Categories
Cyber Security Phishing Ransomware Spearphishing TrickBot Vulnerability

Phishing campaign masquerades as QuickBooks invoices, Hakbit ransomware targets victims via Excel, and more

Major cybersecurity events on 24th June 2020 (Evening Post): Sodinokibi ransomware scan victim networks for credit card PoS software. Microsoft adds firmware protections to Windows. Nefilim targets organizations using unpatched Citrix remote-access technology.

Round Up of Major Breaches and Scams

COVID-19 Fuels Phishing and Scams While BEC Attacks Evolve and Increase

BEC attacks represent a low percentage of email attacks by volume, but a disproportionally high percentage of overall loss to business. According to the 2019 FBI IC3 report, BEC was responsible for more than 50% of all cybercrime-related financial loss. According to Abnormal Security’s Quarterly BEC Report Q1 2020, there have been several major shifts in BEC attack patterns.

Phishing attacks impersonate QuickBooks invoices ahead of July 15 tax deadline

Phishing campaigns typically use a few different tactics to compromise their victims. The initial emails usually spoof a company, brand, or product potentially used by the recipient. Often such emails pretend to come from a fellow employee or trusted external partner. Also, these emails sometimes are directed toward a specific individual within an organization, such as a C-level executive or someone with financial control.

Round Up of Major Malware and Ransomware Incidents

Sodinokibi Ransomware Now Scans Networks For PoS Systems

Cybercriminals behind recent Sodinokibi ransomware attacks are now upping their ante and scanning their victims’ networks for credit card or point of sale (PoS) software. Researchers believe this is a new tactic designed to allow attackers to get the biggest bang for their buck – ransom payments and credit card data.

Hakbit Ransomware Attack Uses GuLoader, Malicious Microsoft Excel Attachments

A ransomware campaign, dubbed Hakbit, is targeting mid-level employees across Austria, Switzerland and Germany with malicious Excel attachments delivered via the popular email provider GMX. The spear-phishing based campaign is low volume and so far targeted the pharmaceutical, legal, financial, business service, retail, and healthcare sectors.

Oregon City Pays $48,000 Cyber-Ransom

A city in Oregon has paid a ransom of $48,000 to regain control over its computer network following a cyber-attack. The city of Keizer’s computer system was successfully targeted by threat actors using ransomware in the early hours of June 10. The attack left officials unable to access either files or their email accounts for a full seven days.

Ryuk Ransomware Deployed Two Weeks After Initial Trickbot Infection

Several attack campaigns waited two weeks after achieving a successful Trickbot infection before they deployed Ryuk ransomware as their final payload. SentinelOne came across the attacks as the result of monitoring an attack server employed by Trickbot’s handlers. In the process, they discovered data for three separate attacks that occurred in the beginning of October 2019.

Nefilim Ransomware Gang Tied to Citrix Gateway Hacks

A crime gang seeking “ransomware attack opportunities” is targeting organizations that use unpatched or poorly secured Citrix remote-access technology, then stealing data, unleashing crypto-locking malware and using the threat of exfiltrated data being publicly dumped to try to force payment, New Zealand’s national computer emergency response team warns.

Round Up of Major Vulnerabilities and Patches

Verizon FiOS Router and Security Issues

Security breaches within networks are far more common than we realize. Even when we think that we have locked down our systems well, there might still be some gaps in security that allow hackers or malware in. In recent years, the concern over Verizon FiOS router security has arisen as well. If you have Verizon FiOS and are concerned about your router’s security, we have some information to help you.

Microsoft is adding Linux, Android, and firmware protections to Windows

Microsoft is moving forward with its promise to extend enterprise security protections to non-Windows platforms with the general release of a Linux version and a preview of one for Android. The software maker is also beefing up Windows security protections to scan for malicious firmware.