Security News

Working from home is a new 'norm' for many organizations, but the shift toward remote work has been steadily increasing for the past decade. Whether mandatory or not, remote work can pose unwanted security concerns for an organization, so it's important to know how to be equipped to mitigate risk appropriately.

Between the second and third weeks of March 2020, email scams and phishing attacks spiked by an unprecedented 436%. Such was the effect of the COVID-19 pandemic. BEC attacks represent a low percentage of email attacks by volume, but a disproportionally high percentage of overall loss to business.

Targeting the CEO and others in an organization, the attacks spotted by cybersecurity firm Darktrace were detected due to artificial intelligence. A recent phishing attack observed by Darktrace used all of those methods in an attempt to deploy malware.

In a blog post published Thursday, Check Point described the method in which attackers exploited one of Oxford University's mail servers to send the initial email, abused an Adobe Campaign redirection tool, and then used a Samsung domain to take users to a Microsoft Office 365-themed phishing website. Most of the emails observed came from multiple addresses that belonged to legitimate subdomains from different departments at the University of Oxford.

The phishing email leads recipients to a phony BOA landing page in an attempt to steal their banking credentials, according to Armorblox. A blog post published Thursday by security provider Armorblox explains how a recent phishing campaign impersonates Bank of America.

Researchers have discovered a sophisticated new phishing campaign that uses recognized brand names to bypass security filters as well as to trick victims into giving up Microsoft Office 365 credentials to gain access to corporate networks. A new report from Check Point Software first observed the attacks-the majority of which targeted European companies, with others seen in Asia and the Middle East-in April, when they discovered emails sent to victims titled "Office 365 Voice Mail.".

For the past year, a site called Privnotes.com has been impersonating Privnote.com, a legitimate, free service that offers private, encrypted messages which self-destruct automatically after they are read. Until recently, I couldn't quite work out what Privnotes was up to, but today it became crystal clear: Any messages containing bitcoin addresses will be automatically altered to include a different bitcoin address, as long as the Internet addresses of the sender and receiver of the message are not the same. KrebsOnSecurity has learned that the phishing site Privnotes.com uses some kind of automated script that scours messages for bitcoin addresses, and replaces any bitcoin addresses found with its own bitcoin address.

Cyber-threats taking advantage of the COVID-19 pandemic are evolving, and Google is seeing an increase in related phishing attempts in countries such as Brazil, India, and the UK. As the coronavirus crisis spreads worldwide, cyber-criminals and state-sponsored actors have adapted their attacks to leverage pandemic-related lures. Google says it has observed an increase in the number of scams targeting Aarogya Setu, an initiative where the government is trying to connect people across India with essential health services.

Researchers are warning of an ongoing phishing attack that's targeting the credentials of more than 100 high-profile executives at a German multinational corporation that's tasked with procuring coronavirus medical gear for Germany. The company, left unnamed by researchers, is part of a task force created March 30 by the German government and the private sector to procure personal protective equipment for healthcare workers on the front lines of COVID-19, such as face masks and medical equipment.

Google's threat analysts have identified state-level attacks from China. I hope both campaigns are working under the assumption that everything they say and do will be dumped on the Internet before the election.