The attack started because an employee clicked a spearphishing link, a fake link that opened the door to the hackers. They accessed the IT and then industrial networks. The immediate effect was that hackers encrypted data on the victim's networks. The company was unable to read real-time data, prompting a shutdown lasting two days. Both IT and industrial processes were attacked.
Whereas in the past attackers would send phishing scams from email accounts external to an organization, recently there’s been an explosion of email-borne scams in which an attackers compromise email accounts within organizations, and then uses those accounts to launch internal phishing emails to fellow employees – the kind of attacks known as lateral phishing. FBI data show that these cyberattacks caused more than $12 billion in losses between 2013-2018. And in the last two years, the attacks have resulted in an increase of 136 percent in losses.
An experienced accountant fell for a scammer mirroring Metro Bank’s security and customer service.
Spammers are increasingly turning to common file-sharing and object storage services such as Google Drive and Microsoft Azure, in an attempt to evade ever-better corporate filters.
Survey results indicate that vendors need to be able to provide actionable intelligence out of the mass of data they collect and not just focus on indicators of compromise which would only address past problems.
You should keep your guard up when communicating with Internet people who you don’t know, even if their email address and website domain look legit and their DKIM signatures check out. Also, remember that it’s extremely easy to overlook a large number of inconsistencies and oddities if you believe someone’s underlying story, especially if this story makes you feel good.
A surge in ransomware and trojans in the first three months of the year led to a massive 235% year-on-year increase in detected cyber-threats to businesses in Q1 2019.
Increasingly, email, Office documents and now PDFs are the vehicle of choice for malware and fraud in the cyber landscape.
British university admin folk are alarmingly easy to phish, according to an academic support body which claims a 100 per cent success rate "within two hours".
In 40% of the phishing emails examined, the subject line was related to PayPal and read, “Your account will be locked.” Another 10% of phishing emails targeted FedEx and read “Info,” while the third-most popular headline, “August Azure Newsletter,” appeared in 8% of the phishing emails and targeted Microsoft.
A team of researchers is helping law enforcement crack down on email scammers, thanks to a new visual analytics tool that dramatically speeds up forensic email investigations and highlights critical links within email data. Email scams are among the most prevalent, insidious forms of cybercrime.
Across healthcare organizations in the US, malicious actors are successfully leveraging phishing attacks to initially gain access to networks.
A new strain of yet another ransomware campaign has been discovered in which the malicious actors have expanded payment options beyond Bitcoin; they are instead offering alternatives (such as PayPal) that include a phishing link. The combination of two threat vectors makes this attack particularly dangerous for unsuspecting victims.
What better place to grab the details to create the perfect email to phish someone at work than their LinkedIn profile? You can find email addresses, work histories, connections. It’s a bounty of details.
The healthcare sector continues to be the target of cyberattacks, with Managed Health Services (MHS) of Indiana Health Plan announcing recently that a third-party data breach potentially exposed up to 31,000 patients' personal data in one of two security incidents the company has disclosed in the past month. The incident was caused by a phishing attack on the vendor’s systems.