Cyber Criminals News, Articles and Updates

MEWKit phishing campaign steals MyEtherWallet credentials

The cyber-criminals who last April executed a man-in-the-middle attack on a Amazon DNS server to steal £112,699 in Ethereum cryptocurrency from MyEtherWallet.com pulled off their heist using a newly discovered phishing kit.

Encrypted communications lure cyber-criminals from dark web to Telegram app

Cyber-criminals are branching out from the dark web and into encrypted messaging apps to conduct their nefarious deeds.

Rampant cryptojacking harming organisations' cyber-security, experts reveal

While individuals and businesses across the world have embraced cryptocurrencies due to the various benefits they come with, the concept has also attracted the attention of cyber-criminals.

Simple, but not cheap, phishing kit found for sale on Dark Web

Cyber-criminals are nothing if not attuned to finding new customers for their wares, as Check Point and CyberInt found when they came across a next-generation phishing kit for sale on the Dark Web geared toward the neophyte.

Two-thirds of online banking systems in 2017 contained high-risk vulnerabilities

75 percent of online banking systems contained cross-site scripting flaws, 69 percent lacked protection from data interception, 63 percent had insufficient authorisation, 50 percent were vulnerable to sensitive data disclosure.

Ransomware has generated about £3.3 million in bitcoin for its distributors

Two Italian researchers from the University of Padua have compiled an estimate of how much money, in bitcoin, has been generated by the various types of ransomware used by cyber-criminals.

Cyber-security isn't perfect, but you can cut the risks by doing the basics

Implementation of basic cyber-security practices isn't just down to the IT department, however, but needs to be enforced at all levels of an organisation, from the very top to the very bottom.

Entry-level Rarog cryptominer flies under the radar

A relatively unknown cryptomining malware dubbed "Rarog" is giving cyber-criminals an affordable way for entry level players to enter the field.

Charities across UK are vulnerable to CEO fraud, warns Charity Commission

The Charity Commission recently shot out alerts to charities across the UK, warning them that cyber-criminals posing as CEOs or senior executives at charities could launch phishing attacks on employees.

Selfies sold alongside personal info pose new threats to wallets

Cyber-criminals are selling selfies alongside their data dumps on Russian language dark web forums, offering potential buyers more options to exploit victims.

Newsbite: Polish police arrest prolific ransomware cyber-criminal

A Polish national using the online name "Armaged0n" was arrested by the Polish Police, in cooperation with the Belgian Federal Police and Europol on suspicion of having used ransomware to encrypt several thousand computers.

BlackTDS offering lets cyber-criminals buy drive-by attacks as a service

Since December 2017, dark web markets have been displaying advertisements for a new "Traffic Distribution System" called BlackTDS that performs malicious drive-by attacks as a service to paying cyber-criminals.

Sophisticated hacking tools now in the hands of petty cyber-criminals

Sophisticated hacking tools and techniques like watering-hole attacks, once used only by nation states or proxies, now increasingly used by criminal hackers, fueling concerns that state-sponsored hackers may have gone rogue.

AlphaBay PR flack pleads guilty to conspiracy charge

In a US court, the public spokesperson for the now defunct Dark Web marketplace AlphaBay has pleaded guilty conspiracy to commit access device fraud.

SoftBank's Pepper & NAO robots highly vulnerable to ransomware attacks

More than 30,000 Pepper and NAO robots used worldwide are vulnerable to ransomware attacks through which cyber-criminals can restrict a business's access to data, impact operations and cause such robots to malfunction.

Exploring the Coincheck hack: Could it happen in the UK?

With £475 million worth of NEM coins stolen from the Japanese cryptocurrency exchange, Coincheck; and more than 850,000 Bitcoin (valued around £6 billion today) stolen from MT Gox in 2014, cryptocurrencies remain a prime target.

Legal cryptocurrency mining operation's power draw creates concern

Illegal cryptocurrency mining has taken over as the primary money-generating methodology for many cyber-criminals, but even companies attempting to mine digital currency legally are running into some problems.

Cryptocurrency miner now kills off other miners

Researcher discovers coin miner that detects and switches off other miners, security tools or intense CPU processes.

Hackers using blockchain to keep authorities at bay & to sustain operations

Cyber-criminals have taken advantage of blockchain technologies to keep their websites and domains secure from takedown attempts by authorities, selling "dedicated host servers" as hack-proof to other cyber-criminals.

Rig EK all but disappears, usage down 96 percent

The Rig exploit kit, once used almost exclusively to deliver ransomware, is now not only no longer delivering that malware but has experienced a 96 percent reduction in overall usage.

Social media and engineering used to spread Tempted Cedar Spyware

Cyber-criminals are using social media and social engineering to dupe victims into downloading Advance Persistent Threat spyware disguised as the Kik messenger app.

Winter Olympics: How can sports organisers defend against cyber-criminals?

There are multiple motives behind cyber-attacks on big sporting events; corporate blackmail, access to the personal and financial information of ticket buyers. Mainly, cyber- criminals are attracted by high numbers and attention/profit.

Confucius cyber-gang spreads backdoor ridden chat apps in Romance scams

As Valentine's Day arrives, cyber-criminals have been looking to once again seize the opportunity to target lonely singles in romance schemes looking to persuade victims into downloading malware hidden in chat apps.

Windows Installer service hacked to infect victims' systems with malware

Cyber-criminals are using a malware spam campaign to exploit a remote code execution vulnerability in Microsoft Office to download and execute malicious scripts on victims' systems.

Latvian man pleads guilty to role in malvertising-based scareware scheme

A Latvian national who at one point was the fifth most wanted cyber-criminal in the US pleaded guilty this week in a US federal court to supporting a scareware scheme targeting users of the Minneapolis Star Tribune's website.

Olympic torch lights the way for cyber-criminals

The potential for cyber-attacks being launched during the 2018 Winter Olympics in Pyeongchang against those attending the games, is so strong that US CERT has issued cyber-security guidelines for those visiting.

DarkSky botnet spotted evading security measures

A new botnet has been discovered by security researchers that has anti-virtual machine capabilities to evade security controls such as a sandbox.

Reddit site spoofed by cyber-criminals to steal credentials of users

Cyber-criminals set up a malicious website that spoofed the original Reddit site and stole login credentials of unsuspecting visitors, yet managed to obtain a valid SSL certificate from a domain registry.

Cyber-criminals exploiting traditional trust measures for compromises

Cyber-criminals are exploiting traditional measures of trust to gain a foothold on users systems by compromising trusted sites via background initiated requests, using phishing sites, and typo-squatting.

Darknet markets worth keeping an eye on - you may see your data for sale

Jamie Bartlett, author of The Dark Net, advises monitoring the darknet markets, both to respond to your own data being sold, but also to protect your reputation if passwords are alleged to come from you following a hack elsewhere.