Each week we scour the web to discover the latest developments, news and tips that will help you keep your technology (and your business) safe and secure.
Here are the most interesting articles we’ve found this week that could be helpful to you:
There has been such an increase of instances of the Business Email Compromise scam, that the FBI put out an official public service announcement warning people against falling for it. These shocking statistics show the effectiveness of the scam which caused over $1.2 billion in damages in 2015 alone.
Business Email Compromise (BEC) is defined as a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. The scam is carried out by compromising legitimate business e-mail accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.
The BEC scam continues to grow and evolve and it targets businesses of all sizes. There has been a 270 percent increase in identified victims and exposed loss since January 2015. The scam has been reported in all 50 states and in 79 countries. Fraudulent transfers have been reported going to 72 countries; however, the majority of the transfers are going to Asian banks located within China and Hong Kong. These totals, combined with those identified by international law enforcement agencies during this same time period, bring the BEC exposed loss to over $1.2 billion.
An interpretation of the report the FBI put out on the BEC scams.
In an alert posted to its site, the FBI said that since January 2015, the agency has seen a 270 percent increase in identified victims and exposed losses from CEO scams. The alert noted that law enforcement globally has received complaints from victims in every U.S. state, and in at least 79 countries.
Would you read these emails and do what these hackers ask of you? A great breakdown of how the business email compromise (BEC) scam works, and how effective it is.
Scammers are continuing to target senior financial staff at medium and large corporations, attempting to trick them into carrying out large wire transfer payments. The FBI recently warned organizations of this activity and Symantec Email Security.cloud has observed that these email campaigns are still ongoing.
Adobe just released a patch that fixes a vulnerability cybercriminals are already exploiting to gain access to machines. Everybody needs to download this patch – immediately.
For the second time in two months, Adobe has pushed out a Flash update that’s more than just a nice-to-have.
This one, like last month’s, fixes not only a bunch of holes that crooks would almost certainly try to use if they knew about them, but also a vulnerability that’s already being exploited in the wild for criminal purposes.
In this Security Threat Report, Symantec shed light on some unnerving new developments. I used to draw the line between the skills of organized crime hackers and “nation-state actors”. It looks like that gap is closing.
Symantec has today launched its annual Internet Security Threat Report (ISTR), which reveals highly-skilled cyber criminals with skills sets that echo those of nation-state attackers, are fuelling an exponential growth in online crime.
Attackers still use USB keys to gain access to machines. Remember: don’t use USB keys that you’re not sure are safe. Simply scanning a drive before plugging it in is not effective to determine its safety.
Abstract—We investigate the anecdotal belief that end users will pick up and plug in USB flash drives they find by completing a controlled experiment in which we drop 297 flash drives on a large university campus. We find that the attack is effective with an estimated success rate of 45–98% and expeditious with the first drive connected in less than six minutes.
Imagine sitting behind your phone or computer and seeing it remotely being wiped completely by a hacker. That’s what happened to Mat Honan. In this classic and riveting first-person account, you learn how your life can digitally dissolve when you’re being hacked.
In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook. In many ways, this was all my fault.
Finally some good news about ransomware Remember the Petya strain of ransomware I shared with you a few weeks ago? Some researchers found a fix for this particular strain.
Researchers have been combing through code related to the Petya ransomware long enough they’ve been able to cobble together a decryption tool that should allow most victims to generate keys in less than 10 seconds.
The year is young and high-profile phishing attacks keep coming seemingly every week. Here are eight reasons why security pros have to get serious about combating phishing.