Weekly Cyber Risk Roundup: More W-2 Breaches and Upcoming GDPR Challenges Organizations

Stolen W-2 information was back in the news this week due to reports of another W-2 breach as well as new data from IRS officials on the threat. The latest breach involves TALX, an Equifax subsidiary that provides online payroll, HR and tax services. KrebsOnSecurity reported that an undisclosed number of customers were affected when… Read More

Weekly Cyber Risk Roundup: Ashley Madison Blackmail Returns, Facebook and Google Victims of Fraud

An old data breach came back to life this week as Ashley Madison users who had their data compromised back in July 2015 are once again being blackmailed — this time by an extortion group threatening to launch a public website and contact people in victims’ social media networks. The website will allegedly be launched… Read More

Weekly Cyber Risk Roundup: JobLink, $100 Million BEC Scam and Other Breaches

Third-party cybersecurity issues were once again front and center this past week as America’s JobLink, a web-based system that links jobs seekers with employers, was compromised by a malicious actor, leading to a series of data breach announcements from states that use the system. “On February 20, 2017, a hacker created a job seeker account… Read More

Weekly Cyber Risk Roundup: New PoS Breaches and Simple Attacks

The week’s top trending event was the compromise at Freedom Hosting II, which has been estimated to host as much as 20 percent of active dark web sites. As a result, thousands of dark web sites were taken offline, and the stolen data has since been widely shared. Security researcher Troy Hunt, who reviewed some… Read More

W-2 Breach Count Hits 24, Rising Fast as More Organizations Get Phished

Tax season has begun, and with it comes renewed opportunity for cybercriminals to steal W-2 information in order to file fraudulent tax returns or sell employee data on the dark web. The past two weeks have seen at least 24 organizations publicly tied to W-2 data breaches — and more breach announcements will likely be made in the coming months.… Read More

Recent Campaigns Highlight Evolving Social Engineering Tactics

Over the past month, researchers have observed several new phishing campaigns that demonstrate a more sophisticated and targeted approach to social engineering by threat actors. For example, on Monday Trustwave wrote about the Carbanak gang targeting the hospitality and restaurant sectors. The actors began the attack by using public tools such as LinkedIn to find the names… Read More

Fraudsters Exploit Hurricane Matthew to Create More Victims

Hurricane Matthew is over — having been officially downgraded on Sunday — and a clearer picture of the aftermath has begun to emerge. More than 1,000 people were killed by the hurricane, including at least 35 in the United States. Although the storm has moved out to sea, flooding continues here in the U.S., and in Haiti, which was hit… Read More

Typosquatting: Easy Attack Vector That Produces Results

Every week here at SurfWatch Labs our team of threat analysts write about new vulnerabilities, malware developments and cyber-attacks.  One attack vector that is not mentioned very frequently but can be a significant threat for organizations and consumers alike is a technique called typosquatting. Typosquatting is an attempt to trick users into thinking they have landed on their desired website,… Read More

BEC Scams Continue to Plague Businesses

In a year where ransomware is receiving massive amounts of attention, there is another threat that continues to grow – Business Email Compromise (BEC) scams. The FBI has issued two warnings about this threat in 2016. The first warning was bad enough, with the FBI estimating BEC scams have accounted for about $2.3 billion is… Read More

What Can We Learn About Social Engineering From Impersonation?

With organizations losing billions of dollars due to business email compromise scams and thousands of employees having their W-2 information sent to criminals each week, it can be easy to think, “How can people be so dumb and keep falling for these same tricks?” When it comes to socially engineering an employee, most people think of email phishing — and… Read More