Blog

brand protection

The era of Fake News – beware all Executives.

Fake News impacts business Executives and organisation brand. We have entered a new era of “Fake News” which can have a direct impact on all business Executives and brand protection strategies.  Fake News is real news – if you believe it. Fake News is being spread on dubious websites, specifically set up for this purpose. Fake...
Continue Reading
phishing and malware attacks

Two new malware (financial Trojans) – Corebot and Shifu

Cybercriminals have a large range of tools and resources to launch phishing and malware attacks against online platforms. The dark web provides fertile grounds for criminals to opening discuss methodologies and trade new malware variants, types and processes. From well-established banking malware, such as Dyre, ZeuS and Kronos, to more recently discovered malware, such as Shifu...
Continue Reading
traditional phishing

A new year, an old threat – traditional phishing

It may be a new year but we can be sure that phishing will again be upon us. So far in the first two days of 2017 we have seen the usual suspects being targeted, Apple, PayPal, Amazon, Scotia Bank, ANZ, HSBC, Facebook, the list of targeted phishing is endless…. Phishing first came to light more...
Continue Reading
Shutterstock izoologic

Email remains the default vector for distributing phishing and malware content.

Cybercriminals still use emails to launch the social engineering component of a phishing or malware attack. Email content uses a “call to action’ such as a security update, web payment or refund to lure victims into clicking on the embedded link. Users are routed to fake web content or to download malicious attachment and executables. Criminals...
Continue Reading
SMiShing

An alternative flavour of SMiShing

SMiShing attacks often leverage a trusted brand to route the victim to a phishing site. An alternative variant of SMiShing is where the spam message contains only a call back number. The message maybe as simple as “Please urgently call back xxxx xxxx xxxx to update your account details” and there is no mention of a...
Continue Reading
vishing-arm izoologic

Vishing – a persistent type of Voice Phishing

Vishing, a term that relates to “Voice – Phishing” is a type of social engineering attack that has a high degree of variety.  Vishing takes the form of a criminal using a telephone to make a social engineering attempt against the victim to conduct fraud. Vishing maybe as simple as criminal A – speaking to victim...
Continue Reading
Ransomware malware

Ransomware: the new kind of malware

Ransomware is one of the greatest emerging cybercrime challenges. Ransomware is the largest malware taxonomy and most phishing emails in 2016 contain ransomware. The tactic of ransomware is to hold the victim to extortion by encrypting the victim’s documents, files or disks until the person pays a ransom fee via bitcoin or voucher. The main mode...
Continue Reading
Domain name spaming

Phishing spam sent from specifically registered domain names bypasses email authentication

Phishing spam is often sent from specifically registered domain names and domain zones to increase the efficacy of the phishing attack. This means that current email authentication systems are readily bypassed. Phishing spam forms the first component of the social engineering attempt. The phishing message must appear like it has come from a legitimate and trusted...
Continue Reading
financial Trojan

Bolek malware– the latest generation of financial Trojan

Bolek malware is a new generation of financial trojan with an increased level of sophisitcation and stealth. Bolek was documented by the Polska CERT team in 2016 and named after a local cartoon character – “Bolek”, but this is no children’s show. Bolek’s primary function is targeting banks to steal login credentials from online banking applications....
Continue Reading
Carberp malware

Carberp malware – the precursor to many modern financial Trojans

Carberp malware, a financial Trojan, is the precursor to many new malware families such as Sofacy and Bolek. Carberp is an older malware, however, it is well worth our time to review as at it’s time of release it was highly sophisticated. Carberp was originally a Russian financial Trojan that first appeared in 2010. Carberp cybercrime...
Continue Reading
Malware - Financial Trojans

Top 4 Malware – Financial Trojans – Zeus, Carberp, Citadel and SpyEye.

Let us introduce the Top 4 Malware – Financial Trojans – Zeus, Carberp, Citadel and SpyEye. Later in this series of articles we will look into each malware (financial Trojan) in greater detail but allow us to make the formal introductions. Carberp Carberp was originally introduced as a typical financial Trojan. It was designed to steal...
Continue Reading
APWG – Phishing Trends Activity Report

APWG – Phishing Trends Activity Report – Q2 2016 : Summary of Findings

Anti-Phishing Working Group – Phishing Trends Activity Report – Q2 2016 Summary of Findings: The Retail/Service sector remained the most- targeted industry sector during the second quarter of 2016, suffering 43% of attacks The number of brands targeted by phishers in the second quarter remained consistent – ranging from 411 to 425 different brands each month...
Continue Reading
Real Time Phishing

Real Time Phishing is Man in the Middle (MitM) attack

Real Time Phishing is a Man-in-the-Middle (MitM) attack that allows the criminal to commit real time fraud. Stolen credentials from the phishing site are used to access the internet bank session in real time. Real time phishing allows the criminal to readily bypass banking authentication protocols. Real time phishing schemes take place over a web session,...
Continue Reading
Trademark Monitoring

Trademark and Copyright enforcement to protect digital assets

Trademark and Copyright enforcement to protect digital assets. In an online world the digital assets of the business are open to a large range of fraud and abuse. Digital assets can be legally protected via Trademark and Copyright ownership claims. Examples of trademark and copyright infringement are fake websites and phishing sites, unauthorised social media accounts,...
Continue Reading
Sending Spoofed Emails for Spear Phishing and Advanced Persistent Threat (APT) attacks.

Sending Spoofed Emails for Spear Phishing and Advanced Persistent Threat (APT) attacks.

Criminals use spoofed email domain from addresses to launch Spear Phishing and Advanced Persistent Threat malware attacks. The “FROM” address of the sender’s email is maliciously changed to the victim’s domain. From the recipients point of view the email looks and feels like an internal email. Cybercriminals can easily send an email to anyone within the...
Continue Reading
How effective is browser blocking against phishing sites

Browser blocking of phishing sites – how effective?

Browser blocking of phishing sites – does the browser provide a phishing solution?  iZOOlogic threat detection and analysis engines are sifting through vast amounts of phishing intelligence and malicious data – sourcing literally thousands of new phishing sites each day. All day and every day. iZOOlogic provides a swift response to those phishing sites that are...
Continue Reading
WHALING – Big Game Spear Phishing

WHALING – Big Game Spear Phishing

Whaling is a type of spear phishing that targets high-profile end users such as C-level corporate executives. Similar to traditional based phishing, whaling leverages social engineering against the victim and uses some technological play in the background. Whaling content – messaging and website are very personalised – this is personal – one on one – phishing....
Continue Reading
Zeus the sky and thunder god of malware

Zeus the sky and thunder god of malware

Zeus malware is a financial Trojan targeting online banking. Zeus malware steals banking information by man-in-the-browser attacks, keystroke logging and form grabbing methods. Zeus was developed to target the Windows OS and has been around for almost 10 years now. Zeus is spread mainly through drive-by downloads and phishing schemes. Why are we talking about an...
Continue Reading
New Financial Malware – Banking Trojans

New Financial Malware – Banking Trojans

Denis Makrushin, a security expert at Kaspersky Lab. has published findings – “Financial malware are still active and developing rapidly. New banking Trojans have significantly extended their functionality by adding new modules, such as ransomware. If criminals do not succeed in stealing users’ personal data, they will encrypt it and demand a ransom. Another example is...
Continue Reading
DNS Hijacking and DNS Spoofing

DNS Hijacking and Spoofing

DNS hijacking and spoofing DNS is the underlying directory framework of the Internet. It turns a web address into an IP address that ultimately directs the user to legitimate website. If this DNS gets hijacked or taken over by a hacker group, the web address can be redirected to a completely different website. This malicious website...
Continue Reading
1 15 16 17 18