Hackers Use PayPal to Phish with Ransomware

Infosecurity Magazine | January 18, 2019

Hackers Use PayPal to Phish with Ransomware
A new strain of yet another ransomware campaign has been discovered in which the malicious actors have expanded payment options beyond Bitcoin; they are instead offering alternatives (such as PayPal) that include a phishing link, according to MalwareHunterTeam. Attackers are stealing a page from Daedalus and are killing two birds with one stone by including a link to make a payment. To obtain the decryption key, victims can follow the link to the PayPal phishing page, where their login credentials are stolen. The combination of two threat vectors makes this attack particularly dangerous for unsuspecting victims. The new attack method combines “a ransom note that direct victims to a PayPal phishing page...Clicking on the Buy Now button, it directs to the credit card part of the phish already (so the login part is skipped). After filling & clicking Agree comes the personal info part & then finished,” the team tweeted. Once that payment is processed, the victim receives a confirmation.

Spotlight

Do you have a comprehensive cyber defense program? Until now, using passive DNS data for cyber defense was limited by three key factors: timeliness of data, the need to analyze extremely large datasets, and the requirement for expert analysis by traditionally overworked cyber analysts. This Impact Brief provides information on h

Related News

DATA SECURITY

New White Paper to be Released by Bluefin and Alpine Security Consulting on Payment and Data Security

Alpine Security Consulting | July 12, 2021

A new white paperon “Formulating a Complete Payment Data and Security Approach, ”authored by Alpine Security Consulting, has releasedby the recognized leader inand tokenization and encryption technologies for payment and data security, Bluefin. The main points covered and discussed in the whitepaper are considerations when choosing a data protection approach, rules and regulations governing sensitive data and payment, Protected Health Information (PHI) and ACH account data, Personally Identifiable Information (PII), and how tokenization can be combined with encryption to provide a single solution for securing cardholder data (CHD). Topics covered in the white paper are: • Payment and Privacy Data – History and Trends • Data Breaches, the Pandemic Effect, and the Shift to Online Commerce • Protecting Privacy Data – HIPAA, GDPR, and Privacy Acts • Protecting Financial Data – PCI DSS and Nacha • Bluefin's Payment and Data Security Suite: PCI-validated P2PE and ShieldConex® Data Security • The Roles of Encryption, Tokenization and Authentication in Protecting Data Bluefin specializes in data security solutions and omnichannel payment. With the company’s PCI-validated point-to-point encryption (P2PE)solutions, it is specialized in protecting all data. It is for ShieldConex data security platform and point-of-sale (POS) payments for the encrypted tokenization of PHI,PII, ACH and CHD account data. About Bluefin For payment and data security, Bluefin is the renowned leader in antokenization and encryption technologies. Our security suite includes call center, mobile and unattended payments, PCI-validated point-to-point encryption (P2PE) for contactless face-to-face, and our ShieldConex® data security platform for the protection of Personal Health Information (PHI),Personal Health Information (PHI), personally Identifiable Information (PII), and payment data entered online. About Alpine Security Consulting Alpine was founded to fulfill a passion to help businesses. With an experience of over 20 years in security, technology, and compliance, Alpines skill set can support virtually any business learn how to control ground-breaking security technologies with the outcome of translating security savings into tangible business worth.

Read More

DATA SECURITY

Smithers Announces the Launch of Information Security Services

Smithers | May 25, 2021

Smithers, a leading provider of testing, consulting, information, and compliance services, is pleased to announce the launch of its information security services department. This agency will provide auditing and certification services for NIST SP 800-171 and the Cybersecurity Maturity Model Certification (CMMC), as well as other customized information security offerings. Smithers Quality Assessments Division offers 25+ years of high-touch, value-added third-party auditing expertise to the CMMC program, including trained, professional auditors to perform CMMC assessments for organizations that are current suppliers to the United States (US) Department of Defense, as well as those looking to meet the requirements of being a supplier. Smithers' information security service offering ensures the security of clients' sensitive data by delivering reliable assessments on time and with a high level of touch. "Information security threats continue to intensify as a significant concern to organizations of all sizes," says Jeanette Preston, President of Smithers Quality Assessments Division. "As a matter of business continuity, many companies would be required to ensure sensitive data security as a requirement to do business with defense, governmental agencies, and highly regulated industries." The information security services department will be launched and led by Aaron Troschinetz, General Manager for Smithers Quality Assessments Division in North America. "During audits, we see that clients have a genuine need for these facilities," Troschinetz says. "Companies do not need multiple vendors because we provide information security in addition to our existing auditing and certification services. Smithers is now capable of serving as their full-service trusted partner." About Smithers Smithers is a multinational provider of testing, consulting, information, and compliance services that were founded in 1925 and is headquartered in Akron, Ohio. Smithers serves customers in the transportation, life science, packaging, fabrics, parts, consumer, and energy sectors through laboratories and operations in North America, Europe, and Asia. Smithers integrates science, technology, and business expertise to provide accurate data on time and with a high touch, allowing consumers to innovate with confidence.

Read More

NCG Extends Support to DoD Vendors with Crucial Tool for Cybersecurity Maturity Model Certification

NCG | July 07, 2020

Northcross Group (NCG) announced its latest innovative tool, a questionnaire to support the Cybersecurity Maturity Model Certification (CMMC)— a new U.S. Department of Defense (DoD) process going into effect later this year. DoD will use CMMC to ensure a base level cybersecurity capability across the full Defense Industrial Base supply chain. Certification under CMMC will be required for all DoD vendors to renew or win new contracts starting later this year.NCG, a leader in cybersecurity services that support companies navigating through vast and complex business challenges while maintaining a business edge, has developed a free online questionnaire as a first step for DoD vendors to determine how they currently measure up to the CMMC model.The questionnaire helps an organization know where they stand and understand what is needed to achieve their targeted CMMC Maturity Level. "As a DoD vendor ourselves, we understand the challenges of maintaining compliance and seek to provide a way for companies to get a good starting point," said Chris Bender, President of NCG. "We have helped organizations in healthcare, transportation, and banking build cybersecurity programs to meet similar requirements, and know having a good read on their current state is important," added Mr. Bender.

Read More

Spotlight

Do you have a comprehensive cyber defense program? Until now, using passive DNS data for cyber defense was limited by three key factors: timeliness of data, the need to analyze extremely large datasets, and the requirement for expert analysis by traditionally overworked cyber analysts. This Impact Brief provides information on h