We’re always impressed when fraudsters come up with new and clever ways to execute phishing scams and this week didn’t disappoint us. This week we get word of a phishing scam disguised as fake e-tickets for Korean Airlines.
According to the article, “South Korean flag carrier Korean Air (KE) has warned customers against phishing scams using fake e-tickets. Seungwon Chung, KE Global Communications deputy general manager, confirmed with the Philippine News Agency (PNA) on Monday that the carrier has received [a] few complaints regarding this recently.”
When it comes to phishing attacks, did you ever notice how one attack almost always leads immediately to a follow-on attack? Most people by now are aware of the data breach at credit agency Equifax. As part of the $700 million settlement, Equifax has agreed to a cash payment of up to $125 or free credit monitoring for victims. Well, it didn’t take long for criminals to cease that information to use in another attack.
According to an article on security awareness firm KnowBe4’s website, “Internet lowlifes are now targeting victims of the Equifax data breach with phishing attacks and are spoofing Equifax’s settlement page.” That’s pretty low.
In an effort to summarize the carnage, Dark Reading this week gave us “8 Head-Turning Ransomware Attacks to Hit City Governments.” They are:
- Georgia/Atlanta courts
- Riviera Beach, Florida
- Lake City, Florida
- Baltimore, Maryland
- Louisiana
- Greenville, North Carolina
- Johannesburg, South Africa
- West Haven, Connecticut
I wonder who will be on the list next week.
Phishing Phrontier
Hackers keep pushing the state-of-the-art when it comes to phishing. It shouldn’t come as a surprise though. Afterall, what else have they got to do? And the big emphasis continues to be on mobile.
The latest details come from the 2019 Mobile Threat Landscape Report produced by Crowdstrike. The report identifies six categories of mobile malware. They include the following:
- Remote access tools
- Spouseware/stalkerware
- Banking trojans
- Mobile ransomware
- Cryptomining malware
- Advertising click fraud
Perhaps the most important finding in the report is that “The current maturity level of mobile security solutions lags behind that of traditional platforms, leading to longer potential attacker dwell times on compromised mobile devices.” In other words, your mobile device is more vulnerable than your desktop.
MegaCortex
Do you know what’s better than manually launching a ransomware attack? Automating it so it launches itself. And that’s precisely what attackers have done with ransomware called MegaCortex.
According to a Cyber Advisory by Accenture Security, “The authors of MegaCortex v2 have redesigned the ransomware to self-execute and removed the password requirement for installation.”
From an article on Dark Reading website, “Security researchers first spotted MegaCortex earlier this year targeting enterprise organizations in the US, Canada, and Europe. During one stretch in May, researchers at Sophos counted 47 targeted attack attempts to install MegaCortex in a 48-hour period. Organizations that have been hit by the malware without a proper email security service have faced ransom demands ranging from a relatively modest $20,000 to a stunning $5.8 million.” With the automation of MegaCortex, cybercriminals have unwittingly invented a new form of passive income.
Body Count
Cities, municipalities and counties are under constant attack from scammers and the body count continued to rise this week as “Cybercriminals managed to divert $2.5 million in a business email compromise (BEC) scam targeting Cabarrus County, North Carolina,” according to an article on Security Week. BEC “targets employees with access to company finances and tricks them into making wire transfers to bank accounts thought to belong to trusted partners—except the money ends up in accounts controlled by the criminals.”
According to the article, “The attack started when employees of Cabarrus County Schools and Cabarrus County Government received emails pretending to be from the general contractor for construction of West Cabarrus High.”
Attack on City of Naples
In a slightly less costly cyber-attack, “Scammers trick[ed the] City of Naples out of $700,000 in spear phishing cyber-attack,” according to the Naples Daily News.
“The funds were paid to a fake bank account the attacker provided while posing as a representative from the Wright Construction Group, which was doing infrastructure work on Eighth Street South in downtown Naples.” Do you see a theme here? Fake construction invoices.
Under the category of “we got off easy,” comes news from the Kane County Chronicle that a “Batavia company [was] defrauded of more than $27k in spear phishing scam.”
“According to police reports, electronic communication equipment was ordered via email from a known customer. The company shipped it to Ohio and learned later that the order was fraudulently placed because the known customer did not place it.”
And that’s the week that was.