Entries by GDR Group

Iranian Hacker Group Beats 2FA with New Phishing Campaign Targeting Google Users

A new phishing attack method shows that even the mighty two-factor authentication can be beaten without needing to possess a user’s mobile device. We’d like to think that using Multi-Factor Authentication (MFA) surrounds the logon process with such a high level of security that it can’t be broken. But a recent phishing attack shows that […]

Malicious Business Email Campaign Uses Google Cloud Storage to Target Banks and Financial Services Companies

Researchers at Menlo Labs have spotted and tracked a new campaign aimed at tricking employees of US and UK financial firms and banks into downloading Houdini Malware. It’s no surprise that cybercriminals are going where the money is – in this case, literally. A campaign that has been running since August of this year has been identified seeking […]

Users Pose the Greatest Security Risk

The latest data from CSO’s 2018 U.S. State of Cybercrime report highlights the risk users create, and how little organizations are doing to address it. This year’s report covers a wide range of topics, providing a relatively comprehensive view on the state of both cyberattacks, organizational preparedness, and incident response. I’ve pulled out a number […]

Bad Guys Are Now Taking Over Email Inboxes Without Phishing Attacks

According to an alert published earlier this year by the FBI, Business Email Compromise (BEC) and Email Account Compromise (EAC) have caused $12 billion in losses since October 2013. Traditionally, social engineering and intrusion techniques have been the most common ways to gain access to business email accounts and dupe individuals to wire funds to […]

That Padlock Doesn’t Mean It’s Secure

We’ve mentioned this before, but the misconception has surfaced again, and it’s worth mentioning again. Looking for the padlock as a sign of a secure legitimate website isn’t an accurate indication that a site is malware free. Recent research indicates that nearly half of all phishing sites display the padlock and a web address that […]

Attackers Rev Up Financial Phishing Campaigns in Preparation for the Holidays

Shoppers around the world face an unprecedented number of phishing attacks this holiday season, according to Andrey Kostin at Kaspersky Lab. With Christmas and the New Year coming up within weeks, November and December are prime phishing season for attackers. Financial phishing made up 54% of all phishing attacks in 2017, and that number is […]

Your Weak Cyber Security Violates Federal Law

Reuters just made me aware of a U.S. Securities and Exchange Commission report about a recent SEC investigation if nine companies that had been victims of CEO fraud had sufficient internal controls in place as required by law. The report focused on what the FBI calls “business email compromise” and what in InfoSec circles is known as […]

Replica Phishing Sites Prey on User Trust

Attacks leveraging look-alike federated logon pages are more dangerous than malware-laden attachments in email. As you build out your security strategy to prevent successful cyber-attacks, much of it focuses on stopping malware attempting to enter via email-based phishing attacks. It’s a priority, as 93% of data breaches start with phishing. But, cyber criminals are changing tactics, […]

Everyone’s Cyber-Worried; No One’s Cyber-Prepared

New data from the 2018 Chubb Cyber Risk Survey shows people and companies have a false sense of cybersecurity and aren’t really doing much about it. It’s a safe assumption to think that most everyone is very much aware of cyber threats, phishing attacks, ransomware, social engineering, and other cyberattacks. In fact, Chubb’s new risk report makes […]