A data breach in the U.K. has compromised personal information of over 15,000 new and expecting parents. According to reports, hackers targeted the National Childbirth Trust (NCT) last week, exposing email addresses, usernames, and encrypted versions of member passwords. Luckily, no sensitive data nor financial information was accessed by attackers, and the organization has already contacted all affected parties.
At SafeBreach, one of our major research areas is exfiltration (sending sensitive data out of the corporate network). In one of our research projects in late 2015, we set out to find the perfect exfiltration technique. At that time, we didn’t quite know what it would encompass, but we were determined to find out.
Over the past two and a half years, cybercriminals have managed to steal over $2.3 billion from thousands of companies worldwide by using little more than carefully crafted scam emails.
Known as business email compromise (BEC), CEO fraud or whaling, this type of attack involves criminals impersonating an organization's chief executive officer, or some other high-ranking manager, and instructing employees via email to initiate rogue wire transfers.