Industry Intel

Girl Scouts and OpenText empower future leaders of tomorrow with cyber resilience

The transition to a digital-first world enables us to connect, work and live in a realm where information is available at our fingertips. The children of today will be working in an environment of tomorrow that is shaped by hyperconnectivity. Operating in this...
Read More

World Backup Day reminds us all just how precious our data is

Think of all the important files sitting on your computer right now. If your computer crashed tomorrow, would you be able to retrieve your important files? Would your business suffer as a result? As more and more of our daily activities incorporate digital and online...
Read More

3 Reasons We Forget Small & Midsized Businesses are Major Targets for Ransomware

The ransomware attacks that make headlines and steer conversations among cybersecurity professionals usually involve major ransoms, huge corporations and notorious hacking groups. Kia Motors, Accenture, Acer, JBS…these companies were some of the largest to be...
Read More

How Ransomware Sneaks In

Ransomware has officially made the mainstream. Dramatic headlines announce the latest attacks and news outlets highlight the staggeringly high ransoms businesses pay to retrieve their stolen data. And it’s no wonder why – ransomware attacks are on the rise and the...
Read More

An MSP and SMB guide to disaster preparation, recovery and remediation

Introduction It’s important for a business to be prepared with an exercised business continuity and disaster recovery (BC/DR) plan plan before its hit with ransomware so that it can resume operations as quickly as possible. Key steps and solutions should be followed...
Read More

Podcast: Cyber resilience in a remote work world

The global pandemic that began to send us packing from our offices in March of last year upended our established way of working overnight. We’re still feeling the effects. Many office workers have yet to return to the office in the volumes they worked in pre-pandemic....
Read More

5 Tips to get Better Efficacy out of Your IT Security Stack

If you’re an admin, service provider, security executive, or are otherwise affiliated with the world of IT solutions, then you know that one of the biggest challenges to overcome is efficacy. Especially in terms of cybersecurity, efficacy is something of an amorphous...
Read More

How Cryptocurrency and Cybercrime Trends Influence One Another

Typically, when cryptocurrency values change, one would expect to see changes in crypto-related cybercrime. In particular, trends in Bitcoin values tend to be the bellwether you can use to predict how other currencies’ values will shift, and there are usually...
Read More
Bogus ‘Your Paypal Transaction Confirmation’ themed emails lead to Black Hole Exploit Kit

Bogus ‘Your Paypal Transaction Confirmation’ themed emails lead to Black Hole Exploit Kit

Jan 28, 2013 | Industry Intel, Threat Lab

Financial institutions and online payment processors are a common target for cybercriminals, who systematically brand-jack and abuse the reputation of their trusted brands, in an attempt to scam or serve malware to their customers.

Over the past 24 hours, cybercriminals have launched yet another spam campaign, impersonating PayPal, in an attempt to trick its users into thinking that they’ve received a “Transaction Confirmation“, which in reality they never really made. Once users click on any of the links found in the malicious emails, they’re exposed to the client-side exploits served by the Black Hole Exploit Kit.

More details:

read more…

Novice cybercriminals experiment with DIY ransomware tools

Novice cybercriminals experiment with DIY ransomware tools

Jan 25, 2013 | Industry Intel, Threat Lab

For years, the DIY (do-it-yourself) trend has been evident across the entire cybercrime ecosystem.

From the early exploits generating DIY tools that set the foundations for the upcoming “malicious economies of scale” trend to emerge, to the ongoing leaks of DIY botnet and malware generating tools that were once only available to advanced attackers, it’s never been easier to enter the world of cybercrime.

In this post, I’ll profile a novice cybercriminal’s approach to entering the profitable world of ransomware.

More details:

read more…

Fake LinkedIn ‘Invitation Notifications’ themed emails lead to client-side exploits and malware

Fake LinkedIn ‘Invitation Notifications’ themed emails lead to client-side exploits and malware

Jan 24, 2013 | Industry Intel, Threat Lab

LinkedIn users, watch what you click on!

Over the past 24 hours, cybercriminals have launched yet another massive spam campaign, impersonating LinkedIn, in an attempt to trick its users into clicking on the malicious links found in the bogus “Invitation Notification” themed emails. Once they click on the links, users are automatically exposed to the client-side exploits served by the Black Hole Exploit Kit.

More details:

read more…

Fake Intuit ‘Direct Deposit Service Informer’ themed emails lead to Black Hole Exploit Kit

Fake Intuit ‘Direct Deposit Service Informer’ themed emails lead to Black Hole Exploit Kit

Jan 23, 2013 | Industry Intel, Threat Lab

Cybercriminals are currently spamvertising tens of thousands of fake emails, impersonating Intuit, in an attempt to trick its customers and users into clicking on the malicious links found in the emails.

Once users click on any of the links, they’re exposed to the client-side exploits served by the latest version of the Black Hole Exploit Kit, which ultimately drops malware on the affected hosts.

More details:

read more…

Android malware spreads through compromised legitimate Web sites

Android malware spreads through compromised legitimate Web sites

Jan 22, 2013 | Industry Intel, Threat Lab

Over the past 24 hours, our sensor networks picked up an interesting website infection affecting a popular Bulgarian website for branded watches, which ultimately redirects and downloads premium rate SMS Android malware on the visiting user devices. The affected Bulgarian website is only the tip of the iceberg, based on the diversified portfolio of malicious domains known to have been launched by the same party that launched the original campaign.

More details:

read more…

Email hacking for hire going mainstream – part three

Email hacking for hire going mainstream – part three

Jan 21, 2013 | Industry Intel, Threat Lab

Just as we anticipated on two occasions in 2012, managed email hacking for hire services continue popping-up at publicly accessible cybercrime-friendly communities, a trend that’s largely driven by the demand for such services by unethical competition, “friends”, or current/ex-spouses.

Often pitched as “forgotten password recovery” services, they rely on social engineering, brute-forcing, and spear phishing campaigns, often leading to a successful compromise of a targeted account. Based on the number of positive vouches, the services continue receiving a steady stream off satisfied and verified customers.

In this post, I’ll profile one of the most recently advertised email hacking for hire services, specializing in hacking GMail and Yahoo! accounts, as well as email accounts using popular free Russian email service providers. How much does it cost to hack a Gmail or Yahoo! account? What about corporate email?

Let’s find out.

read more…

Leaked DIY malware generating tool spotted in the wild

Leaked DIY malware generating tool spotted in the wild

Jan 18, 2013 | Industry Intel, Threat Lab

How easy is it to create an undetected piece of malware these days? Too easy to be true!

With more DIY malware botnets and DIY malware generating tools continuing to leak at public cybercrime-friendly forums, today’s novice cybercriminals have access to sophisticated point’n’click malware generating tools that were once only available in the arsenal of the experienced cybercriminal.

In this post, I’ll profile a recently leaked DIY malware generating tool, discuss its core features, and emphasize on its relevance in the context of the big picture when it comes to ongoing waves of malicious activity we’ve been monitoring over the years.

More details:

read more…

Cybercriminals release automatic CAPTCHA-solving bogus Youtube account generating tool

Cybercriminals release automatic CAPTCHA-solving bogus Youtube account generating tool

Jan 15, 2013 | Industry Intel, Threat Lab

For years, thanks to the currently mature human-driven ecosystem offering CAPTCHA-solving as a service, cybercriminals have been persistently and automatically abusing major Web properties by undermining the “chain of trust” that these properties rely on so extensively.

Still living in a world supposedly dominated by malware-infected bots, this myopia has resulted in the rise of these managed services, rendering any recent CAPTCHA “innovations” useless since they continue relying on humans – the very species that CAPTCHA is supposed to be recognizable by in the first place.

Just how easy is it to automatically register tens of thousands of bogus accounts at, let’s say, YouTube? In this post I’ll profile a recently released tool that’s relying on API keys offered by a CAPTCHA-solving services, automating the account registration process in combination with the use of malware-infected hosts as proxies.

More details:

read more…

Fake ‘ADP Speedy Notifications’ lead to client-side exploits and malware

Fake ‘ADP Speedy Notifications’ lead to client-side exploits and malware

Jan 14, 2013 | Industry Intel, Threat Lab

Over the past week, cybercriminals have resumed spamvertising fake “ADP Immediate Notifications” in an attempt to trick users into clicking on the malicious links found in the emails. The links point to the latest version of the Black Hole Exploit Kit, and consequently, exploit CVE-2013-0422, affecting the latest version of Java.

With no fix for this vulnerability currently available, users are advised  to disable Java immediately.

More details:

read more…

Malicious DIY Java applet distribution platforms going mainstream

Malicious DIY Java applet distribution platforms going mainstream

Jan 11, 2013 | Industry Intel, Threat Lab

Despite the fact that on the majority of occasions cybercriminals tend to rely on efficient and automated exploitation techniques like the ones utilized by the market leading Black Hole Exploit Kit, they are no strangers to good old fashioned ‘visual social engineering’ tricks. Throughout 2012, we emphasized on the emerging trend of using malicious DIY Java applet distribution tools for use in targeted attacks, or widespread campaigns.

Is this still an emerging trend? Let’s find out. In this post, I’ll profile one of the most recently released DIY Java applet distribution platforms, both version 1.0 and version 2.0.

More details:

read more…