Security News

Nobelium, the Russia-aligned gang identified as the perpetrators of the supply chain attack on SolarWinds' Orion software, has struck again, Microsoft vice president Tom Burt in a blogpost Thursday. Burt's post says the attacks saw Nobelium gain access to accounts on the email marketing service "Constant Contact" operated by The United States Agency for International Development.

Criminals tried to exploit Hong Kong residents' COVID-related anxiety, according to new security data released yesterday by the Special Administrative Region's secretary for innovation and technology Alfred Sit. Liao cited data that the Hong Kong Hospital Authority was subjected to 50 million cyberattacks last year, up from 20 million in 2015, with the HA also copping five ransomware attacks last year.

Threat actors are cashing in on the rapid shift to cloud-based business services during the pandemic, by hiding behind ubiquitous, trusted services from Microsoft and Google to make their email phishing scams look legit. In the first three months of 2021 alone, researchers found 7 million malicious emails sent from Microsoft 365 and a staggering 45 million sent from Google's infrastructure, Proofpoint reported, adding that cybercriminals have used Office 365, Azure, OneDrive, SharePoint, G-Suite and Firebase storage to send phishing emails and host attacks.

Threat actors impersonated Truist, the sixth-largest US bank holding company, in a spear-phishing campaign attempting to infect recipients with what looks like remote access trojan malware. In one of the attacks targeting a renewable energy company in February 2021, the phishing emails instructed the target to download a malicious Windows app mimicking the legitimate Truist Financial SecureBank App and supposedly needed to complete the process behind a $62 million loan.

The annual bible of security breaches landed on Thursday with confirmation of more bad news: ransomware attacks continue to explode as organizations struggle with securing web apps, cloud deployments and employees victimized by social engineering. The data, contained in the new Verizon 2021 Data Breach Investigations Report, shows that data-encrypting ransomware attacks appear in about 10 percent of breaches, more than double the frequency from last year.

UK rail operator West Midlands Trains sent an email to 2,500 employees to thank them for hard work during COVID and promised a one-time bonus as a reward, but that lovely news turned out to be phishing training. The event may end up costing the UK train operating company as Cortes has demanded the company make good and provide the promised bonuses.

Domains'n'hosting outfit Namecheap harboured more than a quarter of all known phishing sites that falsely posed as UK government web presences during 2020, according to the National Cyber Security Centre today. It also encountered the usual COVID-themed ones we've all become familiar with over the last year - fake copies of the NHS Test and Trace app laced with malware - plus sites impersonating Capita TV Licensing, the outsourced subscription sales arm of the BBC. Email scams were also popular, with 26,000 being shut down after netizens flooded the NCSC's email reporting portal with complaints of four million suspicious messages.

"Simple" can often be harder than "Complex." When thinking about the trickiest phishing campaigns and their components, URL redirection does not immediately come to mind as the part causing the trouble. URL forwarding is one method that is often abused by cybercriminals to create multi-layered phishing attacks.

Federal law enforcement in Maryland has shut down a fraudulent website targeting immigrant communities that claimed to be for a company developing a COVID-19 vaccine. The U.S. Attorney's Office for the District of Maryland, working with Homeland Security Investigations in Baltimore, seized "Freevaccinecovax.org," "Which purported to be the website of an actual biotechnology company developing a vaccine for the COVID-19 virus," according to a release on the office's website posted earlier this week.

These domains are like the real thing and are often visited by users who have mistyped the genuine domain URL. Unfortunately, criminals are good at finding new ways to trick unsuspecting visitors to your website. Many domain registration companies now offer value-added services that can help protect against criminals seeking to exploit established domains.