You can purchase anything as a service today—even malware. According to ThreatPost, “A phishing campaign that spoofs a PDF attachment to deliver Adwind spyware has been taking aim at national grid utilities infrastructure.”
“Adwind, a.k.a. JRAT or SockRat, is being used in a malware-as-a-service model in this campaign. It offers a full cadre of info-gathering features, including the ability to take screenshots, harvest credentials from Chrome, Internet Explorer and Microsoft Edge, record video and audio, take photos, steal files, perform keylogging, read emails and steal VPN certificates.” One stop shopping to create havoc.
Tax Phishing Scam
IRS warns about new attempt at getting your data. From KFDA in Amarillo, TX, “The IRS this week detected this new scam as taxpayers began notifying phishing@irs.gov about unsolicited emails from IRS imposters. The email subject line may vary, but recent examples use the phrase ‘Automatic Income Tax Reminder’ or ‘Electronic Tax Return Reminder.’ The emails have links that show an IRS.gov-like website with details pretending to be about the taxpayer’s refund, electronic tax return, or tax account.”
Q-bot is Back Again
When it comes to phishing scams, what’s old is new again. According to tneus, “The venerable banking Trojan known as Q-bot is back in the news, having recently been spotted in the wild as part of a sophisticated new phishing campaign designed to claim a new generation of victims.”
“Q-bot is one of the oldest banking Trojans still in use, and has a history that stretches back more than a decade.” It’s nice to see hackers getting a lot of mileage out of their handiwork.
Phishing Phrontier
Attackers apparently have no conscience. Amnesty International, has, “documented widespread targeted phishing attacks against human rights defenders (HRDs) in the Middle-East and North Africa.”
A report put out by Amnesty International, When Best Practice Isn’t Good Enough, “documented how attackers had specifically developed techniques to target HRDs who had taken extra steps to secure their online accounts, such as by using more secure, privacy-respecting email providers, or enabling two-factor authentication on their online accounts.”
Why manually hack people when you can automate it? According to an article on Bleeping Computer, hackers have come up with “a novel method of scraping organizations’ branded Microsoft 365 tenant login pages to produce highly convincing credential harvesting pages.”
“The attackers are also using Microsoft’s Azure Blob Storage and Microsoft Azure Web Sites cloud storage solutions to host their phishing landing pages, a common tactic used by phishers to trick their targets into thinking that they’re seeing an official enterprise email login page.”
Body Count
The good news for Regina Wheeler, Public Works Director in Santa Fe, NM, is that she earns a cool $130,000 a year salary. The bad news for her is that a women hundreds of miles away, in Twin Falls, ID, was cashing in her paychecks by fraudulently rerouting them to her own direct deposit account.
According to the Santa Fe New Mexican, the scammer “filled out a direct deposit form using the victim’s name, and also sent a fake and voided check from Green Dot Bank, also with the victim’s name, to the city’s payroll office, according to police, who said everything was done by email.” The good news, if there is any, is that they identified the suspect.
MoviePass Breach
Ever use MoviePass to buy movie tickets online? If the answer’s yes, there’s a pretty good chance that hackers have your credit card number. According to SC Magazine, “An exposed database on a MoviePass subdomain housing 161 million records were left unsecured and exposed credit card and customer card information on at least 60,000 of the ticket service’s customers.”
The real problem here is that MoviePass customers mostly use debit cards, which don’t offer the same protection to consumers and credit cards. So, any money the hackers steal is money users probably won’t see ever again.
Healthcare Industry Phishing Scams
Another bad week for the healthcare industry. First, a data breach at Massachusetts General Hospital exposed the private information of 9,900 people participating in medical research programs.
Next, protected health information (PHI) of patients at Michigan Medicine and a hospital in Virginia was exposed as a result of a phishing attack on those organizations.
Finally, an email phishing attack struck Samaritan Medical Center in Watertown, NY. The company claims that “the hospital has taken precautions to secure its systems.” Maybe if the hospital used phishing protection software, the attack would never have stuck the hospital.
And that’s the week that was.