Cyren Security Blog

Open Source Ransomware Targets Fortnite Users

by Maharlito Aquino and Kervin Alintanahin

The global gaming phenomenon Fortnite has a huge global user base – last reported in March at 250 million gamers – and the just-concluded Fortnite World Cup with its $30 million prize pool and an online viewing audience of over two million has certainly only added to its allure. Over 40 million Fortnite gamers competed in qualifying rounds to get one of the 100 coveted spots in the World Cup and a guaranteed $50,000 payout, plus a shot at the $3 million top prize (won by a 16-year old!). Given the size of the global player pool and the evident motivation to up one’s game, it comes as no surprise that cybercriminals are now targeting Fortnite users by leveraging their competitive zeal.

Test the Effectiveness of Your Email Security

by Duncan Mills

Do you keep seeing phishing emails getting through to users, and wish you could quantify how effective your email security is—or isn't? Email is the main vehicle for introducing malware into an organization, and is practically synonymous with phishing these days, so it is a sensible idea to get a grasp on whether your security is doing its job well or poorly — but lots of people don't. Here at Cyren we know how eye-opening such an evaluation can be, as the email security "gap analyses" that we performed for a series of organizations in 2018 showed that an average 7.2% of email protected by a number of email security products, but still reaching users, was spam or contained a threat. 

Evasive Phishing Driven by Phishing-as-a-Service

by Tinna Thuridur Sigurdardottir and Magni Sigurdsson

Cyren’s research lab has turned up 5,334 new, unique phishing kits deployed to the web so far this year, an indication of the scope and scale of turn-key phishing offerings.

Attack Exploits Vulnerability in Half of Email MTAs Globally

by Tobias Herkula

Attacks predicted for a freshly reported email server vulnerability have come true in less than a week. If you’re an email administrator, you should be aware of the attacks this week targeting a vulnerability in the Exim MTA server code (versions 4.87 to 4.91), the objective of which is to create a backdoor that could then be exploited for almost anything, since with the backdoor in place, the attackers would then have full root access on the server. 

A view from the exhibition floor: three takeaways from Infosecurity Europe

by Duncan Mills

infosec Infosecurity Europe

This year’s Infosecurity Europe yet again made me realise that I am privileged to work in such an exciting industry. As always, there was a lot of hype to cut through, but once you did, there were great insights to be found. Here are my top three takeaways from walking the floor.

It’s Back! Facebook Cryptominer Worm Reemerges

by Maharlito Aquino and Kervin Alintanahin

Back in 2017, we wrote a blog about a malware spreading on Facebook, which, it turns out, continues to be relevant today—referring to both the blog and the malware. At the time we analyzed part of the 2017 Digmine campaign that installed a cryptominer payload, and (lo and behold!) just last month this campaign reemerged on Facebook with a new variant that uses the files section of Facebook groups and employs tactics similar to those used two years ago. We decided to monitor and do a breakdown of one of them in order to discover if there is really any new behavior we might alert you to.