Hackers Trick Venture Capital Firm Into Sending Them $1 Million. Security researchers at Check Point say the
         company has uncovered evidence that Chinese hackers managed to hijack $1 million in seed money during a
         wire transfer between a Chinese venture capital firm and an Israeli startup—without either side realizing
         anything was wrong. The VC firm and the startup, whose names Check Point hasn’t released, reached out to
         the security firm after the funds failed to arrive. Once Check Point dug into the details, it discovered a man in
         the middle attack that took a lot of planning and plenty of patience. After analyzing the server logs, emails,
         and the computers involved in correspondence between the companies, Check Point noticed some
         abnormalities. Some of the emails, analysts discovered, had been modified. Others hadn’t even been written
         by either organization. After seeing the original email thread announcing the upcoming multi-million dollar
         seeding fund, the hacker took action. Instead of monitoring subsequent emails by creating an auto forwarding
         rule (standard practice in traditional attacks), the hacker started by creating two lookalike domains.
                Source: https://www.vice.com/en_us/article/mbmmaq/hackers-trick-venture-capital-firm-into-
                sending-them-dollar1-million



         Cybercriminals Use Malicious Office 365 App for Phishing Campaign. Cybercriminals are using a malicious
         Microsoft Office 365 app to illegally access end user accounts and data, according to managed threat
         intelligence and mitigation services provider PhishLabs. The Office 365 phishing campaign involves the use of a
         phishing message that impersonates an internal SharePoint and OneDrive file-share, PhishLabs noted. Once a
         victim clicks on an embedded link in the message, he or she is taken to a legitimate Microsoft login page. Next,
         the victim is asked to provide access to his or her Office 365 inbox, contacts and files, PhishLabs indicated. If
         the victim accepts the request, a cybercriminal then gains access to his or her Office 365 account and data.

                Source: https://www.msspalert.com/cybersecurity-breaches-and-attacks/phishing/office-365-phishing-
                campaign/



         Persistent Malware Using Multiple Techniques Hits Online Readers in Time for the Holidays. The Media
         Trust’s Digital Security & Operations (DSO) team discovered a new malicious campaign affecting iPhone users
         of over 100 publisher websites, many of which were UK online newspapers and international weekly news
         magazines. Named Krampus-3PC1 by the DSO, this unique malware delivered the payload using a multi-stage
         redirect mechanism and two obfuscation methods to evade conventional scanning and blocking tools. While
         most malicious campaigns use one method of redirection, Krampus-3PC employed a backup method to ensure
         users were redirected to the fraudulent popup masquerading as a global grocery store reward ad. Moreover,
         the malware hoovered up user session information, including cookies, from a widely used adtech vendor,
         enabling attackers to log into users’ various online accounts.

                Source: https://mediatrust.com/sites/default/files/2019-12/Krampus-3PC_2019-1211.pdf



         Fake Payroll Emails Used by Phishing Campaign to Deliver TrickBot. At the beginning of November, Palo Alto
         Networks’ Unit 42 research team identified a phishing campaign sending out attack emails whose subject lines
         referred to payroll and annual bonuses. These emails didn’t arrive with an attachment. Instead, they included
         links to what appeared to be a Google Docs document. That file, in turn, contained links to malicious files
         hosted on Google Drive that acted as simple downloaders of TrickBot. Upon execution, the malware
         established persistence on the infected machine by creating a scheduled task that ran at user login. As noted
         by Unit 42, this phishing campaign was unique in that malicious actors used SendGrid, a legitimate email
         delivery service (EDS), to send out the initial attack emails. They had also used SendGrid to conceal the
         malicious Google Drive links contained in the Google Docs document.

                Source: https://securityintelligence.com/news/fake-payroll-emails-used-by-phishing-campaign-to-
                deliver-trickbot/


                                                    www.accumepartners.com
                                                                                                                    11