Anti-Phishing, DMARC

Blog

Ransomware Danger: Russian-Speaking Gang Targets Russians

Mathew J. Schwartz • September 23, 2020

Russian criminals operating online who want to stay out of jail need only to follow a few simple rules, the primary one being: Never target Russians. So it's surprising that security researchers have uncovered a new ransomware-wielding gang of Russian speakers that includes Russian victims on its hit list.

Whitepaper

Industry Cyber-Exposure Report: Deutsche Börse Prime Standard 320

August 25, 2020

In the face of growing cybersecurity threats, it is increasingly important to measure the cost and concentration of "exposure." Having an accurate view of the resilience of organizations and industries against cyber-attacks can help target efforts to reduce exposure to the sectors that need it most and enhance...

Article

SANS Institute Sees Its Breach as Teachable Moment

Chinmay Rautmare • August 13, 2020

The SANS Institute, which is known for its cybersecurity training courses, is now planning to turn its own data breach into a teachable moment for its membership.

►

Article

FBI on China, Election Security and Impact of COVID-19

Tom Field • August 8, 2020

The day after President Trump issued executive orders to ban Chinese-owned social media apps TikTok and WeChat, Sanjay Virmani of the FBI's San Francisco office shared insights on the Chinese cyberthreat, election security and crime trends in the wake of COVID-19.

Article

Microsoft Seizes Domains Used for COVID-19 Phishing Scam

Doug Olenick • July 7, 2020

A U.S. federal court has issued an injunction that gives Microsoft permission to seize control of several malicious domains being used to operate a COVID-19-themed phishing scam, according to recently unsealed court documents.

Webinar

OnDemand | The Post-Pandemic New Normal: Rethink and Rebuild Cyber Security

Jinan Budge, Principal Analyst Serving Security & Risk Professionals, Forrester , Ashwin Pal, Director of Cybersecurity Services, Asia Pacific, Unisys , Gergana Winzer, Industry Director of Cybersecurity, Australia and New Zealand, Unisys • June 25, 2020

The COVID-19 pandemic has put new security pressures on organizations, which are adapting to having large numbers of employees working from home. The threat landscape has changed, and attackers are looking to exploit weaknesses in how organizations have changed access to applications and data assets, which has forced...

Article

Separate Phishing Attacks Target Wells Fargo, BofA Customers

Akshaya Asokan • June 20, 2020

Researchers at two security firms are tracking separate phishing campaigns that are targeting customers of Wells Fargo and Bank of America, according to reports. In each case, the fraudsters are attempting to steal users' credentials using various methods and lures.

Article

Gamaredon Group Using Fresh Tools to Target Outlook

Akshaya Asokan • June 13, 2020

The Gamaredon hacking group is now using a new set of malicious tools to compromise Microsoft Outlook as a way of sending spear-phishing emails to victims' contact lists, according to security firm ESET. This hacking group, which appears to have ties to Russia, has primarily targeted Ukraine for years.

Article

Phishing Attack Targeted German COVID-19 Task Force Firm

Ishita Chigilli Palli • June 9, 2020

An ongoing phishing campaign has targeted top officials at a German multinational company tasked with procuring personal protective equipment during the COVID-19 pandemic, according to IBM. While it's not clear if these attacks were successful, they contain the hallmarks of a nation-state group.

Article

Phishing Attacks Traced to Indian Commercial Espionage Firm

Mathew J. Schwartz • June 9, 2020

Surveillance researchers at Citizen Lab have tied thousands of "Dark Basin" corporate espionage phishing attacks to a small Indian cybersecurity firm called BellTroX InfoTech Services. It's led by Sumit Gupta, who was indicted by the U.S. in 2015 for criminal hacking on behalf of private investigators.

Whitepaper

Classification By Design: The Foundation Of Effective Data Protection Compliance

June 1, 2020

This whitepaper report looks in detail as to why achieving compliance across a wealth of new international data privacy laws and regulations is such a growing challenge. It will cover: How data breaches are driving regulatory change Data protection and the COVID-19 pandemic, an escalating external threat...

Article

Latest Phishing Campaign Spoofs Microsoft Teams Messages

Akshaya Asokan • May 2, 2020

A recently uncovered phishing campaign is spoofing notifications from Microsoft's Teams collaboration platform in order to harvest Office 365 credentials from employees working from home offices because of the COVID-19 pandemic, according to research from Abnormal Security.

Article

Phishing Campaigns Target Senior Executives via Office 365

Mathew J. Schwartz • May 1, 2020

A sophisticated, highly targeted phishing campaign has hit high-level executives at more than 150 businesses, stealing confidential documents and contact lists, says security firm Group-IB. The campaign, which targets Office 365 users, appears to trace to attackers operating from Nigeria and South Africa.

Article

Spear-Phishing Campaign Uses COVID-19 to Spread LokiBot

Akshaya Asokan • April 4, 2020

A recently uncovered spear-phishing campaign is using fears of the COVID-19 pandemic to spread an information stealer called LokiBot. FortiGuard Labs researchers find that cybercriminals are once again using World Health Organization images as a lure.

Interview

Analysis: The Path Back to Business as Usual After COVID-19

Nick Holland • April 3, 2020

The latest edition of the ISMG Security Report offers an analysis of the phases businesses will go through in the recovery from the COVID-19 pandemic, plus an assessment of new risks resulting from the work-at-home shift and lessons learned from the Equifax breach.