Cyber Criminals News, Articles and Updates

BlackTDS offering lets cyber-criminals buy drive-by attacks as a service

Since December 2017, dark web markets have been displaying advertisements for a new "Traffic Distribution System" called BlackTDS that performs malicious drive-by attacks as a service to paying cyber-criminals.

Sophisticated hacking tools now in the hands of petty cyber-criminals

Sophisticated hacking tools and techniques like watering-hole attacks, once used only by nation states or proxies, now increasingly used by criminal hackers, fueling concerns that state-sponsored hackers may have gone rogue.

AlphaBay PR flack pleads guilty to conspiracy charge

In a US court, the public spokesperson for the now defunct Dark Web marketplace AlphaBay has pleaded guilty conspiracy to commit access device fraud.

SoftBank's Pepper & NAO robots highly vulnerable to ransomware attacks

More than 30,000 Pepper and NAO robots used worldwide are vulnerable to ransomware attacks through which cyber-criminals can restrict a business's access to data, impact operations and cause such robots to malfunction.

Exploring the Coincheck hack: Could it happen in the UK?

With £475 million worth of NEM coins stolen from the Japanese cryptocurrency exchange, Coincheck; and more than 850,000 Bitcoin (valued around £6 billion today) stolen from MT Gox in 2014, cryptocurrencies remain a prime target.

Legal cryptocurrency mining operation's power draw creates concern

Illegal cryptocurrency mining has taken over as the primary money-generating methodology for many cyber-criminals, but even companies attempting to mine digital currency legally are running into some problems.

Cryptocurrency miner now kills off other miners

Researcher discovers coin miner that detects and switches off other miners, security tools or intense CPU processes.

Hackers using blockchain to keep authorities at bay & to sustain operations

Cyber-criminals have taken advantage of blockchain technologies to keep their websites and domains secure from takedown attempts by authorities, selling "dedicated host servers" as hack-proof to other cyber-criminals.

Rig EK all but disappears, usage down 96 percent

The Rig exploit kit, once used almost exclusively to deliver ransomware, is now not only no longer delivering that malware but has experienced a 96 percent reduction in overall usage.

Social media and engineering used to spread Tempted Cedar Spyware

Cyber-criminals are using social media and social engineering to dupe victims into downloading Advance Persistent Threat spyware disguised as the Kik messenger app.

Winter Olympics: How can sports organisers defend against cyber-criminals?

There are multiple motives behind cyber-attacks on big sporting events; corporate blackmail, access to the personal and financial information of ticket buyers. Mainly, cyber- criminals are attracted by high numbers and attention/profit.

Confucius cyber-gang spreads backdoor ridden chat apps in Romance scams

As Valentine's Day arrives, cyber-criminals have been looking to once again seize the opportunity to target lonely singles in romance schemes looking to persuade victims into downloading malware hidden in chat apps.

Windows Installer service hacked to infect victims' systems with malware

Cyber-criminals are using a malware spam campaign to exploit a remote code execution vulnerability in Microsoft Office to download and execute malicious scripts on victims' systems.

Latvian man pleads guilty to role in malvertising-based scareware scheme

A Latvian national who at one point was the fifth most wanted cyber-criminal in the US pleaded guilty this week in a US federal court to supporting a scareware scheme targeting users of the Minneapolis Star Tribune's website.

Olympic torch lights the way for cyber-criminals

The potential for cyber-attacks being launched during the 2018 Winter Olympics in Pyeongchang against those attending the games, is so strong that US CERT has issued cyber-security guidelines for those visiting.

DarkSky botnet spotted evading security measures

A new botnet has been discovered by security researchers that has anti-virtual machine capabilities to evade security controls such as a sandbox.

Reddit site spoofed by cyber-criminals to steal credentials of users

Cyber-criminals set up a malicious website that spoofed the original Reddit site and stole login credentials of unsuspecting visitors, yet managed to obtain a valid SSL certificate from a domain registry.

Cyber-criminals exploiting traditional trust measures for compromises

Cyber-criminals are exploiting traditional measures of trust to gain a foothold on users systems by compromising trusted sites via background initiated requests, using phishing sites, and typo-squatting.

Darknet markets worth keeping an eye on - you may see your data for sale

Jamie Bartlett, author of The Dark Net, advises monitoring the darknet markets, both to respond to your own data being sold, but also to protect your reputation if passwords are alleged to come from you following a hack elsewhere.

Stolen adult site login credentials help fuel dark web economy

Cyber-criminals have been using pornography and adult content as a lure to spread malware and steal information since it hit the internet, but recent research shows that access to sites is also fueling a lucrative trade on the dark web.

More than 100 malwares searching for Spectre & Meltdown vulnerabilities

It hasn't taken long for cyber-criminals to craft malware specifically designed to seek out machines vulnerable to the recently disclosed Spectre and Meltdown speculative execution bugs found in most computer chips.

Cryptominers and malspam up while zero days and ransomware decline

Malicious actors kept busy late last year adding new weapons to their arsenal while placing others on the backburner as they attempted to profit from new honey pots like cryptocurrency mining and boosting the amount of old favourites.

Twitter spam app plaguing accounts

Cyber-criminals attempting to take advantage of Twitter users' curiosity over who visits their page are using a new form of bait that advertises the ability to track such visits.

Crooks fabricate SpriteCoin cryptocurrency as lure to download ransomware

Fictional cryptocurrency SpriteCoin cooked up by cyber-crooks as a ruse to infect wannabe miners with a particularly devilish ransomware program.

US Defence Dept stops 36M malicious emails daily, 600 Gbps DDoS attacks

Attackers continue to consider email an attractive attack vector and this highlights the stresses that security pros face daily trying to sort through threats.

AdultSwine malware helps porn ads and scams invade children's apps

Cyber-criminals have been spiking game apps, including several aimed at children, with malware that displays pornographic ads, pushes fake security apps, and registers users for premium services with permission.

2018 Winter Olympics being used as phishing attack bait

The opening ceremony for the Pyeongchang Winter Olympics in South Korea is still a month away, but cyber-criminals have already started using it as part of their social engineering plans in several phishing attacks.

India's 1.2 billion citizen national database reportedly breached

India's national ID database containing the information of nearly 1.2 billion people was breached with cyber-criminals selling access to the information for US$ 8 (£6), though officials deny the extent of the incident.

Ukrainian software company compromised to spread Zeus banking trojan

Cyber-criminals launched a cyber-attack using the official website of a Ukraine-based accounting software developer to distribute a new variant of Zeus over a Ukrainian holiday.

Cloud-based docs the new frontier for phishing attacks

Ever on the lookout for a new avenue of attack, cyber-criminals have figured out a method of using Google App Scripts to automatically download malware hosted in Google drive to any computer.