Cryptocurrency, Financial Services and Social Engineering

Report Finds 50% of Scattered Spider Phishing Domains Targeted Finance & Insurance

Digital Shadows

JANUARY 22, 2025

In this blog, well preview the reports highlights and give insights into social engineering campaigns leveraging impersonating domains and our predictions for the threats shaping 2025. Organizations should implement domain monitoring, enforce DMARC policies, and train employees to recognize social engineering methods.

Insurance

Insurance Phishing Social Engineering Engineering

Zanubis in motion: Tracing the active evolution of the Android banking malware

SecureList

MAY 28, 2025

The threat actors behind Zanubis continue to refine its code adding features, switching between encryption algorithms, shifting targets, and tweaking social engineering techniques to accelerate infection rates. The once-broad range of targets, including cryptocurrency wallets, has been abandoned.

Banking

Banking Malware Encryption Energy and Utilities

Nastiest Malware 2024

Webroot

OCTOBER 31, 2024

The rise of AI-driven phishing and social engineering, increased targeting of critical infrastructure, and the emergence of more sophisticated fileless malware are all trends that have shaped the cybersecurity battlefield this year. By August 2024, RansomHub had breached at least 210 victims across various critical U.S.

Malware

Malware Ransomware Healthcare Passwords

U.S. Indicts North Korean Hackers in Theft of $200 Million

Krebs on Security

FEBRUARY 17, 2021

Secret Service and Department of Homeland Security told reporters on Wednesday the trio’s activities involved extortion, phishing, direct attacks on financial institutions and ATM networks, as well as malicious applications that masqueraded as software tools to help people manage their cryptocurrency holdings. Image: CISA.

Cryptocurrency

Cryptocurrency Financial Services Banking Government

Octo Tempest cybercriminal group is "a growing concern"—Microsoft

Malwarebytes

OCTOBER 27, 2023

Octo Tempest is believed to be a group of native English speaking cybercriminals that uses social engineering campaigns to compromise organizations all over the world. This can be done in a number of ways, but the most common ones involve social engineering attacks on the victim's carrier.

Social Engineering

Social Engineering Engineering Ransomware Backups

SharkBot, a new Android Trojan targets banks in Europe

Security Affairs

NOVEMBER 15, 2021

The trojan allows to hijack users’ mobile devices and steal funds from online banking and cryptocurrency accounts. Once the banking Trojan is installed on the victim’s device, threat actors can steal sensitive banking information through the abuse of Accessibility Services (i.e. ” concludes the report.

Banking

Banking Mobile Social Engineering Malware

Attackers Use Bots to Circumvent Some Two-Factor Authentication Systems

eSecurity Planet

SEPTEMBER 30, 2021

“Over the past few months, we’ve seen actors provide access to services that call victims, appear as a legitimate call from a specific bank and deceive victims into typing an OTP or other verification code into a mobile phone in order to capture and deliver the codes to the operator,” the Intel 471 researchers wrote.

Authentication

Authentication Social Engineering Phishing Banking

Cyber Attack news headlines trending on Google

CyberSecurity Insiders

JANUARY 19, 2023

The first news that is trending is associated with financial service provider PayPal. News is out that social security numbers of nearly 35,000 users were leaked in a cyber attack that could have emerged from a credential stuffing campaign launched by a state funded actor.

Cyber Attacks

Cyber Attacks Social Engineering Financial Services Encryption

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 17, 2023

CISA and ENISA enhance their Cooperation CISA adds Qlik bugs to exploited vulnerabilities catalog Report: 2.6

Data breaches

Data breaches Cybercrime Firewall Ransomware

Investment fraud overtakes business email compromise as most reported fraud

Malwarebytes

MARCH 13, 2023

Within those complaints, cryptocurrency investment fraud rose from $907 million in 2021 to $2.57 There are a number of different methods that cryptocurrency investment fraudsters deploy: Liquidity mining. The scammer contacts a real estate agent, usually offering to buy a very expensive property for cash or cryptocurrency.

Cryptocurrency

Cryptocurrency Scams Media Social Engineering

A massive phishing campaign using QR codes targets the energy sector

Security Affairs

AUGUST 16, 2023

Other top 4 targeted industries include Manufacturing, Insurance, Technology, and Financial Services seeing 15%, 9%, 7%, and 6% of the campaign traffic respectively.” com (Cloudflare’s Web3 services). ” Most of the links included in the phishing messages were comprised of Bing redirect URLs.

Phishing

Phishing Energy and Utilities Insurance Manufacturing

Research partnership to examine how fraudsters abuse financial tech innovations

SC Magazine

JULY 2, 2021

The research will cover such innovations of interest as P2P payments, mobile payments, digital wallets and central bank digital currencies – nationally sponsored cryptocurrencies that, unlike Bitcoin or Monero, would serve as a legitimate substitute for a country’s official currency.

Financial Services

Financial Services Banking Identity Theft Technology

Popular apps left biometric data, IDs of millions of users in danger

Security Affairs

JANUARY 27, 2022

Large businesses appear to be affected, including FxPro Direct App – a trading platform with over five million installs on Google Play alone – and Europcar, a vehicle rental service with over one million installs on Google Play. Onfido, a London-based company, offers photo-based IDV services for businesses. Looming dangers.

Identity Theft

Identity Theft Accountability Data breaches Social Engineering

Cybersecurity Snapshot: CISA Warns of Global Spear-Phishing Threat, While OWASP Releases AI Security Resources

Security Boulevard

NOVEMBER 8, 2024

The industry sector that ransomware groups hit the hardest was construction, followed by hospitals and healthcare, and by IT services and consulting. Financial services and law offices rounded out the top five.

Phishing

Phishing Cybersecurity Ransomware Cybercrime

Ransomware Prevention, Detection, and Simulation

NetSpi Executives

APRIL 27, 2024

Ransomware, a definition Ransomware is a set of malware technologies, hacking techniques, and social engineering tactics that cybercriminals use to cause harm, breach data, and render data unusable. Victims pay ransomware adversaries for decryption keys through cryptocurrency, such as Bitcoin. Unpatched exploits.

Ransomware

Ransomware Cyber Insurance Backups Insurance

New York: Cyberattack Is Twitter's Fault, Let's Increase Regulation

SecureWorld News

OCTOBER 15, 2020

It was the summer cyberattack that had social media buzzing. A group of teenagers used social engineering to breach Twitter's network and take over the accounts of a whole bunch of A-listers. As a teenager, he discovered that social engineering was a trick that worked. "I You could lose your data.'.

Social Engineering

Social Engineering Media Scams Financial Services

Spam and phishing in Q2 2021

SecureList

AUGUST 5, 2021

or cryptocurrency secured by these resources. Offers of quick earnings with minimal effort remain one of the most common types of fraud. In Q2 2021, cybercriminals diversified their easy-money schemes. Email recipients were invited to invest in natural resources (oil, gas, etc.) Conclusion.

Phishing

Phishing Banking Scams Computers and Electronics

Negotiating with Ransomware Gangs: What's It Really Like?

SecureWorld News

SEPTEMBER 27, 2020

Some not only blindly facilitate the criminal norms of the cryptocurrency marketplace, but their law firms also blithely encourage cryptocurrency transactions by accepting bitcoin as a form of payment for their legal services. This last point about lawyers and cryptocurrency hits home and bothers me the most. Would a U.S.

Ransomware

Ransomware Cryptocurrency Computers and Electronics Banking

Spam and phishing in 2022

SecureList

FEBRUARY 16, 2023

These sites referenced public figures and humanitarian groups, offering to accept cash in cryptocurrency, something that should have raised a red flag in itself. By getting the user’s secret phrase, cybercriminals could get access to their cryptocurrency balance. Now, attackers have started collecting Bitcoin for charity.

Phishing

Phishing Scams Accountability Energy and Utilities

Cyber Security Informer

Report Finds 50% of Scattered Spider Phishing Domains Targeted Finance & Insurance

Zanubis in motion: Tracing the active evolution of the Android banking malware

Trending Sources

Nastiest Malware 2024

U.S. Indicts North Korean Hackers in Theft of $200 Million

Octo Tempest cybercriminal group is "a growing concern"—Microsoft

SharkBot, a new Android Trojan targets banks in Europe

Attackers Use Bots to Circumvent Some Two-Factor Authentication Systems

Cyber Attack news headlines trending on Google

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Investment fraud overtakes business email compromise as most reported fraud

A massive phishing campaign using QR codes targets the energy sector

Research partnership to examine how fraudsters abuse financial tech innovations

Popular apps left biometric data, IDs of millions of users in danger

Cybersecurity Snapshot: CISA Warns of Global Spear-Phishing Threat, While OWASP Releases AI Security Resources

Ransomware Prevention, Detection, and Simulation

New York: Cyberattack Is Twitter's Fault, Let's Increase Regulation

Spam and phishing in Q2 2021

Negotiating with Ransomware Gangs: What's It Really Like?

Spam and phishing in 2022

Stay Connected