Articles about Cybercrime

The people behind phishing attacks are always looking for ways to improve their profitability. They quite often re-use material by bundling site resources into a phishing kit, uploading that kit to a server and sending a new batch of emails.

Sometimes though they get careless and leave the kits behind allowing them to be analyzed. Trusted access specialist Duo Security carried out a month-long experiment to track down these abandoned kits.

Continue reading →

The recent crackdown on popular dark web markets AlphaBay and Hansa is driving cyber criminals to migrate to messaging apps like Discord, ICQ, Skype, Telegram and Whatsapp, according to a new report.

The study from threat management company IntSights analyzed thousands of black markets, text storage/paste sites, hacking forums, IRC channels, apps and social media pages, and uncovers a steady increase in threat actors inviting cyber crime forum users to join their chat groups.

Continue reading →

Researchers at SpiderLabs, the research arm of Trustwave have released results of their investigations into a major attack targeting Eastern European banks.

The attack uses mules to open new accounts with minimal deposits and, crucially, request a debit card. When the new card is delivered it's shipped elsewhere and hackers then use stolen credentials to manipulate the bank's systems and raise the overdraft limit, allowing cash to be drawn from ATMs.

Continue reading →

Global accountancy firm Deloitte -- known as one of the "big four" -- has been hit by a sophisticated hack. With echoes of the Equifax data breach and CCleaner hack, the cyberattack went undetected for months and results in confidential emails being accessed, as well as company plans, and the private information of high-profile, blue-chip clients.

Deloitte says that only a small number of its clients have been affected, but the size and importance of those that it deals with -- including US government departments -- means that even a limited number could have great impact. The firm is said to have discovered the hack in March, but it is possible that attackers gained access as long ago as October 2016.

Continue reading →

The cyber-attacks against US nuclear facilities are just the latest reminders of the crucial and persistent challenge of securing our nation’s important assets. Clearly, cyber threats are growing in number, complexity, and sophistication, underscoring the need for public and private sector entities to raise the bar on cybersecurity throughout their enterprises.

These rising threats are causing organizations and their current IT workforces to sound the alarm: not enough talent is available to properly address the myriad of cyber threats facing our nation. In fact, it is predicted that by 2022, there will be a shortfall of 1.8 million cybersecurity professionals in the US.

Continue reading →

Data breaches are fairly common nowadays. This is unfortunate, as it exposes sensitive information to evil hackers and other nefarious criminals. Look, people are doing their best to make it through the day -- working long hours and struggling to make ends meet. Then, some computer nerd comes along and adds to life's difficulties by stealing identities. Sigh.

Today, another data breach comes to light, but this time it is particularly bad. In fact, it could quite possibly be the worst such hack in history. You see, credit agency Equifax -- a company you'd expect to be very secure -- had consumer information stolen. Now, it isn't just a handful of people that are affected. No, it is a staggering 143 million consumers in the USA! To make matters worse, it includes the holy grail of personally identifiable information -- social security numbers. Besides SSN, the hackers got birth dates and addresses too. For some of these unfortunate folks, even credit card numbers and driver's license numbers were pilfered.

Continue reading →

IT systems at the Scottish Parliament have been struck by a "brute force cyber-attack" from an unknown source. Staff have been advised to change passwords as a result of the attack.

Paul Grice, Chief Executive at Holyrood, says that the attack is similar to the one Westminster suffered back in June. The hackers have attempted to crack passwords as well as trying to access parliamentary emails.

Continue reading →

The second quarter of this year has seen two of the largest recorded cyber attacks in WannaCry and NotPetya, and the latest quarterly report from Panda Security reveals there's been an increase in unknown threats too.

PandaLabs analyzed attack data collected from all devices protected by one of Panda Security's solutions and discovered a 40 percent increase in attacks from unknown threats from the previous quarter.

Continue reading →

Buying a house is the biggest purchase most people make, with large amounts of money involved it’s not surprising that these transactions are attractive to cyber criminals.

Security specialist Barracuda Networks has released an analysis of a recent mortgage spear phishing attempt where an attacker attempted to divert a payment.

Continue reading →

The world is once again reeling from a massive ransomware attack that either severely impacted companies’ operations or caused them to take a closer look at their ability to identify, contain and remediate these incidents. As attacks on enterprise networks grow more common and complex, incident response (IR) teams and security operations centers (SOCs) grow increasingly besieged: 44 percent of security operations managers see more than 5,000 alerts every day, according to the Cisco 2017 Annual Cybersecurity Report. Due to the staggering volume, organizations only investigate 56 percent of these alerts, and remediate less than one-half of the actual threats they receive.

Clearly, cybersecurity managers and staffers are overwhelmed. That’s why they must work with their leadership to come up with a multi-step process to effectively monitor, identify and eliminate threats. With this in mind, we’ve developed what we call an "IR Hierarchy of Needs" to empower SOC and IR teams:

Continue reading →

Security company McAfee is using this week's Black Hat conference to release a new report examining the role of cyber threat hunting and the evolution of the security operations center (SOC).

Among its findings are that on average, 71 percent of the most advanced SOCs closed incident investigations in less than a week and 37 percent closed threat investigations in less than 24 hours.

Continue reading →

E-learning courses costing under $1,000 are giving aspiring cyber criminals the potential to make $12k a month, based on a standard 40-hour working week according to new research.

The study from digital risk management company Digital Shadows finds the courses, available to Russian speakers only, last for six weeks and comprise 20 lectures with five expert instructors. The course includes webinars, detailed notes and course material at a cost of RUB 45,000 ($745), plus $200 for course fees.

Continue reading →

The Magecart attack which injects JavaScript into unpatched eCommerce sites in order to capture payment information first appeared in October last year.

Researchers at threat management specialist RiskIQ have been following a new strain of Magecart and found that it offers a rare insight into the operations of the actors behind digital threats.

Continue reading →

Skype has been having problems this week as a result of a DDoS attack which began on Monday. The Skype team acknowledged the problem, confirming that "some users will either lose connectivity to the application or may be unable to send or receive messages" as a result.

In order to mitigate the impact, Microsoft made some configuration changes which seems to have helped. A group called CyberTeam has claimed responsibility for the attack, and says it plans to target gaming platform Steam next.

Continue reading →

The largest share of data breach incidents involved the retail industry, closely followed by food and beverages, according to a new report.

The 2017 Global Security Report from Trustwave shows that 22 percent of incidents involved the retail industry, followed by food and beverages at 20 percent.

Continue reading →