Just type your contacts
Just type your contacts
You accept the privacy policy by submitting the form.
Just type your contacts
You accept the privacy policy by submitting the form.
Social engineering news review
1
Cyber-hackers Target UK Nuclear Waste Company RWM
An example of good staff awareness and effective cyber defence.
Cyber hackers have targeted the company behind a £50 billion project to build a huge underground nuclear waste repository in the UK, its developer has said.
Radioactive Waste Management, a UK state-owned company, faced an incident that began with an attack on one of its employees via LinkedIn.
However, thanks to a well-configured multi-layered defence system, these attempts were detected and rejected. The spokesperson also noted that LinkedIn was used as a source to identify employees working for the company.
Experts warn that hackers are using social media to breach security in a number of ways. They create fake company accounts, send misleading messages to gather information or encourage recipients to click on malicious links. They also explicitly try to steal user credentials for later unauthorised access to systems.
This type of social engineering, including email, phone and SMS attacks, poses a serious threat to organisations and individuals and can become a portal to sensitive information. It is therefore necessary to raise awareness among employees in order to minimise the risks.
Use Security Champion's free materials to vet and train your staff.
Cyber hackers have targeted the company behind a £50 billion project to build a huge underground nuclear waste repository in the UK, its developer has said.
Radioactive Waste Management, a UK state-owned company, faced an incident that began with an attack on one of its employees via LinkedIn.
However, thanks to a well-configured multi-layered defence system, these attempts were detected and rejected. The spokesperson also noted that LinkedIn was used as a source to identify employees working for the company.
Experts warn that hackers are using social media to breach security in a number of ways. They create fake company accounts, send misleading messages to gather information or encourage recipients to click on malicious links. They also explicitly try to steal user credentials for later unauthorised access to systems.
This type of social engineering, including email, phone and SMS attacks, poses a serious threat to organisations and individuals and can become a portal to sensitive information. It is therefore necessary to raise awareness among employees in order to minimise the risks.
Use Security Champion's free materials to vet and train your staff.
2
Women CyberSecurity Society Targeted by Smishing Campaign
Another example of good cybersecurity awareness from Canada
The warning comes from the Women CyberSecurity Society (WCS2). The organisation reports that someone has been targeting board members, attendees and volunteers, trying to get them to click on malicious links in phishing text messages, also known as smishing.
"One volunteer reported receiving a text message purporting to be from founder Lisa Kearney with an urgent need for help," the alert said. The text message offered the volunteer to buy some Google certificate return codes.
Key points to watch out for: the sender said she was in a meeting, could only text, and asked the volunteer to "urgently complete a task".
A message asking a person to do something quickly - such as spend money or send sensitive information - should raise suspicion.
WCS2 believes the attacker used LinkedIn and open sources to gather information about the organisation, members and volunteers in order to attack them.
In this story, the staff demonstrated good cyber security awareness. Their knowledge of the fraudsters' tricks enabled them to spot the phishing attack.
Cases like this highlight the importance of cybersecurity training for employees and members of the organisation. Regular training and education of staff will help to reinforce knowledge of threats and defence techniques.
Test and train your staff with our free materials.
The warning comes from the Women CyberSecurity Society (WCS2). The organisation reports that someone has been targeting board members, attendees and volunteers, trying to get them to click on malicious links in phishing text messages, also known as smishing.
"One volunteer reported receiving a text message purporting to be from founder Lisa Kearney with an urgent need for help," the alert said. The text message offered the volunteer to buy some Google certificate return codes.
Key points to watch out for: the sender said she was in a meeting, could only text, and asked the volunteer to "urgently complete a task".
A message asking a person to do something quickly - such as spend money or send sensitive information - should raise suspicion.
WCS2 believes the attacker used LinkedIn and open sources to gather information about the organisation, members and volunteers in order to attack them.
In this story, the staff demonstrated good cyber security awareness. Their knowledge of the fraudsters' tricks enabled them to spot the phishing attack.
Cases like this highlight the importance of cybersecurity training for employees and members of the organisation. Regular training and education of staff will help to reinforce knowledge of threats and defence techniques.
Test and train your staff with our free materials.
3
Framework says hackers accessed customer data after phishing attack on accounting partner
US laptop repair company Framework has confirmed that hackers have gained access to customer data after successfully phishing an employee of its accounting services provider.
In an email sent to affected customers, Framework said an employee of Keating Consulting, its main external accounting partner, was the victim of a social engineering attack that allowed attackers to obtain customers' personal information related to outstanding balances on Framework purchases.
Framework, which is based in San Francisco, was founded in late 2019 by former Apple and Oculus engineer Nirav Patel. The company, which raised $18 million in Series A funding led by sponsor Oculus Spark Capital in 2022, has positioned itself as a supporter of the right-to-repair movement, and its devices, such as the Framework 16 laptop, are designed to be easily repaired with replaceable parts.
"On January 9, the attacker sent an email to an accountant posing as our CEO requesting accounts receivable information related to outstanding balances on Framework purchases," Framework's notice said.
It said the accountant responded to the email on 11 January and provided the attacker with a spreadsheet containing customer information, including full names, email addresses and outstanding balances. Framework told affected customers that the hackers may have used this stolen information to impersonate Framework and request payment information.
It is not yet known whether any of Keating Consulting's other clients have been affected. The Silicon Valley-based accounting firm, which primarily provides interim financial advice and back-office support to start-ups, has nearly 300 clients, according to its website. They include online pharmacy GoodRx (which was recently fined $1.5 million for sharing users' health data with Facebook and Google), computational chemistry platform Molecule, and corporate education company Udemy.
Framework said that in light of the Keating incident, the company will require mandatory training on phishing and social engineering attacks for all company employees who have access to Framework's customer data.
This is yet another example of how just one untrained employee can cause a data breach, resulting in financial loss and reputational damage to the company. Train your employees!
Photo: Devin Coldewey / TechCrunch
Information taken from an article by Carly Page
In an email sent to affected customers, Framework said an employee of Keating Consulting, its main external accounting partner, was the victim of a social engineering attack that allowed attackers to obtain customers' personal information related to outstanding balances on Framework purchases.
Framework, which is based in San Francisco, was founded in late 2019 by former Apple and Oculus engineer Nirav Patel. The company, which raised $18 million in Series A funding led by sponsor Oculus Spark Capital in 2022, has positioned itself as a supporter of the right-to-repair movement, and its devices, such as the Framework 16 laptop, are designed to be easily repaired with replaceable parts.
"On January 9, the attacker sent an email to an accountant posing as our CEO requesting accounts receivable information related to outstanding balances on Framework purchases," Framework's notice said.
It said the accountant responded to the email on 11 January and provided the attacker with a spreadsheet containing customer information, including full names, email addresses and outstanding balances. Framework told affected customers that the hackers may have used this stolen information to impersonate Framework and request payment information.
It is not yet known whether any of Keating Consulting's other clients have been affected. The Silicon Valley-based accounting firm, which primarily provides interim financial advice and back-office support to start-ups, has nearly 300 clients, according to its website. They include online pharmacy GoodRx (which was recently fined $1.5 million for sharing users' health data with Facebook and Google), computational chemistry platform Molecule, and corporate education company Udemy.
Framework said that in light of the Keating incident, the company will require mandatory training on phishing and social engineering attacks for all company employees who have access to Framework's customer data.
This is yet another example of how just one untrained employee can cause a data breach, resulting in financial loss and reputational damage to the company. Train your employees!
Photo: Devin Coldewey / TechCrunch
Information taken from an article by Carly Page