Author:Frank Smith

Hackers linked to Iran target WHO staff emails during coronavirus – sources

Karim Hijazi, chief executive of cyber intelligence firm Prevailion, shared his recently captured data with Reuters that shows a sophisticated hacking group was actively targeting the global health organization. Reuters couldn’t independently confirm his analysis. Hijazi said the identity of the hackers was difficult to determine, although their techniques appeared advanced....

Share Post

Prevailion CEO: Cyberattacks on Healthcare Won’t be Tolerated

As if the world needed another example, a ransomware group has proven there is no honor among thieves.  The cybercriminal group Maze attacked the network of Hammersmith Medicines Research, a London-based medical research company, on March 14. The group then leaked the personal data and medical details of thousands of former patients online, according to ComputerWeekly. HMR is one of several London firms situated to conduct medical trials for COVID-19 vaccines.  Beyond the despicable nature of the attack, of note is that Maze had made a public vow on March 18 not to...

Share Post

BEC Campaign Targets HR Departments: Report

TA505, a notorious cybercriminal group believed to be operating in Russia, is using business email compromise tactics to target a new group of victims - HR departments, according to researchers from Prevailion, a security monitoring firm. ...

Share Post

15 Coronavirus Online Scams to Watch Out For

Fake websites that claim to offer information or treatments for coronavirus are another significant threat. The security industry has already uncovered one case in which hackers are using an interactive map of coronavirus infections created by Johns Hopkins University to trick people into landing on a malicious website. They are selling these ‘infection kits’ to other hackers in the Dark Web, said Karim Hijazi, CEO of Prevailion, a cyber intelligence company headquartered in Columbia, Maryland. ...

Share Post

Map of TA505 Activity Shows Global Foothold After Necurs Botnet Goes Dark

Just shy of a week after Microsoft squeezed cyber criminals out of the prolific Necurs botnet infrastructure, threat actors like TA505 still maintain a foothold on networks throughout the world. Findings from Prevailion's compromise intelligence platform on Wednesday showed the IP addresses TA505 have actively infected around the globe. Prevailion's Chief Data Scientist Nate Winslow shared a map of this activity, along with his insight of the findings, on LinkedIn today. "Cyber crime is not slowing down because of COVID-19. The TA505 group is a prime example we see in our data. If...

Share Post

How Working from Home During Coronavirus is Opening Fresh Vectors for Compromise

VPNs alone won’t protect workers from unsecured work environments. “Wash your hands. Don't scratch your nose. Try to avoid public spaces.” In the weeks leading up to COVID-19’s ascendance to a pandemic, we've all become more aware of our touch points as we go about our daily lives trying to avoid infection. If businesses practiced this level of vigilance for their network touch points, and their daily exposure to infected surfaces, threat actors would have a much smaller playground in which to operate. When businesses agree on connecting with each other, often it's...

Share Post