Trends
Bulletin
Hear from the Security Team
Subscribe for Email Updates.
We will be rolling out new articles and guides on a regular basis. Sign up to get the latest delivered to you. Get new articles and guides, a curated list of events and job openings, and more.
The Headlines
Spear Phishing Attack Impersonating C-Suite Targets Junior Employees at Law Firm
Our latest threat intelligence example reveals how attackers impersonated a leading law firm's chairman, in an attempt to socially engineer junior staff. In late January 2022 a specialist law firm was the target of a spear phishing campaign flagged by Tessian Defender where the threat actor attempted to impersonate the Chairman of the firm. Leveraging common social engineering tactics, the threat actor then targeted the firm's junior employees. This is known as CEO Fraud.
Read More →Who are we?
Support our Eagle-Eyed Team.
We know the #1 source of information for security leaders is other security leaders and practitioners. That's why all of our content is crowd-sourced from the security community. We want to hear from you. Email us at threatintel@tessian.com.
[fts_twitter twitter_name=humanlayersec tweets_count=12 cover_photo=no stats_bar=no show_retweets=no show_replies=no]
Hear from the Security Team
Subscribe for the latest updates.
We will be rolling out new articles and guides on a regular basis. Sign up to get the latest delivered to you.
Sign Up →All Posts
Filter by
24 May 2022
Analysis of Executive Impersonation Burst Attack
In May 2021 Tessian Defender flagged a series of emails sent to a global law firm. The emails were attempting to impersonate a senior partner at the firm and targeted a list of other partners. Tessian's Research & Intelligence team analyzed an executive impersonation burst attack that was detected and prevented by Tessian Defender.
Read More →
10 May 2022
How Cybercriminals Exploited The Covid-19 Vaccine Roll-Out
The National Cyber Security Centre (NCSC) recently revealed that it removed more online scams in 2020 than in 2016-2019 combined, due to a surge in malicious activity related to the Covid-19 pandemic. It’s revealed that more than 120 phishing campaigns in which the NHS was impersonated were detected in 2020 - up from 36 in 2019. The lure? The vaccine roll-out.
Read More →
08 March 2022
Vendor Email Compromise: Analysis of an Account Takeover Attack
In March 2021 Tessian Defender flagged an email received by one of our customers from one of their trusted vendors. The vendor had suffered from an account takeover when an attacker used compromised credentials to login to the mailbox of one of their employees and send out malicious emails.
Read More →
10 February 2022
Spear Phishing Attack Impersonating C-Suite Targets Junior Employees at Law Firm
Our latest threat intelligence example reveals how attackers impersonated a leading law firm's chairman, in an attempt to socially engineer junior staff. In late January 2022 a specialist law firm was the target of a spear phishing campaign flagged by Tessian Defender where the threat actor attempted to impersonate the Chairman of the firm. Leveraging common social engineering tactics, the threat actor then targeted the firm's junior employees. This is known as CEO Fraud.
Read More →
04 February 2022
Cyber Criminals Leverage Temporary Block on PayPal Account in Phishing Attack
Tessian’s threat intelligence researchers detected a relatively sophisticated phishing attempt impersonating PayPal. We break down the elements of the attack and explain how to spot other scams.
Read More →
04 February 2022
Threat actors use phish kits to launch man-in-the-middle attacks
Threat actors have been found to be using phish kits that leverage transparent reverse proxy, which enables them to man-in-the-middle (MitM) a browser session and steal credentials and session cookies in real-time.
Read More →
14 January 2022
Comment: Russia takes down REvil hacking group at U.S. request
Russia has dismantled ransomware crime group REvil at the request of the United States in an operation in which it detained and charged the group's members, according to the FSB domestic intelligence service.
Read More →
12 January 2022
Account Takeovers of High-Profile Accounts of ‘FIFA Ultimate Team’ Players
Electronic Arts (EA) announced that cybercriminals “exploited human error” among EA’s customer support staff, using socially engineered phishing emails to compromise less than 50 top trader accounts. A series of takeovers of high-profile accounts of FIFA Ultimate Team players led to accounts being cleared of points and thousands of dollars in game currency.
Read More →07 April 2021
Cybercriminals Take Advantage of Mass Unemployment in Phishing Scams
The global COVID-19 pandemic has wreaked havoc on job markets. In the US, the unemployment rate stands at 6.2 percent and in the UK, it’s estimated that around 2.2 million people, or 6.5% of all workers, could be unemployed at the end of the year. Cybercriminals are taking note.
Read More →