Attackers used a phishing campaign to direct unwitting Microsoft business email customers into supplying logon credentials to a proxy server. Attackers stole online session cookies, allowing them to defeat MFA and access inboxes. From there, they emailed corporate vendors to obtain financial data.
Thieves behind a phishing campaign targeting investors into a cryptocurrency exchange got away with at least $8 million. The attack took advantage of human credibility, not a cybersecurity exploit in the Uniswap protocol, experts say. The stolen funds are being laundered in a cryptocurrency mixer.
The government of Puerto Rico announced an investment of $7.6 million toward strengthening cybersecurity on the island. The island has undergone a string a embarrassing cybersecurity incidents, including a phishing incident that stole $2.6 million of taxpayer dollars.
The past few years have shown us a tremendous shift in BEC attacks, which changed its strategies from Executive Impersonation to opting to impersonate third party vendors and suppliers instead. This shift has given the threat actors a plethora of additional trusted identities to exploit.
This Threat Intelligence...
Hotel chain Marriott International Inc. confirmed reports of a data breach and attempted extortion incident. Unknown hackers claim to have stolen 20 gigabytes worth of data but the hospitality giant tells ISMG only one system was compromised and no critical business or customer data was exposed.
The Twitter and YouTube accounts of the British Army were briefly taken over on Sunday evening by unidentified hackers who posted content related to cryptocurrency and NFTs. The situation has now been resolved, but the U.K. Ministry of Defense says the investigation is ongoing.
Ukrainian authorities arrested nine individuals for the theft of about $3.4 million from 5,000 Ukrainians via more than 400 phishing links. Cybercrime gang members allegedly obtained access to bank accounts under the guise of facilitating social safety net payments from the European Union.
For the seventh year in a row, business email compromise produced the largest losses of any type of cybercrime, according to Steve Dougherty of the U.S. Secret Service. He says organizations need to build and maintain relationships with law enforcement agencies before an attack happens.
Nearly 20,000 attacks. An average loss of $120,000 per attack. Billions of dollars sent to cybercriminals each year. Business email compromise is no joke, and it’s continuing to increase—despite increased awareness of the issue.
Why? Because the people behind these scams know how to trick humans, relying on...
"Credential phishing is off the charts," says Tonia Dudley of Cofense. She discusses the challenge for organizations to strike a balance between having the right controls in place to block malicious emails and stopping the business from receiving legitimate emails.
Abnormal Security is out with new financial crimes research, and it
shows that traditional business email compromise is evolving into
new forms of financial supply chain compromise. Crane Hassold
shares insights on the crimes and how best to detect, deter and
respond to them.
In a video interview with Information...
A new Android malware that can steal financial data, credentials, crypto wallets, personal data and cookies; bypass multifactor authentication codes; and remotely control infected devices is targeting online banking customers and financial institutions, cybersecurity researchers at F5 Labs say.
Phishing is no longer restricted to just emails. As attackers broaden their arsenal, businesses today also need to be on the lookout for impersonation attempts via SMS text messages or voice calls, says Roger Grimes, a data-driven defense evangelist at KnowBe4.
Several major email breaches reported by healthcare entities in recent days and weeks have affected the health data of nearly 300,000 individuals. Experts say the incidents highlight the ongoing challenges many organization face involving phishing attacks and similar email compromises.
According to Gartner, continued increases in the volume and success of phishing attacks and migration to cloud email require a reevaluation of email security controls and processes.
Download the 2021 Gartner Market Guide for Email Security to learn:
What integrated cloud email security (ICES) solutions are and...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.co.uk, you agree to our use of cookies.