Security News

A sophisticated and highly targeted Microsoft Office 365 phishing campaign is being aimed at C-suite executives, executive assistants and financial departments across numerous industries. The threat actors are leveraging phishing kits and a number of sophisticated methods at every step of the attack.

Phishing sites are now using JavaScript to evade detection by checking whether a visitor is browsing the site from a virtual machine or headless device. Cybersecurity firms commonly use headless devices or virtual machines to determine if a website is used for phishing.

The TA800 threat group is distributing a malware loader, which researchers call NimzaLoader, via ongoing, highly-targeted spear-phishing emails. The malware loader is unique in that it is written in the Nim programming language.

The US Department of Justice has seized a fifth domain name used to impersonate the official site of a biotechnology company involved in COVID-19 vaccine development. Since December 2020, the US Department of Justice seized four other domains used by fraudsters for various nefarious purposes, including fraud, phishing attacks, and/or infecting targets' computers with malware.

A suspected GandCrab Ransomware member was arrested in South Korea for using phishing emails to infect victims. The GandCrab ransomware operation started in January 2018 when it quickly became a malware empire threatening businesses worldwide.

Microsoft users are being targeted with thousands of phishing emails, in an ongoing attack aiming to steal their Office 365 credentials. The attackers add an air of legitimacy to the campaign by leveraging a fake Google reCAPTCHA system and top-level domain landing pages that include the logos of victims' companies.

The Financial Industry Regulatory Authority has issued an alert to warn brokerage firms of a phishing campaign that is currently ongoing. A not-for-profit organization, FINRA is U.S. government-authorized and overseen by the Securities and Exchange Commission.

Vaccine deployment has encountered bumps in the road as many people are still uncertain over when, where and how to get their shots. Pointing to one example, Check Point said it recently discovered a malicious website impersonating the U.S. Centers for Disease Control and Prevention and promising vaccine information.

The US Financial Industry Regulatory Authority has issued a regulatory notice warning US brokerage firms and brokers of an ongoing phishing campaign using fake compliance audit alerts to harvest information. The domain used in these ongoing phishing attacks was registered just two days ago, on March 3rd, using the NameCheap domain name registrar.

Between October and January the average number of COVID-19 vaccine-related spear-phishing attacks grew 26 percent, said Barracuda Networks researchers. The types of cybercriminal activity varies, from sending malicious emails that purport to be from the Centers for Disease Control and Prevention, to posting advertisements on underground forums touting vaccine doses for sale.