Security News
Read the latest news regarding cybersecurity and your business.

Nigerian scams without the Nigerians

Users in English speaking countries are quite familiar with the Nigerian scam: an important guy in Nigeria needs your help getting his money out of the country and if you assist with some transaction fees, a chunk of his fortune could be yours. But what about non-English speaking countries? What forms the baseline level of internet crap? Today we’re going to look at the Chinese version – the seminar scam.

Step 1: the pitch

This is actually more common via SMS, presumably due to limited mobile spam tools. The subject line will reference upcoming training for generic business skills like project management, book keeping, or HR.

Continue reading

Facebook worries: I didn’t post that

It is my assumption that most Facebook users don’t look at their own profile often. With your own profile, I mean the timeline that shows up when you click your own name or avatar in the Facebook menu.

That’s because we think we know exactly what is posted there, so why bother to look at it? After all, isn’t that supposed to be all the stuff that we posted ourselves?

Continue reading

Expired domain names and malvertising

In Q1 and Q2 of 2017, we noticed a sharp decline in drive-by downloads coming from compromised websites. The campaigns of the past are either gone (Pseudo Darkleech) or have changed focus (EITest using social engineering techniques).

Malvertising – which has remained steady and is currently the main driving force behind some of the most common malware and scam distribution operations- not only stems from various publishers but also from ‘abandoned’ websites. Those related domains once served a legitimate purpose but were never renewed by their owners and fell into the hands of actors looking to make a quick profit using questionable practices.

Continue reading

Insider threats in your work inbox

Recently, our friends at Barracuda found a new phishing campaign that banks on the popularity of cloud services used in most businesses, such as Microsoft Office 365.

According to their blog post, this latest scheme takes advantage of the natural trust employees place on messages they receive from colleagues using the correct email address. Dear reader, this campaign is beyond impostor email or business email compromise (BEC). Barracuda is calling it the ‘new insider threat.’

Continue reading

RIG exploit kit distributes Princess ransomware

We have identified a new drive-by download campaign that distributes the Princess ransomware (AKA PrincessLocker), leveraging compromised websites and the RIG exploit kit. This is somewhat of a change for those tracking malvertising campaigns and their payloads.

We had analyzed the PrincessLocker ransomware last November and pointed out that despite similarities with Cerber’s onion page, the actual code was much different. A new payment page seemed to have been seen in underground forums and is now being used with attacks in the wild.

Continue reading