Trustwave SpiderLabs’ 2024 Public Sector Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies report details the security issues facing public sector security teams as they try to strike a balance between supplying needed services and deploying the cybersecurity necessary to protect data placed in their charge.…
Tag: SOCIAL ENGINEERING
Summary: Scattered Spider, a threat actor group, is targeting companies in the finance and insurance industries using convincing lookalike domains and login pages, as well as sim swapping attacks to gain access to sensitive corporate data and assets.
Threat Actor: Scattered Spider | Scattered Spider Victim: Multiple companies in the finance and insurance industries | finance and insurance companies
Key Point :
Scattered Spider is aggressively targeting companies in the finance and insurance industries using convincing lookalike domains and login pages.…Summary: This content discusses a phone scam where cybercriminals pose as the PayPal security team and trick victims into giving them access to their online accounts.
Threat Actor: Cybercriminals | cybercriminals Victim: PayPal users | PayPal users
Key Point :
Cybercriminals pretend to be the PayPal security team and call victims, claiming there is unusual activity on their accounts.…The North Korean hacking group known as Kimsuky has been reported to employ sophisticated methods involving social media platforms and system management tools to conduct espionage activities.
This revelation highlights the evolving tactics of cyber adversaries and the increasing complexity of protecting digital assets.
Utilizing Facebook for Initial InfiltrationAccording to a recent report from Genians, Kimsuky, a notorious cyber-espionage group, has recently been observed using Facebook to target individuals involved in North Korean human rights and security affairs.…
Summary: This content discusses the limitations of password protection for files sent via email and explores the effectiveness of software and hardware encryption in protecting personal and business files from theft, loss, or hacking.
Threat Actor: N/A
Victim: N/A
Key Point:
Password protection on files sent via email is not as secure as it may seem, as it can be easily circumvented.…AhnLab’s Mobile Analysis Team has confirmed cases of romance scams where perpetrators establish rapport by posing as overseas friends or romantic partners. They exploit this connection to solicit money under the guise of cryptocurrency investments.
A romance scam is a type of fraud that involves emotional manipulation to solicit money through various means. …
Malicious Google ad redirects to FakeBat, dropping zgRAT.
FakeBat, tested on May 5, 2024
FakeBat (EugenLoader) is a type of malware loader packaged in Microsoft installers (MSI or MSIX) distributed via social engineering lures. It is most commonly delivered via malicious ads (malvertising) on Google.
The often large installers conceal a malicious PowerShell script responsible for communicating with the malicious infrastructure and retrieving a followup payload.…
Co-authored by Rapid7 analysts Tyler McGraw, Thomas Elkins, and Evan McCann
Executive SummaryRapid7 has identified an ongoing social engineering campaign that has been targeting multiple managed detection and response (MDR) customers. The incident involves a threat actor overwhelming a user’s email with junk and calling the user, offering assistance.…
Affected Platforms: Microsoft WindowsImpacted Users: Microsoft WindowsImpact: The stolen information can be used for future attackSeverity Level: High
Many game makers allow users to alter a game’s appearance or behavior to increase its enjoyment and replay value. Players can often also download packages created by others.…
SUMMARY
Read More Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware.…
Summary: The content discusses the need for the FBI to adapt and evolve in order to combat the hacking collective known as Scattered Spider, which has targeted major companies in the U.S.
Threat Actor: Scattered Spider | Scattered Spider Victim: Major companies in the U.S. | Major companies in the U.S.…
Summary: Researchers have found that the Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities (KEV) catalog is having a positive impact on organizations by helping them patch vulnerabilities faster.
Threat Actor: N/A
Victim: N/A
Key Point :
The Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities (KEV) catalog is a repository for software and hardware bugs actively being exploited by hackers around the world.…As many people know, popular websites often display a dialog window when you first visit them. This could be a paywall to read an article, a notice about cookies, or maybe a friendly message asking you to disable your ad blocker.
In technical terms, a web page element that displays in front of and deactivates the rest of a page is called a modal.…
This post is also available in: 日本語 (Japanese)
Executive SummaryUnit 42 researchers have discovered that the Muddled Libra group now actively targets software-as-a-service (SaaS) applications and cloud service provider (CSP) environments. Organizations often store a variety of data in SaaS applications and use services from CSPs.…
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats within minutes.
We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware.…
Summary: North Korean threat actors are using weak email policies to impersonate legitimate domains and conduct espionage phishing campaigns, targeting policy analysts and experts in East Asian affairs.
Threat Actor: North Korean threat actors | Kimsuky Victim: Policy analysts and experts in East Asian affairs | North Korean policy circles
Key Point :
North Korean threat actors, specifically the Kimsuky group, are exploiting poorly configured DNS Domain-based Message Authentication, Reporting and Conformance (DMARC) protocols to pose as legitimate journalists, academics, or experts in East Asian affairs.…Summary: Vishing and deepfake phishing attacks are increasing as threat actors use GenAI to enhance social engineering tactics, making phishing more difficult to detect and deceive even the most aware users.
Threat Actor: Cybercriminals | Cybercriminals Victim: Individuals and organizations | Individuals and organizations
Key Point :
Vishing and deepfake phishing attacks are on the rise as attackers leverage GenAI to amplify social engineering tactics.…
No one is safe from scams, especially targeted scams that are designed using social engineering techniques.
Targeted scams, unlike individual-targeted phishing or investment frauds, are carefully crafted attack scenarios based on pre-collected information about the target.
These attacks, such as business email compromise (BEC) and spear phishing emails, are difficult for the victim organization to recognize as scams.…
Read More Written by: Ofir Rozmann, Asli Koksal, Adrian Hernandez, Sarah Bock, Jonathan Leathery
APT42, an Iranian state-sponsored cyber espionage actor, is using enhanced social engineering schemes to gain access to victim networks, including cloud environments. The actor is targeting Western and Middle Eastern NGOs, media organizations, academia, legal services and activists.…
Published On : 2024-05-03
EXECUTIVE SUMMARYThe team at CYFIRMA recently intercepted Android malware suspected to have been delivered by a Pakistan-based APT group targeting Indian defense personnel. Surprisingly, the campaign has been active for over a year. The unidentified threat actor possibly utilized Spynote, or its modified version known by Craxs Rat, obfuscating the app with a high level of complexity, making it difficult to understand.…