Entries by GDR Group

MUST Read This WSJ Article About Our Power Grid and How the Russians Hacked it With Phishing

Earlier this month, the Wall Street Journal reconstructed the worst known hack into the USA’s power grid revealing attacks on hundreds of small contractors.  The title is very apt: “America’s Electric Grid Has a Vulnerable Back Door—and Russia Walked Through It”.  It’s so relevant because it describes a very effective supply-chain attack that could happen […]

Real Estate Transactions are Increasingly Vulnerable to CEO Fraud

The real estate industry is a particularly attractive target for BEC (Business Email Compromise—also known as CEO Fraud—attacks, according to FBI spokesman David Fitz. Fitz told The Baltimore Sun that the industry’s day-to-day activities present a host of opportunities for scammers, including large, online transactions and a great deal of remote communication. Between January 2017 […]

Children’s Full Personal Data and SSNs Are Being Sold on the Dark Web

Motherboard reported on an ugly story: the data sold includes names, phone numbers, addresses, and Social Security Numbers: “Even if they may not be able to really do anything about it, children are not immune to identity theft. A data broker on several dark web marketplaces is currently advertising stolen personal information relating specifically to […]

Iranian Hacker Group Beats 2FA with New Phishing Campaign Targeting Google Users

A new phishing attack method shows that even the mighty two-factor authentication can be beaten without needing to possess a user’s mobile device. We’d like to think that using Multi-Factor Authentication (MFA) surrounds the logon process with such a high level of security that it can’t be broken. But a recent phishing attack shows that […]

Malicious Business Email Campaign Uses Google Cloud Storage to Target Banks and Financial Services Companies

Researchers at Menlo Labs have spotted and tracked a new campaign aimed at tricking employees of US and UK financial firms and banks into downloading Houdini Malware. It’s no surprise that cybercriminals are going where the money is – in this case, literally. A campaign that has been running since August of this year has been identified seeking […]

Users Pose the Greatest Security Risk

The latest data from CSO’s 2018 U.S. State of Cybercrime report highlights the risk users create, and how little organizations are doing to address it. This year’s report covers a wide range of topics, providing a relatively comprehensive view on the state of both cyberattacks, organizational preparedness, and incident response. I’ve pulled out a number […]

Bad Guys Are Now Taking Over Email Inboxes Without Phishing Attacks

According to an alert published earlier this year by the FBI, Business Email Compromise (BEC) and Email Account Compromise (EAC) have caused $12 billion in losses since October 2013. Traditionally, social engineering and intrusion techniques have been the most common ways to gain access to business email accounts and dupe individuals to wire funds to […]

That Padlock Doesn’t Mean It’s Secure

We’ve mentioned this before, but the misconception has surfaced again, and it’s worth mentioning again. Looking for the padlock as a sign of a secure legitimate website isn’t an accurate indication that a site is malware free. Recent research indicates that nearly half of all phishing sites display the padlock and a web address that […]