2009 and Phishing - Cyber Security Informer

Thread Hijacking: Phishes That Prey on Your Curiosity

Krebs on Security

MARCH 28, 2024

Here’s the story of a recent thread hijacking attack in which a journalist was copied on a phishing email from the unwilling subject of a recent scoop. Instead, he forwarded the messages to LancasterOneline’s IT team, which quickly flagged them as phishing attempts. “We were just perplexed,” Murse said.

Phishing

Phishing Scams Accountability Passwords

Real-Time Attacks Against Two-Factor Authentication

Schneier on Security

DECEMBER 14, 2018

Attackers are targeting two-factor authentication systems: Attackers working on behalf of the Iranian government collected detailed information on targets and used that knowledge to write spear-phishing emails that were tailored to the targets' level of operational security, researchers with security firm Certfa Lab said in a blog post.

Authentication

Authentication Passwords Phishing Government

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

SecureWorld News

FEBRUARY 20, 2025

Strengthening identity security Enforce phishing-resistant MFA for all privileged accounts. Cybersecurity awareness and incident response Train employees to recognize phishing attempts and social engineering. Patching and vulnerability management Apply timely security updates to operating systems, software, and firmware.

Ransomware

Ransomware IoT Encryption Social Engineering

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

Happy 14th Birthday, KrebsOnSecurity!

Krebs on Security

DECEMBER 29, 2023

As of this birthday, I’ve officially been an independent investigative journalist for longer than I was a reporter for The Washington Post (1995-2009). Being Used to Phish So Many of US? But I do want to thank you all for your continued readership, encouragement and support, without which I could not do what I do.

Phishing

Phishing Scams Advertising Mobile

How To Protect Against A Phishing Attack And How To Counter Them

SiteLock

AUGUST 27, 2021

In this week’s post, we take a look at “in-the-wild” phishing attacks and talk about how to protect against a phishing attack and how to counter them. Phishing Attack Examples. Here are two examples of phishing attacks that were carried out. Data URI and phishing page. We don’t want that. Gee, thanks, Kyle.

Phishing

Phishing Antivirus Malware Firewall

Stealing More SRE Ideas for Your SOC

Anton on Security

DECEMBER 21, 2021

By the way, this is why the most common starter SOAR playbook is about phishing, a major time-suck of many aspiring SOCs (I’ve heard one spent 40% of analyst time on phishing response and that was after the email security gateway did its work). So people often point out that the value of automation is about saving time. Guess what?

Engineering

Engineering Phishing Ransomware Technology

Stark Industries Solutions: An Iron Hammer in the Cloud

Krebs on Security

MAY 23, 2024

An ad for war.md, circa 2009. ru ) show that in 2009 he was a spammer who peddled knockoff prescription drugs via Rx-Promotion , once one of the largest pharmacy spam moneymaking programs for Russian-speaking affiliates. Neculiti was the owner of war[.]md Cached copies of DonChicho’s vanity domain ( donchicho[.]ru

DDOS

DDOS Internet Internet Government

Russian Cybersecurity Executive Arrested for Alleged Role in 2012 Megahacks

Krebs on Security

JUNE 29, 2023

.” FACCT says on its website that it is a “Russian developer of technologies for combating cybercrime,” and that it works with clients to fight targeted attacks, data leaks, fraud, phishing and brand abuse. A 2009 census found that Russians make up about 24 percent of the population of Kazakhstan.

Cybersecurity

Cybersecurity Cybercrime Hacking Government

Operation Lyrebird: Group-IB assists INTERPOL in identifying suspect behind numerous cybercrimes worldwide

Security Affairs

JULY 6, 2021

According to Group-IB’s Threat Intelligence team, the suspect, dubbed Dr HeX by Group-IB based on one of the nicknames that he used, has been active since at least 2009 and is responsible for a number of cybercrimes, including phishing, defacing, malware development, fraud, and carding that resulted in thousands of unsuspecting victims.

Cybercrime

Cybercrime Phishing Banking Telecommunications

Experts found 20 Million tax records for Russian citizens exposed online

Security Affairs

OCTOBER 1, 2019

The experts found an unprotected Elasticsearch cluster that was containing personally identifiable information on Russian citizens spanning from 2009 to 2016. “The first database contained more than 14 million personal and tax records from 2010 to 2016, and the second included over 6 million from 2009 to 2015.”

Identity Theft

Identity Theft Scams Advertising Risk

Security Vulnerabilities in Dell Laptops

CyberSecurity Insiders

MAY 6, 2021

Report released by the firm says that the discovered flaw is actually an amalgamation of 5 different flaws that are present on the Dell BIOS Utility Driver called DBUtil and has been in place since 2009.

DDOS

DDOS Phishing Malware Software

Financial cyberthreats in 2021

SecureList

FEBRUARY 23, 2022

SpyEye, developed in 2009 and described as a “bank Trojan with a form grabbing capability”, surged from the eighth most common banking malware tool with a 3.4% We look at phishing threats commonly encountered by users and companies as well as the prevalence of various Windows and Android-based financial malware.

Banking

Banking Phishing Cryptocurrency Malware

Group-IB Thwarts Chinese Tonto Team Cyberattack

SecureWorld News

FEBRUARY 14, 2023

According to a blog post by Group-IB , the company detected and blocked malicious phishing emails originating from Tonto Team that were targeting its employees. The threat actor has been targeting government, military, energy, financial, educational, healthcare, and technology sector companies since 2009.

Phishing

Phishing Cybersecurity Threat Detection Healthcare

An ongoing Qbot campaign targeted customers of tens of US banks

Security Affairs

JUNE 18, 2020

Qbot , aka Qakbot , is a data stealer worm with backdoor capabilities that was first detected by Symantec back in 2009. ” The malware is distributed through phishing attacks that attempt to trick victims into visiting websites that use exploits to inject Qbot via a dropper. The campaign targets 36 different U.S.

Banking

Banking Malware Advertising Financial Services

Adventures in Contacting the Russian FSB

Krebs on Security

JUNE 7, 2021

federal prison for his role in the theft of $9 million from RBS WorldPay in 2009. enabling them to engage in disruptive ransomware attacks and phishing campaigns,” reads a Treasury assessment from April 2021. Horohorin’s BadB carding store, badb[.]biz, biz, circa 2007. .

Antivirus

Antivirus VPN Encryption Malware

Phishers make a date with your calendar apps

Malwarebytes

MARCH 31, 2022

Calendar to spam in 2009. Calendar app spam leads to phishing pages. According to Bleeping Computer, it’s been abused to send phishing missives. The phish routine ends with that time honoured process of redirecting the phished individual to a real website afterwards.

Phishing

Phishing Password Management Passwords

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Security Affairs

NOVEMBER 28, 2021

North Korea-linked threat actors posed as Samsung recruiters in a spear-phishing campaign aimed at employees at South Korean security firms. North Korea-linked APT group posed as Samsung recruiters is a spear-phishing campaign that targeted South Korean security companies that sell anti-malware solutions, Google TAG researchers reported.

Malware

Malware Phishing Antivirus Hacking

China-linked APT10 group behind new attacks on the Japanese media sector

Security Affairs

SEPTEMBER 15, 2018

The group has been active at least since 2009, in April 2017 experts from PwC UK and BAE Systems uncovered a widespread hacking campaign, tracked as Operation Cloud Hopper , targeting managed service providers (MSPs) in multiple countries worldwide.

Media

Media Advertising Malware Phishing

DHS issued an alert on attacks aimed at Managed Service Providers

Security Affairs

OCTOBER 5, 2018

The group has been active at least since 2009, in April 2017 experts from PwC UK and BAE Systems uncovered a widespread hacking campaign, tracked as Operation Cloud Hopper , targeting managed service providers (MSPs) in multiple countries worldwide.

Advertising

Advertising Manufacturing Healthcare Malware

North Korean Lazarus APT stole credit card data from US and EU stores

Security Affairs

JULY 6, 2020

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems.

Retail

Retail Advertising Malware Hacking

Telehealth: A New Frontier in Medicine—and Security

SecureList

FEBRUARY 1, 2022

Number of data leaks from medical organizations, 2009–2020. With the active development of telehealth, medicine will only become a more commonly used bait, just as the digitalization of banks has turned banking phishing into one of the most popularly used types of phishing. Source: HIPAA Journal.

Phishing

Phishing Healthcare IoT Authentication

Social Security Numbers leaked in ransomware attack on Ohio History Connection

Malwarebytes

AUGUST 29, 2023

During the attack, the cybercriminals may have had access to names, addresses, and Social Security Numbers (SSNs) of current and former OHC employees (from 2009 to 2023). Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.

Ransomware

Ransomware Data breaches Passwords Phishing

North Korea-linked Lazarus APT hides malicious code within BMP image to avoid detection

Security Affairs

APRIL 20, 2021

BMP) image files in a recent spear-phishing campaign targeting entities in South Korea. . Experts from Malwarebytes have uncovered a spear-phishing attack conducted by a North Korea-linked Lazarus APT group that obfuscated a malicious code within a bitmap (.BMP) North Korea-linked Lazarus APT group is abusing bitmap (.BMP)

Phishing

Phishing Hacking Cryptocurrency Malware

RockYou2021: largest password compilation of all time leaked online with 8.4 billion entries

Security Affairs

JUNE 7, 2021

Watch out for incoming spam emails, unsolicited texts, and phishing messages. An example of leaked passwords included in the RockYou2021 compilation: With a collection that exceeds its 12-year-old namesake by more than 262 times, this leak is comparable to the Compilation of Many Breaches (COMB) , the largest data breach compilation ever.

Passwords

Passwords Data breaches Accountability Password Management

North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor

Security Affairs

FEBRUARY 25, 2021

The attack chain starts with COVID19-themed spear-phishing messages that contain either a malicious Word attachment or a link to one hosted on company servers. . The experts discovered the custom backdoor while investigating an incident, it was used by attackers for lateral movements and data exfiltration.

Malware

Malware Cryptocurrency Password Management Encryption

APT10 is back with two new loaders and new versions of known payloads

Security Affairs

MAY 27, 2019

The group has been active at least since 2009, in April 2017 experts from PwC UK and BAE Systems uncovered a widespread hacking campaign, tracked as Operation Cloud Hopper , targeting managed service providers (MSPs) in multiple countries worldwide.

Advertising

Advertising Malware Government Hacking

Personal info of 90k hikers leaked by French tourism company La Malle Postale

Security Affairs

MAY 13, 2023

Founded in 2009, the company provides luggage and passenger transportation services on many popular hiking routes, including the famous Santiago de Compostela pilgrimage trail. Leaked data might also lead to phishing scams. The services are well-reviewed by their clients, with an overall four-star rating on TripAdvisor.

Passwords

Passwords Identity Theft Scams Social Engineering

Nine Top of Mind Issues for CISOs Going Into 2023

Cisco Security

JANUARY 10, 2023

According to Forrester , the term Zero Trust was born in 2009. Traditionally CISOs have talked about the importance of improving security awareness which has resulted in the growth of those test phishing emails we all know and love so much. How Zero Trust will progress. From Security Awareness to Culture Change.

CISO

CISO Insurance Cyber Insurance Phishing

How to lose your password

Thales Cloud Protection & Licensing

NOVEMBER 14, 2017

The modern era of mass data breaches perhaps began in 2009, with the hack of 32 million account credentials held by software developer RockYou, in which a SQL injection attack revealed that passwords were simple held in cleartext in a database table. Taking a password dump from a server isn’t, of course, the only route to compromise.

Passwords

Passwords Internet Internet Data breaches

Hidden Cobra APT used the new ATM cash-out scheme FASTCash to hit banks worldwide

Security Affairs

OCTOBER 3, 2018

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. Experts believe APT threat actors carried out spear-phishing attacks against the bank, malicious messages used Windows executable.

Banking

Banking Retail Advertising Malware

Cloud Hopper operation hit 8 of the world’s biggest IT service providers

Security Affairs

JUNE 27, 2019

The group has been active at least since 2009, in April 2017 experts from PwC UK and BAE Systems uncovered a widespread hacking campaign, tracked as Operation Cloud Hopper , targeting managed service providers (MSPs) in multiple countries worldwide. ” continues the report.

Identity Theft

Identity Theft Hacking Advertising System Administration

EU has imposed sanctions on foreign actors for the first time ever

Security Affairs

JULY 31, 2020

The group has been active at least since 2009, in April 2017 experts from PwC UK and BAE Systems uncovered a widespread hacking campaign, tracked as Operation Cloud Hopper , targeting managed service providers (MSPs) in multiple countries worldwide.

Cyber Attacks

Cyber Attacks Hacking Advertising Government

Mysterious DarkUniverse APT remained undetected for 8 years

Security Affairs

NOVEMBER 5, 2019

The DarkUniverse has been active at least from 2009 until 2017. The DarkUniverse APT carried spear-phishing attacks using weaponized Microsoft Office document, each email was prepared separately for each victim. .” The dump also included an intriguing Pyton script named sigs.py

Malware

Malware Advertising Accountability Phishing

US DoJ indicts Chinese hackers over state-sponsored cyber espionage

Security Affairs

DECEMBER 21, 2018

The group has been active at least since 2009, in April 2017 experts from PwC UK and BAE Systems uncovered a widespread hacking campaign, tracked as Operation Cloud Hopper , targeting managed service providers (MSPs) in multiple countries worldwide.

Computers and Electronics

Computers and Electronics Identity Theft Technology Manufacturing

North Korea-linked Lazarus APT used Windows Update client and GitHub in recent attacks

Security Affairs

JANUARY 27, 2022

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems.

Malware

Malware Hacking Phishing Ransomware

RockYou2024: The Largest Password Compilation (10 Billion) Ever Leaked

SecureWorld News

JULY 8, 2024

The name "RockYou2024" pays homage to the infamous RockYou data breach of 2009, which exposed 32 million passwords due to insecure storage practices. Companies need to make it a priority to set up strong MFA and real-time phishing protection to reduce the risks that come with compromised passwords.

Passwords

Passwords Password Management Education Accountability

Billions of FBS Records Exposed in Online Trading Broker Data Leak

Security Affairs

MARCH 24, 2021

Founded in 2009, FBS is an international online forex broker with more than 400,000 partners and 16 million traders spanning over 190 countries. Scams, Phishing and Malware. Leaked contact information may be used to launch scam, phishing and malware attacks against FBS users. The breach is a danger to both FBS and its customers.

Passwords

Passwords Accountability Media Identity Theft

Lazarus malware delivered to South Korean users via supply chain attacks

Security Affairs

NOVEMBER 16, 2020

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. In August, F-Secure Labs experts observed a spear-phishing campaign targeting an organization in the cryptocurrency industry.

Malware

Malware Software Cryptocurrency Financial Services

Lazarus group uses fake cryptocurrency apps to plant AppleJeus malware

Malwarebytes

DECEMBER 5, 2022

It's been active since 2009 and is responsible for many high profile attacks. In January of 2022 the Malwarebytes Intelligence Team uncovered a campaign where Lazarus conducted spear phishing attacks weaponized with malicious documents that used a familiar job opportunities theme.

Cryptocurrency

Cryptocurrency Malware Scams Cybercrime

Lazarus APT conceals malicious code within BMP image to drop its RAT

Malwarebytes

APRIL 19, 2021

Lazarus APT is one of the most sophisticated North Korean Threat Actors that has been active since at least 2009. In one of their most recent campaigns Lazarus used a complex targeted phishing attack against security researchers. This attack likely started by distributing phishing emails that were weaponized with a malicious document.

Encryption

Encryption Phishing Malware Media

Endpoint security for Mac: 3 best practices

Malwarebytes

JULY 14, 2022

Phishing attacks, vulnerability exploits, DDoS attacks, and much more threaten your company’s Macs at any time — and if any of them are successful, it could cost your business millions in lost productivity and information theft. And it’s not just malware you have to worry about with your Mac endpoints.

DNS

DNS Adware Malware Antivirus

Worldwide law enforcement action takes down major DDoS booter services

Malwarebytes

DECEMBER 16, 2022

Back in the days of Xbox360, especially around 2009, custom made booter services became very popular with gamers. ” As it turns out, pushing that button to win is a lot less intensive than figuring out how to make people run your executable or set up a working phishing page. Why are booters so popular?

DDOS

DDOS Marketing Phishing Risk

TOP 10 unattributed APT mysteries

SecureList

OCTOBER 7, 2022

It was active in the wild for at least for eight years—from 2009 to 2017—and targeted at least 20 civilian and military entities in Syria, Iran, Afghanistan, Tanzania, Ethiopia, Sudan, Russia, Belarus, and the United Arab Emirates. The malware spreads through spear-phishing emails with a malicious Microsoft Office document as attachment.

Malware

Malware Computers and Electronics Telecommunications Encryption

Cyber Security Roundup for May 2021

Security Boulevard

MAY 3, 2021

The Problem with Website Passwords (from Blog Post from 2009). Phishing Scammers imitate Windows logo with HTML Tables to Slip through Email Gateways. An example they give is " RedPantsTree ", which is unlikely to be used anywhere else online. Passwords are and have always been an Achilles Heel in Cybersecurity. Stay safe and secure.

Ransomware

Ransomware Passwords Scams Government

Thread Hijacking: Phishes That Prey on Your Curiosity

Real-Time Attacks Against Two-Factor Authentication

Webinars

Trending Sources

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

Webinars

Happy 14th Birthday, KrebsOnSecurity!

How To Protect Against A Phishing Attack And How To Counter Them

Stealing More SRE Ideas for Your SOC

Stark Industries Solutions: An Iron Hammer in the Cloud

Russian Cybersecurity Executive Arrested for Alleged Role in 2012 Megahacks

Operation Lyrebird: Group-IB assists INTERPOL in identifying suspect behind numerous cybercrimes worldwide

Experts found 20 Million tax records for Russian citizens exposed online

Security Vulnerabilities in Dell Laptops

Financial cyberthreats in 2021

Group-IB Thwarts Chinese Tonto Team Cyberattack

An ongoing Qbot campaign targeted customers of tens of US banks

Adventures in Contacting the Russian FSB

Phishers make a date with your calendar apps

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

China-linked APT10 group behind new attacks on the Japanese media sector

DHS issued an alert on attacks aimed at Managed Service Providers

North Korean Lazarus APT stole credit card data from US and EU stores

Telehealth: A New Frontier in Medicine—and Security

Social Security Numbers leaked in ransomware attack on Ohio History Connection

North Korea-linked Lazarus APT hides malicious code within BMP image to avoid detection

RockYou2021: largest password compilation of all time leaked online with 8.4 billion entries

North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor

APT10 is back with two new loaders and new versions of known payloads

Personal info of 90k hikers leaked by French tourism company La Malle Postale

Nine Top of Mind Issues for CISOs Going Into 2023

How to lose your password

Hidden Cobra APT used the new ATM cash-out scheme FASTCash to hit banks worldwide

Cloud Hopper operation hit 8 of the world’s biggest IT service providers

EU has imposed sanctions on foreign actors for the first time ever

Mysterious DarkUniverse APT remained undetected for 8 years

US DoJ indicts Chinese hackers over state-sponsored cyber espionage

North Korea-linked Lazarus APT used Windows Update client and GitHub in recent attacks

RockYou2024: The Largest Password Compilation (10 Billion) Ever Leaked

Billions of FBS Records Exposed in Online Trading Broker Data Leak

Lazarus malware delivered to South Korean users via supply chain attacks

Lazarus group uses fake cryptocurrency apps to plant AppleJeus malware

Lazarus APT conceals malicious code within BMP image to drop its RAT

Endpoint security for Mac: 3 best practices

Worldwide law enforcement action takes down major DDoS booter services

TOP 10 unattributed APT mysteries

Cyber Security Roundup for May 2021

Stay Connected