The Rising Threat of Credential Theft ๐Ÿ”’ย 

Nov 29 2023

.bh__table, .bh__table_header, .bh__table_cell { border: 1px solid #C0C0C0; }
.bh__table_cell { padding: 5px; background-color: #FFFFFF; }
.bh__table_cell p { color: #2D2D2D; font-family: ‘Helvetica’,Arial,sans-serif !important; overflow-wrap: break-word; }
.bh__table_header { padding: 5px; background-color:#F1F1F1; }
.bh__table_header p { color: #2A2A2A; font-family:’Trebuchet MS’,’Lucida Grande’,Tahoma,sans-serif !important; overflow-wrap: break-word; }

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter thatโ€™s happy for the Indian miners but canโ€™t help wondering whoโ€™s going to save the crypto-miners who are constantly being hacked by cybercriminals ๐Ÿ˜ณย 

Todayโ€™s hottest cybersecurity news stories:ย ย 

  • ๐ŸŽฃ Plenty more phish in the sea. How hackers phish and sell credentials ๐Ÿ‘จโ€๐Ÿ’ปย 

  • ๐Ÿš N. Korean hackers and mixing and Macintoshing to evade detectionย  ๐ŸŽญย 

  • ๐Ÿ‘ค Serial scammer caught red-handed, ordered to pay back $1.2m. Oops ๐Ÿ’ฐย 

Hackers are phishing for compliments ๐Ÿ™„ Donโ€™t let them PhaaS you ๐Ÿ˜ย 

๐Ÿ”’ Protecting Your Organisation: The Rising Threat of Credential Theft ๐Ÿ”’ย 

Did you know that stolen account credentials are the golden ticket for cybercriminals? ๐Ÿ˜ฑ According to the 2023 Verizon Data Breach Investigation Report, external parties caused 83% of breaches, and a whopping 49% involved stolen credentials! ๐Ÿšจย 

๐ŸŽฃ Phishing on the Rise ๐ŸŽฃย 

Phishing, a major player in cyber threats, is evolving! Threat actors are no longer just using emails. Now, they're hitting us with multi-channel attacks using texts, voicemails, and AI-driven personalised messages. ๐Ÿ“ฑ๐Ÿ“ง๐Ÿค–ย 

๐Ÿ›ก๏ธ Phishing-as-a-Service (PhaaS) ๐Ÿ›ก๏ธย 

Even without hacking skills, anyone can jump on the credential theft bandwagon thanks to PhaaS! ๐ŸŽญ W3LL's BEC phishing ecosystem and Greatness phishing kit are causing havoc, infiltrating thousands of accounts and raking in big bucks. ๐Ÿ’ธย 

๐Ÿ’ผ Underground Markets Boom ๐Ÿ’ผย 

The dark web is buzzing with over 24 billion credentials for sale! ๐ŸŒ Prices vary, but stolen credentials mean serious business. The risks multiply when users reuse passwords across accounts.ย 

๐Ÿšจ Financial Gain Drives Threats ๐Ÿšจย 

Remember, financial gain is the game! After stealing credentials, threat actors can wreak havoc, but often, they sell the loot to others who execute the attacks later. ๐Ÿ˜ˆย 

๐Ÿ›ก๏ธ Stay Secure with Specops Password Policy! ๐Ÿ›ก๏ธย 

Protect your organisation! Use Specops Password Policy to block compromised passwords, enforce strong policies, and fortify your password infrastructure. ๐Ÿฐ Try it free here!ย 

What steps are YOU taking to secure user credentials? Let's fortify our defences together! ๐Ÿ›ก๏ธ๐Ÿ’ชย 

Cybersecurity is more important than ever, and your Mac or PC are no exception. Over time, your Mac or PC can accumulate junk files, malware, and other threats that can slow it down and make it vulnerable to attack.

That's where MacPaw comes in. MacPaw offers a suite of easy-to-use apps that can help you clean, optimize, and secure your Mac. With MacPaw, you can:

  • Remove junk files and malware to free up space and improve performance

  • Protect your privacy by erasing sensitive data

  • Optimize your startup settings to speed up boot times

  • Manage your extensions and apps to keep your Mac or PC running smoothly

Since 2008 MacPaw is trusted by over 30 million users worldwide, and it's the perfect solution for keeping your Mac or PC safe and secure.

Mix and Mac ๐Ÿ’€ย 

๐Ÿšจ Alert: North Korean Cyber Threats on the Rise! ๐Ÿšจย 

๐Ÿ”„ Theyโ€™re a โ€˜Mixing and Matchingโ€™ menace. Hold on tight! The notorious Lazarus Group, the masterminds behind macOS malware RustBucket and KANDYKORN, are now "mixing and matching" elements from both in a devious move. ๐Ÿ˜ฑ SentinelOne uncovered this dangerous trend, revealing the use of RustBucket droppers to deliver the formidable KANDYKORN. ๐Ÿคฏย 

๐Ÿ’ป Attack Chains Unveiled ๐Ÿ’ปย 

In the RustBucket realm, SwiftLoader, a backdoored PDF reader, acts as the gateway for a Rust-powered malware. Meanwhile, KANDYKORN hits crypto exchange platform engineers through Discord, unleashing a complex multi-stage attack. ๐Ÿš€ย 

๐Ÿงฉ Puzzle Piece: ObjCShellz ๐Ÿงฉย 

Enter ObjCShellz! The third player in this cyber drama, recently revealed by Jamf Threat Labs, acts as a remote shell executing commands from the attacker server. ๐Ÿšย 

๐Ÿ”„ SwiftLoader's Dual Role ๐Ÿ”„ย 

Hold the phone! SwiftLoader is not just for RustBucket; it's now distributing KANDYKORN too. North Korea's Lazarus Group seems to be sharing tactics and tools, making tracking and defence a real challenge. ๐Ÿ•ต๏ธโ€โ™‚๏ธย 

๐ŸŒ Collaborative Adversaries on the Move ๐ŸŒย 

The cyber landscape in North Korea has evolved into a streamlined organisation, with shared tools and tactics. A recent Mandiant report highlighted this collaborative approach, making the adversary more elusive and adaptable. ๐Ÿš€ย 

๐Ÿ›ก๏ธ Stay Vigilant, Cyber Defenders! ๐Ÿ›ก๏ธย 

As Lazarus subgroup Andariel exploits Apache ActiveMQ vulnerabilities, installing NukeSped and TigerRAT, the cybersecurity battlefield is heating up! ๐Ÿ”ฅย 

Keep your defences strong, stay updated, and let's outsmart these cyber threats together! ๐Ÿ’ช๐Ÿ’ปย 

๐ŸŽฃ Catch of the Day!! ๐ŸŒŠ๐ŸŸ๐Ÿฆž

๐Ÿƒย The Motley Fool: โ€œFool me once, shame on โ€” shame on you. Fool me โ€” you can't get fooled again.โ€ Good olโ€™ George Dubya ๐Ÿ˜‚ Let us tell whoโ€™s not fooling around though; thatโ€™s the Crรผe ๐Ÿ‘€ at Motley Fool. Youโ€™d be a fool (alright, enough already! ๐Ÿ™ˆ) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ๐Ÿ› Kidding aside, if you check out their website theyโ€™ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ๐Ÿค‘ย (LINK)

๐Ÿšตย Wander: Find your happy place. Cue Happy Gilmore flashback ๐ŸŒ๏ธโ›ณ๐ŸŒˆ๐Ÿ•Š๏ธ Mmmm Happy Placeโ€ฆ ๐Ÿ˜‡ So, weโ€™ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, itโ€™s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ๐Ÿž๏ธ๐Ÿ˜ย (LINK)

๐ŸŒŠย Digital Ocean: If you build it they will come. Nope, weโ€™re not talking about a baseball field for ghosts โšพ๐Ÿ‘ป๐Ÿฟ (Great movie, to be fair ๐Ÿ™ˆ). This is the Digital Ocean whoโ€™ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website youโ€™ll find yourself catching the buzz even if you canโ€™t code (guilty ๐Ÿ˜‘). But if you can and youโ€™re looking for somewhere to test things out or launch something new or simply enhance what youโ€™ve got, weโ€™d recommend checking out their services foโ€™ sho ๐Ÿ˜‰ And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ๐ŸŒฟย (LINK)

Cybercrime doesnโ€™t pay. But it does pay BACK ๐Ÿ˜‚ย 

๐Ÿšจ Serial Cybercriminal Sentenced: Beware of Modern Scams! ๐Ÿšจย 

Brace yourselves for the scoop on Amir Hossein Golshan, a 25-year-old "serial cybercriminal and scammer" from Los Angeles! ๐Ÿ•ต๏ธโ€โ™‚๏ธโœจย 

๐Ÿ” SIM-Swap Shenanigans and More ๐Ÿ”ย 

Golshan, dubbed a cyber maestro, pulled off SIM-swap attacks, hijacked social media accounts, committed Zelle payment fraud, and even impersonated Apple support. ๐Ÿ˜ฑ๐Ÿ’ธย 

๐Ÿš” Behind Bars for Eight Years ๐Ÿš”ย 

After pleading guilty to unauthorised access, wire fraud, and computer fraud, Golshan was sentenced to eight years in prison and ordered to pay over $1.2 million in restitution. โš–๏ธ๐Ÿ’ฐย 

๐Ÿ’ป Four Years of Digital Deception ๐Ÿ’ปย 

Between 2019 and 2023, Golshan targeted "hundreds" with online scams, swindling a staggering $740,000 from over 500 victims! ๐ŸŒ๐Ÿ’”ย 

๐Ÿ“ฒ From Zelle Fraud to SIM Swapping ๐Ÿ“ฒย 

Golshan started with Zelle merchant fraud on Instagram, offering fake services. He then escalated to SIM swapping, seizing control of victims' accounts and demanding ransom via WhatsApp. ๐Ÿ˜ˆ๐Ÿ’ฌย 

๐Ÿ Impersonating Apple Support ๐Ÿย 

In his cyber crime spree, Golshan impersonated Apple Support, infiltrating victims' iCloud accounts and looting digital wallets for NFTs and cryptocurrency. ๐Ÿ’ผ๐Ÿ’ฐย 

โš ๏ธ Stay Vigilant Against Cyber Threats! โš ๏ธย 

Golshan's crimes highlight the evolving landscape of cyber threats. Let's stay vigilant, educate ourselves, and strengthen our digital defences! ๐Ÿ›ก๏ธ๐Ÿ’ปย 

Spread the word and keep our online community safe! ๐ŸŒ๐Ÿ”’ย 

๐Ÿ—ž๏ธ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.

  • Libby Copa:ย The Rebel Newsletter helps writers strengthen their writing and creative practice, navigate the publishing world, and turn their art into an act of rebellion.

  • Techspresso:ย Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)

Let us know what you think!

So long and thanks for reading all the phish!

Recent articles