2009 and Phishing - Cyber Security Informer

Real-Time Attacks Against Two-Factor Authentication

Schneier on Security

DECEMBER 14, 2018

Attackers are targeting two-factor authentication systems: Attackers working on behalf of the Iranian government collected detailed information on targets and used that knowledge to write spear-phishing emails that were tailored to the targets' level of operational security, researchers with security firm Certfa Lab said in a blog post.

Authentication

Authentication Passwords Phishing Government

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

SecureWorld News

FEBRUARY 20, 2025

Strengthening identity security Enforce phishing-resistant MFA for all privileged accounts. Cybersecurity awareness and incident response Train employees to recognize phishing attempts and social engineering. Patching and vulnerability management Apply timely security updates to operating systems, software, and firmware.

Ransomware

Ransomware IoT Encryption Social Engineering

Happy 14th Birthday, KrebsOnSecurity!

Krebs on Security

DECEMBER 29, 2023

As of this birthday, I’ve officially been an independent investigative journalist for longer than I was a reporter for The Washington Post (1995-2009). Being Used to Phish So Many of US? But I do want to thank you all for your continued readership, encouragement and support, without which I could not do what I do.

Phishing

Phishing Scams Advertising Mobile

Top Zeus Botnet Suspect “Tank” Arrested in Geneva

Krebs on Security

NOVEMBER 15, 2022

The JabberZeus crew’s name is derived from the malware they used, which was configured to send them a Jabber instant message each time a new victim entered a one-time password code into a phishing page mimicking their bank. In the chat below, “lucky12345” is the Zeus author Bogachev: tank: Are you there?

Banking

Banking Small Business Accountability Malware

How To Protect Against A Phishing Attack And How To Counter Them

SiteLock

AUGUST 27, 2021

In this week’s post, we take a look at “in-the-wild” phishing attacks and talk about how to protect against a phishing attack and how to counter them. Phishing Attack Examples. Here are two examples of phishing attacks that were carried out. Data URI and phishing page. We don’t want that. Gee, thanks, Kyle.

Phishing

Phishing Antivirus Malware Firewall

Spam Kingpin Peter Levashov Gets Time Served

Krebs on Security

JULY 20, 2021

Junk email campaigns touting employment or “money mule” scams cost $300 per million, and phishing emails could be blasted out through Severa’s botnet for the bargain price of $500 per million. One was Alan Ralsky , an American spammer who was convicted in 2009 of paying Severa and other spammers to promote pump-and-dump stock scams.

Antivirus

Antivirus Cybercrime Identity Theft Scams

Stealing More SRE Ideas for Your SOC

Anton on Security

DECEMBER 21, 2021

By the way, this is why the most common starter SOAR playbook is about phishing, a major time-suck of many aspiring SOCs (I’ve heard one spent 40% of analyst time on phishing response and that was after the email security gateway did its work). So people often point out that the value of automation is about saving time. Guess what?

Engineering

Engineering Phishing Ransomware Technology

Stark Industries Solutions: An Iron Hammer in the Cloud

Krebs on Security

MAY 23, 2024

An ad for war.md, circa 2009. ru ) show that in 2009 he was a spammer who peddled knockoff prescription drugs via Rx-Promotion , once one of the largest pharmacy spam moneymaking programs for Russian-speaking affiliates. Neculiti was the owner of war[.]md Cached copies of DonChicho’s vanity domain ( donchicho[.]ru

DDOS

DDOS Internet Internet Government

Russian Cybersecurity Executive Arrested for Alleged Role in 2012 Megahacks

Krebs on Security

JUNE 29, 2023

.” FACCT says on its website that it is a “Russian developer of technologies for combating cybercrime,” and that it works with clients to fight targeted attacks, data leaks, fraud, phishing and brand abuse. A 2009 census found that Russians make up about 24 percent of the population of Kazakhstan.

Cybersecurity

Cybersecurity Cybercrime Hacking Government

Inside ‘Evil Corp,’ a $100M Cybercrime Menace

Krebs on Security

DECEMBER 16, 2019

From 2009 to the present, Aqua’s primary role in the conspiracy was recruiting and managing a continuous supply of unwitting or complicit accomplices to help Evil Corp. “ Dridex “) to steal banking credentials from employees at hundreds of small- to mid-sized companies in the United States and Europe. indep: Yeah.

Cybercrime

Cybercrime Banking Small Business Accountability

Operation Lyrebird: Group-IB assists INTERPOL in identifying suspect behind numerous cybercrimes worldwide

Security Affairs

JULY 6, 2021

According to Group-IB’s Threat Intelligence team, the suspect, dubbed Dr HeX by Group-IB based on one of the nicknames that he used, has been active since at least 2009 and is responsible for a number of cybercrimes, including phishing, defacing, malware development, fraud, and carding that resulted in thousands of unsuspecting victims.

Cybercrime

Cybercrime Phishing Banking Telecommunications

Security Vulnerabilities in Dell Laptops

CyberSecurity Insiders

MAY 6, 2021

Report released by the firm says that the discovered flaw is actually an amalgamation of 5 different flaws that are present on the Dell BIOS Utility Driver called DBUtil and has been in place since 2009.

DDOS

DDOS Phishing Malware Cybersecurity

Experts found 20 Million tax records for Russian citizens exposed online

Security Affairs

OCTOBER 1, 2019

The experts found an unprotected Elasticsearch cluster that was containing personally identifiable information on Russian citizens spanning from 2009 to 2016. “The first database contained more than 14 million personal and tax records from 2010 to 2016, and the second included over 6 million from 2009 to 2015.”

Identity Theft

Identity Theft Scams Advertising Risk

Financial cyberthreats in 2021

SecureList

FEBRUARY 23, 2022

SpyEye, developed in 2009 and described as a “bank Trojan with a form grabbing capability”, surged from the eighth most common banking malware tool with a 3.4% We look at phishing threats commonly encountered by users and companies as well as the prevalence of various Windows and Android-based financial malware.

Banking

Banking Phishing Cryptocurrency Malware

Group-IB Thwarts Chinese Tonto Team Cyberattack

SecureWorld News

FEBRUARY 14, 2023

According to a blog post by Group-IB , the company detected and blocked malicious phishing emails originating from Tonto Team that were targeting its employees. The threat actor has been targeting government, military, energy, financial, educational, healthcare, and technology sector companies since 2009.

Phishing

Phishing Cybersecurity Threat Detection Healthcare

Adventures in Contacting the Russian FSB

Krebs on Security

JUNE 7, 2021

federal prison for his role in the theft of $9 million from RBS WorldPay in 2009. enabling them to engage in disruptive ransomware attacks and phishing campaigns,” reads a Treasury assessment from April 2021. Horohorin’s BadB carding store, badb[.]biz, biz, circa 2007. .

Antivirus

Antivirus VPN Encryption Malware

An ongoing Qbot campaign targeted customers of tens of US banks

Security Affairs

JUNE 18, 2020

Qbot , aka Qakbot , is a data stealer worm with backdoor capabilities that was first detected by Symantec back in 2009. ” The malware is distributed through phishing attacks that attempt to trick victims into visiting websites that use exploits to inject Qbot via a dropper. The campaign targets 36 different U.S.

Banking

Banking Malware Advertising Financial Services

Phishers make a date with your calendar apps

Malwarebytes

MARCH 31, 2022

Calendar to spam in 2009. Calendar app spam leads to phishing pages. According to Bleeping Computer, it’s been abused to send phishing missives. The phish routine ends with that time honoured process of redirecting the phished individual to a real website afterwards.

Phishing

Phishing Password Management Passwords

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Security Affairs

NOVEMBER 28, 2021

North Korea-linked threat actors posed as Samsung recruiters in a spear-phishing campaign aimed at employees at South Korean security firms. North Korea-linked APT group posed as Samsung recruiters is a spear-phishing campaign that targeted South Korean security companies that sell anti-malware solutions, Google TAG researchers reported.

Malware

Malware Phishing Antivirus Hacking

North Korea-linked Lazarus APT targets the COVID-19 research

Security Affairs

DECEMBER 25, 2020

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks.

Cryptocurrency

Cryptocurrency Malware Hacking Phishing

China-linked APT10 group behind new attacks on the Japanese media sector

Security Affairs

SEPTEMBER 15, 2018

The group has been active at least since 2009, in April 2017 experts from PwC UK and BAE Systems uncovered a widespread hacking campaign, tracked as Operation Cloud Hopper , targeting managed service providers (MSPs) in multiple countries worldwide.

Media

Media Advertising Malware Phishing

DHS issued an alert on attacks aimed at Managed Service Providers

Security Affairs

OCTOBER 5, 2018

The group has been active at least since 2009, in April 2017 experts from PwC UK and BAE Systems uncovered a widespread hacking campaign, tracked as Operation Cloud Hopper , targeting managed service providers (MSPs) in multiple countries worldwide.

Advertising

Advertising Manufacturing Healthcare Malware

North Korean Lazarus APT stole credit card data from US and EU stores

Security Affairs

JULY 6, 2020

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems.

Retail

Retail Advertising Malware Hacking

Telehealth: A New Frontier in Medicine—and Security

SecureList

FEBRUARY 1, 2022

Number of data leaks from medical organizations, 2009–2020. With the active development of telehealth, medicine will only become a more commonly used bait, just as the digitalization of banks has turned banking phishing into one of the most popularly used types of phishing. Source: HIPAA Journal.

Phishing

Phishing Healthcare IoT Authentication

North Korea-linked Lazarus APT hides malicious code within BMP image to avoid detection

Security Affairs

APRIL 20, 2021

BMP) image files in a recent spear-phishing campaign targeting entities in South Korea. . Experts from Malwarebytes have uncovered a spear-phishing attack conducted by a North Korea-linked Lazarus APT group that obfuscated a malicious code within a bitmap (.BMP) North Korea-linked Lazarus APT group is abusing bitmap (.BMP)

Phishing

Phishing Hacking Cryptocurrency Malware

RockYou2021: largest password compilation of all time leaked online with 8.4 billion entries

Security Affairs

JUNE 7, 2021

Watch out for incoming spam emails, unsolicited texts, and phishing messages. An example of leaked passwords included in the RockYou2021 compilation: With a collection that exceeds its 12-year-old namesake by more than 262 times, this leak is comparable to the Compilation of Many Breaches (COMB) , the largest data breach compilation ever.

Passwords

Passwords Data breaches Accountability Password Management

North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor

Security Affairs

FEBRUARY 25, 2021

The attack chain starts with COVID19-themed spear-phishing messages that contain either a malicious Word attachment or a link to one hosted on company servers. . The experts discovered the custom backdoor while investigating an incident, it was used by attackers for lateral movements and data exfiltration.

Malware

Malware Cryptocurrency Password Management Encryption

APT10 is back with two new loaders and new versions of known payloads

Security Affairs

MAY 27, 2019

The group has been active at least since 2009, in April 2017 experts from PwC UK and BAE Systems uncovered a widespread hacking campaign, tracked as Operation Cloud Hopper , targeting managed service providers (MSPs) in multiple countries worldwide.

Advertising

Advertising Malware Government Hacking

Social Security Numbers leaked in ransomware attack on Ohio History Connection

Malwarebytes

AUGUST 29, 2023

During the attack, the cybercriminals may have had access to names, addresses, and Social Security Numbers (SSNs) of current and former OHC employees (from 2009 to 2023). Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.

Ransomware

Ransomware Data breaches Passwords Phishing

Personal info of 90k hikers leaked by French tourism company La Malle Postale

Security Affairs

MAY 13, 2023

Founded in 2009, the company provides luggage and passenger transportation services on many popular hiking routes, including the famous Santiago de Compostela pilgrimage trail. Leaked data might also lead to phishing scams. The services are well-reviewed by their clients, with an overall four-star rating on TripAdvisor.

Passwords

Passwords Identity Theft Scams Social Engineering

Nine Top of Mind Issues for CISOs Going Into 2023

Cisco Security

JANUARY 10, 2023

According to Forrester , the term Zero Trust was born in 2009. Traditionally CISOs have talked about the importance of improving security awareness which has resulted in the growth of those test phishing emails we all know and love so much. How Zero Trust will progress. From Security Awareness to Culture Change.

CISO

CISO Insurance Cyber Insurance Phishing

How to lose your password

Thales Cloud Protection & Licensing

NOVEMBER 14, 2017

The modern era of mass data breaches perhaps began in 2009, with the hack of 32 million account credentials held by software developer RockYou, in which a SQL injection attack revealed that passwords were simple held in cleartext in a database table. Taking a password dump from a server isn’t, of course, the only route to compromise.

Passwords

Passwords Internet Internet Data breaches

Hidden Cobra APT used the new ATM cash-out scheme FASTCash to hit banks worldwide

Security Affairs

OCTOBER 3, 2018

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. Experts believe APT threat actors carried out spear-phishing attacks against the bank, malicious messages used Windows executable.

Banking

Banking Retail Advertising Malware

Cloud Hopper operation hit 8 of the world’s biggest IT service providers

Security Affairs

JUNE 27, 2019

The group has been active at least since 2009, in April 2017 experts from PwC UK and BAE Systems uncovered a widespread hacking campaign, tracked as Operation Cloud Hopper , targeting managed service providers (MSPs) in multiple countries worldwide. ” continues the report.

Identity Theft

Identity Theft Hacking Advertising System Administration

Mysterious DarkUniverse APT remained undetected for 8 years

Security Affairs

NOVEMBER 5, 2019

The DarkUniverse has been active at least from 2009 until 2017. The DarkUniverse APT carried spear-phishing attacks using weaponized Microsoft Office document, each email was prepared separately for each victim. .” The dump also included an intriguing Pyton script named sigs.py

Malware

Malware Advertising Accountability Phishing

EU has imposed sanctions on foreign actors for the first time ever

Security Affairs

JULY 31, 2020

The group has been active at least since 2009, in April 2017 experts from PwC UK and BAE Systems uncovered a widespread hacking campaign, tracked as Operation Cloud Hopper , targeting managed service providers (MSPs) in multiple countries worldwide.

Cyber Attacks

Cyber Attacks Hacking Advertising Government

US DoJ indicts Chinese hackers over state-sponsored cyber espionage

Security Affairs

DECEMBER 21, 2018

The group has been active at least since 2009, in April 2017 experts from PwC UK and BAE Systems uncovered a widespread hacking campaign, tracked as Operation Cloud Hopper , targeting managed service providers (MSPs) in multiple countries worldwide.

Computers and Electronics

Computers and Electronics Identity Theft Technology Manufacturing

North Korea-linked Lazarus APT used Windows Update client and GitHub in recent attacks

Security Affairs

JANUARY 27, 2022

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems.

Malware

Malware Hacking Phishing Ransomware

Billions of FBS Records Exposed in Online Trading Broker Data Leak

Security Affairs

MARCH 24, 2021

Founded in 2009, FBS is an international online forex broker with more than 400,000 partners and 16 million traders spanning over 190 countries. Scams, Phishing and Malware. Leaked contact information may be used to launch scam, phishing and malware attacks against FBS users. The breach is a danger to both FBS and its customers.

Passwords

Passwords Accountability Media Identity Theft

RockYou2024: The Largest Password Compilation (10 Billion) Ever Leaked

SecureWorld News

JULY 8, 2024

The name "RockYou2024" pays homage to the infamous RockYou data breach of 2009, which exposed 32 million passwords due to insecure storage practices. Companies need to make it a priority to set up strong MFA and real-time phishing protection to reduce the risks that come with compromised passwords.

Passwords

Passwords Password Management Education Accountability

Lazarus malware delivered to South Korean users via supply chain attacks

Security Affairs

NOVEMBER 16, 2020

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. In August, F-Secure Labs experts observed a spear-phishing campaign targeting an organization in the cryptocurrency industry.

Malware

Malware Software Cryptocurrency Financial Services

Lazarus group uses fake cryptocurrency apps to plant AppleJeus malware

Malwarebytes

DECEMBER 5, 2022

It's been active since 2009 and is responsible for many high profile attacks. In January of 2022 the Malwarebytes Intelligence Team uncovered a campaign where Lazarus conducted spear phishing attacks weaponized with malicious documents that used a familiar job opportunities theme.

Cryptocurrency

Cryptocurrency Malware Scams Cybercrime

Worldwide law enforcement action takes down major DDoS booter services

Malwarebytes

DECEMBER 16, 2022

Back in the days of Xbox360, especially around 2009, custom made booter services became very popular with gamers. ” As it turns out, pushing that button to win is a lot less intensive than figuring out how to make people run your executable or set up a working phishing page. Why are booters so popular?

DDOS

DDOS Marketing Phishing Risk

Cybersecurity Awareness Month Focuses on People

SecureWorld News

SEPTEMBER 29, 2022

For Charlet, the 2009 Operation Aurora cyberattack on Google was a watershed moment for the company. For example, how do we discern when an email may be phishing; how do you know what to do and what not to do?". Recognizing and reporting phishing. Criminals leverage all of it, exposing people to scams," he said.

Cybersecurity

Cybersecurity Education Security Awareness Password Management

Real-Time Attacks Against Two-Factor Authentication

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

Trending Sources

Happy 14th Birthday, KrebsOnSecurity!

Top Zeus Botnet Suspect “Tank” Arrested in Geneva

How To Protect Against A Phishing Attack And How To Counter Them

Spam Kingpin Peter Levashov Gets Time Served

Stealing More SRE Ideas for Your SOC

Stark Industries Solutions: An Iron Hammer in the Cloud

Russian Cybersecurity Executive Arrested for Alleged Role in 2012 Megahacks

Inside ‘Evil Corp,’ a $100M Cybercrime Menace

Operation Lyrebird: Group-IB assists INTERPOL in identifying suspect behind numerous cybercrimes worldwide

Security Vulnerabilities in Dell Laptops

Experts found 20 Million tax records for Russian citizens exposed online

Financial cyberthreats in 2021

Group-IB Thwarts Chinese Tonto Team Cyberattack

Adventures in Contacting the Russian FSB

An ongoing Qbot campaign targeted customers of tens of US banks

Phishers make a date with your calendar apps

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

North Korea-linked Lazarus APT targets the COVID-19 research

China-linked APT10 group behind new attacks on the Japanese media sector

DHS issued an alert on attacks aimed at Managed Service Providers

North Korean Lazarus APT stole credit card data from US and EU stores

Telehealth: A New Frontier in Medicine—and Security

North Korea-linked Lazarus APT hides malicious code within BMP image to avoid detection

RockYou2021: largest password compilation of all time leaked online with 8.4 billion entries

North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor

APT10 is back with two new loaders and new versions of known payloads

Social Security Numbers leaked in ransomware attack on Ohio History Connection

Personal info of 90k hikers leaked by French tourism company La Malle Postale

Nine Top of Mind Issues for CISOs Going Into 2023

How to lose your password

Hidden Cobra APT used the new ATM cash-out scheme FASTCash to hit banks worldwide

Cloud Hopper operation hit 8 of the world’s biggest IT service providers

Mysterious DarkUniverse APT remained undetected for 8 years

EU has imposed sanctions on foreign actors for the first time ever

US DoJ indicts Chinese hackers over state-sponsored cyber espionage

North Korea-linked Lazarus APT used Windows Update client and GitHub in recent attacks

Billions of FBS Records Exposed in Online Trading Broker Data Leak

RockYou2024: The Largest Password Compilation (10 Billion) Ever Leaked

Lazarus malware delivered to South Korean users via supply chain attacks

Lazarus group uses fake cryptocurrency apps to plant AppleJeus malware

Worldwide law enforcement action takes down major DDoS booter services

Cybersecurity Awareness Month Focuses on People

Stay Connected