CSO - Multi-stage spear phishing – bait, hook and catch

However, cybercriminals are now taking an “enterprise” approach.  Similar to B2B enterprise sales, they go after a smaller number of targets, with the goal of extracting a much greater payload with highly personalized attacks. Spear phishing, highly targeted attacks that leverage impersonation of an employee or a popular web service, have been on the rise, and according to the FBI, these attacks have proven to be extremely lucrative for cybercriminals.

Security Brief AU - Move over ransomware; put spear phishing on your radar

With large-scale ransomware attacks dominating headlines this year, particularly WannaCry and Petya, businesses are responding by taking active steps to back up their data and block malware. While this is certainly important, the cost of ransomware attacks pales in comparison to the losses resulting from spear phishing scams, which have already cost companies more than $5 billion and growing, according to the FBI.

Dark Reading - Report: Bank Email Fraud Increases since Equifax Breach

A spate of bogus "secure message" emails from financial institutions are making the rounds, following the high-profile Equifax breach, according to a report released today by Barracuda.Over the past month, variants of the "secure message" email attacks have included malicious Word document attachments that rewrite directory files in users' computers once opened, according to Barracuda's Threat Spotlight report.

MIC - Scams 2017: 3 sneaky traps scammers are setting right now — via fake email, text or phone call

... The idea is you’re more likely to fall for a trick email from your bank if you’re already paying closer attention to your credit information. Hundreds of such scams have circulated since August, the security company Barracuda Networkstold the Post, with many of the emails appear to come from popular institutions like TD Bank and Bank of America.

Cyberscoop - Banking-focused phishing scheme hits inboxes in wake of Equifax breach

A group of hackers has been sending specially tailored phishing emails to online banking customers, stoking fears among an online population that is increasingly concerned with how cybercriminals could leverage the data stolen from credit monitoring giant Equifax.This specific phishing campaign, identified by U.S. technology firm Barracuda Networks, focuses on a string of recent banking-related emails that began to hit inboxes shortly after Equifax was originally breached, but several weeks before the incident was first publicly disclosed Sept. 7.

Washington Post - Online thieves may be exploiting the Equifax panic, researchers say

Since August, digital thieves have sent hundreds of thousands of phishing emails impersonating an alarming number of banking institutions, according to a report Thursday by the cloud security company Barracuda Networks. The fake emails pretend to be coming from major firms such as Bank of America, TD Bank and the Canadian bank CIBC. While the fake emails do not mean the banks themselves have been compromised, said Barracuda, the recent spike in bank-impersonation phishing attacks means consumers should be as vigilant as ever about email threats to their privacy and security in the wake of the Equifax breach.

Threat Spotlight: Email Malware Impersonates Secure Bank Messages

Impersonation is one of the most common tactics used in email attacks for one simple reason — it works. This particular instance is no different, and we’ve been tracking a consistent stream of emails from attackers that are impersonating secure messages from financial institutions. While these threats appear to be real messages from actual banks, it’s important to understand that the financial institutions mentioned in the emails below haven’t been hacked; however, their names are being used by criminals to persuade recipients to act on the messages. 

Silicon ANGLE - New Locky ransomware variant detected in massive new phishing campaign

A new variant of the infamous Locky ransomware has been detected in the wild rapidly infecting computers in a massive new phishing campaign, according to newly published research.Barracuda Networks Inc. made the initial discovery, saying in a blog post that it has seen roughly 20 million of attacks using the new Locky variant as of Tuesday and that the number continues to grow.

CSO - Office 365 Phishing attacks create a sustained insider nightmare for IT

In attacks such as these, a victim is likely to click on a message from someone they have an association with. So by abusing the existing trust relationships between vendors and acquaintances, the attackers have a wider pool of potential victims that will offer little push back.... When asked, Lior Gavish, VP Engineering, Content Security Services at Barracuda, also  shared a large list of domains connected to Office 365 Phishing attempts. Barracuda has been tracking Office 365 Phishing campaigns as well, and first reported on them back in August.

MarketWatch - Equifax mess shows why Social Security numbers need to be replaced with something less easy to steal

Lior Gavish, vice president at security company Barracuda, said biometric security is one of the most user-friendly ways to authenticate an identity, requiring only a fingerprint scan or, increasingly, a face scan. More laptops and phones are being built with fingerprint scanning options. “That is the future,” he said.