Cyber Crime News, Articles and Updates

The state of account opening fraud

The best way to avoid account opening fraud is to detect fraudsters before they can gain access to any account opening processes. Other fraud detection techniques include location analysis, checking for automation vs human etc

Norway and Switzerland Joint Cybercrime Action Taskforce

Norway and Switzerland become new official members of the J-CAT (Joint Cybercrime Action Taskforce) based within Europol's European Cybercrime Centre (EC3) in the Netherlands.

Behavioural biometrics meet machine learning for fraud prevention

Learning algorithms are capable of recognising patterns in data and discern fraudsters from legitimate clients by correlating thousands of pieces of information that, most probably, wouldn't be otherwise noticeable to a human.

Bringing cryptocurrency to the front line: Who, what & why?

The stand-out arguments for regulatory intervention in cryptocurrencies are greater consumer protection and more effective financial crime prevention. But do they want the benefits and responsibilities of official recognition?

Nigerian extradited to US, pleads guilty to BEC scams, awaits sentencing

A Nigerian man pleaded guilty Wednesday in a US Manhattan Federal Court to helping perpetuate business email compromise (BEC) scams aimed at netting millions of dollars.

Remotely hosted objects used to spread Formbook malware

Cyber-criminals are once again abusing trusted applications, such as Microsoft Office, to launch multi-stage attacks inside malicious documents to deliver Formbook malware.

US Secret Service warns of crooks swapping out chips on stolen debit cards

Thieves are intercepting debit cards in the mail, removing their chips and replacing them with older or invalid ones, and then using the stolen chips when their rightful owner activates the sabotaged card.

URL file attacks spread Quant Loader trojan

A recent spate of attacks using phishing, social engineering, exploits, and obfuscation are being used to spread a Quant Loader trojan capable of distributing ransomware and password stealers.

Fake updates push Chtonic, NetSupport RAT via Joomla and WordPress sites

Malwarebytes has examined a relatively new fake update scam that uses a combination of legitimate websites, a real cloud storage site and social engineering to pass along either a banking Trojan and remote access tool to its victims.

Why digital fingerprinting could hold the key to GDPR compliance

The key to limiting damage is to neutralise the threat before the cyber-criminals have had a chance to monetise that all-important data. Banks spotting customer payment card details on the dark web can suspend those accounts.

£50m for law enforcement as Government ups ante on Cyber Defence

UK Home Secretary speech and announcements at CYBER UK Conference: Over £50 million investment pledged for the UK's cyber-defensive capabilities within law enforcement at a national, regional and local level.

Email compromise to exceed £6.4 bn in 2018 as attacks increase say NCSC/NCA

News Feature: The cyber threat to UK business 2017-2018 report jointly launched this week by the National Cyber Security Centre (NCSC) and the National Crime Agency(NCA) highlights the extent of the threats faced by the UK.

PUBG ransomware supplies its own decrypt key

MalwareHunterTeam has uncovered a simplistic, and almost benign, ransomware that is still under development that requires the victim to play the game PlayerUnknown's Battlegrounds in order to restore the encrypted files.

Near impossible mining speeds on Verge cryptocurrency using new exploit

An unknown hacker exploited a vulnerability in the Verge cryptocurrency platform which allowed an attacker to mine the coin at nearly 1,560 Verge coins (XVG), or about US$ 78 (£55), per second.

Researchers find new ATM jackpotting malware, possibly under development

Researchers have uncovered a new ATM jackpotting malware program that features a smaller system footprint and a simpler graphical user interface than its typical of its brethren.

Update: Cyber-attack knocks US Energy Services Group offline

A cyberattack against Energy Services Group (ESG), which handles customer transactions for natural gas pipelines owned by several energy firms, has knocked the company's systems offline.

Flaw in 'Sloppy' LockCrypt ransomware enables some victims to escape

Malwarebytes researchers discovered a weakness in the LockCrypt ransomware which enabled them to recover victim's files.

Newsbite: Criminal behind €1 billion cyber-bank robberies arrested in Spain

The leader of the crime gang behind the Carbanak and Cobalt malware attacks targeting more than 100 financial institutions worldwide has been arrested in Alicante, Spain.

Iranians indicted over state-sponsored IP theft, hacking US universities

The US Dept of Justice has charged nine Iranians from the Mabna Institute with stealing more than 31 terabytes of files from US, UK and other universities, companies, government agencies and non-governmental organisations.

Trickbot banking malware has new trick up its sleeve

Security reserachers have discovered that the Trickbot malware has been updated with you capabilities to evade detection and lock victim's computers.

New cross-platform backdoor 'Qrypter' RAT gaining prominence among hackers

A relatively recently launched (two years ago) Java-based remote access tool dubbed "Qrypter" is gaining popularity over existing cross-platform backdoors such as Adwind as an efficient Malware-as-a-Service (MaaS) platform.

15-year-old finds vulnerability in Ledger cryptowallets

A 15-year-old security researcher discovered a serious flaw in Ledger cryptocurrency wallets that would allow an attacker to siphon the device's private key and drain a user's cryptocurrency account(s).

New ransomware Zenis will delete backup files even if victim pays

A self-proclaimed "mischievous boy" who calls himself "ZENIS" unleashed ransomware attacks that encrypt the files and then purposely deleted the backups.

Selfies sold alongside personal info pose new threats to wallets

Cyber-criminals are selling selfies alongside their data dumps on Russian language dark web forums, offering potential buyers more options to exploit victims.

Bouncy Castle let down by inadequate protection of BKS-V1 keystore files

The BKS version 1 keystore files for Bouncy Castle, a collection of cryptographic APIs for C# and Java applications, reportedly contain a weak hash-based message authentication code (HMAC) that can easily be cracked by hackers.

SoftBank's Pepper & NAO robots highly vulnerable to ransomware attacks

More than 30,000 Pepper and NAO robots used worldwide are vulnerable to ransomware attacks through which cyber-criminals can restrict a business's access to data, impact operations and cause such robots to malfunction.

Cyber Security Certification Scheme launched by LDSC & Secured by Design

A pilot of the UK's first police-backed digital certification scheme has been launched the London Digital Security Centre (LDSC) in partnership with Secured by Design (SBD), the national police crime prevention initiative.

Exploring the Coincheck hack: Could it happen in the UK?

With £475 million worth of NEM coins stolen from the Japanese cryptocurrency exchange, Coincheck; and more than 850,000 Bitcoin (valued around £6 billion today) stolen from MT Gox in 2014, cryptocurrencies remain a prime target.

Cryptocurrency miner now kills off other miners

Researcher discovers coin miner that detects and switches off other miners, security tools or intense CPU processes.

Hackers using blockchain to keep authorities at bay & to sustain operations

Cyber-criminals have taken advantage of blockchain technologies to keep their websites and domains secure from takedown attempts by authorities, selling "dedicated host servers" as hack-proof to other cyber-criminals.