Cyber Crime News, Articles and Updates

Cyber-criminals focus on CPU mining tools as attacks grow sixfold

Cryptocurrency extraction a bigger draw for hackers now

Equifax hackers likely in network from March - 141 days before discovery

It took Equifax 141 days to discover a breach that exposed the data of 143 million US consumers with hackers likely accessing the credit monitoring firm's systems in March, a full two months before Equifax originally said they did.

Tier one incident expected, Government cyber-specs likely - NCSC

We can expect to see a cyber-security incident at a category one level within the next few years. The government specifying what it will buy is an effective way of changing the market - Ian Levy, technical director, NCSC

If you could break into your company systems, what would you do?

Privileged access - not people - is the true insider threat says David Higgins. Securing privileged accounts should be on-going with continuous evaluation and adjustments to improve security as the threat landscape changes.

Darkweb counterfeiters taken down in Europol coordinated joint action

Criminals buying and/or selling counterfeit Euro banknotes on illegal Darknet marketplaces, such as AlphaBay and Hansa Market, have been arrested in a joint operation by seven EU Member States, coordinated by Europol.

Red Alert banking malware steals credentials

A new strain of banking malware is targeting Android users, security researchers have discovered. Red Alert Trojan targets more than 60 banking and social networking apps

How can the legal industry address the threat of online scams?

More than a quarter of law firms in England and Wales were targeted by fraudsters in 2016, with most attempted scams taking place online, but there are a number of steps which can be taken to prevent attacks says Peter Groucutt

Apache Struts vulnerability led to earlier breach at Equifax

Equifax said a breach it discovered in March was not related to the second in September though the hackers were reportedly the same, and the same vulnerability in Apache Struts was exploited in both incidents.

Doubling Down: Locky & FakeGlobe ransomware pushed in dual spam campaigns

Cyber-criminals kicked off a spam campaign earlier this month capable of delivering either Locky or FakeGlobe ransomware creating a situation where a single person could be victimised twice in the same attack.

Report: Without safeguards, Internet & IoT may create surveillance states

A catastrophic worldwide cyber-attack, the emergence of an IoT-enabled surveillance state, and the weakening of encryption were among the chief security and privacy fears expressed by experts.

Dealing with DDoS - Blockchain would have saved Final Fantasy XIV

Stephen Holmes, suggests use of blockchain to thwart DDoS attacks, noting its collective computing power would require multiple nodes across multiple institutions to be attacked to overwhelm the full system.

Financial attractiveness of ransomware ensures it remains growing threat

Mobile devices under increasing attack from malware, including ransomware, which has seen a 122 percent increase in variants as it becomes an increasingly attractive option for criminals.

Spoiler alert: SMEs and the threat of ransomware attacks

Most small or medium-sized organisations in the UK have experienced several different security attacks and data breaches in the past year. And more than a third have experienced a ransomware attack reports Justin Dolly

Trapping to hunting: intelligent analysis of anomalies to detect compromises

One of the goals of Breach Detection Systems is to provide the most effective automated detection with minimal false positives, because excessive false positives cause "fatigue" in the incident responder explains Dr. Giovanni Vigna

Shipping organisations get code of practice for tackling cyber threats

Department for Transport launches new Cyber Security code of practice for ships as "Cyber-security ... threatens the reliability and performance of a shipping sector that carries 95 percent of our trade [so] has to be taken seriously."

The hidden danger of cryptocurrency mining in the enterprise

New research has revealed that cryptocurrency mining software has already infected at least 1.65 million endpoints this year. Should the enterprise be worried?

LinkedIn Premium accounts being used in phishing scam

Hackers are using the business-oriented LinkedIn social media site to send phishing InMails posing as a Wells Fargo document - the delivery method is to be trusted, but the content may not be.

Ransomware rumblings in the cloud: stormy weather predicted

A ransomware encrypted desktop computer is enough to make you Wannacry, but the techniques and tools hackers need to make hostages of cloud services and data are already in the wild argues Mimecast CTO Neil Murray.

Billions of Bluetooth devices vulnerable to MITM attacks; no user action

Billions of Bluetooth devices, including those running on Android, iOS, Linux, and Windows, contain vulnerabilities that can allow malicious actors to remotely execute code, take over devices, and perform (MitM) attacks.

'Ransomware of things' spell trouble for transportation industry

The next step in the evolution of ransomware would be what they called "jackware" or ransomware designed to target connected devices subsequently creating a ransomware of things (RoT).

Email server vulnerability detection - a best practice checklist

By following best practices and incorporating security measures when setting up an email server, you will be able to protect yourself from the most frequent and dangerous scenarios says Marcell Gogan.

Quality is more important than quantity in the connected home

The issue for home IOT devices is trust and ease of use says Kevin Cunningham, managing director at SQS, and perceived problems of the connected home, such as security issues and privacy issues, need to be addressed now.

Sharing IOT malware rife, botnets now child's play as teen arrest shows

A 13 year old hacker caught trying to build up botnet to hack CCTV cameras demonstrates that attacking IoT devices is literally child's play, thanks to widespread sharing of IoTmalware.

Trickbot banking Trojan a significant risk to financial institutions

Vitali Kremez reports how the Necurs botnet is delivering a different type of malware that poses a threat specifically to the financial sector: the "Trickbot" banking Trojan.

Lessons from the Equifax breach - take a data-centric approach

Data on the endpoint did for Equifax, which is why, among other lessons learnt from the recent breach, visibility is a priority says Rick McElroy.

Web App vulnerability enables Equifax breach affecting up to 143m in US

Cyber-criminals gained unauthorised access to Equifax files in a breach that could affect as many as 143 million consumers in the US, the company said Thursday.

FBI malware compared to tracking device in interstate child porn case

A Texas federal judge last week ruled in favour of the US Department of Justice, rejecting a motion to suppress evidence obtained in the course of the investigation using FBI malware.

SynAck ransomware attacks on the rise - active £325k bitcoin wallet

Activity surrounding a new strain of ransomware named SynAck spiked last week with at least three different versions being reported.