Hacking Humans
We’ve written about growing efforts to combat social engineering by improving “cybersecurity culture.” Part of that can include using data to determine which employees are most at risk for failing to maintain the security culture. The recommendation comes in this Axios report: “Between the lines: Personalizing employee training and awareness programs can go a long way…
Helpfulness is an attack vector to social engineering crooks. “It seems counterintuitive to hand over sensitive information to a complete stranger, but attackers have developed ways to trick you into feeling comfortable doing just that. ‘Fear is an attack vector. Helpfulness is an attack vector,’ (Erik Huffman, a researcher who studies the psychology behind cybersecurity…
Read More “No Good Deed Goes Unpunished by Social Engineers” »
Retool is a large provider of low-code software solutions: “Companies use Retool for building everything: simple CRUD apps, production-grade workflows and automation, and complex enterprise ops software.” After an attack that penetrated 27 of Retool’s cloud customers in August, the company posted a frank and unusually detailed account of the social engineering and software that…
Read More “Inside a Social Engineering Attack: How Retool Was Hit” »
The ALPHV/BlackCat group has claimed it hacked MGM after targeting one of the company’s employees on LinkedIn as part of a social engineering attack. The art of tricking human beings has been leveraged to a previously unimaginable level through the use of now ubiquitous technologies, from email to AI. In days past, the threat was…
The attack appeared to come days before the massive MGM Resorts breach, also attributed to social engineering. “Caesars Entertainment, Inc. (the “Company,” “we,” or “our”) recently identified suspicious activity in its information technology network resulting from a social engineering attack on an outsourced IT support vendor used by the Company. Our customer-facing operations, including our…
MGM Resorts has suffered major disruptions after a cyber attack on Sep. 10th. USA Today reported: “Over a dozen MGM Hotels & Casinos have had to shut down operations after a cyberattack on its computer systems Sunday left the resort chain vulnerable. Computer systems at all MGM properties have been shut down for the immediate future until the…
Read More “Slots Go Silent at MGM Casinos Due to Social Engineering Attack” »
Darktrace researchers report a dramatic increase in malicious emails. “‘Nearly 50,000 more of these attacks were detected by Darktrace in July than May, indicating potential use of automation, and the speed of these types of attacks will likely rise as greater automation and AI are adopted and applied by attackers,’ according to the Darktrace Cyber…
Read More “AI Drives Speed and Volume of Social Engineering Attacks” »
“An Ethereum address with a record of interacting with DeFi protocols suffered significant losses in a phishing attack. The attacker stole over $24 million worth of cryptocurrencies by tricking the victim into visiting a malicious website and signing “increaseAllowance” transactions on their wallet.” Read the report.
They’re back. Google warned about North Korean state-sponsored hackers going after cybersecurity researchers a couple years back. Now Google says they’re back at it. “Similar to the previous campaign TAG reported on, North Korean threat actors used social media sites like X (formerly Twitter) to build rapport with their targets. In one case, they carried…
Read More “North Korean Hackers Targeting Cybersecurity Experts with Social Engineering: Google” »
The report from The Hacker News reports on several attack variants, including those using Ducktail malware: “The actors behind Ducktail, for instance, leverage lures related to brand and marketing projects to infiltrate individuals and businesses that operate on Meta’s Business platform, with new attack waves employing job and recruitment-related themes to activate the infection.” In…
Read More ““Malvertising” Scams on Facebook Business Accounts from Vietnamese Cybercrooks” »