ICYMI: £77m phish; Czech win; ATM theft; Netflix ransom; Bank squat

News by SC Staff

In Case You Missed It: Google & Facebook phished; Czechs win exercise; ATM theft; Netflix ransom snub; Bank domains spoofed

Facebook and Google confirm falling victim to £77m phishing scam

Back in March, a Lithuanian man was arrested for duping two unnamed multinational internet companies via an email phishing attack. Google and Facebook have now confirmed that they were the two companies that fell victim to the scam costing them US$ 100 million (£77 million).

The man accused of being the scammer, Evaldas Rimasauskas, 48, allegedly posed as a manufacturer in Asia and defrauded the companies from 2013 until 2015, stashing the money in bank accounts across Eastern Europe. The emails were sent from accounts designed to look like they had come from an Asia-based manufacturer, but they did not. More...

Czech team wins Locked Shields 2017 cyber-defence exercise in Tallinn

In a live-fire cyber-defence exercise comprising 3,000 virtual systems and 2,500 attacks, the winner of this year's Locked Shields exercise is the Czech Republic.

The first Locked Shields was held in 2010. It was won by the NATO Blue Team in 2015 and Slovakia in 2016. This year, the Czech Republic beat Estonia and the NCIRC team from Nato into second and third place respectively. In a press statement, the organisers, the Estonia-based Nato Cooperative Cyber Defence Centre of Excellence (CCDCOE) reported that the Czech Republic defensive team also won a special prize for the scenario inject. More...

Vulnerability discovered in ATM cash machine security enables theft

A serious vulnerability has been discovered in cash machine security software that could allow an attacker to infect machines and steal money. The flaw was found in GMV's Checker ATM Security. The defect allows an attacker to remotely run code on a targeted ATM to increase their privileges in the system via ARP spoofing, infect it and steal money.

Checker ATM Security protects cash machines by enforcing several restrictions in software, including whitelisting with application control to block unauthorised applications, restricting attempts to connect peripheral devices – such as a keyboard or mouse – and limiting network connections with a firewall. The software is used in more than 80,000 cash machines worldwide, according to the vendor. More...

Orange is the New Blackhat: show leaked as Netflix snubs ransom demand

Pirated copies of the prison dramedy Orange is the New Black may contain malware, consumers are being warned, as blackhat hacker ‘The Dark Overlord' releases the show to the internet after failed attempt to extort Netflix.

Not scheduled to air until June, season five of the hit show was released on a free file-sharing website last week after Netflix refused to cave in to a ransom demand. The hacker, who goes by the name The Dark Overlord, claims to have additional content from Fox, IFC, National Geographic and ABC. "Oh, what fun we are all going to have. We're not playing any games anymore," the attacker posted on Twitter. More...

Hackers cyber-squat hundreds of UK bank domains to trick web users

DomainTools has uncovered 324 fake websites that appeared to be owned by five major UK banks, but were not. Researchers found 110 fake HSBC sites, 74 fake sites each for Barclays and Standard Chartered, 66 for Natwest and 22 for Lloyd's

Hackers often deceive customers into handing over personal details or login information by using domains disguised as legitimate websites, often achieved by domain squatting. Cyber-squatting or domain squatting entails registering a domain name to gain monetary benefit from a trademark that belongs to someone else. The domains are often used to redirect the victim to various scams including phishing email campaigns, pay-per-click ads and for-profit survey sites or more nefarious content such as ransomware or other forms of drive-by malware. More...

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews