2009 and Phishing - Cyber Security Informer

Real-Time Attacks Against Two-Factor Authentication

Schneier on Security

DECEMBER 14, 2018

Attackers are targeting two-factor authentication systems: Attackers working on behalf of the Iranian government collected detailed information on targets and used that knowledge to write spear-phishing emails that were tailored to the targets' level of operational security, researchers with security firm Certfa Lab said in a blog post.

Authentication

Authentication Passwords Phishing Government

Happy 14th Birthday, KrebsOnSecurity!

Krebs on Security

DECEMBER 29, 2023

As of this birthday, I’ve officially been an independent investigative journalist for longer than I was a reporter for The Washington Post (1995-2009). Being Used to Phish So Many of US? But I do want to thank you all for your continued readership, encouragement and support, without which I could not do what I do.

Phishing

Phishing Scams Advertising Mobile

Top Zeus Botnet Suspect “Tank” Arrested in Geneva

Krebs on Security

NOVEMBER 15, 2022

The JabberZeus crew’s name is derived from the malware they used, which was configured to send them a Jabber instant message each time a new victim entered a one-time password code into a phishing page mimicking their bank. In the chat below, “lucky12345” is the Zeus author Bogachev: tank: Are you there?

Banking

Banking Small Business Accountability Cybercrime

How To Protect Against A Phishing Attack And How To Counter Them

SiteLock

AUGUST 27, 2021

In this week’s post, we take a look at “in-the-wild” phishing attacks and talk about how to protect against a phishing attack and how to counter them. Phishing Attack Examples. Here are two examples of phishing attacks that were carried out. Data URI and phishing page. We don’t want that. Gee, thanks, Kyle.

Phishing

Phishing Antivirus Malware Firewall

Spam Kingpin Peter Levashov Gets Time Served

Krebs on Security

JULY 20, 2021

Junk email campaigns touting employment or “money mule” scams cost $300 per million, and phishing emails could be blasted out through Severa’s botnet for the bargain price of $500 per million. One was Alan Ralsky , an American spammer who was convicted in 2009 of paying Severa and other spammers to promote pump-and-dump stock scams.

Antivirus

Antivirus Cybercrime Identity Theft Scams

Stealing More SRE Ideas for Your SOC

Anton on Security

DECEMBER 21, 2021

By the way, this is why the most common starter SOAR playbook is about phishing, a major time-suck of many aspiring SOCs (I’ve heard one spent 40% of analyst time on phishing response and that was after the email security gateway did its work). So people often point out that the value of automation is about saving time. Guess what?

Engineering

Engineering Phishing Ransomware Technology

Operation Lyrebird: Group-IB assists INTERPOL in identifying suspect behind numerous cybercrimes worldwide

Security Affairs

JULY 6, 2021

According to Group-IB’s Threat Intelligence team, the suspect, dubbed Dr HeX by Group-IB based on one of the nicknames that he used, has been active since at least 2009 and is responsible for a number of cybercrimes, including phishing, defacing, malware development, fraud, and carding that resulted in thousands of unsuspecting victims.

Cybercrime

Cybercrime Phishing Banking Telecommunications

Russian Cybersecurity Executive Arrested for Alleged Role in 2012 Megahacks

Krebs on Security

JUNE 29, 2023

.” FACCT says on its website that it is a “Russian developer of technologies for combating cybercrime,” and that it works with clients to fight targeted attacks, data leaks, fraud, phishing and brand abuse. A 2009 census found that Russians make up about 24 percent of the population of Kazakhstan.

Cybersecurity

Cybersecurity Cybercrime Hacking Government

Experts found 20 Million tax records for Russian citizens exposed online

Security Affairs

OCTOBER 1, 2019

The experts found an unprotected Elasticsearch cluster that was containing personally identifiable information on Russian citizens spanning from 2009 to 2016. “The first database contained more than 14 million personal and tax records from 2010 to 2016, and the second included over 6 million from 2009 to 2015.”

Identity Theft

Identity Theft Scams Advertising Risk

Security Vulnerabilities in Dell Laptops

CyberSecurity Insiders

MAY 6, 2021

Report released by the firm says that the discovered flaw is actually an amalgamation of 5 different flaws that are present on the Dell BIOS Utility Driver called DBUtil and has been in place since 2009.

DDOS

DDOS Phishing Malware Cybersecurity

Stark Industries Solutions: An Iron Hammer in the Cloud

Krebs on Security

MAY 23, 2024

An ad for war.md, circa 2009. ru ) show that in 2009 he was a spammer who peddled knockoff prescription drugs via Rx-Promotion , once one of the largest pharmacy spam moneymaking programs for Russian-speaking affiliates. Neculiti was the owner of war[.]md Cached copies of DonChicho’s vanity domain ( donchicho[.]ru

DDOS

DDOS Internet Internet Government

Inside ‘Evil Corp,’ a $100M Cybercrime Menace

Krebs on Security

DECEMBER 16, 2019

From 2009 to the present, Aqua’s primary role in the conspiracy was recruiting and managing a continuous supply of unwitting or complicit accomplices to help Evil Corp. “ Dridex “) to steal banking credentials from employees at hundreds of small- to mid-sized companies in the United States and Europe. indep: Yeah.

Cybercrime

Cybercrime Banking Small Business Accountability

Adventures in Contacting the Russian FSB

Krebs on Security

JUNE 7, 2021

federal prison for his role in the theft of $9 million from RBS WorldPay in 2009. enabling them to engage in disruptive ransomware attacks and phishing campaigns,” reads a Treasury assessment from April 2021. Horohorin’s BadB carding store, badb[.]biz, biz, circa 2007. .

Antivirus

Antivirus VPN Encryption Malware

Financial cyberthreats in 2021

SecureList

FEBRUARY 23, 2022

SpyEye, developed in 2009 and described as a “bank Trojan with a form grabbing capability”, surged from the eighth most common banking malware tool with a 3.4% We look at phishing threats commonly encountered by users and companies as well as the prevalence of various Windows and Android-based financial malware.

Banking

Banking Phishing Cryptocurrency Malware

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Security Affairs

NOVEMBER 28, 2021

North Korea-linked threat actors posed as Samsung recruiters in a spear-phishing campaign aimed at employees at South Korean security firms. North Korea-linked APT group posed as Samsung recruiters is a spear-phishing campaign that targeted South Korean security companies that sell anti-malware solutions, Google TAG researchers reported.

Malware

Malware Phishing Antivirus Hacking

Group-IB Thwarts Chinese Tonto Team Cyberattack

SecureWorld News

FEBRUARY 14, 2023

According to a blog post by Group-IB , the company detected and blocked malicious phishing emails originating from Tonto Team that were targeting its employees. The threat actor has been targeting government, military, energy, financial, educational, healthcare, and technology sector companies since 2009.

Phishing

Phishing Cybersecurity Threat Detection Healthcare

North Korea-linked Lazarus APT targets the COVID-19 research

Security Affairs

DECEMBER 25, 2020

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks.

Cryptocurrency

Cryptocurrency Malware Hacking Phishing

Phishers make a date with your calendar apps

Malwarebytes

MARCH 31, 2022

Calendar to spam in 2009. Calendar app spam leads to phishing pages. According to Bleeping Computer, it’s been abused to send phishing missives. The phish routine ends with that time honoured process of redirecting the phished individual to a real website afterwards.

Phishing

Phishing Password Management Passwords

China-linked APT10 group behind new attacks on the Japanese media sector

Security Affairs

SEPTEMBER 15, 2018

The group has been active at least since 2009, in April 2017 experts from PwC UK and BAE Systems uncovered a widespread hacking campaign, tracked as Operation Cloud Hopper , targeting managed service providers (MSPs) in multiple countries worldwide.

Media

Media Advertising Malware Phishing

DHS issued an alert on attacks aimed at Managed Service Providers

Security Affairs

OCTOBER 5, 2018

The group has been active at least since 2009, in April 2017 experts from PwC UK and BAE Systems uncovered a widespread hacking campaign, tracked as Operation Cloud Hopper , targeting managed service providers (MSPs) in multiple countries worldwide.

Advertising

Advertising Manufacturing Healthcare Malware

North Korean Lazarus APT stole credit card data from US and EU stores

Security Affairs

JULY 6, 2020

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems.

Retail

Retail Advertising Malware Hacking

Telehealth: A New Frontier in Medicine—and Security

SecureList

FEBRUARY 1, 2022

Number of data leaks from medical organizations, 2009–2020. With the active development of telehealth, medicine will only become a more commonly used bait, just as the digitalization of banks has turned banking phishing into one of the most popularly used types of phishing. Source: HIPAA Journal.

Phishing

Phishing Healthcare IoT Authentication

North Korea-linked Lazarus APT hides malicious code within BMP image to avoid detection

Security Affairs

APRIL 20, 2021

BMP) image files in a recent spear-phishing campaign targeting entities in South Korea. . Experts from Malwarebytes have uncovered a spear-phishing attack conducted by a North Korea-linked Lazarus APT group that obfuscated a malicious code within a bitmap (.BMP) North Korea-linked Lazarus APT group is abusing bitmap (.BMP)

Phishing

Phishing Hacking Cryptocurrency Malware

RockYou2021: largest password compilation of all time leaked online with 8.4 billion entries

Security Affairs

JUNE 7, 2021

Watch out for incoming spam emails, unsolicited texts, and phishing messages. An example of leaked passwords included in the RockYou2021 compilation: With a collection that exceeds its 12-year-old namesake by more than 262 times, this leak is comparable to the Compilation of Many Breaches (COMB) , the largest data breach compilation ever.

Passwords

Passwords Data breaches Accountability Password Management

North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor

Security Affairs

FEBRUARY 25, 2021

The attack chain starts with COVID19-themed spear-phishing messages that contain either a malicious Word attachment or a link to one hosted on company servers. . The experts discovered the custom backdoor while investigating an incident, it was used by attackers for lateral movements and data exfiltration.

Malware

Malware Cryptocurrency Password Management Encryption

APT10 is back with two new loaders and new versions of known payloads

Security Affairs

MAY 27, 2019

The group has been active at least since 2009, in April 2017 experts from PwC UK and BAE Systems uncovered a widespread hacking campaign, tracked as Operation Cloud Hopper , targeting managed service providers (MSPs) in multiple countries worldwide.

Advertising

Advertising Malware Government Hacking

Personal info of 90k hikers leaked by French tourism company La Malle Postale

Security Affairs

MAY 13, 2023

Founded in 2009, the company provides luggage and passenger transportation services on many popular hiking routes, including the famous Santiago de Compostela pilgrimage trail. Leaked data might also lead to phishing scams. The services are well-reviewed by their clients, with an overall four-star rating on TripAdvisor.

Passwords

Passwords Identity Theft Scams Social Engineering

How to lose your password

Thales Cloud Protection & Licensing

NOVEMBER 14, 2017

The modern era of mass data breaches perhaps began in 2009, with the hack of 32 million account credentials held by software developer RockYou, in which a SQL injection attack revealed that passwords were simple held in cleartext in a database table. Taking a password dump from a server isn’t, of course, the only route to compromise.

Passwords

Passwords Internet Internet Data breaches

Hidden Cobra APT used the new ATM cash-out scheme FASTCash to hit banks worldwide

Security Affairs

OCTOBER 3, 2018

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. Experts believe APT threat actors carried out spear-phishing attacks against the bank, malicious messages used Windows executable.

Banking

Banking Retail Advertising Malware

EU has imposed sanctions on foreign actors for the first time ever

Security Affairs

JULY 31, 2020

The group has been active at least since 2009, in April 2017 experts from PwC UK and BAE Systems uncovered a widespread hacking campaign, tracked as Operation Cloud Hopper , targeting managed service providers (MSPs) in multiple countries worldwide.

Cyber Attacks

Cyber Attacks Hacking Advertising Government

Cloud Hopper operation hit 8 of the world’s biggest IT service providers

Security Affairs

JUNE 27, 2019

The group has been active at least since 2009, in April 2017 experts from PwC UK and BAE Systems uncovered a widespread hacking campaign, tracked as Operation Cloud Hopper , targeting managed service providers (MSPs) in multiple countries worldwide. ” continues the report.

Identity Theft

Identity Theft Hacking Advertising System Administration

Mysterious DarkUniverse APT remained undetected for 8 years

Security Affairs

NOVEMBER 5, 2019

The DarkUniverse has been active at least from 2009 until 2017. The DarkUniverse APT carried spear-phishing attacks using weaponized Microsoft Office document, each email was prepared separately for each victim. .” The dump also included an intriguing Pyton script named sigs.py

Malware

Malware Advertising Accountability Phishing

North Korea-linked Lazarus APT used Windows Update client and GitHub in recent attacks

Security Affairs

JANUARY 27, 2022

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems.

Malware

Malware Hacking Phishing Ransomware

Billions of FBS Records Exposed in Online Trading Broker Data Leak

Security Affairs

MARCH 24, 2021

Founded in 2009, FBS is an international online forex broker with more than 400,000 partners and 16 million traders spanning over 190 countries. Scams, Phishing and Malware. Leaked contact information may be used to launch scam, phishing and malware attacks against FBS users. The breach is a danger to both FBS and its customers.

Passwords

Passwords Accountability Media Identity Theft

Lazarus malware delivered to South Korean users via supply chain attacks

Security Affairs

NOVEMBER 16, 2020

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. In August, F-Secure Labs experts observed a spear-phishing campaign targeting an organization in the cryptocurrency industry.

Malware

Malware Software Cryptocurrency Financial Services

Nine Top of Mind Issues for CISOs Going Into 2023

Cisco Security

JANUARY 10, 2023

According to Forrester , the term Zero Trust was born in 2009. Traditionally CISOs have talked about the importance of improving security awareness which has resulted in the growth of those test phishing emails we all know and love so much. How Zero Trust will progress. From Security Awareness to Culture Change.

CISO

CISO Insurance Cyber Insurance Phishing

Social Security Numbers leaked in ransomware attack on Ohio History Connection

Malwarebytes

AUGUST 29, 2023

During the attack, the cybercriminals may have had access to names, addresses, and Social Security Numbers (SSNs) of current and former OHC employees (from 2009 to 2023). Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.

Ransomware

Ransomware Data breaches Passwords Phishing

RockYou2024: The Largest Password Compilation (10 Billion) Ever Leaked

SecureWorld News

JULY 8, 2024

The name "RockYou2024" pays homage to the infamous RockYou data breach of 2009, which exposed 32 million passwords due to insecure storage practices. Companies need to make it a priority to set up strong MFA and real-time phishing protection to reduce the risks that come with compromised passwords.

Passwords

Passwords Password Management Education Accountability

TOP 10 unattributed APT mysteries

SecureList

OCTOBER 7, 2022

It was active in the wild for at least for eight years—from 2009 to 2017—and targeted at least 20 civilian and military entities in Syria, Iran, Afghanistan, Tanzania, Ethiopia, Sudan, Russia, Belarus, and the United Arab Emirates. The malware spreads through spear-phishing emails with a malicious Microsoft Office document as attachment.

Malware

Malware Computers and Electronics Telecommunications Encryption

Cyber Security Roundup for May 2021

Security Boulevard

MAY 3, 2021

The Problem with Website Passwords (from Blog Post from 2009). Phishing Scammers imitate Windows logo with HTML Tables to Slip through Email Gateways. An example they give is " RedPantsTree ", which is unlikely to be used anywhere else online. Passwords are and have always been an Achilles Heel in Cybersecurity. Stay safe and secure.

Ransomware

Ransomware Passwords Scams Government

Worldwide law enforcement action takes down major DDoS booter services

Malwarebytes

DECEMBER 16, 2022

Back in the days of Xbox360, especially around 2009, custom made booter services became very popular with gamers. ” As it turns out, pushing that button to win is a lot less intensive than figuring out how to make people run your executable or set up a working phishing page. Why are booters so popular?

DDOS

DDOS Marketing Phishing Risk

Platinum APT and leverages steganography to hide C2 communications

Security Affairs

JUNE 6, 2019

According to Microsoft, the Platinum has been active since at least 2009, it was responsible for spear phishing attacks on ISPs, government organizations, intelligence agencies, and defense institutes. The APT group was discovered by Microsoft in 2016, it targeted organizations in South and Southeast.

Encryption

Encryption Government Advertising Cyber Attacks

Endpoint security for Mac: 3 best practices

Malwarebytes

JULY 14, 2022

Phishing attacks, vulnerability exploits, DDoS attacks, and much more threaten your company’s Macs at any time — and if any of them are successful, it could cost your business millions in lost productivity and information theft. And it’s not just malware you have to worry about with your Mac endpoints.

DNS

DNS Adware Malware Antivirus

Lazarus group uses fake cryptocurrency apps to plant AppleJeus malware

Malwarebytes

DECEMBER 5, 2022

It's been active since 2009 and is responsible for many high profile attacks. In January of 2022 the Malwarebytes Intelligence Team uncovered a campaign where Lazarus conducted spear phishing attacks weaponized with malicious documents that used a familiar job opportunities theme.

Cryptocurrency

Cryptocurrency Malware Scams Cybercrime

Real-Time Attacks Against Two-Factor Authentication

Happy 14th Birthday, KrebsOnSecurity!

Trending Sources

Top Zeus Botnet Suspect “Tank” Arrested in Geneva

How To Protect Against A Phishing Attack And How To Counter Them

Spam Kingpin Peter Levashov Gets Time Served

Stealing More SRE Ideas for Your SOC

Operation Lyrebird: Group-IB assists INTERPOL in identifying suspect behind numerous cybercrimes worldwide

Russian Cybersecurity Executive Arrested for Alleged Role in 2012 Megahacks

Experts found 20 Million tax records for Russian citizens exposed online

Security Vulnerabilities in Dell Laptops

Stark Industries Solutions: An Iron Hammer in the Cloud

Inside ‘Evil Corp,’ a $100M Cybercrime Menace

Adventures in Contacting the Russian FSB

Financial cyberthreats in 2021

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Group-IB Thwarts Chinese Tonto Team Cyberattack

North Korea-linked Lazarus APT targets the COVID-19 research

Phishers make a date with your calendar apps

China-linked APT10 group behind new attacks on the Japanese media sector

DHS issued an alert on attacks aimed at Managed Service Providers

North Korean Lazarus APT stole credit card data from US and EU stores

Telehealth: A New Frontier in Medicine—and Security

North Korea-linked Lazarus APT hides malicious code within BMP image to avoid detection

RockYou2021: largest password compilation of all time leaked online with 8.4 billion entries

North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor

APT10 is back with two new loaders and new versions of known payloads

Personal info of 90k hikers leaked by French tourism company La Malle Postale

How to lose your password

Hidden Cobra APT used the new ATM cash-out scheme FASTCash to hit banks worldwide

EU has imposed sanctions on foreign actors for the first time ever

Cloud Hopper operation hit 8 of the world’s biggest IT service providers

Mysterious DarkUniverse APT remained undetected for 8 years

North Korea-linked Lazarus APT used Windows Update client and GitHub in recent attacks

Billions of FBS Records Exposed in Online Trading Broker Data Leak

Lazarus malware delivered to South Korean users via supply chain attacks

Nine Top of Mind Issues for CISOs Going Into 2023

Social Security Numbers leaked in ransomware attack on Ohio History Connection

RockYou2024: The Largest Password Compilation (10 Billion) Ever Leaked

TOP 10 unattributed APT mysteries

Cyber Security Roundup for May 2021

Worldwide law enforcement action takes down major DDoS booter services

Platinum APT and leverages steganography to hide C2 communications

Endpoint security for Mac: 3 best practices

Lazarus group uses fake cryptocurrency apps to plant AppleJeus malware

Stay Connected