A Song of Ice and Ransomware: Game of Thrones References in Locky Phishing

We rarely find out the identities of online attackers. As a result, it is often easy to picture attackers as impartial and emotionless devices instead of humans or groups of people. However, attackers often reveal small bits of information about themselves and their personalities in the tactics, techniques, and procedures they select.

TrickBot Targeting Financial and Cryptocurrency Data

While a great deal of focus for research into botnet trojans is on the multipurpose utility of this malware, many of these same tools are still utilized for direct financial crimes and fraud. This configuration data, provides a prima-facie insight into some of the preferred means for monetary gains by threat actors. An example of this can be found in the most recent rounds of TrickBot malware configurations. These XML documents describe the targeted login pages for online services and the action the malware is to take when a victim visits one. Many of the targeted resources reference the login pages for online banking portals, as many malware tools with financial-crimes capabilities often do. However, TrickBot’s targeting of cryptocurrency wallet services also an interesting insight into this malware’s targeting and its relationship to its predecessor, the Dyre trojan.

Endpoint Phishing Incident Response with PhishMe and Carbon Black

Hunting Phished Endpoints with PhishMe Intelligence™ and Carbon Black® Response

While sipping coffee and reading the morning headlines, the CISO notices a global mass-phishing campaign that took place overnight. Picking up the phone and calling the SOC, the CISO asks; “Are there any computers that may have been infected with ‘X’ that I read about this morning? I need answers before my meeting in an hour”.

Customized Phishing Simulations Keep You “Left of Breach”

Part 3 in a series on being “Left of Breach” in the Phishing Kill Chain.

In part 2 we looked at Self-Enumeration, assessing security and business process gaps that phishing attackers exploit. It’s the first step in being “Left of Breach” (see figure below), the process that builds a proactive phishing defense strategy.