Credential Stuffing Attacks Generate Billions of Login Attempts

Credential stuffing is a type of cyber attack where stolen account credentials consisting of lists of usernames and email addresses with corresponding passwords are used to gain unauthorized access to user accounts through large-scale automated login requests directed against a web application. Continue reading Credential Stuffing Attacks Generate Billions of Login Attempts

Email PDF Attachments to Control Stealthy Backdoor

Turla, a highly sophisticated Russian cyberespionage group, also known as Snake and Uroburos, for the past several years have been using PDFs in emails to control an especially stealthy Microsoft Outlook backdoor. The most recent victims of the backdoor include Germany’s Federal Foreign Office, a significant defense contractor, and the foreign offices of at least two other European countries. In the attack against the Germany’s Federal Foreign Office, Turla dropped the backdoor on several systems and used them to steal data. Continue reading Email PDF Attachments to Control Stealthy Backdoor

SharePoint Online Phishing Attacks on Office 365 users

A Microsoft Office 365 SharePoint Online Phishing attack is on the rise for stealing login credentials dubbed as PhishPoint. According to Security Affairs, this new phishing attack has already affected about 10% of Office 365 users. From a number’s perspective based on October 2017 reported number of users on Microsoft Office 365 was about 120 Million users, we suspect that has grown to about 150 Million users till date. So, 10% is about 15 Million users impacted and growing. Continue reading SharePoint Online Phishing Attacks on Office 365 users

Phishing Attacks are on the Rise in 2018

Each quarter, the Anti-Phishing Working Group (APWG) prepares a report to keep all sectors aware of current cybercrime threats. The APWG recently released Phishing Activity Trends Report for Q1 2018 on July 31st, 2018. Phishing Activity Trends Report contains detailed data compiled from reported Phishing Campaigns. Phishing Campaigns are emails sent to multiple users with a familiar subject line to get the user to trust the email to open the email and a phishing website that uses safe and ethical phishing practices. Continue reading Phishing Attacks are on the Rise in 2018