Tag Archives: scams

Pawn Storm: Back with a Vengeance to Target French Presidential Hopeful Macron

by Ross Dyer

Thought you’d seen the last of prolific hacking group Pawn Storm? Think again. Just-published research from Trend Micro reveals fascinating new insights into one of the world’s longest-running cyber espionage groups. As politicians in the US continue to argue over the impact of its audacious campaign against Democratic Party officials last year, Pawn Storm is at it again, attempting to influence public option ahead of major elections in France and Germany.

We’ve discovered multiple phishing domains set up by the group explicitly to target French presidential front-runner Emmanuel Macron and German political organisations allied to two main parties there.

Our report, Two Years of Pawn Storm, reveals a highly organised and sophisticated group whose tactics should make essential reading for any IT security professional looking to improve their organisation’s defences. Continue reading

New Year, New Security Challenges: What to Expect from 2017

by Raimund Genes

Trend Micro has been protecting organisations, governments and consumers for over two and a half decades now. Our 1,200-strong team of threat researchers work round the clock and around the globe to anticipate where the next major threats will come from, and, crucially, how to mitigate them. At this time of year we’re always asked for our predictions for the next 12 months. And while cybercriminals are unlikely to work to annual deadlines, it’s still a good time to take stock and share our insight into what our experts think 2017 holds in store.

As the bad guys get ever more determined and resourceful, it will take a solid multi-layered approach to security combined with strong people and processes to keep UK organisations safe and compliant as we head into the new year. Continue reading

Uncovering the Mysteries of the Deep Web: A Major New Trend Micro Study

by Ross Dyer

Most IT professionals worth their salt will have heard of the Deep Web. But beyond the salacious reports and hearsay, how many of us really understand what happens on this vast un-indexed area of the web? At Trend Micro we always try to stay one step ahead of the cyber criminals. This is easier said than done, of course, but one strategy we hit upon was to dedicate significant time and resource to uncovering the secrets of the Deep Web.

So that’s exactly what we’ve done. Hopefully the findings of this major new report will help us, and the industry as a whole, better understand the enemy we all face online. Continue reading

Who knows what Santa knows?

by Rik Ferguson

Screen Shot 2014-12-08 at 09.05.48Of course we all know that Father Christmas is out there, with his happy elves, keeping tabs on us throughout the year. In fact every year a considerable part of my time each day is spent going through my activities and making sure that nothing I have done will mean that I end up on Santa’s naughty list. I have to say, so far I appear to be doing quite well and each year, for all these years, there’s been a little something under the tree for me as well.

Unfortunately it’s not only Santa and his elves who are collecting your information there are plenty would use it for more nefarious ends. Maybe it’s worth clicking here to find out exactly what Santa knows about you…

There are several entry points available for cybercriminals into the interactive playground of social networking; fake or compromised profiles, malicious applications, malvertisements, cybersquatting, spam and phish masquerading as legitimate notifications from social networks, exploitation of vulnerabilities and direct messages just for starters. Victims are at risk of identity theft, fraud, infection or simply of becoming an attack platform to infect or defraud their own friends and colleagues.

The one thing that all of these attacks have in common though is the very thing that binds social networks together: trust. Because the attacks, messages and links come from friends or colleagues, they appear far more credible than the average Spam email from a stranger. Even the Koobface worm with its almost textbook standard Spam messages such as “You are veryy ggood at pposing to a spy cameera!” becomes that little bit more credible when it comes from someone you know.

Most of us are guilty of being far too trusting and far too free with our personal information online, we give away little snippets (or great chunks in some cases) of our personal lives in what is essentially a public forum, making the work of criminals such as carders and ID fraudsters far more simple. In fact I have seen social networking sites spoken about in underground carding forums as a “free date of birth look-up service” along with a wealth of tips on how best to exploit these kinds of platforms.

We need to become far more aware of the value of our personal information and importantly the information we have about our friends. We also need to become far more conversant with the privacy controls available on social and professional networking sites and actually use them. There is no need to fill out that questionnaire “25 Things About Me” and post it on your profile, there is no need to share your entire employment, educational or address history. There is no need to share your “Porn Star Name” (first name = name of your first pet, family name = mother’s maiden name), isn’t that exactly the kind of information needed to reset your email account password, or access your financial data?

When your personal information becomes public it is out of your control and soon out of sight. Criminals can and do use this stuff to break into your online accounts, just ask Scarlett Johansson, Jennifer Lawrence and many others.

  • Next time, before you hit “Post”, ask yourself this “If a stranger called me on the telephone asking for this information, would I tell them?” If the answer is “No”, then step away from the mouse.
  • Make sure you always pay attention to the permissions you grant to third party apps that you integrate into your social and mobile life.
  • Ensure that you are the only person who can answer your password reset questions and that those answers are never shared on social networks.
  • If you’re lucky enough to have kids of your own, then make sure you pass on the benefit of your online wisdom, after all, you wouldn’t send them out to cross the street alone without explaining the risks.

See what Santa knows about you here.Please add your thoughts in the comments below or follow me on Twitter; @rik_ferguson.

Continue reading