CyberSecure Specialist

ESET researchers uncovered a crimeware campaign that targeted clients of three Czech banks. The malware used, which we have named NGate, has the unique ability to relay data from victims’ payment cards, via a malicious app installed on their Android devices, to the attacker’s rooted Android phone. Key points of this blogpost: Attackers combined standard malicious techniques – social engineering, phishing, and Android malware – into a novel attack scenario; we suspect that lure messages…

Read More

Business Security Should the payment of a ransomware demand be illegal? Should it be regulated in some way? These questions are some examples of the legal minefield that cybersecurity teams must deal with Tony Anscombe 21 Aug 2024  •  , 3 min. read Governments create legislation and regulations primarily to protect public interests and keep order, ensuring society functions as it should. When related to cyber insurance and cybersecurity, regulation is aimed at ethical conduct,…

Read More

In this blogpost we discuss an uncommon type of phishing campaign targeting mobile users and analyze a case that we observed in the wild that targeted clients of a prominent Czech bank. This technique is noteworthy because it installs a phishing application from a third-party website without the user having to allow third-party app installation. For iOS users, such an action might break any “walled garden” assumptions about security. On Android, this could result in…

Read More

Video Business email compromise (BEC) has once again proven to be a costly issue, with a company losing $60 million in a wire transfer fraud scheme 16 Aug 2024 A Luxembourg-based chemicals and manufacturing company has recently suffered one of the largest-ever business email compromise (BEC) attacks. According to a filing to the U.S. Securities and Exchanges Commission (SEC), an employee was tricked into making multiple wire transfers to cybercriminals, losing the company $60 million. …

Read More