Hackers working on behalf of the government of Iran are using alluring social media profiles featuring a young, English photographer to entice and then compromise the systems of high value targets in the oil and gas industry, according to a report by Dell Secureworks. In a report released on Thursday, Secureworks’ Counter Threat Unit (CTU) said that it observed an extensive phishing campaign beginning in January and February 2017 that used a polished social media profile of a young, English woman using the name “Mia Ash” to conduct highly targeted spear-phishing and social engineering attacks against employees of Middle Eastern and North Africa firms in industries like telecommunications, government, defense, oil and financial services. The attacks are the work of an advanced persistent threat group dubbed COBALT GYPSY or “Oil Rig” that has been linked to other sophisticated attacks. The attacks, which spread across platforms including LinkedIn and Facebook, as […]
In-brief: An analysis of 85,000 hacked Remote Desktop Protocol servers from the cyber criminal marketplace xDedic shows that education and healthcare networks were the most often targeted by hackers, who often used brute force password guessing to gain access.
In-brief: a report by the firm CGI and Oxford Economics suggests the impact of breaches on the price of a company’s stock may be bigger than many expected, depressing the price investors pay for the stock by almost two percent.
In-brief: Like Love Canal or the ‘flaming river’ in Cleveland that eventually prompted anti-pollution laws, the casual leak of data on 33 million U.S. professionals is a sign that our online environment is badly compromised. But can we fix it? (Editor’s note: this blog post originally appeared on Digital Guardian’s blog.)
In-brief: companies that want to make life difficult for cyber criminals can start by moving valuable data off the front lines and finding ways to use less valuable information to verify the identity of their customers, writes Keir Breitenfeld, who works for Experian’s Fraud & Identity Solutions group.