Girl Scouts and OpenText empower future leaders of tomorrow with cyber resilience

The transition to a digital-first world enables us to connect, work and live in a realm where information is available at our fingertips. The children of today will be working in an environment of tomorrow that is shaped by hyperconnectivity. Operating in this...

World Backup Day reminds us all just how precious our data is

Think of all the important files sitting on your computer right now. If your computer crashed tomorrow, would you be able to retrieve your important files? Would your business suffer as a result? As more and more of our daily activities incorporate digital and online...

3 Reasons We Forget Small & Midsized Businesses are Major Targets for Ransomware

The ransomware attacks that make headlines and steer conversations among cybersecurity professionals usually involve major ransoms, huge corporations and notorious hacking groups. Kia Motors, Accenture, Acer, JBS…these companies were some of the largest to be...

How Ransomware Sneaks In

Ransomware has officially made the mainstream. Dramatic headlines announce the latest attacks and news outlets highlight the staggeringly high ransoms businesses pay to retrieve their stolen data. And it’s no wonder why – ransomware attacks are on the rise and the...

An MSP and SMB guide to disaster preparation, recovery and remediation

Introduction It’s important for a business to be prepared with an exercised business continuity and disaster recovery (BC/DR) plan plan before its hit with ransomware so that it can resume operations as quickly as possible. Key steps and solutions should be followed...

Podcast: Cyber resilience in a remote work world

The global pandemic that began to send us packing from our offices in March of last year upended our established way of working overnight. We’re still feeling the effects. Many office workers have yet to return to the office in the volumes they worked in pre-pandemic....

5 Tips to get Better Efficacy out of Your IT Security Stack

If you’re an admin, service provider, security executive, or are otherwise affiliated with the world of IT solutions, then you know that one of the biggest challenges to overcome is efficacy. Especially in terms of cybersecurity, efficacy is something of an amorphous...

How Cryptocurrency and Cybercrime Trends Influence One Another

Typically, when cryptocurrency values change, one would expect to see changes in crypto-related cybercrime. In particular, trends in Bitcoin values tend to be the bellwether you can use to predict how other currencies’ values will shift, and there are usually...

Cybercriminals impersonate UPS in client-side exploits and malware serving spam campaign

In an attempt to aggregate as much traffic as possible, cybercriminals systematically abuse popular brands and online services. Next to periodically rotating the brands, they also produce professional looking email templates, in an attempt to successfully brand-jack these companies, and trick their customers into interacting with the malicious emails.

Today’s highlight is on a currently spamvertised client-side exploits and malware serving campaign impersonating UPS (United Parcel Service). Once users click on the links found in the malicious email, they’re automatically redirected to a Black Hole exploit kit landing page serving client-side exploits, and ultimately dropping malware on the exploited hosts.

More details:

read more…

New Russian service sells access to compromised social networking accounts

On daily basis, hundreds of thousands of legitimate accounts across multiple social networks get compromised, to be later on abused as a platform for launching related cyber attacks and social engineering attempts.

Recently, I came across a new Russian service offering access to compromised accounts across multiple social networks such as Vkontakte, Twitter, Facebook, LiveJournal, and last but not least, compromised email accounts. What’s particularly interesting about this service is the fact that it’s exclusively targeting Russian and Ukrainian users.

More details:

read more…

Online dating scam campaign currently circulating in the wild

Lonely birds, beware!

Russian online dating scammers are currently spamvertising a fraudulent campaign attempting to socially engineer users into interacting with a bogus online dating service.

What’s so special about this scam? Just how vibrant is the Russian online dating fraud market segment? How can you avoid falling victim into their fraudulent schemes?

More details:

read more…

Spamvertised American Airlines themed emails lead to Black Hole exploit kit

American Airlines customers, watch where you click! Cybercriminals are currently spamvertising millions of emails impersonating the company in an attempt to trick end and corporate users into clicking on the malicious links found in the spamvertised email.

Upon execution, the campaign redirects users to a Black Hole exploit kit landing URL, where client-side exploits are served against outdated third-party software and browser plugins.

More details:

read more…

What’s the underground market’s going rate for a thousand U.S based malware infected hosts?

Imagine you’re a cybercriminal that has somehow managed to infect a 1000 U.S based hosts and is looking for ways to monetize his malicious activity? He could easily start spreading spam or phishing emails, use the infected hosts as a platform for disseminating related malware attacks, or basically data mine the infected hosts for accounting data to be later on sold to fellow cybercriminals.

What if all he wanted to do is earn as much profit in the shortest possible amount of time without investing more efforts into the monetization of the infected hosts? Is the cybercrime ecosystem mature enough to offer him an alternative? Appreciate the rhetoric. The maturing cybercrime ecosystem is fully capable of offering him a high liquidity monetization approach for earning revenue by infecting hosts and spreading a specific undetectable executable pushed by the pay-per-install affiliate network that I’ll profile in this post.

More details:

read more…

Phishing campaign targeting Gmail, Yahoo, AOL and Hotmail spotted in the wild

Cybercriminals are masters of multi-tasking. For instance, whenever a web server gets compromised, they will not only use its clean IP reputation to host phishing, spam and malware samples on it, they will also sell access to the shell allowing other cybercriminals the opportunity to engage in related malicious activities such as, mass scanning of remotely exploitable web application vulnerabilities.

Today, I intercepted a currently active phishing campaign that’s a good example of a popular tactic used by cybercriminal known as ‘campaign optimization’. The reason this campaign is well optimized it due to the fact that as it simultaneously targets Gmail, Yahoo, AOL and Windows Hotmail email users.

More details:

read more…

117,000 unique U.S visitors offered for malware conversion

In 2012 it’s becoming increasingly common for cybercriminals to apply basic quality assurance (QA) tactics to their campaigns. Next to QA, they also emphasize on campaign optimization strategies allowing them to harness the full potential of the malicious campaign.

Recently, I came across to an underground forum advertisement selling access to 117,000 unique U.S visitors — stats gathered over a period of 8 hours — for the purpose of redirecting them to a Black Hole web malware exploitation kit landing URL. The traffic aggregation taking place through black hat SEO (search engine optimization), is aiming to exploit a group of users known to have high purchasing power, namely, American citizens.

Are such underground market propositions offering traffic exchange deals gaining popularity, or are they just a fad? What’s the infection rate for 117,000 U.S based users redirected to a BlackHole exploits serving landing URL? Let’s find out.

More details:

read more…

Cybercriminals launch managed SMS flooding services

Mobile devices are an inseparable part of the modern cybercrime ecosystem. From ATM skimmers with SMS notification next to fake antivirus scanners for Android users, the growth of the mobile malware segment is pretty evident.

In this post I’ll profile a recently spamvertised managed SMS flooding service, in the context of E-banking fraud, and just how exactly are cybercriminals using the service as a way to evade detection of their fraudulent transactions.

More details:

read more…

Spamvertised bogus online casino themed emails serving W32/Casonline

Cybercriminals are currently spamvertising hundreds of thousands of emails enticing end and corporate users into clicking on links leading to bogus online casinos requiring the installation of an executable file.

This is the second bogus casino themed campaign I’ve intercepted in recent months, and the third time when I profile the distribution and infection vectors of W32/Casonline.

More details:

read more…

Spamvertised ‘Your UPS delivery tracking’ emails serving client-side exploits and malware

Cybercriminals are currently spamvertising millions of emails impersonating United Parcel Service (UPS) in an attempt to trick end and corporate users into clicking on exploits and malware serving links found in the malicious emails. What exploits are they using? How widespread is the campaign? Is it an isolated incident, or is the campaign linked to more malicious activity?

More details:

read more…