According to the 2022 X-Force Threat Intelligence Index, phishing was the most common way that cyber criminals got inside an organization. Typically, they do so to launch a much larger…
Browsing CategoryPhishing
Hive0117 Continues Fileless Malware Delivery in Eastern Europe
Through continued research into the ongoing cyber activity throughout Eastern Europe, IBM Security X-Force identified a phishing email campaign by Hive0117, likely a financially motivated cybercriminal group, from February 2022,…
Ransomware Resilience Tops Findings in X-Force Threat Intelligence Index 2022
For the third year in a row, ransomware was the top attack type globally in 2021, despite some successes last year by law enforcement to take down ransomware groups. This…
One-Time Password Security Might Fail 80% of the Time. IAM is Better
A one-time password (OTP) is an automatically generated sequence of characters that authenticates a user for a single transaction or login session. OTP is a widely popular security strategy, but…
Understanding the Cyber Risk Exposures Within the Health Care Industry
The health care industry is one of the most popular and lucrative targets for cyberattacks and malicious activity. Health care organizations always present as an attractive proposition to hackers as…
Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts
A series of ongoing business email compromise (BEC) campaigns that uses spear-phishing schemes on Office 365 accounts has been seen targeting business executives of over 1,000 companies across the world since March 2020. The recent campaigns target senior positions in the United States and Canada.
The fraudsters, whom we named “Water Nue,” primarily target accounts of financial executives to obtain credentials for further financial fraud. The phishing emails redirect users to fake Office 365 login pages. Once the credentials are obtained and accounts are successfully compromised, emails containing invoice documents with tampered banking information are sent to subordinates in an attempt to siphon money through fund transfer requests.
The post Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts appeared first on .
How to Report Scam Calls and Phishing Attacks
With incidents such as the Colonial Pipeline infection and the Kaseya supply chain attack making so many headlines these days, it can be easy to forget that malicious actors are…
How to Fight Phishing: Don’t Get Fugu’ed!
Threat actors who deploy phishing and other attacks have an advantage: they don’t operate within any space of decent norms or legal jurisdiction. Accept that, and you quickly understand why…
Phishing Attacks Are Top Cyber Crime Threat, Easier Than Ever to Create and Deploy
Why is one of cyber crime’s oldest threats still going strong? The Anti-Phishing Working Group (APWG) reports that January 2021 marked an unprecedented high in the APWG’s records, with over…
Cyberattacks Use Office 365 to Target Supply Chain
Malicious actors have a history of trying to compromise users’ Office 365 accounts. By doing so, they can tunnel into a network and use their access to steal sensitive information.…