Attack Kit Hijacks DNS of Home and Business Routers

For the past year, attackers have been using an exploit kit that changes the DNS settings of home and small-business routers through users’ browsers. The tool, dubbed Novidade, was first used in Brazil in August 2017, but researchers from antivir… Continue reading Attack Kit Hijacks DNS of Home and Business Routers

Kraken Ransomware Now Being Distributed by Fallout Exploit Kit

Kraken ransomware recently added the Fallout exploit kit as another means of reaching users and encrypting their information. Working with the Insikt group from Recorded Future, the McAfee Advanced Threat Research team found evidence that the authors o… Continue reading Kraken Ransomware Now Being Distributed by Fallout Exploit Kit

Fallout EK Spreads GandCrab, Leverages CVE-2018-4878, CVE-2018-8174

New security reports have landed indicating that the infamous GandCrab ransomware is currently being distributed by a new exploit kit known as Fallout. The Fallout EK is pushing the ransomware alongside downloader Trojans and potentially unwanted progr… Continue reading Fallout EK Spreads GandCrab, Leverages CVE-2018-4878, CVE-2018-8174

The Year Targeted Phishing Went Mainstream

A story published here on July 12 about a new sextortion-based phishing scheme that invokes a real password used by each recipient has become the most-read piece on KrebsOnSecurity since this site launched in 2009. And with good reason — sex sells (the second most-read piece here was my 2015 scoop about the Ashley Madison hack).

But beneath the lurid allure of both stories lies a more unsettling reality: It has never been easier for scam artists to launch convincing, targeted phishing and extortion scams that are automated on a global scale. And given the sheer volume of hacked and stolen personal data now available online, it seems almost certain we will soon witness many variations on these phishing campaigns that leverage customized data elements to enhance their effectiveness. Continue reading The Year Targeted Phishing Went Mainstream