Image taken from CSO Online

Dyre Phishing Scam

In October 2014, the Dyre, also known as Dyreza, infected more than 20,000 people via phishing campaigns. Dyreza banking malware was able to steal more than $1 million from targeted organizations successfully. The phishing campaign varied from target to target with regards to attachments, themes, payloads and exploits. Most of the emails were sent posing as a tax consultant with the intent to get the victim download the malicious .exe file.

IBM Security were the ones to identify this as a threat and also mentioned that the social engineering tactics used by the attackers were so sophisticated that the victims were willing to bypass their two-factor authentication.

Affected Systems: Microsoft Windows

The malware was designed in such a way that it was capable of capturing user login information, including banking services, and send the captured data to the attackers. In few cases, a PDF file was also used in the attempt of exploiting the unpatched vulnerabilities of Adobe Reader. Few cases also reported that a new screen would appear whenever the victim tried to open a banking site. The page explained to them that the site is experiencing some issues and that the victim should call the number provided to get help to log in. Once the call was completed, the wire transfer would be complete.

Operating Phish Phry

In 2009, nearly 100 people were charged in the U.S. and Egypt for this phishing operation. The attackers in this operation had targeted U.S. banks and were able to steal $1.5 million. The operation had originally started in 2007. This attack victimized more than 500 people.

The financial institutions affected were Bank of America and Wells Fargo. Attackers in Egypt sent fake e-mails to the victims disguising themselves as the bank itself and urging the victims to update their online banking information. The email then took the victims to a fake bank website which prompted the victims for an account number and password.

The U.S. operation in-charges, Kenneth Joseph Lucas, Nichole Michelle Merzi and Jonathan Preston Clark, recruited people to set up bank accounts at Bank of America and Wells Fargo. The attackers in Egypt would then access the victim’s accounts and wire transfer the funds to these accounts. Later the money was withdrawn from these accounts, and wire transferred to the attackers in Egypt after keeping a commission.

Fake President Incident

In 2016, CEO of the Austrian-based aerospace parts maker, FACC fired its then CEO, Walter Stephan, after the company suffered a cyber-attack in which $47 million (42 million euros) were stolen.

The fake email asked an employee to transfer money to an account for a (fake) acquisition project. Since the company had no protocols for such requests in place, the transfer went through. However, the company was able to stop a transfer of 10.9 million euros.

The email was said to have been a copy of the business email in which the attackers impersonate the CFO (Chief Financial Officer) of that company. The domain name of the company was spoofed as well. The money transferred were to banks in Slovakia and Asia.

RSA Phishing Attack

In 2011, RSA reported that they suffered a data breach in March as a result of a spear phishing attack. The attack exploited an Adobe Flash vulnerability (CVE-2011-0609) that was unpatched which resulted in a backdoor being installed on the compromised machine known as Poison Ivy.

The email had a single line of text that said: “I forward this file to you for review. Please open and view it.” While the subject line read “2011 Recruitment Plan” and the attached file titled: “2011 Recruitment plan.xls.”

The attacker had sent two different phishing emails over two days. The email was sent to four people who would not normally be categorized as high-value targets. The data was stolen from the systems at RSA, transferred to a staging server and then moved to the attacker. The attacker also used FTP to transfer many password-protected RAR files.

Ethical Hacking Training – Resources (InfoSec)

Milwaukee Bucks Phishing Scam

In 2016, the Milwaukee Bucks team fell into a phishing scam that compromised their financial data. An email was received impersonating the team’s president, Peter Feigin, an employee sent out 2015 tax details for all the Bucks employees, including players.

The data breach originally took place in April 2016 but wasn’t uncovered later till May of that year. The records compromised include player and staff financials, name, addresses, Social Security Numbers, date of birth and total compensation packages.

The email address used to send the email was: peterfeigin69@aol.com

Swedish Bank Heist

In 2007, Swedish Bank Nordea lost about $1.1 million in a phishing scam. The scam took place for over 15 months during which the bank customers were lured in opening email attachments titles “raking.exe” or “raking.zip.” The attachments were sold to be anti-spam software, Oh the irony, containing a Trojan called “haxdoor.ki.”

Approximately 250 bank customers were said to be affected by it. “Haxdoor.ki” usually installs a keylogger and hides itself using a rootkit. The virus was designed in such a way that whenever the victims attempted to use the banking website, they were presented with a fake bank page.

The victims were then asked to enter their personal information such as account numbers, usernames, and password and when entered, an error page was loaded claiming that the site was facing some technical difficulties. The hackers played it smart by making small transactions from the account thus by keeping is difficult to distinguish the fraudulent transactions.

IMF Data Leak

In 2011, the IMF (International Monetary Fund) was hit with a massive cyber-attack. Officials said that the hack was designed to install software to create a “digital insider presence.” The exact damage was never disclosed, however, seeing the type of information IMF houses, any data stolen would be very sensitive material.

Bloomberg had reported that the IMF’s hack was conducted by hackers “believed to be connected to a foreign government” resulting in loss of emails and document. The only information released said that an internal memo was sent from the company’s CIO stating that suspicious file transfers had taken place and that their investigation showed a desktop had been compromised and used to access some Fund systems.

Iranian Elections Hack

In 2013, thousands of Gmail accounts belonging to Iranian users were targeted over weeks near the time of the elections suggesting that the attacks were politically motivated and were conducted to sway the votes in a certain direction.

The emails sent to the users was described as an attempt to trick the victims to give up their usernames and passwords.

The emails were said to have been sent from the Google administrators from the account email.settings@gmail.com which contained a link to a fake sign-in page asking for the user’s Gmail credentials.

The White House Bombing Hoax

In 2013, an Associated Press Twitter account was said to be compromised due to a common phishing attack. The results of this hack, however, were severe. A tweet sent from the hacked Twitter account claimed that an explosion took place at the White House and that the then president, Barack Obama, had been injured. This news was shared with over 1.9 million people who followed the account at that time.

This tweet caused the S&P 500 index value to be down by $136.5 billion. A group of hackers who go by the name Syrian Electronic Army claimed responsibility for the hoax.

AP’s main Twitter handle was compromised when an AP’s journalist opened a phishing e-mail and clicking on a link in it. The story was proved false, and the market recovered its losses, however, the fear remained.

Snapchat Data Leak

In 2016, Snapchat’s payroll department was targeted by an email phishing scam. The attacker impersonated the CEO (Chief Executive Officer) and asked for employee payroll information. Information about some current and former employees was disclosed. It is said that almost 700 people were affected by this attack.

Back in 2014, around 200,000 photos were leaked from users due to some unofficial third-party apps vulnerabilities. However, in this case, Snapchat claims that no user data was affected.

In 2013, usernames and phone numbers of almost 4.6 million users were leaked and posted online temporary on a website.