CyberheistNews Vol 6 #39 Scam Of The Week: Apple Store Phishing Attack Goes For Whole Enchilada
|
Police have arrested a 147 million international fraud and money laundering ring, and jailed nine fraudsters jailed for over 27 years
The gang targeted thousands of Lloyds and RBS business banking customers using sophisticated social engineering techniques to persuade the businesses to reveal their internet banking details.
The gang's lead was responsible for calling the victims; claiming to be from their bank’s fraud department. Using various aliases, he was able to trick customers into giving out online account information which enabled him and his associates - based around the country - to access hundreds of online business accounts and steal vast sums of money.
In Short:
The Necurs botnet is one of the world's largest botnets with more than 6 million zombie machines tied into it. It's run by Russian organized cybercrime and responsible for millions of dollars in losses tied to the Dridex banking Trojan and more recently the Locky ransomware strain.
An employee sent this recent horror story to me (thanks Rachel). Remember there are three ways of learning. :-D
By Eric Howes, KnowBe4 Principal Lab Researcher.
Over the past few months we've discussed the rising use of price discrimination among purveyors of ransomware to maximize their returns on ransomware campaigns. Instead of using poorly targeted "spray-and-pray" campaigns that extract a uniform toll (one or two bitcoins) from a random and diverse collection of victims, the bad guys are increasingly using more targeted campaigns that match the ransom demands with the victims' ability and willingness to pay.
One way the bad guys have incorporated price discrimination into their standard game is the use of backdoor trojans, sophisticated keyloggers, and full-blown RATs to reconnoiter potential marks and gather data about their business operations and finances. If they determine your organization is flush with cash or is uniquely sensitive to downtime or other disruptions in service, you can expect to pay more. Much, much more.
You asked and we listened! We’ve enhanced our Phishing Campaign creation options to give you more flexibility and customization when phishing your users! You can now:
Here is how the new screen looks and note that each field has a little question mark with inline help.
It's all over the press. Here is a quote from Reuters: "Yahoo Inc said on Thursday information associated with at least 500 million user accounts was stolen from its network in 2014 by what it believed was a "state-sponsored actor."
The data stolen may have included names, email addresses, telephone numbers, dates of birth and hashed passwords (the vast majority with the relatively strong bcrypt algorithm) but may not have included unprotected passwords, payment card data or bank account information, the company said.
Earlier this year we posted about Jsocket, a highly malicious Trojan that we spotted being delivered through phishing emails shared with us via the Phish Alert Button (PAB).
Although ransomware has been grabbing the majority of security-related headlines, malicious RATs and Trojans like Jsocket (and its evil cousins Adwind and AlienSpy) remain an important part of the online threat landscape, allowing malicious actors to monetize compromised systems and networks in a variety of ways.
Phishing attacks using false Apple Store email messages, fake landing pages and sometimes fake login pages are still a very popular attack vector. They still make it through all the filters, as witnessed by the hundreds we get every day that are reported by employees of our customers' users that use our Phish Alert Button.
By Eric Howes, KnowBe4 Principal Lab Researcher.
Anyone who works a job in the computer security industry inevitably develops a kind of dark appreciation for the mad skills so often demonstrated by the bad guys. They consistently deliver eye-popping innovation -- even if it's the kind of innovation that regularly causes massive headaches for all the rest of us.
But the bad guys have their off days, too. And when a bad guy operation goes off the rails, you can't help but smile. It's the purest form of schadenfreude.
