Cyber Crime News, Articles and Updates

Israel cyber week: A tale of persistence

Fraud con 2.0 - Insights into a cyber-crime investigation - and how GDPR can inadvertently make tracking down criminals more difficult.

Wiper attack at Chilean bank provided cover for $10M SWIFT heist

The real target of a wiper malware attack on Banco de Chile were transactions on the SWIFT network that resulted in a £7.5 million heist.

Cyber-crime-fighting dogs to the rescue

In addition to sniffing out drugs, bombs, and other weapons, law enforcement agencies at federal and local levels are training their canine units to assist in fighting cyber-crime by sniffing out hidden electronic devices.

Non-Russian hackers target Russian electronic goods service centres

Security researcher have discovered a series of attacks targeted at service centres in Russia. Multi-staged attacks used 17-year-old vulnerability and a RAT

Banking trojans replaced ransomware as top email-based payload in Q1

The concept of infecting targeted users with banking trojans has been so successful in the recent past that in the first quarter of 2018, banking trojans overtook ransomware as the top malicious payload distributed through email.

Cryptojacking: How to avoid being a victim

Cryptojacking increases victims' electricity expenses, may affect user experience as computer performance is negatively impacted, and could cause down time of hijacked servers. It's nothing more than outright theft.

Fraudulent transactions on mobile apps grew by over 600% in three years

Earlier this month, the Q1 Cybercrime Report from ThreatMetrix revealed that in the first quarter of 2018 alone, ecommerce services suffered as many as 820 million bot attacks.

Four DDoS myths exposed as false

Four prevalent myths about DDoS are that: DDoS only hits big brands; every DDoS attack is the same; protection is too expensive; all solutions are the same - but each of these beliefs is false.

Not so safe in the cloud - a quarter of enterprises hit by cryptojackers

Newly published research reveals the poor state of enterprise cloud security, as evidenced by the advance of cryptojacking within these environments.

TeleGrab information stealer swipes Telegram cache and key files

Researchers detected a new malware that steals not only browser credentials, browser cookies and text files, but also cache and key files from the desktop version of end-to-end encrypted instant messaging service Telegram.

Cyber-security spend to exceed US$1 tn in 5yrs to 2021; losses to hit $6 tn

Expenditure on cyber-security in the five years to 2021 will exceed US$1 trillion; losses from cyber-crime reach US$6 trillion annually; top 500 cyber-security companies list published.

New Apple ID phishing operation protects web assets with AES encryption

A recently discovered email phishing campaign was found targeting Apple ID credentials, while using AES encryption to thwart active countermeasures against their malicious website.

USB drive sniffing K-9 helps capture student hacker

A US student in San Fransico accused of hacking his school's computer system to change grades was captured with the aid of a K-9 unit when its dog was able to sniff out a thumb drive holding incriminating evidence.

Vega Stealer malware targeting marketing, PR and advertising sectors

Researchers have come across a new ransomware variant named Vega Stealer that is taking special aim at those in the marketing, advertising, public relations and retail/manufacturing industries.

One year after WannaCry, the ransomware threat is not what it used to be

2017 represented the peak of ransomware, not a new dawn, with WannaCry and NotPetya anomalous spikes; overall infection rates have declined ever since, down 50%, from 350 different ransomware families in 2015 to 170 in 2017.

Healthcare sector suffered more than half of all cyber-attacks in 2017

In the past couple of years, while we have seen a rise in businesses adopting new cyber-security policies, such measures have not been able to curb the rise of malicious malware and cyber-weapons used against healthcare.

Dutch Police & NCA lead takedown of world's largest DDoS marketplace

Operation Power Off, led by the Dutch Police and the UK's National Crime Agency, supported by Europol and a dozen other law enforcement agencies led to arrests of the administrators of DDoS marketplace

Two-thirds of online banking systems in 2017 contained high-risk vulnerabilities

75 percent of online banking systems contained cross-site scripting flaws, 69 percent lacked protection from data interception, 63 percent had insufficient authorisation, 50 percent were vulnerable to sensitive data disclosure.

Malicious calculator app adds up Bitvote coins in cryptomining scheme

Attackers recently distributed a trojanised calculator app that downloads a cryptominer targeting Bitvote (BTV), a forked version of Bitcoin that launched just last January.

Ukraine Energy Ministry suffers ransomware attack - Bitcoins demanded

Ukraine's energy and coal ministry website has been hit by a ransomware attack demanding Bitcoin to recover encrypted files according to a report from Reuters citing Ukrainian cyber police spokeswoman Yulia Kvitko.

LinkedIn Autofill flaw lets hackers harvest website visitors' personal info

If the visitor clicks anywhere on the page, then according to Cable, "LinkedIn interprets this as the AutoFill button being pressed, and sends the information via postMessage to the malicious site".

Global cyber-crime-based economy worth over £1.07 trillion, finds study

The global cyber-crime-based economy has become a self-sustaining system and oversees the theft, laundering, spending, and reinvesting of £1.07 trillion by cyber-criminals across the globe, a study by Bromium has revealed.

PinkKite: The continuing threat of POS malware

POS systems are unique, typically single-purpose and require limited software to function. Defenders should use this to their advantage, and enable application whitelisting to prevent unwanted or modified processes from running.

The state of account opening fraud

The best way to avoid account opening fraud is to detect fraudsters before they can gain access to any account opening processes. Other fraud detection techniques include location analysis, checking for automation vs human etc

Norway and Switzerland Joint Cybercrime Action Taskforce

Norway and Switzerland become new official members of the J-CAT (Joint Cybercrime Action Taskforce) based within Europol's European Cybercrime Centre (EC3) in the Netherlands.

Behavioural biometrics meet machine learning for fraud prevention

Learning algorithms are capable of recognising patterns in data and discern fraudsters from legitimate clients by correlating thousands of pieces of information that, most probably, wouldn't be otherwise noticeable to a human.

Bringing cryptocurrency to the front line: Who, what & why?

The stand-out arguments for regulatory intervention in cryptocurrencies are greater consumer protection and more effective financial crime prevention. But do they want the benefits and responsibilities of official recognition?

Nigerian extradited to US, pleads guilty to BEC scams, awaits sentencing

A Nigerian man pleaded guilty Wednesday in a US Manhattan Federal Court to helping perpetuate business email compromise (BEC) scams aimed at netting millions of dollars.

Remotely hosted objects used to spread Formbook malware

Cyber-criminals are once again abusing trusted applications, such as Microsoft Office, to launch multi-stage attacks inside malicious documents to deliver Formbook malware.

US Secret Service warns of crooks swapping out chips on stolen debit cards

Thieves are intercepting debit cards in the mail, removing their chips and replacing them with older or invalid ones, and then using the stolen chips when their rightful owner activates the sabotaged card.