Security News

The latest malicious COVID-19 campaigns are repurposing conventional phishing emails with a coronavirus angle, says security trainer KnowBe4. With the coronavirus upper most in our minds, bad actors have been deploying different waves of COVID-19 phishing emails, each with its own unique approach, according to KnowBe4.

Have you secured your streaming services' accounts? Are you sure someone else, unbeknown to you, isn't using them as well? He also posits that, despite cybercriminals having been compromising users' streaming services' accounts for ages, they will now likely increase their efforts.

Earlier this year, Prevailion's security researchers identified a TA505 campaign targeting German companies with fake job application emails, but the attacks appear to have started in June 2019, or even the month before. Through the use of legitimate tools that are unlikely to be removed by traditional security software, the attackers can perform a broad range of activities, such as stealing files, capturing screens, and even recording audio.

Malicious COVID-19 domains and special virus-themed sales on the dark web are two ways criminals are using the outbreak to ramp up business, said security provider Check Point. Two ways that bad actors are taking advantage of the crisis is through coronavirus domain names and sales on the dark web, as described in a blog post published Thursday by Check Point Security.

In its blog post released Tuesday, A Life of Cybercrime: The Inside Story of How a Nigerian Hacker Earned over $100,000, Check Point told the tale of a man referred to as "Dton." Single, 25 years of age, and a resident of Benin City in Southern Nigeria, Dton seems like a model citizen on the surface. Active for more than seven years, Dton has managed to rake in at least $100,000 from his illegal trade and likely several times that amount-a substantial income in light of the minimum wage and average salary in Nigeria, according to Check Point.

Rise and fall of a Nigerian cybercriminal called 'Dton,' who made hundreds of thousands of dollars in a 7-year campaign, outlined in new report. Ever wonder who's behind one of those Nigerian cyber-crime email campaigns asking you to enter into a shady business deal and how they're enacted? In a unique profile, researchers pulled back the curtain on such an attack with a report outlining how a Nigerian cybercriminal made hundreds of thousands of dollars over the course of seven years by targeting people through numerous malicious campaigns.

Research from Atlas VPN found that criminals' net proceeds outpace the revenue made by tech giants each year. Cybercriminals are now making more than billion-dollar corporations according to a new study from Atlas VPN. Researchers from the company found that cyberattacks are helping criminals in total to make more than $1.5 trillion in revenue each year, which is the three times the $514 billion Walmart makes annually.

Cybercriminals are likely to leverage the global anxiety around the coronavirus outbreak to execute ransomware attacks against businesses, according to RiskIQ. After extensive analysis of past ransomware attacks during global epidemics and current phishing campaigns leveraging the coronavirus, threat actors will eventually begin using ransomware against victims they infect with the AZORult and Emotet varieties of malware. Clicking on malicious links is necessary to execute the attacker's malware, which opens the door for ransomware infection.

Unwanted and malicious emails using political-themed lures has spiked as the presidential primary season cranks into high gear - with Donald Trump and Bernie Sanders representing the lion's share of subject line themes. "Overall UCE volumes mentioning individual candidates suggests that Donald Trump not only has the incumbent's advantage but also maintains the strongest brand as he did in 2016," researchers said in a posting issued on Super Tuesday.

VAPs therefore must be prioritised for training, with additional attention given to checking their accounts for potential compromise, but they are not the only ones you should train. The problem training must address is employees do not consider themselves responsible for detecting and avoiding phishing.