The FBI reports it has seen a rise of malware over the past few months targeting small and medium businesses and municipal government entities and school districts. Once a malicious attachment or link is opened, keylogging tactics obtain bank account info where criminals then initiate wire transfers or Automated Clearinghouse Transfers (ACH). The report also cites that in some cases individuals have been recruited to unknowingly help criminals with “work at home” jobs that tell them they will be working on sending these fraudulent funds transfers by Western Union or Moneygram. FBI has links to US CERT for help. Read the statement. [FBI]
Business email compromise scams trick corporate executives, employees and clients into transferring business funds to criminal bank accounts in China.
FBI Director James Comey said at the International Conference on Cyber Security North Korea got sloppy with its proxies and revealed themselves in the Sony hack.
A US-CERT advisory describes the malware used in the destructive Sony hack, including indicators of compromise and command and control server IP addresses.