Security Affairs

JANUARY 30, 2019

According to the ENISA Threat Landscape Report 2018, 2018 has brought significant changes in the techniques, tactics, and procedures associated with cybercrime organizations and nation-state actors. 2018 was characterized by significant changes in the cyber threat landscape especially for TTPs associated with threat agent groups.

Cyber threats 108

Cyber threats IoT Social Engineering Advertising 108

SecureWorld News

FEBRUARY 20, 2025

Strengthening identity security Enforce phishing-resistant MFA for all privileged accounts. Cybersecurity awareness and incident response Train employees to recognize phishing attempts and social engineering. Patching and vulnerability management Apply timely security updates to operating systems, software, and firmware.

Ransomware 113

Ransomware IoT Encryption Social Engineering 113

The Last Watchdog

MAY 7, 2019

Human fallibility is the reason social engineering has proven to be so effective – and why phishing persists. Consider these metrics from messaging security firm Proofpoint : •Email-based corporate credential phishing attacks quadrupled in Q3 2018 vs. the previous quarter. Cyber criminals get this.

Phishing 157

Phishing Social Engineering Engineering Antivirus 157

Krebs on Security

AUGUST 30, 2022

A recent spate of SMS phishing attacks from one cybercriminal group has spawned a flurry of breach disclosures from affected companies, which are all struggling to combat the same lingering security threat: The ability of scammers to interact directly with employees through their mobile devices. 2, and Aug.

Mobile 337

Mobile Phishing Authentication Accountability 337

The Last Watchdog

JUNE 21, 2020

RaaS rollout 2015 – 2018. The GandCrab RaaS that appeared in early 2018 was one of the last high-profile threats targeting individuals on a large scale. It vanished from the radar in June 2018, when the ransomware plague took another sharp turn. Targeting enterprises Late 2018 – present day.

Ransomware 243

Ransomware Hacking Encryption Penetration Testing 243

Malwarebytes

APRIL 19, 2022

Since 2018, one of the Lazarus Group’s tactics has been to disguse AppleJeus malware as cryptocurrency trading platforms for both Windows and Mac. Victims are lured into downloading the malware with a variety of social engineering tactics, including spearphishing. Spearphishing campaigns.

Cryptocurrency 139

Cryptocurrency Social Engineering Computers and Electronics Engineering 139

Hacker's King

DECEMBER 17, 2024

First discovered in 2018, it has been used to carry out large-scale ATM cash-out operations. How the Malware Operates Initial Access : Attackers gain access to the targeted network using phishing, exploiting vulnerabilities, or leveraging stolen credentials. Provide incentives for adopting advanced security technologies.

Banking 52

Banking Social Engineering Malware Cyber threats 52

Security Affairs

OCTOBER 18, 2018

Group-IB has estimated that crypto exchanges suffered a total loss of $882 million due to targeted attacks between 2017 and 2018. This data was included in the annual Hi-Tech Crime Trends 2018 report, presented by Group-IB CTO, Dmitry Volkov, at the sixth international Cyber?rimeCon rimeCon conference.

Cyber Attacks 110

Cyber Attacks Cryptocurrency Phishing Social Engineering 110

BH Consulting

OCTOBER 24, 2024

The malevolent seven: ENISA report identifies prime cybersecurity threats Ransomware; malware; social engineering; threats against data; threats against availability (denial of service); information manipulation and interference; and supply chain attacks. MORE Cofense looks at a recent phishing campaign that used HR-related themes.

Social Engineering 69

Social Engineering Passwords Cybersecurity Ransomware 69

Security Affairs

AUGUST 27, 2020

The timeline of uploads might indicate that these emails have been either stolen or acquired on the black market back in October 2018 , and then gradually decrypted by the owner of the bucket. Watch out for potential spam messages and phishing emails. Who had access?

Social Engineering 145

Social Engineering Passwords Marketing Phishing 145

SecureList

NOVEMBER 29, 2024

The campaign, which we dubbed EastWind , used phishing emails with malicious shortcuts attached to deliver malware to target computers. The attack starts with phishing emails purporting to be a court order or summons from an institution in Colombia’s judicial system.

Energy and Utilities 105

Energy and Utilities Ransomware Malware Government 105

CyberSecurity Insiders

APRIL 5, 2023

According to a study conducted by se-curity firm Mandiant, the group has been in operation since 2018 and has now been tasked with carrying out both espionage and financially motivated attacks such as credential harvesting and social engineering.

Hacking 105

Hacking Social Engineering Cryptocurrency Manufacturing 105

Security Affairs

SEPTEMBER 15, 2022

Threat actors used employees’ publicly-available Personally Identifiable Information (PII) and social engineering techniques to impersonate victims and obtain access to files, healthcare portals, payment information, and websites. million payments. ” reads the alert. The attacker stole $3.1 million with this attack.

Healthcare 98

Healthcare Social Engineering Accountability Passwords 98

Security Affairs

OCTOBER 24, 2023

In 2018, Uber had to pay a high price of $148 million for exposing the personal information of 57 million people worldwide – including driver’s license information – after trying to pay the ransom and keep things quiet. Keeping crucial.env files secure is essential, as they could be used to compromise services and applications.

Data breaches 133

Data breaches Social Engineering Phishing DDOS 133

Security Affairs

OCTOBER 10, 2018

Security firm Group-IB has estimated that in H2 2017-H1 2018 cyber attacks caused $49.4 Group-IB, an international company that specializes in preventing cyber attacks, has estimated that in H2 2017-H1 2018 cyber attacks caused $49.4 Attacks on bank customers: The decline of Android Trojans and the triumph of phishing.

Cyber Attacks 108

Cyber Attacks Banking Cyber threats Phishing 108

Krebs on Security

NOVEMBER 6, 2018

In late September 2018, the REACT Task Force spearheaded an investigation that led to the arrest of two Missouri men — both in their early 20s — who are accused of conducting SIM swaps to steal $14 million from a cryptocurrency company based in San Jose, Calif. . million customers.

Mobile 269

Mobile Cryptocurrency Accountability Passwords 269

The Last Watchdog

JUNE 18, 2018

Just prior to this strategic repositioning, I met with Will LaSala, the company’s security evangelist, at RSA Conference 2018. You’re still getting the social engineering of someone sending a text message that you’ve never heard of. The mobile banking app is used as a delivery mechanism.

Banking 173

Banking Mobile Social Engineering Authentication 173

Malwarebytes

FEBRUARY 1, 2023

The danger zone If you made an online purchase from some of the companies that are owned by JD Sports between November 2018 and October 2020, your data may have been accessed by individuals who didn't have permission to do so. JD Sports claims that the affected data was "limited" and did not include credit card details.

Social Engineering 95

Social Engineering Engineering Phishing Scams 95

Security Affairs

AUGUST 18, 2018

billion data records have been exposed in data breached in the first half of 2018. According to a new report titled “ Mid-Year 2018 Data Breach QuickView ” published by the cyber threat intelligence company Risk Based Security some 2.6. billion data records have been exposed in the first half of 2018. billion records.

Data breaches 75

Data breaches Social Engineering Cyber threats Phishing 75

Security Affairs

AUGUST 13, 2020

The APT group RedCurl, discovered by Group-IB Threat Intelligence experts, has been active since at least 2018. The earliest known RedCurl attack dates back to May 2018. As with all subsequent campaigns, the initial compromise vector was a well-written phishing email. From Russia to Canada. Who are you, Mr. Pentester?

Phishing 145

Phishing Social Engineering Banking Advertising 145

The Last Watchdog

MARCH 4, 2019

That’s Gartner’s estimate of global spending on cybersecurity in 2017 and 2018. One tried-and-true incursion method pivots off social engineering. They can be purchased from data theft rings or they can be directly spear phished by the attacker. A network breach begins, of course, with an incursion.

Hacking 212

Hacking Energy and Utilities System Administration Accountability 212

SecureList

MAY 27, 2022

The attackers study their victims carefully and use the information they find to frame social engineering attacks. Since 2018, we have been tracking Roaming Mantis – a threat actor that targets Android devices. The phishing kit market. When opened, this document eventually downloads a backdoor.

Phishing 133

Phishing Spyware Firmware Malware 133

Adam Levin

MARCH 16, 2020

Consider that the average cost for a ransomware attack against a business is about $4,400, and your run of the mill phishing incident weighs in at a much less hefty $500. So Isn’t BEC Just Another Form of Phishing? In September 2019, the Bureau announced that the losses from BEC scams had doubled between May 2018 and July 2019.

Scams 130

Scams Identity Theft Accountability Phishing 130

The Last Watchdog

AUGUST 19, 2021

For T-Mobile, this is the sixth major breach since 2018. Could be phished credentials. Sascha Fahrbach , cybersecurity evangelist, Fudo Security : Our personal data has immense value to cyber criminals; it is very likely that hackers will now weaponize this data to create advanced phishing attacks. Could be a bad actor.

Mobile 235

Mobile Data breaches Authentication Accountability 235

Malwarebytes

OCTOBER 20, 2022

A phishing campaign known to specifically target employees with access to their company's Facebook Business and Ads accounts has significantly widened its net and begun using a first-of-its-kind information-stealing malware to go after crypto wallets. Social engineering attacks and malware form the core of Ducktail's modus operandi.

Social Engineering 94

Social Engineering Malware Accountability Engineering 94

Security Affairs

MAY 24, 2019

Hackers Do a Payroll Diversion Through Phishing. A direct deposit paycheck hack involves getting the necessary details from the victim through a phishing scheme. This method hackers use likely won’t come as a surprise when you consider a few recent statistics about phishing. Plus, in 83.9%

Phishing 110

Phishing Accountability Banking Social Engineering 110

Malwarebytes

JUNE 8, 2021

Sometimes, it’s used even if an attack being discussed is a basic phish, or maybe some very generic malware. Money mules and spear phishing are thrown into the mix alongside social engineering and international theft of money, personal, and confidential information. However, TrickBot is a pretty formidable opponent.

Cybercrime 124

Cybercrime Malware Banking Phishing 124

Digital Shadows

AUGUST 17, 2021

What is Phish(ing)? But, never mind the dozens of other reports and white papers about phishing that come out every year from security industry leaders, let’s take a look at the 2021 Verizon DBIR. Going back a bit, it was also the top attack vector in 2020, 2019, 2018, 2017, 2016, and well, hopefully, you get the picture.

Phishing 52

Phishing Accountability Social Engineering Mobile 52

Security Affairs

OCTOBER 3, 2021

The TA544 group leverages phishing and social engineering techniques to lure victims into enabling macro included in weaponized documents. Since 2018, attackers have employed very sophisticated techniques in their attacks. Upon enabling the macro, the infection process will start. ” Martire told me.

Malware 110

Malware Banking Social Engineering Retail 110

The Last Watchdog

MARCH 25, 2019

In late 2018, the USPS Informed Delivery service was hit with a massive data breach, exposing 60 million records. This has created some new problems for security teams because there is no particular place where they can look to address potential security problems at the API level. This dynamic came into play at the U.S. Postal Service.

Digital transformation 154

Digital transformation Software Data breaches Authentication 154

Spinone

MARCH 18, 2019

As we look at the past year of 2018, it is all too easy to see that data breach or leak of sensitive information is not a problem that is going away anytime soon. Let’s take a look at the top Cloud Data Breaches in 2018 and see how they were carried out, what data was leaked, and the weakness that was exposed by the breach.

Data breaches 53

Data breaches Computers and Electronics Accountability Technology 53

Security Affairs

FEBRUARY 1, 2019

Security experts at Cybaze – Yoroi ZLab have analyzed a new sample of the AdvisorsBot malware, a downloader that was first spotted in August 2018. Last DNS activity was in December 2018. As usual, the malware looks like a legitimate e-mail attachment, named as “invoice.doc”. Figure 14 – previous DNS of C2.

Malware 109

Malware DNS Social Engineering Advertising 109

Security Through Education

NOVEMBER 9, 2021

Charity Fraud Scam Vectors and Social Engineering Techniques. Some of these include phishing, vishing , social media, and crowdfunding platforms. Phishing attacks are done over email and are one of the most popular vectors for scammers and cyber criminals.

Scams 98

Scams Social Engineering Media Phishing 98

Malwarebytes

MARCH 29, 2021

Phishing campaigns aimed at harvesting as many user credentials as possible, for example, are a dime a dozen. True social engineers, or just desperate? What we believed to be the first variant of this scam in 2018 was simple and solely focused on misusing the Steam trading function.

Scams 145

Scams Accountability Social Engineering Passwords 145

Lenny Zeltser

MAY 3, 2019

Campaign attackers have been highly effective at fooling victims into revealing their logon credentials to copycat websites (phishing). Many of the attack tactics involved elements of social engineering–persuasion tactics that take advantage of human psychology to trick victims into taking actions that have aided the adversaries.

Cybersecurity 111

Cybersecurity Social Engineering Authentication Software 111

Malwarebytes

FEBRUARY 9, 2022

Other cybercrimes that specifically target accounts are spear phishing, social engineering attacks, and password sprays —basic password attack tactics that nation-states carry out against target companies and governments. For example, from January to December 2021, Microsoft detected a jaw-dropping 25.6

Authentication 91

Authentication Social Engineering Passwords Accountability 91

Krebs on Security

OCTOBER 25, 2018

The fraudsters behind the often laughable Nigerian prince email scams have long since branched out into far more serious and lucrative forms of fraud, including account takeovers, phishing, dating scams, and malware deployment. The FBI says BEC scams netted thieves more than $12 billion between 2013 and 2018.

Scams 228

Scams Accountability Media Banking 228