A newly patched security flaw impacting Windows NT LAN Manager (NTLM) was exploited as a zero-day by a suspected Russia-linked actor as part of cyber attacks targeting Ukraine. The vulnerability in question, CVE-2024-43451 (CVSS score: 6.5), refers to an NTLM hash disclosure spoofing vulnerability that could be exploited to steal a user's NTLMv2 hash. It was patched by Microsoft earlier this

Głównym celem tego oszustwa jest zachęcenie potencjalnej ofiary do podania danych logowania do swojego konta bankowości internetowej, aby następnie wyłudzić przechowywane pieniądze.

Zespół CERT Polska zaobserwował nowy wariant oszustwa, w którym przestępcy wykorzystują wizerunek Ministerstwa Finansów. Celem tego oszustwa jest zachęcenie potencjalnej ofiary do udostępnienia swoich danych uwierzytelniających do bankowości internetowej.

Ostrzegamy przed kampanią phishingową ukierunkowaną na klientów serwisu Netflix. Celem przestępców jest wyłudzenie danych dostępowych do konta oraz poufnych informacji związanych z kartą płatniczą.

Spear phishing jest oszustwem o charakterze socjotechnicznym, wykorzystującym presję autorytetu i czasu, aby skłonić atakowanego do podjęcia niekorzystnego dla niego działania. Fakt, że zazwyczaj informacje potrzebne do przeprowadzenia ataku są publicznie dostępne lub łatwe do uzyskania, czyni to oszustwo popularnym wśród cyberprzestępców.

Jednym z najczęstszych zagrożeń dla internautów, obserwowanych przez nasz zespół, pozostaje phishing. Pozornie nieszkodliwe maile, często wzywające do pilnego działania, mogą prowadzić do fałszywych witryn wyłudzających dane.

(EMAILWIRE.COM, October 24, 2024 ) The global phishing protection market is estimated to be worth USD 2.2 billion in 2023 and is projected to reach USD 4.1 billion by 2028, at a CAGR of 13.5% during the forecast period. Download PDF Brochure@ https://www.marketsandmarkets.com/pdfdownloadNew.asp?id=103391093&utm_source=emailwire.com&utm_medium=paidpr&utm_campaign=phishing-protection-market The...

Cybersecurity company, Egress, a KnowBe4 company, has launched its latest Phishing Threat Trends Report (October 2024), which examines the most recent phishing statistics and threat intelligence insights.

ESET researchers detected multiple, widespread phishing campaigns targeting SMBs in Poland during May 2024, distributing various malware families

ESET analysts dissect a novel phishing method tailored to Android and iOS users

Phishing using PWAs? ESET Research's latest discovery might just ruin some users' assumptions about their preferred platform's security

CISA is warning about a spear-phishing campaign that spreads malicious RDP files. Plus, OWASP is offering guidance about deepfakes and AI security. Meanwhile, cybercriminals have amplified their use of malware for fake software-update attacks. And get the latest on CISA’s international plan, Interpol’s cyber crackdown and ransomware trends.

Dive into six things that are top of mind for the week ending Nov. 8.

1 - CISA: Beware of nasty spear-phishing campaign

Proactively restrict outbound remote-desktop protocol (RDP) connections. Block transmission of RDP files via email. Prevent RDP file execution.

Those are three security measures cyber teams should proactively take in response to an ongoing and “large scale” email spear-phishing campaign targeting victims with malicious RDP files, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA).

A foreign threat actor is carrying out the campaign. Several vertical sectors, including government and IT, are being targeted.

“Once access has been gained, the threat actor may pursue additional activity, such as deploying malicious code to achieve persistent access to the target’s network,” CISA’s alert reads.
 

Other CISA recommendations include:

• Adopt phishing-resistant multi-factor authentication (MFA), such as FIDO tokens, and try to avoid SMS-based MFA
• Educate users on how to spot suspicious emails
• Hunt for malicious activity in your network looking for indicators of compromise (IoCs) and tactics, techniques and procedures

Although CISA didn’t name the hacker group responsible for this campaign, its alert includes links to related articles from Microsoft and AWS that identify it as Midnight Blizzard. Also known as APT29, this group is affiliated with Russia’s government.

To get more details, check out the CISA alert “Foreign Threat Actor Conducting Large-Scale Spear-Phishing Campaign with RDP Attachments.”

For more information about securing RDP tools:

• “Commonly Exploited Protocols: Remote Desktop Protocol (RDP)” (Center for Internet Security)
• “What is remote desktop protocol (RDP)?” (TechTarget)
• “Wondering Whether RDP IS Secure? Here's a Guide to Remote Desktop Protocol” (AllBusiness)
• “Why remote desktop tools are facing an onslaught of cyber threats” (ITPro)
• “'Midnight Blizzard' Targets Networks With Signed RDP Files” (Dark Reading)

2 - OWASP issues AI security resources

How should your organization respond to deepfakes? What’s the right way of establishing a center of excellence for AI security in your organization? Where can you find a comprehensive guide of tools to secure generative AI applications?

These questions are addressed in a new set of resources for AI security from the Open Worldwide Application Security Project’s OWASP Top 10 for LLM Application Security Project. 

The new resources are meant to help organizations securely adopt, develop and deploy LLM and generative AI systems and applications “with a comprehensive strategy encompassing governance, collaboration and practical tools,” OWASP said in a statement.

These are the new resources:

• “The Guide for Preparing and Responding to Deepfake Events,” which unpacks four types of deepfake schemes – financial fraud, job interview fraud, social engineering and misinformation – and offers guidance about each one in these areas:
  • preparation
  • detection and analysis
  • containment eradication and recovery
  • post-incident activity
• “The LLM and GenAI Center of Excellence Guide,” which aims to help CISOs and fellow organization leaders create a center of excellence for generative AI security that facilitates collaboration among various teams, including security, legal, data science and operations, so they can develop:
  • Generative AI security policies
  • Risk assessment and management processes
  • Training and awareness
  • Research and development
• “The AI Security Solution Landscape Guide,” which offers security teams a comprehensive catalog of open source and commercial tools for securing LLMs and generative AI applications.

To get more details, read OWASP’s announcement “OWASP Dramatically Expands GenAI Security Guidance.”

For more information about protecting your organization against deepfakes:

• “How to prevent deepfakes in the era of generative AI” (TechTarget)
• “Deepfake scams escalate, hitting more than half of businesses” (Cybersecurity Dive)
• “The AI Threat: Deepfake or Deep Fake? Unraveling the True Security Risks” (SecurityWeek)
• “How deepfakes threaten biometric security controls” (TechTarget)
• “Deepfakes break through as business threat” (CSO)

3 - Fake update variants dominate list of top malware in Q3

Hackers are doubling down on fake software-update attacks.

That’s the main takeaway from the Center for Internet Security’s list of the 10 most prevalent malware used during the third quarter.

Malware variants used to carry out fake browser-update attacks took the top four spots on the list: SocGholish, LandUpdate808, ClearFake and ZPHP. Collectively, they accounted for 77% of the quarter’s malware infections. It's the first time LandUpdate808 and ClearFake appear on this quarterly list.

^{(Source: “Top 10 Malware Q3 2024”, Center for Internet Security, October 2024)}

In a fake software-update attack, a victim gets duped into installing a legitimate-looking update for, say, their preferred browser, that instead infects their computers with malware.

Here’s the full list, in descending order:

• SocGholish, a downloader distributed through malicious websites that tricks users into downloading it by offering fake software updates 
• LandUpdate808, a JavaScript downloader distributed through malicious websites via fake browser updates
• ClearFake, another JavaScript downloader used for fake browser-update attacks
• ZPHP, another JavaScript downloader used for fake software-update attacks
• Agent Tesla, a remote access trojan (RAT) that captures credentials, keystrokes and screenshots
• CoinMiner, a cryptocurrency miner that spreads using Windows Management Instrumentation (WMI)
• Arechclient2, also known as SectopRAT, is a .NET RAT whose capabilities include multiple stealth functions
• Mirai, a malware botnet that compromises IoT devices to launch DDoS attacks
• NanoCore, a RAT that spreads via malspam as a malicious Excel spreadsheet
• Lumma Stealer, an infostealer used to swipe personally identifiable information (PII), credentials, cookies and banking information

To get more information, the CIS blog “Top 10 Malware Q3 2024” offers details, context and indicators of compromise for each malware strain.

For details on fake update attacks:

• “Fake browser updates spread updated WarmCookie malware” (BleepingComputer)
• “Beware: Fake Browser Updates Deliver BitRAT and Lumma Stealer Malware” (The Hacker News)
• “Hackers Use Fake Browser Updates for AMOS Malware Attacks Targeting Mac Users” (MSSP Alert)
• “Malware crooks find an in with fake browser updates, in case real ones weren't bad enough” (The Register)
• “Fake Google Chrome errors trick you into running malicious PowerShell scripts” (BleepingComputer)

VIDEO

Fake Chrome Update Malware (The PC Security Channel)

4 - CISA’s first international plan unveiled

CISA has released its first-ever international plan, which outlines a strategy for boosting the agency’s collaboration with cybersecurity agencies from other countries.

Aligning cybersecurity efforts and goals with international partners is critical for tackling cyberthreats in the U.S. and abroad, according to the agency.

The three core pillars of CISA’s “2025 - 2026 International Strategic Plan” are:

• Help make more resilient other countries’ assets, systems and networks that impact U.S. critical infrastructure
• Boost the integrated cyber defenses of the U.S. and its international partners against their shared global cyberthreats
• Unify the coordination of international activities to strengthen cyberdefenses collectively

The plan will allow CISA to “reduce risk to the globally interconnected and interdependent cyber and physical infrastructure that Americans rely on every day,” CISA Director Jen Easterly said in a statement.

5 - Interpol hits phishers, ransomware gangs, info stealers

Interpol and its partners took down 22,000 malicious IP addresses and seized thousands of servers, laptops, and mobile phones used by cybercriminals to conduct phishing scams, deploy ransomware and steal information.

The four-month global operation, titled Synergia II and announced this week, involved law enforcement agencies and private-sector partners from 95 countries and netted 41 arrests.

“Together, we’ve not only dismantled malicious infrastructure but also prevented hundreds of thousands of potential victims from falling prey to cybercrime,” Neal Jetton, Director of Interpol’s Cybercrime Directorate, said in a statement.

In Hong Kong, more than 1,000 servers were taken offline, while authorities in Macau, China took another 291 servers offline. Meanwhile, in Estonia, authorities seized 80GB of server data, which is now being analyzed for links to phishing and banking malware.

For more information about global cybercrime trends:

• “AI-Powered Cybercrime Cartels on the Rise in Asia” (Dark Reading)
• “AI Now a Staple in Phishing Kits Sold to Hackers” (MSSP Alert)
• “The Business of Cybercrime Explodes” (BankDirector)
• “Nation state actors increasingly hide behind cybercriminal tactics and malware” (CSO)

6 - IST: Ransomware attacks surged in 2023

Ransomware gangs went into hyperdrive last year, increasing their attacks by 73% compared with 2022, according to the non-profit think tank Institute for Security and Technology (IST).

The IST attributes the sharp increase in attacks to a shift by ransomware groups to “big game hunting” – going after prominent, large organizations with deep pockets. 

“Available evidence suggests that government and industry actions taken in 2023 were not enough to significantly reduce the profitability of the ransomware model,” reads an IST blog.

Global Ransomware Incidents in 2023

Another takeaway: The ransomware-as-a-service (RaaS) model continued to prove extremely profitable in 2023, and it injected dynamism into the ransomware ecosystem. 

The RaaS model prompted ransomware groups “to shift allegiances, form new groups, or iterate existing variants,” the IST blog reads.

The industry sector that ransomware groups hit the hardest was construction, followed by hospitals and healthcare, and by IT services and consulting. Financial services and law offices rounded out the top five.

To learn more about ransomware trends:

• “Ransomware Is ‘More Brutal’ Than Ever in 2024” (Wired)
• “Ransomware on track for record profits, even as fewer victims pay” (SC Magazine)
• “How Can I Protect Against Ransomware?” (CISA)
• “How to prevent ransomware in 6 steps” (TechTarget)
• “Steps to Help Prevent & Limit the Impact of Ransomware” (Center for Internet Security)

ITU-T X.1242 - Supplement on guidelines on countermeasures against short message service phishing and smishing attacks

Knowing the differences between threats can lead to more nuanced conversations about which security measures clients should invest in, writes Barracuda MSP's Chris Crellin.

Phishing has been around for years, yet it still proves to be a major online threat. To continue profiting, cybercriminals must continuously adapt their techniques.

The personal information of more than 200,000 people in Los Angeles County was potentially exposed after a hacker used a phishing email to steal login credentials.

Phishing scammers need a little help scamming you!

Russian phishing scammers pretending to be the UPS, sending you a UPS Tracking number through FilesTube. Confused? Well we are!

Britis Airways E-ticket Phishing scam

Your Verizon Wireless bill from the IRS. Wow, they must be serious about collecting the outstanding amount, because they called fridaysug85 to do the collection!

The shortest phishing scam e-mail ever!

This phishing scammer decided to skip the normal mumbo jumbo and just send the phishing link.

Another lame attempt at defrauding honest tax-paying South Africans. These phishing scammers could have at least used a better logo in their e-mail.

A Yahoo Notification from AOL? Are the phishing scammers getting confused?

An e-mail from Yahoo (or is that AOL?) to Yahoo about your mailbox exceeding its limits... What limits? Are you confused yet?

An extremely legitimate looking phishing scam aimed at NatWest credit card holders.

Phishing scammers targeting Nedbank customers with malware.

Malware phishing scammers targeting ABSA customers with the ZBot Trojan.

A very lame attempt at defrauding Yahoo! users.

A Liberty Life Debit Order Authorization from Microsoft, via Standard Bank. This is enough to make anyone confused. Clearly these phishing scammers did not think this one through.

A very convincing Paypal Phishing scam. No matter how hard they try, to the trained eye, it will always be obvious that this is a scam.

An eBay phishing scammer trying to pique your curiosity.

A fake Chase e-mail that has PHISHING written all over it.

The most confusing Paypal phishing scam ever!

Phishing scammers using UCount awards as bait to steal your Standard Bank Internet Banking login details.

We would like to warn our visitors about the latest phishing scam trend involving very legitimate looking e-mails containing an HTML attachment that redirects to the actual phishing site. This method seems to be very effective and a lot of people are tricked by this. Review the comments section of this scam example and make sure you apply these hints to every e-mail that appears to be from your bank to distinguish the fake e-mails from the real ones. Feel free to contact us if you have doubts about the legitimacy of an e-mail that your received.

Cybersecurity researchers are calling attention to a new sophisticated tool called GoIssue that can be used to send phishing messages at scale targeting GitHub users. The program, first marketed by a threat actor named cyberdluffy (aka Cyber D' Luffy) on the Runion forum earlier this August, is advertised as a tool that allows criminal actors to extract email addresses from public GitHub

May 30, 2024

Gen AI tools are rapidly making these emails more advanced, harder to spot, and significantly more dangerous. Recent research showed that 60% of participants fell victim to artificial intelligence (AI)-automated phishing, which is comparable to the success rates of non-AI-phishing messages created by human experts. Companies need to: 1) understand the asymmetrical capabilities of AI-enhanced phishing, 2) determine the company or division’s phishing threat severity level, and 3) confirm their current phishing awareness routines.

Hackers have been targeting delivery, postal, financial services and human resources

Stina Ehrensvärd has one mission: to keep people safe online. Her Silicon Valley-based company, Yubico, produces the Yubikey, which is designed to stop people being terrible with their passwords. ABOUT WIRED SECURITY Hundreds of cybersecurity professionals, business decision makers and technology influencers met at the second WIRED Security event, at Kings Place, London on September 28 2017. Discover some of the fascinating insights from the speakers here: http://wired.uk/ZOgF8z ABOUT WIRED EVENTS WIRED events shine a spotlight on the innovators, inventors and entrepreneurs who are changing our world for the better. Explore this channel for videos showing on-stage talks, behind-the-scenes action, exclusive interviews and performances from our roster of events. Join us as we uncover the most relevant, up-and-coming trends and meet the people building the future. ABOUT WIRED WIRED brings you the future as it happens - the people, the trends, the big ideas that will change our lives. An award-winning printed monthly and online publication. WIRED is an agenda-setting magazine offering brain food on a wide range of topics, from science, technology and business to pop-culture and politics. CONNECT WITH WIRED Web: http://po.st/WiredVideo Twitter: http://po.st/TwitterWired Facebook: http://po.st/FacebookWired Google+: http://po.st/GoogleWired Instagram: http://po.st/InstagramWired Magazine: http://po.st/MagazineWired Newsletter: http://po.st/NewslettersWired

A research paper documents the fact that older people tend to underestimate their cognitive decline and this could affect their finances; experts say senior citizens could be more vulnerable to cyber scamsters and to financial abuse from their own families

Exclusive: The HNW broker apologised after one of its email accounts was compromised by fraudsters.

In light of the pandemic, EC-Council has made its anti-phishing solution, OhPhish, free to the businesses who need it. OhPhish is built to simulate phishing attacks on any workforce.

Phishing attacks are on the rise and have more than doubled from 2013-2018. In 2018, 64% of businesses experienced a phishing attack – costing nearly $2 million per incident. 1 in 3 consumers will stop supporting a business after they’ve undergone a security breach, and 74% of hackers say they’re rarely impressed by an organization’s...

With phone scams on the rise and a plethora of streaming services flooding the market, how well are we prepared for the 2020s? Spark host Nora Young talks to CRTC Chairperson and CEO Ian Scott.

Phishing scammers need a little help scamming you!

Russian phishing scammers pretending to be the UPS, sending you a UPS Tracking number through FilesTube. Confused? Well we are!