Cyber Bites

Cyber security experts warn some of the country is in need of online password education after a survey revealed more than a quarter of Britons reuse up to five passwords across all their financial accounts and one in five admitted to writing them down. SOURCE: This Is Money

When a company suffers a ransomware attack, many victims feel that the attackers quickly deploy the ransomware and leave so they won't get caught. Unfortunately, the reality is much different as threat actors are not so quick to give up a resource that they worked so hard to control. Instead, ransomware attacks are conducted over time, ranging from a day to even a month, starting with a ransomware operator breaching a network. SOURCE: Bleeping Computer

The Commonwealth Scientific and Industrial Research Organisation's (CSIRO) Data61, together with Samsung Research and South Korea's Sungkyunkwan University, have developed a solution to protect consumers from voice spoofing attacks. The Voice liveness detection (Void) has been designed to be embedded in a smartphone or a voice assistance software to identify the difference between a live human voice and voice replayed through a speaker to detect when hackers are attempting to spoof a system. SOURCE: ZDNet

The Cloud Security Alliance has released a report examining privacy and security of patient data in the cloud. In the wake of COVID-19, health delivery organizations (HDOs) have quickly increased their utilization of telehealth capabilities (i.e., remote patient monitoring (RPM) and telemedicine) to treat patients in their homes. These technology solutions allow for the delivery of patient treatment, comply with COVID-19 mitigation best practices, and reduce the risk of exposure for healthcare providers. SOURCE: Help...

Singapore, Japan, and the US are amongst six nations reportedly targeted in a COVID-19 themed phishing campaign that is scheduled to take place June 21. North Korean state hacker group Lazarus are said to be behind the massive attack that will see more than 5 million businesses and individuals receiving phishing email messages from spoofed government accounts. This would include 8,000 organisations in Singapore where the business contacts highlighted in an email template were addressed to...

The InvisiMole threat group has resurfaced in a new campaign, revealing a new toolset and a strategic collaboration with the high-profile Gamaredon advanced persistent threat (APT) group. InvisiMole was first uncovered by ESET in 2018, with cyberespionage activity dating back to 2013 in operations in Ukraine and Russia. More recently, from late 2019 until at least this month, researchers have spotted the group attacking a few high-profile organizations in the military sector and diplomatic missions, both in Eastern...

A credential-phishing attempt that relies on impersonating Bank of America has emerged in the U.S. this month, with emails that get around secure gateway protections and heavy-hitting protections like DMARC. The campaign involves emails that ask recipients to update their email addresses, warning users that their accounts could be recycled if this isn’t done. “The email language and topic was intended to induce urgency in the reader owing to its financial nature,” according to analysis...

Wells Fargo customers are being targeted by a phishing campaign impersonating the Wells Fargo Security Team and luring potential victims to phishing pages with the help of calendar invites. Wells Fargo is a multinational financial services (banking, investment, and mortgage) provider with roughly 263,000 employees in 7,400 locations in 31 countries and territories. It serves one-third of all US households and it was ranked No. 30 on Fortune’s 2020 rankings of America’s largest corporations. The phishing messages spotted...

Hackers have been using fake error logs to store ASCII characters disguised as hexadecimal values that decode to a malicious payload designed to prepare the ground for script-based attacks. The trick is part of a longer chain with intermediary PowerShell commands that ultimately delivers a script for reconnaissance purposes. MSP threat detection provider Huntress Labs discovered an attack scenario where a threat actor with persistence on a target machine tried to run an unusual trick to carry...

Hackers hijacked an Oxford email server to deliver malicious emails as part of a phishing campaign designed to harvest Microsoft Office 365 credentials from European, Asian, and Middle Eastern targets. The attackers also made use of domain hosted on an Adobe server and used by Samsung during 2018’s Cyber Monday event. By leveraging the reputable brands of Oxford University, Adobe, and Samsung within the same campaign, the threat actors' attacks had everything needed to bypass...