Nearly 1.5 Million New Phishing Sites Created Each Month
The September 2017 Webroot Quarterly Threat Trends Report showed that 1.385 million new, unique phishing sites are created each month, with a high of 2.3 million sites created in May.
The September 2017 Webroot Quarterly Threat Trends Report showed that 1.385 million new, unique phishing sites are created each month, with a high of 2.3 million sites created in May.
Researchers at MalwareHunterTeam spotted the software, called nRansomware on Thursday.
"Your computer has been locked," reads the message, which then asks the victim to email the hackers. "After we reply, you must send at least 10 nude pictures of you. After that we will have to verify that the nudes belong to you."
You and I know that your users are the weak link, things like ID10T and PEBKAC come to mind. But do you know how bad the problem really is?
Some people like to bury their head in the sand and prefer blissful ignorance, but that gives you data breaches and suddenly interrupted careers.
However, to really manage a problem, you need to see its magnitude and potential for damage. And then you can make the case for additional IT Security budget, because legally, an organization must act reasonably or do what is necessary or appropriate to protect its data.
Barracuda Advanced Technology Group says it’s tracking a ransomware threat that has so far spawned about 20 million phishing emails sent to unsuspecting users around the world in in the last 24 hours and the threat is growing.
While most of the emails seem to be originating in Vietnam, other countries with smaller but notable volumes of phishing emails seem to emanate from India, Columbia, Turkey, and Greece – lower volumes are coming from many other countries around the world. According to the security company, “roughly 20 million of these attacks occurred in the last 24 hours, and that number is growing rapidly.”
The BBC has a cautionary tale for pretty much everyone who uses email. It’s the story of a finance director who was sacked after falling for a phishing scam disguised as a message from the boss. The name of the company and the players are anonymous in the story, but the BBC describes the sequence of events this way:
Forbes wrote a great article about protecting your organization against ransomware. Despite all the funds spent on state-of-the-art security software, the bad guys are always just one gullible user click away from staging an all-out invasion.
We’re seeing that all-out invasion play itself out almost every day of the week in the headlines.
In an article posted September 18, Forbes asked its Technology Council members to share their preferred methods to protect against becoming a ransomware victim. No surprises here that “Employee Training” was #2 on the list.
An undocumented Microsoft Office feature allows attackers to gather sensitive configuration details on targeted systems simply by sending a phishing email and social engineering victims to open a specially crafted Word document—no VBA macros, embedded Flash objects or PE files needed.
The undocumented feature is being used by adversaries, according to Kaspersky Lab researchers, as part of a multistage attack that first involves gathering the system configuration data on targeted systems.
Cisco's TALOS security researchers discovered a devious way to infect millions of machines. They said: "Supply chain attacks are a very effective way to distribute malicious software into target organizations. This is because with supply chain attacks, the attackers are relying on the trust relationship between a manufacturer or supplier and a customer. This trust relationship is then abused to attack organizations and individuals and may be performed for a number of different reasons."
