Page 11 - Threat Intelligence 11-15-2019
P. 11

Europol: Spear phishing the most prevalent cyber threat affecting orgs across the EU. Spear phishing
        describes the practice of targeting specific individuals within an organization or business for the purposes of
        distributing malware or extracting sensitive information. As reflected in this year’s Internet Organized Crime
        Threat Assessment (IOCTA), spear phishing is the number one attack vector and enabler for the vast majority
        of cybercrime. The report highlights the role of spear phishing as the main attack vector for cybercriminals and
        contains the definition of the main modi operandi that criminals use to deceive the target (among others,
        emails coming from trusted accounts, malicious attachments or links to fraudulent websites).
                Source: https://www.helpnetsecurity.com/2019/11/04/spear-phishing-eu/



        Bittrex Target of Latest $1 Million Crypto SIM Hack Lawsuit. Crypto exchange Bittrex is being sued over a SIM
        swap that netted criminals 100 bitcoin, currently worth nearly $1 million. The case resembles other recent
        high-profile heists in which a hacker seizes control of a victim’s cell phone to then loot online crypto accounts:
        the swap was from cellular carrier AT&T, money was taken from Bittrex, and the hack took control over the
        victim’s online identity. In this case, Bennett filed suit in Washington state’s King County Superior Court,
        alleging that Bittrex violated its own published security protocols and ignored industry standards, missing the
        chance to stop the high-stakes burglary. He also alleged that Bittrex failed to act as the April 15, 2019 hack was
        in process or respond quickly enough once notified by him directly.
                Source: https://finance.yahoo.com/news/bittrex-target-latest-1-million-023007528.html



        Over 100,000 Fake Domains With Valid TLS Certificates Target Major Retailers. Venafi, a company that helps
        organizations secure cryptographic keys and digital certificates, says it has uncovered over 100,000
        typosquatted domains with valid TLS certificates that appear to target major retailers. With the holiday
        shopping season right around the corner, Venafi has conducted an analysis of lookalike domains targeting 20
        major retailers in the United States, the United Kingdom, Australia, Germany and France. The analysis led to
        the discovery of 109,045 lookalike domains that use valid TLS certificates to make them appear more
        trustworthy. This is more than double compared to last year and the company has pointed out that only less
        than 20,000 certificates have been issued for legitimate retail domains. Of the 109,000 typosquatted domains,
        nearly 84,000 target retailers in the U.S., including almost 50,000 domains that imitate one of the country’s
        top retailers. In the U.K., Venafi identifier nearly 14,000 certificates issued for fake retailer domains.
                Source:  https://www.securityweek.com/over-100000-fake-domains-valid-tls-certificates-target-major-
                retailers




























                                                    www.accumepartners.com
                                                                                                                     9
   6   7   8   9   10   11   12   13   14   15   16