Google and Facebook were victims of a spearphishing scam in which the attacker stole $100 million. Paragraph 6 of the indictment details some of the allegations: ... as part of the scheme, fraudulent phishing emails were sent to employees and agents of the Victim Companies. The emails purported to be from employees and agents of Company‑1 [the real supplier], but in truth and in fact, they were not sent or authorized by employees or agents of Company‑1. The fraudulent emails were sent from email accounts that were designed to create the false appearance that they were sent by employees and agents [...]
According to TAPintoNewark, the online newspaper in Newark, Jersey, someone is shaking down the City of Newark for 24 Bitcoin (about $30,000) in a ransomware attack. How did this happen? TAPintoNewark explains: The RSA-2048 maleware typically infects a user's computer when they are tricked into running an attachment in a spam email. Once the maleware is launched, it encrypts files and requires a "private key" to open them. The private key is only provided after the user pays the ransom. Why would a user open an evil email and then run an evil attachment? Because the email is a carefully crafted work [...]
SC Media is reporting that the cybercriminals known as the Callisto Group have been targeting the UK Foreign Office. SC Media reports that the unknown attackers are seeking to steal information regarding European foreign and security policy from military personnel, government offices, think tanks and journalists. The targets are concentrated in Eastern Europe, the South Caucasus, Ukraine and the U.K. The tool of choice -- Spearphishing.
This week's patch Tuesday brought a Microsoft Word patch to fix a particularly nasty exploit used by bad guys to compromise your system. The traditional attack progresses through eight steps: 1. Email bypasses defenses, delivered to inbox. 2. User sees email. 3. User opens email. 4. User sees attachment. 5. User opens attachment. 6. User sees active content prompt. 7. User enables active content. 8. Evil activated. The exploit eliminated steps 6 & 7. Using the exploit, the attacker was able to install tools merely by the user opening the attachment, without the user enabling the active content. As soon as the user opens [...]