Cybercrime - W/E - 092118
Consumers, Businesses Reminded to Beware of Hurricane-Themed Scams (09/17/2018)
The US-CERT recommends that people take precautions as cybercriminals exploit interest in Hurricane Florence and its aftermath. Cyber thieves use dramatic events such as natural disasters as subject matter for phishing schemes and scam emails.
The US-CERT recommends that people take precautions as cybercriminals exploit interest in Hurricane Florence and its aftermath. Cyber thieves use dramatic events such as natural disasters as subject matter for phishing schemes and scam emails.
FireEye Assesses Malicious Campaign Targeting Click2Gov (09/19/2018)
FireEye has tracked a malicious campaign targeting Web payment portals that involve on-premise installations of Click2Gov, which is a Web-based, interactive self-service bill-pay software solution developed by Superion. A possible issue was first reported by Superion in October 2017 when the company announced that a few customers were affected by suspicious activity. Over the months, more customers were compromised. FireEye's Mandiant division forensically analyzed compromised systems and recovered malware associated with this campaign and discovered it using a tool called FIREALARM to retrieve payment card information and remove log entries not containing error messages. A second tool, SPOTLIGHT, intercepted payment card information from HTTP network traffic.
FireEye has tracked a malicious campaign targeting Web payment portals that involve on-premise installations of Click2Gov, which is a Web-based, interactive self-service bill-pay software solution developed by Superion. A possible issue was first reported by Superion in October 2017 when the company announced that a few customers were affected by suspicious activity. Over the months, more customers were compromised. FireEye's Mandiant division forensically analyzed compromised systems and recovered malware associated with this campaign and discovered it using a tool called FIREALARM to retrieve payment card information and remove log entries not containing error messages. A second tool, SPOTLIGHT, intercepted payment card information from HTTP network traffic.
Pegasus Malware Spies on People in 45 Countries (09/19/2018)
Research conducted by The Citizen Lab shows that 45 countries have been infiltrated by the Pegasus spyware and at least 10 threat actors are engaged in cross-border surveillance. This information comes from a two-year investigation in which The Citizen Lab scanned the Internet for servers associated with Pegasus, a mobile phone spyware distributed by the Israeli-based NSO Group. Once a device is infected, the malware executes commands, steals private data, and can turn on the camera and microphone to capture activity. Pegasus has been used to spy on human rights workers. When contacted by the Citizen Lab, NSO Group released a statement denying that its products were being used in an unethical manner. "There are multiple problems with Citizen Lab's latest report. Most significantly, the list of countries in which NSO is alleged to operate is simply inaccurate. NSO does not operate in many of the countries listed. The product is only licensed to operate in countries approved under our Business Ethics Framework and the product will not operate outside of approved countries," the company stated.
Research conducted by The Citizen Lab shows that 45 countries have been infiltrated by the Pegasus spyware and at least 10 threat actors are engaged in cross-border surveillance. This information comes from a two-year investigation in which The Citizen Lab scanned the Internet for servers associated with Pegasus, a mobile phone spyware distributed by the Israeli-based NSO Group. Once a device is infected, the malware executes commands, steals private data, and can turn on the camera and microphone to capture activity. Pegasus has been used to spy on human rights workers. When contacted by the Citizen Lab, NSO Group released a statement denying that its products were being used in an unethical manner. "There are multiple problems with Citizen Lab's latest report. Most significantly, the list of countries in which NSO is alleged to operate is simply inaccurate. NSO does not operate in many of the countries listed. The product is only licensed to operate in countries approved under our Business Ethics Framework and the product will not operate outside of approved countries," the company stated.
Phishing Scams Give Criminals Keys to the Payroll Account Kingdom (09/19/2018)
The FBI's Internet Crime Complaint Center (IC3) has received complaints reporting cybercriminals are targeting the online payroll accounts of employees in a variety of industries. Institutions most affected are education, healthcare, and commercial airway transportation. The thieves are using phishing techniques to capture employees' login credentials and once that is achieved, the criminal can access the victims' payroll account and change banking information. The IC3 released an alertregarding this type of scam.
The FBI's Internet Crime Complaint Center (IC3) has received complaints reporting cybercriminals are targeting the online payroll accounts of employees in a variety of industries. Institutions most affected are education, healthcare, and commercial airway transportation. The thieves are using phishing techniques to capture employees' login credentials and once that is achieved, the criminal can access the victims' payroll account and change banking information. The IC3 released an alertregarding this type of scam.