Dark READING reports that a Hungarian man has pleaded guilty in a phishing scheme to blackmail Marriott. The plea was entered on Nov. 23, 2011. The man, Attila Nemeth, 26, used data he stole from Marriott in an effort to force them to hire him into the IT department. Dark READING summarized the scam: The case puts a whole new spin on the targeted attack; rather than trying to cash in on the intelligence or use it for competitive purposes, the perpetrator used it as leverage. Nemeth's methods were similar to those of advanced persistent threat (APT) attackers: He got a [...]
Computerworld reports that cybercriminals are using phishing scams to rip-off consumers during this holiday shopping season. The bad guys are using spoofing legitimate messages from real companies in order to deceive consumers. The criminals are sending fake shipping confirmations, fake Groupon and Living Social offers and fake social traffic. A common scam is a fake email about problems with a transaction, such as a delivery problem, a canceled order or direct deposit. Cloudmark has reproduced this example of a fake UPS email: Computerworld quotes Cloudmark engineering director Angela Knox about details of the UPS-based phishing scam. This phishing scam lures [...]
The Guardian is reporting that Microsoft is giving refunds to Xbox Live subscribers who may have had their credit card information stolen in a phishing scam. The Guardian describes the scam in its November 22, 2011 edition: Reports are proliferating of Xbox Live users checking the credit card and bank account statements which they use to pay their Xbox Live subscriptions, and discovering payments which they did not make, generally over a period of months, which were used to buy Microsoft Points (the service's currency which enables users to purchase extra downloadable content, games and in-game objects) which were [...]
RSA's recently released report Cyber Security Awareness Month Fails to Deter Phishers explains that despite efforts to increase awareness and fight phishing, deceptive emails continue to be a major problem. Sometimes viewed as one of the oldest scams in the book, phishing is still a very popular method among cybercriminals. RSA recently estimated that worldwide losses from phishing attacks alone during H1 2011 amounted to over $520 million, and losses incurred from phishing attacks during the 12-month period of H2 2010 through H1 2011 reached nearly $1 billion. RSA shows the recent growth of phishing: You should use the latest version [...]
Demonstrating that a little bit of personal information goes a long way for cybercriminals, the University of Delaware reports spearphishers are targeting UD students and staff. The criminals "targeted UD addresses, knowing that many UD students and employees have PNC accounts and that UD has a business relationship with PNC."
Reporting the details of the penetration testing conducted at the August 2011 DEFCON, researchers from Social-Engineer.org reported that by using social engineering techniques they were able trick employees into compromising the security of all 14 Fortune 500 companies that participated in DEFCON 19. To learn more about the power of social engineering at social-engineer.com.
In response to our posting Malware - Life Imitates Art, one of our followers directed our attention to the first season of the popular CBS series, NCIS. In Seadog, season 1, episode 3, the team is called upon to investigate the death of a Naval Officer whose body has washed ashore. The investigation begins as a routine drug case. As the plot evolves, the investigation uncovers cyber warfare directed at the nation's power grid. Fortunately, Gibbs and the team foil the plot at the last second. The 2003 fictional attack on the US power grid is now reality as reported by the Wall Street [...]
Yesterday, the Office of the National Counterintelligence Executive released a report to Congress entitled, Foreign Spies Stealing US Economic Secrets In Cyberspace. The report paints a disturbing picture: US Technologies and Trade Secrets at Risk in Cyberspace Foreign collectors of sensitive economic information are able to operate in cyberspace with relatively little risk of detection by their private sector targets. The proliferation of malicious software, prevalence of cyber tool sharing, use of hackers as proxies, and routing of operations through third countries make it difficult to attribute responsibility for computer network intrusions. Cyber tools have enhanced the economic espionage threat, and [...]
On October 31, 2011, Symantec released a whitepaper entitled The Nitro Attacks: Stealing Secrets from the Chemical Industry. In the whitepaper, Symantec reports on a hacking attack on 29 chemical companies. The attack appeared to be aimed at stealing intellectual property related to the research, development and manufacture of chemicals. These attacks started in July 2011 and continued until mid-September. The attacks also targeted 19 non-chemical companies, primarily in the defense industry. Symantec tells us how the systems were compromised: The attackers first researched desired targets and then sent an email specifically to the target. Each organization typically only saw a handful of employees at the receiving end [...]