CyberheistNews Vol 6 #39 |
Scam Of The Week: Apple Store Phishing Attack Goes For Whole Enchilada |
Phishing attacks using false Apple Store email messages, fake landing pages and sometimes fake login pages are still a very popular attack vector. They still make it through all the filters, as witnessed by the hundreds we get every day that are reported by employees of our customers' users that use our Phish Alert Button.
This one is particularly pernicious because apart from a well-crafted initial phishing email, the landing page is going for the whole enchilada. As we have mentioned here before, the bad guys in Eastern Europe use the UK as their beta test and when all the bugs are ironed out, the attack gets unleashed in the U.S. so regard this as a heads-up please.
Apple Store Refund Request Phishing Email
The "refund request" page imitates the Apple "look" and asks not only for the full address information but also the credit card data, and makes sure you notice that "Apple is committed to protecting your privacy". Yeah, sure.
The bad guys are pros in their field, with attention to detail. They even have little question marks you can click on that are very helpful explaining what you need to fill out in the field so they can fully steal your credit card data.
The fact that these attacks still make it through quite a few different filters shows that it is a continuous process to keep users on their toes with security top of mind, whether it is at the house or in the office.
I suggest you take the following, you're welcome to copy/paste/edit and send the Scam Of The Week to your employees, friends and family:
"A new Phishing attack is using a very realistic-looking Apple App Store message to trick you into trying to prevent getting charged for something you did not buy. This attack may make it through all the spam filters into your inbox so you need to be alert for this scam.
This phishing attack tries to make you fill out a page with your full address and credit card information so that you "will not get charged". If you or a family member would fall for this trick though, it is highly likely that your credit card would get fraudulently charged quickly.
Remember to never click on links in emails to go to a vendor's website. Always use your browser and either type in the address of the company or use a bookmark you have set yourself earlier. And while we are at it, never just open an email attachment you did not ask for. Let's stay safe out there and Think Before You Click!"
|
"State-Sponsored Actor" Is The New "The Dog Ate My Homework" |
Our friend and mega-white-hat hacker Dave Kennedy hit the nail on the head with his quote: "'State-sponsored actor' has become a proxy for 'unstoppable hacker', a rhetorical get out of jail free card that usually doesn't apply."
Dave is totally right. Often state-sponsored hackers get into their target network simply with well-crafted phishing attacks, either with a malicious link or an infected attackment (yeah that was meant to be spelled that way). It is suspected that the Yahoo 500 Million account MegaHack also started like that.
For people in the know, it's amazing to see that some organizations are still not deploying new-school security awareness training that combines on-demand computer-based training with frequent simulated phishing attacks. Without a security layer like that, getting into a network is as easy as taking candy from a baby, and all black-hat hackers admit as much.
2016 now has well over 1 Billion breached records. Just a few days ago before the Yahoo hack, this year was on pace to outstrip last year's numbers by as much as 56%, according to findings released by Breach Level Index (BLI) that kept track of 707,509,815 records breached in all of 2015.
BLI shows that the count just keeps going up as organizations of all stripes continue to lose PII. In the first half of this year, 554,454,942 records were breached in 974 publicly reported incidents. That's a loss of over 3 million records per day by public and private organizations. Add the 500M Yahoo hack to that and we're up in the stratosphere for 2016.
Q: Why are there not even *more* devastating data breaches? A: There is a shortage of skilled enemy hackers.
|
Phishing Volume Skyrockets Thanks To Ransomware And Trojans |
You all know that the spam/phishing percentage of total email varies over the years. The last 5 years it has been relatively calm. But at the moment, the volume is back at a peak level and Cicso's Talos Labs said it's a simple matter of economics.
Cyber mafias are now running campaigns that infect workstations with banking Trojans and ransomware that provide a fast ROI, so they can afford the increased overhead of high-volume spam campaigns largely driven by the Necurs botnet.
Here Are Two Examples:
1) New Version of iSpy Trojan Steals Your Software Licenses
Earlier this year we talked about Jsocket, a highly malicious Trojan that we spotted being delivered through phishing emails shared with us via the Phish Alert Button (PAB).
Although ransomware has been grabbing the majority of security-related headlines, malicious RATs and Trojans like Jsocket (and its evil cousins Adwind and AlienSpy) remain an important part of the online threat landscape, allowing malicious actors to monetize compromised systems and networks in a variety of ways.
This new version also steals your software licenses aside from everything else they can get their hands on. Blog post with all details here: https://blog.knowbe4.com/new-version-of-ispy-trojan-steals-your-software-licenses
2) Price Discrimination: The Fantom Menace of Ransomware
This is an article by Eric Howes, KnowBe4 Principal Lab Researcher.
Over the past few months we've discussed the rising use of price discrimination among purveyors of ransomware to maximize their returns on ransomware campaigns. Instead of using poorly targeted "spray-and-pray" campaigns that extract a uniform toll (one or two bitcoins) from a random and diverse collection of victims, the bad guys are increasingly using more targeted campaigns that match the ransom demands with the victims' ability and willingness to pay.
One way the bad guys have incorporated price discrimination into their standard game is the use of backdoor Trojans, sophisticated keyloggers, and full-blown RATs to reconnoiter potential marks and gather data about their business operations and finances. If they determine your organization is flush with cash or is uniquely sensitive to downtime or other disruptions in service, you can expect to pay more. Much, much more. Story at our blog: https://blog.knowbe4.com/price-discrimination-the-fantom-menace-of-ransomware
For the background of all this, read the Cisco Talos blog post: http://blog.talosintel.com/2016/09/the-rising-tides-of-spam.html
And if you want a quick update of the week in ransomware, check out Larry Abrams blog over at bleepingcomputer: http://www.bleepingcomputer.com/news/security/the-week-in-ransomware-september-23-2016-cerber-stampado-fabiansomware-fenixlocker-and-more/
|
Warm Regards, Stu Sjouwerman |
|
|
|