Blog

brand protection

The era of Fake News – beware all Executives.

Fake News impacts business Executives and organisation brand. We have entered a new era of “Fake News” which can have a direct impact on all business Executives and brand protection strategies.  Fake News is real news – if you believe it. Fake News is being spread on dubious websites, specifically set up for this purpose. Fake...
Continue Reading
phishing and malware attacks

Two new malware (financial Trojans) – Corebot and Shifu

Cybercriminals have a large range of tools and resources to launch phishing and malware attacks against online platforms. The dark web provides fertile grounds for criminals to opening discuss methodologies and trade new malware variants, types and processes. From well-established banking malware, such as Dyre, ZeuS and Kronos, to more recently discovered malware, such as Shifu...
Continue Reading
traditional phishing

A new year, an old threat – traditional phishing

It may be a new year but we can be sure that phishing will again be upon us. So far in the first two days of 2017 we have seen the usual suspects being targeted, Apple, PayPal, Amazon, Scotia Bank, ANZ, HSBC, Facebook, the list of targeted phishing is endless…. Phishing first came to light more...
Continue Reading
Shutterstock izoologic

Email remains the default vector for distributing phishing and malware content.

Cybercriminals still use emails to launch the social engineering component of a phishing or malware attack. Email content uses a “call to action’ such as a security update, web payment or refund to lure victims into clicking on the embedded link. Users are routed to fake web content or to download malicious attachment and executables. Criminals...
Continue Reading
SMiShing

An alternative flavour of SMiShing

SMiShing attacks often leverage a trusted brand to route the victim to a phishing site. An alternative variant of SMiShing is where the spam message contains only a call back number. The message maybe as simple as “Please urgently call back xxxx xxxx xxxx to update your account details” and there is no mention of a...
Continue Reading
vishing-arm izoologic

Vishing – a persistent type of Voice Phishing

Vishing, a term that relates to “Voice – Phishing” is a type of social engineering attack that has a high degree of variety.  Vishing takes the form of a criminal using a telephone to make a social engineering attempt against the victim to conduct fraud. Vishing maybe as simple as criminal A – speaking to victim...
Continue Reading
Domain name spaming

Phishing spam sent from specifically registered domain names bypasses email authentication

Phishing spam is often sent from specifically registered domain names and domain zones to increase the efficacy of the phishing attack. This means that current email authentication systems are readily bypassed. Phishing spam forms the first component of the social engineering attempt. The phishing message must appear like it has come from a legitimate and trusted...
Continue Reading
financial Trojan

Bolek malware– the latest generation of financial Trojan

Bolek malware is a new generation of financial trojan with an increased level of sophisitcation and stealth. Bolek was documented by the Polska CERT team in 2016 and named after a local cartoon character – “Bolek”, but this is no children’s show. Bolek’s primary function is targeting banks to steal login credentials from online banking applications....
Continue Reading
Malware - Financial Trojans

Top 4 Malware – Financial Trojans – Zeus, Carberp, Citadel and SpyEye.

Let us introduce the Top 4 Malware – Financial Trojans – Zeus, Carberp, Citadel and SpyEye. Later in this series of articles we will look into each malware (financial Trojan) in greater detail but allow us to make the formal introductions. Carberp Carberp was originally introduced as a typical financial Trojan. It was designed to steal...
Continue Reading
APWG – Phishing Trends Activity Report

APWG – Phishing Trends Activity Report – Q2 2016 : Summary of Findings

Anti-Phishing Working Group – Phishing Trends Activity Report – Q2 2016 Summary of Findings: The Retail/Service sector remained the most- targeted industry sector during the second quarter of 2016, suffering 43% of attacks The number of brands targeted by phishers in the second quarter remained consistent – ranging from 411 to 425 different brands each month...
Continue Reading
Real Time Phishing

Real Time Phishing is Man in the Middle (MitM) attack

Real Time Phishing is a Man-in-the-Middle (MitM) attack that allows the criminal to commit real time fraud. Stolen credentials from the phishing site are used to access the internet bank session in real time. Real time phishing allows the criminal to readily bypass banking authentication protocols. Real time phishing schemes take place over a web session,...
Continue Reading
Trademark Monitoring

Trademark and Copyright enforcement to protect digital assets

Trademark and Copyright enforcement to protect digital assets. In an online world the digital assets of the business are open to a large range of fraud and abuse. Digital assets can be legally protected via Trademark and Copyright ownership claims. Examples of trademark and copyright infringement are fake websites and phishing sites, unauthorised social media accounts,...
Continue Reading
Sending Spoofed Emails for Spear Phishing and Advanced Persistent Threat (APT) attacks.

Sending Spoofed Emails for Spear Phishing and Advanced Persistent Threat (APT) attacks.

Criminals use spoofed email domain from addresses to launch Spear Phishing and Advanced Persistent Threat malware attacks. The “FROM” address of the sender’s email is maliciously changed to the victim’s domain. From the recipients point of view the email looks and feels like an internal email. Cybercriminals can easily send an email to anyone within the...
Continue Reading
How effective is browser blocking against phishing sites

Browser blocking of phishing sites – how effective?

Browser blocking of phishing sites – does the browser provide a phishing solution?  iZOOlogic threat detection and analysis engines are sifting through vast amounts of phishing intelligence and malicious data – sourcing literally thousands of new phishing sites each day. All day and every day. iZOOlogic provides a swift response to those phishing sites that are...
Continue Reading
WHALING – Big Game Spear Phishing

WHALING – Big Game Spear Phishing

Whaling is a type of spear phishing that targets high-profile end users such as C-level corporate executives. Similar to traditional based phishing, whaling leverages social engineering against the victim and uses some technological play in the background. Whaling content – messaging and website are very personalised – this is personal – one on one – phishing....
Continue Reading
New Financial Malware – Banking Trojans

New Financial Malware – Banking Trojans

Denis Makrushin, a security expert at Kaspersky Lab. has published findings – “Financial malware are still active and developing rapidly. New banking Trojans have significantly extended their functionality by adding new modules, such as ransomware. If criminals do not succeed in stealing users’ personal data, they will encrypt it and demand a ransom. Another example is...
Continue Reading
DNS Hijacking and DNS Spoofing

DNS Hijacking and Spoofing

DNS hijacking and spoofing DNS is the underlying directory framework of the Internet. It turns a web address into an IP address that ultimately directs the user to legitimate website. If this DNS gets hijacked or taken over by a hacker group, the web address can be redirected to a completely different website. This malicious website...
Continue Reading
Spear-phishing attack

Business Email Compromise a blended Spear Phishing attack

Business Email Compromise (BEC) attacks Business Email Compromise (BEC), formerly known as Man-in-the-Email scams are a blended Spear-phishing attack. BEC attacks follow similar traits to phishing, technical subterfuge with social engineering. BEC threats actually compromise legitimate business email accounts in order to conduct unauthorised transfer of funds to criminal controlled bank accounts. Essentially the employee of...
Continue Reading
Banking Malware

Evolving Banking Malware and Transaction Authentication

Banking malware families and variants are constantly evolving, bank transaction authentication methods are also evolving. It is a cat and mouse game where the user expects convenience and with an ease of use. As malware flavors continue to chart new territory from the days of Spyeye, Zeus & Citadel to the likes of Prime,Dridex, Gozi, Tinba,...
Continue Reading
Puddle Phishing, not of Spear Phishing, is a resurgent threat a variant

Puddle Phishing, not of Spear Phishing, is a resurgent threat a variant

Puddle Phishing, a variant of Spear Phishing, is a resurgent threat. Phishing is a broad term to describe the type of attack that combines some technological components with social engineering. Traditional or classical phishing has been previously discussed in this blog, and is well documented across security blogs and research whitepapers. Let us take a look...
Continue Reading
1 16 17 18 19