Google’s Threat Analysis Group (TAG) delivered thousands of alerts of government-backed attempts to spearphish gmail users over just a three-month period earlier this year, they reported. TAG director Shane Huntley revealed that from July to September 2019 his team sent 12,000 warnings to users in 149 countries. From a heat map attached to the blog […]
The Top Lesson From The Recent Louisiana 2,000-server Ransomware Infection: “User Education, User Education, User Education”
Louisiana suffered a ransomware attack last week that took down more than two thousand of the state’s computers and servers. The ransomware apparently entered the network after a user downloaded an unauthorized file. This is how most malware attacks occur, because only one user needs to fall for a phishing attempt in order for the […]
The Bank of Hawaii early alert of scam phone calls spoofing caller ID
In an early-alert sign, The Bank of Hawaii is warning of a spate of scam phone calls that are spoofing the caller ID of the bank’s real call center, the Honolulu Star-Advertiser reports. The bad guys are likely to repeat scams like this nationwide or even worldwide, so it pays off to watch for this. […]
Waterloo Brewing loses $2.1 million in social engineering cyberattack
Waterloo Brewing Ltd. says it has lost $2.1 million in what it calls a social engineering cyberattack. The Ontario brewery says the incident occurred in early November and involved the impersonation of a creditor employee and fraudulent wire transfer requests. Waterloo Brewing says it initiated an analysis of all other transaction activity across all of […]
U.S. Utilities Face Phishing Attacks Intent on Gaining Remote Access
Last month saw a number of utility sector businesses targeted with spear phishing attacks that utilize a new remote access Trojan (RAT) that provides attackers with admin access. We’ve seen a wave of attacks that appear to be focused on infrastructure-related organizations in the U.S. The recent seemingly coordinated attacks on local governments and municipalities […]
Even ‘Unsubscribe’ Emails Can Put the Organization at Risk
Social Engineering tactics seek to use any means that’s familiar to the intended victim – and unsubscribing is perceived as being so benign, it may just be the perfect way to fool your users. While I can’t think of a single website I’ve visited in the last year that sends me an email after I’ve […]
Gift Cards Are Now the #1 Business Email Compromise Cash-Out Mechanism for Fraudsters
Overtaking wire transfers and payroll diversion, gift cards have taken a material lead as one of the easiest and least recoverable ways to cash out of a fraud scam. The CEO gift card scam has been around for a while. It’s a malware-free, purely socially-engineered scam that takes little more than a reasonable email address […]
The Stock Market Doesn’t React Well to Data Breaches
The latest data from UK-based research firm, Comparitech, shows that organizations who suffer a data breach continue to suffer in the stock market well after. After a data breach, there are many costs incurred by organizations attempting to clean up the mess. Investigations, communications, public relations, legal fees, and customer notifications are just some of […]
Cybersecurity Remains a Top Priority During M&A Diligence
M&A is no longer just about revenue, assets, and intellectual property; many organizations are increasingly worried about cybersecurity posture and risk, requiring appropriate diligence. When organizations merge with or acquire another company, it’s also taking on the cybersecurity posture (good or bad) of that company. In some cases, organizations within an industry filled with regulations […]
Homeland Security Warning About Phishing As A Threat to 2020 Elections
The US Department of Homeland Security is warning state election officials that phishing attacks are one of the greatest threats to watch out for as the 2020 elections approach. Fifth Domain reports that Geoff Hale, director of the DHS’ Election Security Initiative, told a gathering of secretaries of state last week that phishing is what […]