Category: Blog

Ransomware Attacks Are Here to Stay

Following the highly publicized (and successful) $4M+ ransom of Colonial Pipeline, attacks like these will only get more popular. Indeed this week, the New York Times reported “Ransomware Disrupts Meat Plants in Latest Attack on Critical U.S. Business.“ These attacks are here to stay. Are you ready?  Related: Security Awareness

SolarMarker Backdoor Pretends to be Legit PDFescape Installer

The modified installer of legit “PDFescape Desktop Installer” app looks like this:  Fake PDFescape Desktop Installer AppSHA-256: 0c933001de544ebc071d175d9f8e3bfad8066b532dc69dea4c713c52eb6a64a0 Cyren detects this kind of malware as W32/SolarMarker.A.gen!Eldorado. Upon execution, It creates an encoded file under %Userdir%<randomchars><randomchars><randomchars><randomchars><randomchars><randomchars><randomchars> (encoded file). It then executes a Power Shell Script command to decode and execute the

Dissecting a UnionBank Phishing Campaign

We have been seeing email notifications about login attempts to UnionBank online accounts, prompting users to reset their password if they found the login attempts were suspicious. Below are screenshots of some of the most recent phishing emails that were seen. Figure 1.0 Phishing emails notifying a user about a

Fake DocuSign Download Page Leads to Hentai Onichan Ransomware

We recently received samples that we suspected were “phishy” in nature, but after analyzing the email attachment a severe threat was exposed.  Figure 1.0 Email sample The emails had a ZIP attachment containing an HTML that was designed to look like an invoice signed by DocuSign, which is a well-known

A Dridex Phishing Campaign

The “Purchase” themed email is a commonly used subject in phishing campaigns. Threat actors can easily scrape the internet, in other words, specific data is very easily gathered and copied from the web. This makes company emails a very easy target, as they are available in their websites, especially the

Office 365 Phishing Email Campaign Hides Excel Template in HTML

  Phishing remains one of the most popular types of corporate attacks in terms of its prevalence, and therefore it is not surprising that attackers are coming up with increasingly sophisticated methods to obtain the victim’s personal data. Signs of an Office 365 Phishing Attack  A Warning from Microsoft: The

Loose SPF, DKIM, DMARC, and ARC Settings Sabotage Security

It’s safe to say that all of our Cyren Inbox Security customers use the native Office 365 security capabilities of Exchange Online Protection and Advanced Threat Protection (now collectively called Microsoft Defender for Office 365). If you follow this blog, you can’t help but notice that CIS and our incident

What Is Macro Malware (Macro Virus)? Prevention Tips & Examples

Macro malware (also known as macro viruses) is a computer virus that is written in the same macro language used in other software, such as Microsoft Excel and Word. Since macro viruses use the same macro language, the attack begins as soon as the document is opened. Macro malware can