have been contacted by the NCA as part of its Prevent work. Some received letters warning them that their online activity had been spotted and some were visited at home by officers.
The seven young men attending the weekend camp had gone further than many the NCA is aware of. They had either been arrested, visited by officers because they were spotted using tools or techniques that break UK computer misuse laws or been cautioned by police because of offences committed at school.
They had been caught defacing websites, knocking servers offline and carrying out hack attacks that let them take over restricted networks.
Good guidance
Mr Thomas said the idea for the event grew out of an NCA research project that compared the hacking skills of people on both sides of the law.
“It measured up the profiles of different offenders we had and compared it to those of talented people in the industry,” he said. “What we found was that the only sole difference within the stories was that the industry members, at some point, had an intervention.”
Mr Thomas said these pivotal moments in the career of a young person came from different sources – parents, guardians or teachers – but the guidance given demonstrated how effective such an intervention could be.
“The skills are so transferable with this crime type,” he said. “If you have good cyber-skills there are many, many qualifications you can take.”
He said the people who took part in the weekend would be monitored to see how their experience changed them. The NCA said it was planning to introduce similar weekends across the UK if they proved to be able to set young malicious hackers on the straight and narrow.
