Below is a roundup of the biggest cybersecurity news stories from the past month.

A Cryptocurrency-Stealing Trojan Meets Victims at the Point of Purchase

The TrickBot Trojan has been making the rounds, focusing on — what else? — stealing cryptocurrency. The malware uses webinjections to modify webpages presented to the user. When a person goes to a legitimate bitcoin exchange to make a purchase, the malware intercepts information going to and from the browser. A separate webinjection modifies the payment processing logic to trick the user into believing that the transaction has gone through. The victim thinks everything went well, but the bitcoin never arrives. Instead, it’s routed to one of TrickBot’s operators.

Phishing Attacks Grow More Sophisticated

Phishing attacks continue to dominate cybersecurity news. A new, highly targeted form of spear phishing uses wire transfers to claim its victims.

Late last year, IBM X-Force Incident Response and Intelligence Services (IRIS) began noticing a surge in business email compromise (BEC) scams aimed at fooling accounts payable personnel into making wire transfers to attacker-controlled accounts. Fraudsters used stolen email credentials and social engineering tactics to execute these schemes without compromising the network.

These attacks showed a higher level of sophistication than most phishing campaigns. For example, attackers spoofed email addresses to appear to be contacts known to the recipient. They mimicked earlier communications and inserted themselves into existing conversations. They even found and filled out forms and spoofed approval emails before setting up fraudulent DocuSign sites to distribute wire transfer documents.

Another phishing campaign that hit just before Valentine’s Day used zombie bots to distribute an estimated 230 million spam emails over a two-week period. The spam storm was coordinated by the Necurs botnet, and its scope indicates that these distributed attacks can get very large. Flirtatious messages tied to the campaign capitalized on the romantic season: Cybercriminals feigned as if they were women who saw the would-be victim’s social profile and wanted to get in touch. Usually, such spam emails are chock-full of misspellings and grammatical errors, but that wasn’t the case with this latest effort.

Device ID Is No Longer Foolproof

Security professionals thought they hit upon a nearly invincible form of authentication and fraud detection when they began using device IDs. This technique plumbs information about users’ physical devices — including cookies, operating system, IP address and other properties — to verify that the party at the other end of an exchange is legitimate.

But cybercriminals have caught up with device ID. Their latest trick is to use social engineering to inject remote access Trojans that permit them to hijack end-user devices. Users appear legitimate, but attackers are secretly using their credentials and device to steal account access.

That doesn’t mean security organizations should abandon device ID. Companies should also look for additional indicators of fraudulent activity for each user, device, behavior and session.

IBM Study Reveals Age Gap When It Comes to Identity

IBM’s “Future of Identity Study,” which queried 4,000 adults from around the world, turned up some interesting changes in attitudes toward protecting and managing online identities. The bad news is that a lot of people still use the same password for multiple accounts, leaving them open to mayhem should just one of those accounts be compromised.

But there’s a lot of good news as well. People are becoming more accepting of biometric authentication, with 87 percent of respondents saying they would be willing to use tactics such as fingerprint scans in the future. Older people tend to be more security-aware than their younger counterparts, which isn’t surprising given that they are likely to have more to lose. However, millennials and Gen Xers are more accepting of biometrics, more likely to use password managers and quicker to abandon services that have lost their trust.

The survey also showed that social networks have some work do to on the trust front. Respondents ranked these services last among institutions that they trust to properly handle and secure sensitive data. Financial institutions scored much higher, indicating that the trust they’ve established with customers is a valuable asset at a time of business disruption.

A Honeypot That Gives Attackers a Taste of Their Own Medicine

Honeypots have been around for a long time, but IBM Master Inventor James Kozloski has a new take on their value when it comes to dealing with one of the most frustratingly persistent attack types: phishing emails.

His notion is to develop an AI-powered honeypot that mimics a gullible user to confuse and frustrate an attacker. The honeypot would respond to phishing emails with messages that dupe senders into believing that their scam worked. Or, it could overwhelm fraudsters with hundreds of false positive messages, tying them in knots while they try to figure out which are real. It also gives spammers a dose of their own medicine, which has a certain innate appeal.

Kozloski’s honeypot doesn’t exist as a product yet, but it is an active area of study for IBM Research and could show up in the real word before long.

More from Data Protection

Cybersecurity 101: What is Attack Surface Management?

There were over 4,100 publicly disclosed data breaches in 2022, exposing about 22 billion records. Criminals can use stolen data for identity theft, financial fraud or to launch ransomware attacks. While these threats loom large on the horizon, attack surface management (ASM) seeks to combat them. ASM is a cybersecurity approach that continuously monitors an organization’s IT infrastructure to identify and remediate potential points of attack. Here’s how it can give your organization an edge. Understanding Attack Surface Management Here…

Six Ways to Secure Your Organization on a Smaller Budget

My LinkedIn feed has been filled with connections announcing they have been laid off and are looking for work. While it seems that no industry has been spared from uncertainty, my feed suggests tech has been hit the hardest. Headlines confirm my anecdotal experience. Many companies must now protect their systems from more sophisticated threats with fewer resources — both human and technical. Cobalt’s 2022 The State of Pentesting Report found that 90% of short-staffed teams are struggling to monitor…

The Importance of Modern-Day Data Security Platforms

Data is the backbone of businesses and companies everywhere. Data can range from intellectual property to critical business plans to personal health information or even money itself. At the end of the day, businesses are looking to grow revenue, innovate, and operationalize but to do that, they must ensure that they leverage their data first because of how important and valuable it is to their organization. No matter the industry, the need to protect sensitive and personal data should be…

Meeting Today’s Complex Data Privacy Challenges

Pop quiz: Who is responsible for compliance and data privacy in an organization? Is it a) the security department, b) the IT department, c) the legal department, d) the compliance group or e) all of the above? If you answered "all of the above," you are well-versed in the complex world of compliance and data privacy! While compliance is a complex topic, the patchwork of regulations imposed by countries, regions, states and industries further compounds it. This complexity has turned…