Articles about Cybercrime

Most data thefts are down to relatively simple techniques, like phishing, in order to get hold of login credentials. But even where systems are well protected, hackers can find ingenious ways of breaching security.

VPN advice site Top 10 VPN has compiled information from research and from real world attacks to highlight some of the more innovative ways of stealing data in an infographic.

Continue reading →

The first three quarters of 2017 have seen 3,833 breaches reported, exposing over seven billion records, according to a new report.

But the study by Risk Based Security reveals that 78.5 percent of all records exposed came from just five breaches. Compared to the same period in 2016, the number of reported breaches is up 18.2 percent and the number of exposed records is up 305 percent.

Continue reading →

Code signing certificates are used to verify the authenticity and integrity of software and are a vital element of internet and enterprise security. By taking advantage of compromised code signing certificates, cybercriminals can install malware on enterprise networks and consumer devices.

A study for machine identity protection company Venafi by the Cyber Security Research Institute shows that digital code signing certificates are changing hands on the dark web for up to $1,200, making them worth more than credit cards, counterfeit US passports and even handguns.

Continue reading →

The people behind phishing attacks are always looking for ways to improve their profitability. They quite often re-use material by bundling site resources into a phishing kit, uploading that kit to a server and sending a new batch of emails.

Sometimes though they get careless and leave the kits behind allowing them to be analyzed. Trusted access specialist Duo Security carried out a month-long experiment to track down these abandoned kits.

Continue reading →

The recent crackdown on popular dark web markets AlphaBay and Hansa is driving cyber criminals to migrate to messaging apps like Discord, ICQ, Skype, Telegram and Whatsapp, according to a new report.

The study from threat management company IntSights analyzed thousands of black markets, text storage/paste sites, hacking forums, IRC channels, apps and social media pages, and uncovers a steady increase in threat actors inviting cyber crime forum users to join their chat groups.

Continue reading →

Researchers at SpiderLabs, the research arm of Trustwave have released results of their investigations into a major attack targeting Eastern European banks.

The attack uses mules to open new accounts with minimal deposits and, crucially, request a debit card. When the new card is delivered it's shipped elsewhere and hackers then use stolen credentials to manipulate the bank's systems and raise the overdraft limit, allowing cash to be drawn from ATMs.

Continue reading →

Global accountancy firm Deloitte -- known as one of the "big four" -- has been hit by a sophisticated hack. With echoes of the Equifax data breach and CCleaner hack, the cyberattack went undetected for months and results in confidential emails being accessed, as well as company plans, and the private information of high-profile, blue-chip clients.

Deloitte says that only a small number of its clients have been affected, but the size and importance of those that it deals with -- including US government departments -- means that even a limited number could have great impact. The firm is said to have discovered the hack in March, but it is possible that attackers gained access as long ago as October 2016.

Continue reading →

The cyber-attacks against US nuclear facilities are just the latest reminders of the crucial and persistent challenge of securing our nation’s important assets. Clearly, cyber threats are growing in number, complexity, and sophistication, underscoring the need for public and private sector entities to raise the bar on cybersecurity throughout their enterprises.

These rising threats are causing organizations and their current IT workforces to sound the alarm: not enough talent is available to properly address the myriad of cyber threats facing our nation. In fact, it is predicted that by 2022, there will be a shortfall of 1.8 million cybersecurity professionals in the US.

Continue reading →

Data breaches are fairly common nowadays. This is unfortunate, as it exposes sensitive information to evil hackers and other nefarious criminals. Look, people are doing their best to make it through the day -- working long hours and struggling to make ends meet. Then, some computer nerd comes along and adds to life's difficulties by stealing identities. Sigh.

Today, another data breach comes to light, but this time it is particularly bad. In fact, it could quite possibly be the worst such hack in history. You see, credit agency Equifax -- a company you'd expect to be very secure -- had consumer information stolen. Now, it isn't just a handful of people that are affected. No, it is a staggering 143 million consumers in the USA! To make matters worse, it includes the holy grail of personally identifiable information -- social security numbers. Besides SSN, the hackers got birth dates and addresses too. For some of these unfortunate folks, even credit card numbers and driver's license numbers were pilfered.

Continue reading →

IT systems at the Scottish Parliament have been struck by a "brute force cyber-attack" from an unknown source. Staff have been advised to change passwords as a result of the attack.

Paul Grice, Chief Executive at Holyrood, says that the attack is similar to the one Westminster suffered back in June. The hackers have attempted to crack passwords as well as trying to access parliamentary emails.

Continue reading →

The second quarter of this year has seen two of the largest recorded cyber attacks in WannaCry and NotPetya, and the latest quarterly report from Panda Security reveals there's been an increase in unknown threats too.

PandaLabs analyzed attack data collected from all devices protected by one of Panda Security's solutions and discovered a 40 percent increase in attacks from unknown threats from the previous quarter.

Continue reading →

Buying a house is the biggest purchase most people make, with large amounts of money involved it’s not surprising that these transactions are attractive to cyber criminals.

Security specialist Barracuda Networks has released an analysis of a recent mortgage spear phishing attempt where an attacker attempted to divert a payment.

Continue reading →

The world is once again reeling from a massive ransomware attack that either severely impacted companies’ operations or caused them to take a closer look at their ability to identify, contain and remediate these incidents. As attacks on enterprise networks grow more common and complex, incident response (IR) teams and security operations centers (SOCs) grow increasingly besieged: 44 percent of security operations managers see more than 5,000 alerts every day, according to the Cisco 2017 Annual Cybersecurity Report. Due to the staggering volume, organizations only investigate 56 percent of these alerts, and remediate less than one-half of the actual threats they receive.

Clearly, cybersecurity managers and staffers are overwhelmed. That’s why they must work with their leadership to come up with a multi-step process to effectively monitor, identify and eliminate threats. With this in mind, we’ve developed what we call an "IR Hierarchy of Needs" to empower SOC and IR teams:

Continue reading →

Security company McAfee is using this week's Black Hat conference to release a new report examining the role of cyber threat hunting and the evolution of the security operations center (SOC).

Among its findings are that on average, 71 percent of the most advanced SOCs closed incident investigations in less than a week and 37 percent closed threat investigations in less than 24 hours.

Continue reading →

E-learning courses costing under $1,000 are giving aspiring cyber criminals the potential to make $12k a month, based on a standard 40-hour working week according to new research.

The study from digital risk management company Digital Shadows finds the courses, available to Russian speakers only, last for six weeks and comprise 20 lectures with five expert instructors. The course includes webinars, detailed notes and course material at a cost of RUB 45,000 ($745), plus $200 for course fees.

Continue reading →