At PhishMe we talk frequently about a familiar concept that cyber attacks and phishing emails are very rarely sent to only one organization. While security teams tend to focus on threats to your organization, PhishMe Intelligence is watching for email-based threats for EVERY organization. As we were gathering information about tax-related phishing scams this year, we noticed that institutes of higher learning were being hit quite broadly by this year’s W2 related scams. [Read more…]
On 4/6, the Phishing Intelligence team came across a wave of phishing emails that contained a .js file packaged inside of a zip file used to deliver malware. This is nothing new, and has been seen being pushed out by resources associated with the Dridex botnet and the Locky encryption ransomware. The interesting piece is that the attackers are using a new piece of malware called RockLoader to download and install the malware on remote systems. Downloaders are nothing new, as Upatre was used with Dyre and Gameover ZeuS in the past. RockLoader has several tricks up its sleeve. [Read more…]
Today, we happily launched our comprehensive end-of-year report Gone Phishing: 2015 Global Malware Round Up Report completely free to the public and our customers. This whitepaper provides information security professionals, incident response teams, threat intelligence analysts and C-level technology leaders across the globe with insights on the most effective phishing attacks used today and the malware payloads they deliver. [Read more…]
Today, we are excited to announce the launch of our brand new PhishMe Community. The site is designed exclusively for PhishMe customers as a centralized hub where users can build a collaborative knowledge base, learn technical tips and tricks, engage with peers to share new ideas, and grow existing anti-phishing programs. [Read more…]
Important disclaimer: THE IRS DOES NOT INITIATE CONTACT WITH TAXPAYERS BY EMAIL, TEXT MESSAGE, OR SOCIAL MEDIA CHANNELS TO REQUEST PERSONAL OR FINANCIAL INFORMATION. (See: https://www.irs.gov/uac/Report-Phishing )
The IRS has a very active security team, currently part of the U.S. Treasury Inspector General for Tax Administration (TIGTA), that is responsible for fighting phishing and tracking down the criminals who prey on U.S. tax payers. If you believe you have received a Phishing email, please help them by reporting the email you received to email@example.com. Additionally, please also consider sending a copy to our team. PhishMe Brand Intelligence automatically processes any URLs found in emails sent to Report@phishIQ.com (not just IRS phish – we love gathering global intelligence on all phish).
There is a reason that most data breach incidents involve phishing attacks: phishing works. Attackers know that it is far easier to gain access to a protected network by tricking people into clicking on malicious links and attachments than it is to penetrate sophisticated firewalls and intrusion detection systems. And they know that they have an edge over the defenders because they only have to win once to gain access. As defenders, we need to stop them every time. We can’t prevent attackers from soliciting people with phishing emails. But we can take away their edge.
Aaron Higbee, PhishMe co-founder and CTO, was featured on a recent CNBC SquawkBox broadcast segment discussing recent ransomware trends plaguing the healthcare space. During the attack, a phishing email is sent to the user’s inbox prompting them to click a malicious link that begins encrypting files and storage drives on your computer. Once the files are encrypted, the only way to retrieve the data from the malicious actors is to pay a ransom in BitCoin. In the video (seen below), Higbee dives deeper into the various motivations for these types of attacks and how businesses can better prepare themselves to thwart ransomware before it strikes.
Over the last few months, the Phishing Intelligence team has observed a huge increase of ransomware. Many attackers are starting to experiment with ransomware as an alternative to quickly monetize. Dridex has employed a new family of ransomware named Locky, which is a pretty drastic shift in what this group is known for doing. We’re even seeing attackers go after OSX with ransomware, something that was once thought to be immune from malware, however there were nearly 6,500 users who downloaded the compromised BitTorrent client.
Follow along with us as we deconstruct a recent ransomware attack and hack the hackers behind the attempt.
Every year, attackers try to find some way to innovate and steal more money come tax time. Last year, attackers took advantage of e-filing, which led TurboTax to put a halt on all refunds due to a surge in fraudulent state tax returns. Here is a screenshot of a phishing email that the attackers are using to try and obtain W2’s for all employees:
Be on the lookout for these types of scams! Snapchat recently fell victim to one of these scams and did the responsible thing by notifying the affected parties and called on the assistance of the FBI. HMRC related phishing is something to watch out for as well, as well as anything else tax-themed around tax time. Stay alert!
Phishing Incident Response – Back to the Past, Present, and Recorded Future
Attackers like to boast about their accomplishments as well as announce their plans. They leave trails of evidence across the open web just waiting to be discovered, if you’re looking in the right places. Similarly, as events occur, researchers and those attacked begin to share information. Employees within our organizations are a primary target of attackers with well-crafted spear phishing emails and some of which may stem from over sharing or whatever is personally newsworthy. Indicators of compromise (IOCs) help security teams in their incident response process. Has this been seen before? When did it start? Are there any indicators that this attack will be used again? This is valuable information to help determine the validity of the attack and what may be next.