Tag Archives: Phishing

[updated] Nile Phish: Large-Scale Phishing Campaign Targeting Egyptian Civil Society

This report discusses the targeting of Egyptian NGOs by Nile Phish, a large-scale phishing campaign. Almost all of the targets we identified are also implicated in Case 173, a sprawling legal case brought by the Egyptian government against NGOs, which has been referred to as an “unprecedented crackdown” on Egypt’s civil society. Nile Phish operators demonstrate an intimate knowledge of Egyptian NGOs, and are able to roll out phishing attacks within hours of government actions, such as arrests.

Shifting Tactics: Tracking changes in years-long espionage campaign against Tibetans

This report describes the latest iteration in a long-running espionage campaign against the Tibetan community. We describe how the attackers continuously adapt their campaigns to their targets, shifting tactics from document-based malware to conventional phishing

Packrat: Seven Years of a South American Threat Actor

This report describes an extensive malware, phishing, and disinformation campaign active in several Latin American countries, including Ecuador, Argentina, Venezuela, and Brazil. The nature and geographic spread of the targets seems to point to a sponsor, or sponsors, with regional, political interests. The attackers, whom we have named Packrat, have shown a keen and systematic interest in the political opposition and the independent press in so-called ALBA countries (Bolivarian Alternative for the Americas), and their recently allied regimes.

How millions of DSL modems were hacked in Brazil, to pay for Rio prostitutes

Source: Graham Cluley, Naked Security

Fabio Assolini, a researcher for Kaspersky Labs, gave a fascinating presentation at the Virus Bulletin conference in Dallas last week, describing how more than 4.5 million home DSL routers in Brazil were found to have been silently hacked by cybercriminals last year.

Cloned RFE/RL phishing website in Uzbekistan

Source: Luke Allnutt, Tangled Web, Radio Free Europe

A website has been set up to mirror the site of RFE/RL’s Uzbek Service, in what could be a phishing scheme to harvest user information.

Simple phishing tool makes it easy to lure victims into fake websites

Source: Brian Krebs, Krebs on Security

A new open source toolkit makes it ridiculously simple to set up phishing Web sites and lures.

Chinese hackers steal Gmail passwords: Google

Hackers in China reportedly launched clandestine attacks against users of Google’s Gmail service intending to steal their passwords and monitor their emails.

The company reported in a blog post the targets of these attacks (among others) were senior government officials in the United States, Chinese activists, officials in several Asian countries, military officials and journalists, the New York Times reported.

Rafal Rohozinski, a network security specialist at the SecDev Group in Ottawa, told the Times it’s impossible to lay blame on the Chinese government for the intrusion with any certainty. Because the internet is borderless by nature, it’s easy for intruders to mask their identities by connecting through a series of proxy servers.

For the full original article, see here

Canada Moves Up Malware ‘Badness’ List

Criminal networks that use the Internet to facilitate their scams are finding a virtual haven in Canada, according to a new study.

According to Websense, a company that develops software for content filtering, – Canada now ranks as the sixth most likely country to host servers running malicious programs, up from 13th the year before.

Rafal Rohozinski, CEO of the SecDev Group and Senior Fellow at the Canada Centre for Global Security Studies points out in this article that Ottawa has been dragging its feet on cyber security. The federal government announced its strategy only last year, long after other G8 countries began investing heavily in tackling the problem, partly because successive minority governments had made the esoteric subject of cyber security a non-starter of an issue in Canada. The new Conservative majority government now has the clout to tackle the issue, if it chooses to do so, Mr. Rohozinski said.

From The Globe and Mail

The Children’s Place Hit with Database Breach

“The Children’s Place Retail Stores Inc. said Tuesday that its customer email address database was recently accessed by an unauthorized third party. The database is stored at an external e-mail service provider, which confirmed that only e-mail addresses were accessed and no other personal information was obtained.

The New Jersey-based children’s specialty apparel retailer said the hacker sent out an unauthorized email that attempts to phish sensitive information from customers.

The notice comes just weeks after e-mail service provider Epsilon Interactive told clients they had experienced a major security breach, prompting many U.S. corporations to warn their customers to be aware of potential spear phishing attacks.”

From PC World

The RSA Hack: How They Did It

“How did a hacker manage to infiltrate one of the world’s top computer-security companies? And could the data that was stolen be used to impair its SecurID products, which are used by 40 million businesses that are trying to keep their own networks safe from intruders?

In the attack on RSA, the attacker sent “phishing” e-mails with the subject line “2011 Recruitment Plan” to two small groups of employees over the course of two days. Unfortunately, one was interested enough to retrieve one of these messages from his or her junk mail and open the attached Excel file. The spreadsheet contained malware that used a previously unknown, or “zero-day,” flaw in Adobe’s Flash software to install a backdoor. RSA said that Adobe had since released a patch to fix that hole.”

From The New York Times