Security News

Spear Phishing vs Phishing: What Are The Main Differences?
2024-02-06 19:36

Highly targeted phishing campaigns against specific individuals or types of individuals are known as spear phishing. While phishing is generalized in that one phishing email may be sent to millions of people, spear phishing is highly targeted.

Cloud Atlas' Spear-Phishing Attacks Target Russian Agro and Research Companies
2023-12-25 07:47

The threat actor referred to as Cloud Atlas has been linked to a set of spear-phishing attacks on Russian enterprises. Targets included a Russian agro-industrial enterprise and a state-owned...

Iran's MuddyWater Targets Israel in New Spear-Phishing Cyber Campaign
2023-11-02 09:21

The Iranian nation-state actor known as MuddyWater has been linked to a new spear-phishing campaign targeting two Israeli entities to ultimately deploy a legitimate remote administration tool from...

Spearphishing report: 50% of companies were impacted in 2022
2023-05-24 19:08

Spearphishing is a sliver of all email exploits, but the extent to which it succeeds is revealed in a new study from cybersecurity firm Barracuda Network, which analyzed 50 billion emails across 3.5 million mailboxes in 2022, unearthing around 30 million spearphishing emails. The survey queried companies about damages they experienced as a result of email attacks.

Microsoft Seizes 41 Domains Used in Spear-Phishing Attacks by Bohrium Hackers
2022-06-06 05:23

Microsoft's Digital Crimes Unit last week disclosed that it had taken legal proceedings against an Iranian threat actor dubbed Bohrium in connection with a spear-phishing operation. "Bohrium actors create fake social media profiles, often posing as recruiters," Amy Hogan-Burney of the DCU said in a tweet.

Microsoft disrupts Bohrium hackers’ spear-phishing operation
2022-06-03 15:24

The Microsoft Digital Crimes Unit has disrupted a spear-phishing operation linked to an Iranian threat actor tracked as Bohrium that targeted customers in the U.S., Middle East, and India. Bohrium has targeted organizations from a wide range of industry sectors, including tech, transportation, government, and education, according to Amy Hogan-Burney, the General Manager of Microsoft DCU. Microsoft has taken down 41 domains used in this campaign to establish a command and control infrastructure that enabled the attackers to deploy malicious tools designed to help them gain access to targets' devices and exfiltrate stolen information from compromised systems.

Nothing personal: Training employees to identify a spear phishing attack
2022-05-06 03:00

An increase in employee training and improved general awareness of cybersecurity has forced cybercriminals to change their tactics and take a more personal approach, known as spear phishing. To stay in front of new phishing attack techniques, it's also essential that employees are equipped with all the knowledge they need to spot a potential phishing attack that goes undetected, including how attack content differs from legitimate emails.

Google Docs commenting feature exploited for spear-phishing
2022-01-06 14:00

A new trend in phishing attacks emerged in December 2021, with threat actors abusing the commenting feature of Google Docs to send out emails that appear trustworthy. Google Docs is used by many employees working or collaborating remotely, so most recipients of these emails are familiar with these notifications.

Google advises passwords are good, spear phishing is bad, and free clouds get attacked
2021-11-25 06:59

Google's Cybersecurity Action Team has released its first "Threat horizon" report on the scary things it's found on the internet. The Team's first report offers six nuggets of intelligence, and The Register believes none will surprise readers.

Spear-Phishing Campaign Exploits Glitch Platform to Steal Credentials
2021-11-18 14:00

A long-term spear-phishing campaign is targeting employees of major corporations with emails containing PDFs that link to short-lived Glitch apps hosting credential-harvesting SharePoint phishing pages, researchers have found. Instead, the malicious activity propagated by the PDFs is a link to Glitch apps hosting phishing pages that included obfuscated JavaScript for stealing credentials, he wrote.