phishing   2634

« earlier    

Coinhoarder: tracking a Ukrainian bitcoin phishing ring DNS-style • Talos Intelligence
Edmund Brumaghin:
<p>On February 24, 2017, Cisco observed a massive phishing campaign hosted in Ukraine targeting the popular Bitcoin wallet site blockchain.info with a client request magnitude of over 200,000 client queries. This campaign was unique in that adversaries leveraged Google Adwords to poison user search results in order to steal users' wallets. Since Cisco observed this technique, it has become increasingly common in the wild with attackers targeting many different crypto wallets and exchanges via malicious ads.

Cisco identified an attack pattern in which the threat actors behind the operation would establish a "gateway" phishing link that would appear in search results among Google Ads. When searching for crypto-related keywords such as "blockchain" or "bitcoin wallet," the spoofed links would appear at the top of search results. When clicked, the link would redirect to a "lander" page and serve phishing content in the native language of the geographic region of the victim's IP address.

The reach of these poisoned ads can be seen when analyzing DNS query data. In February 2017, Cisco observed spikes in DNS queries for the fake cryptocurrency websites where upwards of 200,000 queries per hour can be seen during the time window the ad was displayed…

<img src="https://3.bp.blogspot.com/-qymaLjiZLwM/WoRuHgqeq5I/AAAAAAAABr8/iFrLDR0P2lskk6DYyJ7PHhR0ewMzaDS-wCLcBGAs/s1600/image13.png" width="100%" />

…Based on our findings associated with this syndicate, we estimate the COINHOARDER group to have netted over $50m over the past three years. It is important to note that the price of Bitcoin has shot up drastically over 2017, starting around $1,000 in January and hitting a high point just under $20,000 in December. While criminals were able to profit from this, it also adds a new level of complexity for criminals to convert their cryptocurrency funds to a fiat currency like US dollars. The historic price of Bitcoin during the height of this campaign would have made it very difficult to move these ill-gotten finances easily.</p>

"Google AdWords really paid off for our phishing business!"
phishing  Bitcoin 
4 days ago by charlesarthur
Annotated Bad Security Email
Some folks asked why this is a bad email. So I annotated it
security  email  phishing  design 
7 days ago by spaceninja
Easily Report Phishing and Malware
This is how you can strike back at criminals sending phishing spam - by getting their webpages on blacklists. Blocking their sites helps protect other people and helps researchers trying to stop this. Sites can be blocked within 15 minutes of your report, but you may not immediately see it.
phishing  infosec 
10 days ago by tonious
ReelPhish
A Real-Time Two-Factor Phishing Tool
phishing  2fa 
11 days ago by aiefel
Twitter
Yep. This was the second entry on my 2018 -2 / Victims' List. There were 268 affected by this one…
W-2  Phishing  BEC  from twitter_favs
15 days ago by douglevin
Viruses, Worms and Spyware—Yikes! A Look at Malware Terminology | The Mac Security Blog
When you read about computer security and malware, the terminology can be dizzying. You may feel that you've entered a world with some very strange words whose meanings you can only guess at. In order to help you understand malware, here's a look at the most common terms used to describe malicious software that can harm your computer and mobile device, and threaten your security and privacy.
Read on for a comprehensive look at malware terminology, including viruses, worms, spyware, and all the other dangers that threaten your Mac and your data.
Malware Terminology
Malware is the blanket term for all malicious software. It's a convenient word, because it can be used for any of the categories I discuss below. Sometimes, a specific piece of malware can be made up of more than one of these categories, so using the blanket term is economical, and makes things easy to understand. In addition, some of these terms describe the way malware is distributed, others the way they propagate, and others the type of actions they perform. Users don't always need to know exactly what type of malware has infected their device. Since certain terms used to name malware explain how the software is installed, this can be useful to understand how users can protect themselves. (See phishing, Trojan horse, etc.)
malware  botnet  ransomware  security  privacy  phishing  0day 
18 days ago by rgl7194
Spying on a Budget: Inside a Phishing Operation with Targets in the Tibetan Community
A new Citizen Lab report looks a sophisticated phishing operating targeting Tibetan civil society groups, finding the operation to be cheap and simple, but also effective. Citizen Lab's "analysis indicates other possible targets among ethnic minorities, social movements, a media group, and government agencies in South and Southeast Asia.

The operation was simplistic and inexpensive, yet achieved some successes. We estimate the infrastructure used in the operation cost slightly over 1,000 USD to setup and required only basic system administration and web development skills to maintain.

The operation illustrates that the continued low adoption rates for digital security features, such as two factor authentication, contribute to the low bar to entry for digital espionage through basic phishing."
otf  tibet  phishing  security 
20 days ago by dmcdev
/var/log/notes
Guy who thinks he's smart gets taken in by a free-money phish.
cybersecurity  phishing  casestudy 
26 days ago by dsalo
Certified Malice | text/plain
Phishers use certificates for HTTPS because of course they do. "You could be having a private conversation with Satan."
cybersecurity  phishing  ux 
4 weeks ago by dsalo

« earlier    

related tags

/  (plattsmouth  -  000  00000  0day  1password  2fa  2fhg  advancedsearch  ai  analysis  and  apfs  appletv  apps  article  authentication  automation  awareness  bec  bias  bitcoin  botnet  breach  browser  browsers  ca  camera  casestudy  certificate  certificates  chatbot  china  chrome  clickman.com  clickman  comodo  countermeasures  crime  cryptojacking  cve-2017-11882  cyber  cybersecurity  dark_patterns  data-breach  data  databreach  design  digisec  dns  docs  domain  dopost  dun&bradstreet  edtech  email  encryption  end  engineering  ev  exploit  extended-validation  facebook  fbi  file_system  firefox  fraud  free  gen_z  gmail  google  hack  hacking  homoglyph  homograph  howto  https  humor  identity  impersonation  infosec  internet  ios  isa  isdp  it  jamesburton  keylogging  krack  krebs  lasc  llc  mac  malware  microsoft  monitoring  ne)  office365  oss  otf  pass  password  passwords  powershell  privacy  private  ransomware  reference  report  safari  scam!  scam  scammers  scams  security  sms  social-media  social  socialengineering  solutions  spam  spearphishing  ssl  sudduth  sudduth”  tibet  tips  tools  tweet  url  user  utilities  ux  validation  video  w-2  web  webapps  webdev  websec  wi-fi  word  words-that-matter-2017  work  “robert  watch 

Copy this bookmark:



description:


tags: