Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.

Who Were The Two Big US Tech Companies That Lost $100 Million In CEO Fraud?

In an update on an earlier post of April 2016, more detail came known about this massive CEO Fraud spear phishing attack that tricked 2 American tech companies in wiring a whopping 100 million to bank accounts controlled by a crafty scammer in Lithuania. The press was all over this like white on rice, not mentioning that it initially was discovered April last year. The big mystery is exactly which 2 companies fell victim, because the court documents do not reveal the names.

CyberheistNews Vol 7 #12 A Single Spear Phishing Click Caused the Yahoo Data Breach

CyberheistNews | KnowBe4

Mandiant M-Trends 2017: "Cybercrime Skills Now On Par With Nation States"

There was some good news reported in Mandiant's M-Trends 2017 report, but this was heavily outweighed by a lot of very bad news.

Mandiant, which is a Fireye company, found that in 2016 companies are becoming a little better at identifying breaches with the average number of days between being compromised and discovery now at 99 days, down from 146 days in 2015. However more than 3 months is an eternity on the internet, and cybercrime bad guys can make off with the crown jewels in just a few days.

A Single Spear Phishing Click Caused The Yahoo Data Breach

A single click was all it took to launch one of the biggest data breaches ever.

One mistaken click. That's all it took for a Canadian hacker aligned with rogue Russian FSB spies to gain access to Yahoo's network and potentially the email messages and private information of as many as 1.5 Billion people.

The U.S. Federal Bureau of Investigation has been investigating the intrusion for two years, but it was only in late 2016 that the full scale of the hack became apparent. On Wednesday, the FBI indicted four people for the attack, two of whom are rogue FSB spies who work for the division that is supposed to cooperate with America’s FBI on cybercrime investigations.  (The FSB is the succcessor to the KGB). 

Scam Of The Week: New FBI and IRS Alerts Against W-2 Phishing

There is a wave of W-2 phishing attacks going on. We see these coming in through thousands of reported scam attempts via our Phishing Alert Button. The FBI and the IRS have repeatedly posted warnings that these attacks have started early and that the volume has gone up significantly this year. 

Petya MFT Ransomware Returns, Wrapped In Extra Nastiness

Kasperky researchers discovered a new variant of last year's Petya Master File Table (MFT) ransomware, with "new and improved" crypto and ransomware models. Remember, MFT ransomware only encrypts the table where access to all files is kept, and does not encrypt the files themselves. It's a very effective way to lock a machine and demand ransom in a few seconds. 

Verizon Wanted A 925 Million Discount Because Of Yahoo Hacking. CEO Mayer gets 23 Million Parachute

A newly filed Schedule A proxy statement at the Securities and Exchange Commission shows that Verizon requested a discount of 925 million dollar off the original 4.83 billion purchase price because of the massive hacking scandal. The Yahoo hacking incident(s) exfiltrated the credentials of 1.5 billion users over the last years. 

SEC Phishing Emails Target Execs For Inside Info

A sophisticated phishing attack is trying to get confidential corporate information. Bad guys are are sending spoofed emails claiming to be from the Security and Exchange Commission, and target lawyers, compliance managers, and the very company officials who file documents with the SEC.

Heads-Up. New Ransomware phishing scheme lets wannabe cybercrims get in for free...

Danny Palmer at ZDNet reported on a new scheme for aspiring cyber criminals that lets them into the ransomware racket for free, but at a steep 50/50 split with the people that provide them with the malicious code. We think that this will not be a major hurdle and that this strain that uses phishing with malicious attachments will take off in the very near future.

Subscribe To Our Blog

Phish Your Users

Get the latest about social engineering

Subscribe to CyberheistNews