LookBack malware in US utilities.
Between July 19th and 25th, Proofpoint identified spearphishing emails that hit at least three US companies in the utilities sector. The phishbait lay in the origin of the emails: they arrived from what Proofpoint thinks is an attacker-controlled domain, nceess[dot]com. The domain is designed to be mistaken for one owned by the US National Council of Examiners for Engineering and Surveying. The phish hook was an attached Microsoft Word document weaponized with malicious macros that install a malware package Proofpoint calls "LookBack," a remote access Trojan accompanied by a command-and-control proxy mechanism. The researchers believe there's enough evidence pointing to a nation-state as the actor behind LookBack, but the trail quickly grows cold. There are some overlaps with earlier campaigns associated with China's APT10, but these are insufficient for attribution.
Online card skimming is a growing problem.