Italian Soccer Team Loses €2 Million to Phishers

The business email compromise (BEC) is a phishing scam in which the bad guy uses deceptive emails to trick accounting personnel into misdirecting money.  The FBI calls BEC a $5 Billion scam. It is now being reported that  Lazio, an Italian professional soccer club, lost €2 million to phishers. The phishers sent an email to Lazio which demanded payment of a player transfer fee to Feyenoord, another professional soccer club.  Unknown to the victims, the bank to which they sent the money was not Feyenoord's bank account.  

2018-03-30T13:08:38-07:00March 30th, 2018|Cybersecurity - General, Phishing, SP Guard, spear phishing|

Iranians Indicted for Hacking

On  Friday, March 23, 2018, the United States Justice Department charged nine Iranians with the cyber theft of massive amounts of U.S. intellectual property. Quoting from the Justice Department press release: The defendants were each leaders, contractors, associates, hackers-for-hire or affiliates of the Mabna Institute, an Iran-based company that, since at least 2013, conducted a coordinated campaign of cyber intrusions into computer systems belonging to 144 U.S. universities, 176 universities across 21 foreign countries, 47 domestic and foreign private sector companies, the U.S. Department of Labor, the Federal Energy Regulatory Commission, the State of Hawaii, the State of Indiana, the [...]

DHS Alert – Russian Cyber Threats

Yesterday the Department of Homeland Security issued an alert entitled, Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors.  The alert warns about how the Russians are seeking to interfere with critical U.S. infrastructure using cyber tools. How bad is the problem?  This is a screen shot reconstruction of Russians gaining unauthorized access to an industrial control system. DHS used Lockheed's 7-Stage Cyber Kill Chain framework to describe the details of the Russian threat. Reconnaissance. The Russians researched their targets for information to use in spearphishing emails. There were two classes of targets. There are "staging targets" which were [...]

2018-03-16T16:56:57-07:00March 16th, 2018|Cybersecurity - General, SP Guard, spear phishing|

Why Do People Phish?

With all the press about phishing and hacking and social engineering, you have to ask, "Why Do People Phish?"  Certainly state actors like Russia and North Korea have political objectives. But they aren't after me.  Why do people phish average businesses and people? A recent prosecution in Virginia makes it clear why people phish -- it's the money! Yesterday (March 6, 2018), Olajide Abraham Eyitayo of Hempstead, NY, pleaded guilty to stealing more than $1.1 in a phishing scam.  The particular scam he used was what the FBI calls a Business Email Compromise. The FBI describes the scam: The schemers [...]