08Feb 2019 by Lucieg789 No Comments
Social Engineering Comes to Wikipedia

Social Engineering Comes to Wikipedia

Management Consulting, Training
Attackers are selectively editing Wikipedia articles to lend credibility to tech support scams, according to Rob VandenBrink at the SANS Internet Storm Center. The Wikipedia page for the SpyEye banking Trojan was changed in mid-December to include a typo-ridden paragraph which claims that only three tech companies can remove the malware, and that “Best buy, Geek squad, Office Depo will not be able to fix it at all.” VandenBrink says that the scammer made these edits to convince victims that “only we can help you fix this (fake of course) infection you have on your computer.” The edit history of the Wikipedia user who made the changes shows that the account made similar edits to the “Macro virus” Wikipedia page, but those changes have since been fixed by other users.…
Read More
05Feb 2019 by Lucieg789 No Comments
Report: Phishing Attacks in 2018 Resulted in Massive Jumps in Credential Compromise and Loss of Data

Report: Phishing Attacks in 2018 Resulted in Massive Jumps in Credential Compromise and Loss of Data

Training
It’s one thing to see specific threat vectors grow a bit over the course of quarters. When that happens, we all, generally, brush it off as a slight shift in tactics on the part of cybercriminals. But when you hear about material increases in the number of attacks, it’s time to stop what you’re doing and take notice. Proofpoint’s 2019 State of the Phish report shows that organizations are feeling the heat of phishing like never before – and feeling its’ impact as well. According to the report, all types of phishing attacks in 2018 occurred more frequently than in 2017: 96% of organizations said the rate of phishing attacks either increased or stayed consistent throughout the yearIT professionals experiencing spear phishing jumped nearly 21%USB-based Social Engineering attacks experienced jumped 25%Vishing (voice phishing) and smishing (SMS-based phishing) increased by 9%…
Read More
01Feb 2019 by Lucieg789 No Comments

Modern Ransomware Goes After Data Backups

Management Consulting, Training
Ransomware is using a variety of methods to reduce or nullify the effectiveness of data backups, writes Maria Korolov at CSO. Restoring from a backup is one of the best strategies that organizations can use to recover from a ransomware attack, so it’s obvious why attackers would want to target this data. Ransomware has been observed attacking shared network drives, Windows shadow copies, and any files that have backup file extensions. Some ransomware variants can even sync with the victim’s cloud service and encrypt files stored there. Read more here...
Read More