Publications

Plenty more ‘phish’ in the sea

Phishing is once again on the rise. This is a cyber crime that involves tricking computer users into disclosing their personal details [username, password, PIN number or any other access information] and then using these details to obtain money under false pretences.

The number of phishing attacks, and the associated costs, are increasing. According to the Anti-Phishing Working Group Phishing Activity Trends Report – November 2004, there was a 34% month-on-month growth in the number of new, unique phishing e-mail messages between July 2004 and November 2004; and a 28% month-on-month growth in the number of unique fraudulent web sites.

This growth is clearly being driven by the potential to make money from unsuspecting users and we would urge users to be cautious about the way they conduct online transactions.

  • Don’t divulge passwords, PINs, etc.
  • Don’t fill out forms contained in e-mails
  • Don’t click on links in e-mails
  • If you’re using Internet Explorer [IE], use the lock symbol in the IE status bar to confirm the site you’re accessing
  • Check bank accounts regularly and report anything suspicious
  • Plenty more ‘phish’ in the sea

    Your email address will not be published. Required fields are marked *

     

    Reports

    The leap of a Cycldek-related threat actor

    The investigation described in this article started with one such file which caught our attention due to the various improvements it brought to this well-known infection vector.

    Lazarus targets defense industry with ThreatNeedle

    In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.

    Sunburst backdoor – code overlaps with Kazuar

    While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years.

    Subscribe to our weekly e-mails

    The hottest research right in your inbox