Incidents

It takes only one ‘nice’ person

In the security industry we often focus heavily on new technologies and shiny new software, and forget that so much of what we see is dependent on the person behind the computer.

Today, a co-worker of mine was sent an email from someone she doesn’t know, with the following text:

“I’m writing this with tears in my eyes,my fam and I came down here to Wales,United Kingdom for a short vacation unfortunately we were mugged at the park of the hotel where we stayed,all cash,credit card and cell were stolen off us but luckily for us we still have our passports with us.

We’ve been to the embassy and the Police here but they’re not helping issues at all and our flight leaves in less than 3hrs from now but we’re having problems settling the hotel bills and the hotel manager won’t let us leave until we settle the bills,i’m freaked out at the moment.”

Being the kind and caring individual that she is, she was naturally concerned. Should she help these people out? Luckily she asked us first.

Unfortunately this type of cry for help is all too common, as we all know; an evolution of the Nigerian 419 spam. Though it has much better grammar, and does not entice us with the promise of thousands of dollars, it does play on the weakest link in the security chain; us.

Notice the feeling of helplessness (“…with tears in my eyes…”) combined with the sense of urgency (“…our flight leaves in less than 3hrs…). It is a classic example of a con.

You can have all the security in the world, the best and most expensive technology, but if you don’t educate yourself, and your co-workers… all these systems mean nothing. All you need is someone to open the door.

It takes only one ‘nice’ person

Your email address will not be published.

 

Reports

APT trends report Q1 2022

This is our latest summary of advanced persistent threat (APT) activity, focusing on events that we observed during Q1 2022.

Lazarus Trojanized DeFi app for delivering malware

We recently discovered a Trojanized DeFi application that was compiled in November 2021. This application contains a legitimate program called DeFi Wallet that saves and manages a cryptocurrency wallet, but also implants a full-featured backdoor.

MoonBounce: the dark side of UEFI firmware

At the end of 2021, we inspected UEFI firmware that was tampered with to embed a malicious code we dub MoonBounce. In this report we describe how the MoonBounce implant works and how it is connected to APT41.

Subscribe to our weekly e-mails

The hottest research right in your inbox