Email security

The International Monetary Fund had 11 of its email accounts compromised following a cyberattack last month.

Henry Onyedikachi Echefu was noted by the U.S. Department of Justice to have pleaded guilty over his participation in a business email compromise scam with two other Nigerians between 2016 and 2017.

Attackers leveraging the 'no-reply@dropbox[.]com' domain sent emails with a Dropbox-hosted PDF to employees using the Darktrace SaaS environment.

Attackers leveraged phishing emails using contract-themed DocuSign lures that included PDF attachments.

Security pros say targeting source code will continue because it lets attackers identify new bugs and inject their own malware into the software supply chain.

Both Tycoon and Storm-1575 have also been leveraging adversary-in-the-middle phishing to circumvent multifactor authentication protections.

Reported losses suffered by U.S. victims of ransomware attacks jumped 74% last year, according to the agency’s latest IC3 annual report.

Intrusions by TA4903, which have ramped up since the second half of last year, involved the delivery of malicious PDF document attachments spoofing government entities.