Security News

With the U.S. presidential election months away, advanced persistent threat groups are targeting the campaign staffers of both Donald Trump and Joe Biden in recent phishing attacks. A China-linked APT group targeted Biden's campaign staff, while an Iran-linked APT targeted Trump's.

A hapless IT bod found the Have I Been Pwned service answering its own question in a way he really didn't want - after a breach report including a SQL string KO'd his company's helpdesk ticket system. A pseudonymous blogger posting under the name Matt published a tortured account of what happened when a breach notification email from HIBP was ingested into his firm's helpdesk ticket system and was automatically assigned a ticket ID. The company used version 9.4.5 of the GLPi open source helpdesk system, a rather old product but quite functional.

To boot, the payload-less nature of these BEC attacks evades detection from traditional email security solutions. Unsurprisingly, over the past few weeks the Abnormal Security Research Team has observed that the majority of email attacks have a COVID-19 related element.

Cybercriminals are taking advantage of the massive uptick in unemployment across the U.S. in a recent spear-phishing campaign, which purports to be CVs sent from job-seekers - but actually spreads banking credential-stealing malware. Researchers recently uncovered emails that distributed malicious files masquerading as resumes and CVs. The files, attached in Microsoft Excel format, were sent via email with subject lines such as: "Applying for a job" or "Regarding job." As victims opened the attached files, they were asked to "Enable content."

Phishers are impersonating companies' IT support team and sending fake VPN configuration change notifications in the hopes that remote employees may be tricked into providing their Office 365 login credentials. "The sender email address is spoofed to impersonate the domain of the targets' respective organizations. The link provided in the email allegedly directs to a new VPN configuration for home access. Though the link appears to be related to the target's company, the hyperlink actually directs to an Office 365 credential phishing website," Abnormal Security explained.

Kenenty Hwan Kim, aka Myung Kim, 64, pleaded guilty [PDF] in a Texas court this week to one count of conspiracy to commit money laundering. Using an email address very similar to Chance's, Kim asked Solid Bridge to send a $210,000 check for an invoice to an address in Washington state.

The Business Email Compromise is a popular type of attack among cybercriminals as it targets businesses and individuals in an attempt to receive money transferred into fraudulent accounts. In another method, the attackers use phishing, credential theft, or other means to gain control of the email accounts of the people they want to impersonate.

One group that's been exploited in many of these campaigns is the World Health Organization, a tempting target as it's been trying to manage and direct some of the global efforts toward combatting COVID-19. Spoofing the WHO, a new phishing campaign spotted by security provider Abnormal Security is trying to capture the email credentials of unsuspecting users.

The U.S. National Security Agency says the same Russian military hacking group that interfered in the 2016 presidential election and unleashed a devastating malware attack the following year has been exploiting a major email server program since last August or earlier. It took Williams about a minute of online probing on Thursday to find a potentially vulnerable government server in the U.K. He speculated that the NSA might have issued to advisory to publicize the IP addresses and a domain name used by the Russian military group, known as Sandworm, in its hacking campaign - in hopes of thwarting their use for other means.

The U.N. disarmament chief warned Friday that cyber crime is on the rise, with a 600% increase in malicious emails during the COVID-19 pandemic. Russia did not attend the informal council meeting broadcast online, which was the centerpiece of Estonia's council presidency.