New Ransomware Variant Could be the Next Big Malware Threat to Business

New Egregor ransomware has been gaining traction since emerging in September. A new form of ransomware is becoming increasingly prolific as cybercriminals turn to it as a preferred means of encrypting vulnerable networks in an effort to exploit bitcoin from victims. Egregor ransomware first emerged in September but has already become notorious following several high-profile incidents, including attacks against Barnes & Noble and video game...

Read More

Cybercrime: 10 Top Tactics and Trends

From Ransomware and DDoS to Malware and SIM Swapping: Europol Describes Latest Threats According to the seventh annual Internet Organized Crime Threat Assessment, produced by Europol ransomware attacks remain the top cyber-enabled threat. But phishing, business email compromises and other types of fraud – many now using a COVID-19 theme – also loom large. Here are 10 of the top threats from the Europol report in alphabetical order....

Read More

Microsoft Warns of Office 365 Phishing Attacks

Microsoft’s Security Intelligence team is warning users of the Office 365 suite about an ongoing phishing campaign that appears to be harvesting victims’ credentials. The phishing emails, which are currently circulating, use several techniques to bypass and evade secure email gateways. The criminals use social engineering techniques and timely subject lines relevant to remote work, like password updates, conferencing info, and...

Read More

Automated Cyber Attack Payment Card Skimming Hits 2,000 E-Commerce Sites

Researchers: Hackers May Have Used Magento Zero-Day Exploit In the largest automated hacking campaign since at least 2015, from September 11-14, malicious JavaScript skimming code was injected into nearly 2,000 e-commerce sites that were running an older version of Adobe’s Magento software, possibly resulting in the theft of payment card data. It was the largest automated campaign on record, surpassing a breach in July 2019 that hacked...

Read More

Phishing Campaign Spoofs SBA Loan Offer

A newly discovered phishing campaign is spoofing a U.S. Small Business Administration loan offer in an attempt to steal banking credentials and other personal data. This campaign appears to have started in early August. This follows a different phishing attack in April that also used spoofed SBA messages, but unlike the current scam, that one was created to distribute malware. Fake Loan Applications In the phishing campaign, the victims are...

Read More

Many Mobile Banking Apps Have Exploitable ‘Coding Errors’

Popular Apps Too Susceptible to Hacking, Positive Technologies Warns. Given the number of banks that utilize white-labeled banking apps to provide online banking services to their clients, a recent report is extremely concerning. Researchers at Positive Technologies recently investigated 14 mobile banking apps that run on Android or iOS and found that 13 failed to prevent unauthorized access to user data. Although the specific apps were not...

Read More

COVID-19 Drives Spike in Mobile Phishing Attacks

The increase in working from home during the COVID-19 pandemic has led to an increase in mobile phishing campaigns. Attackers are targeting remote workers whose devices lack adequate security protections to steal users’ banking credentials. Mobile phishing attacks increased by 37% globally in the first quarter of 2020. According to research based on data collected from 200 million mobile devices worldwide, 22% of mobile enterprise users...

Read More

Criminals, Rogue Nations Using COVID-19 To Distribute Malware

Attackers are continuing to use concerns over COVID-19 to distribute ransomware and malware, including for smartphones. While the healthcare sector is perhaps at the greatest risk from these attacks, criminals are using the panic as a widespread opportunity. Attacks include the usual suspects: cybercrime operators looking to make a fast buck – for example, by demanding a ransom to unlock crypto-locked systems – as well as...

Read More

Criminals Spoofing Bank Websites, Offering Attractive CD’s

The SEC’s Office of Investor Education and Advocacy has issued an Investor Alert to warn investors about phony Certificates of Deposit promoted through internet advertising and “spoofed” websites – websites that mimic the actual sites of legitimate financial institutions. Investors should be extremely cautious when purchasing CDs from sites found only through internet searches. “Spoofed” websites – often using URL addresses similar to those of...

Read More

How Vulnerable Are Your ATMs?

Attackers are increasingly hacking into banks’ networks to gain access to the IT infrastructure connected to their ATMs. They then push malware onto the ATMs that allows a low-level gang member to walk up and enter a preset numerical sequence into the ATM to make it dispense all of its money in what’s known as a “jackpotting” or “cashing out” attack. Such attacks also allow them to steal card data from ATM...

Read More