Cybercrime

Buying a house is the biggest purchase most people make, with large amounts of money involved it’s not surprising that these transactions are attractive to cyber criminals.

Security specialist Barracuda Networks has released an analysis of a recent mortgage spear phishing attempt where an attacker attempted to divert a payment.

The world is once again reeling from a massive ransomware attack that either severely impacted companies’ operations or caused them to take a closer look at their ability to identify, contain and remediate these incidents. As attacks on enterprise networks grow more common and complex, incident response (IR) teams and security operations centers (SOCs) grow increasingly besieged: 44 percent of security operations managers see more than 5,000 alerts every day, according to the Cisco 2017 Annual Cybersecurity Report. Due to the staggering volume, organizations only investigate 56 percent of these alerts, and remediate less than one-half of the actual threats they receive.

Clearly, cybersecurity managers and staffers are overwhelmed. That’s why they must work with their leadership to come up with a multi-step process to effectively monitor, identify and eliminate threats. With this in mind, we’ve developed what we call an "IR Hierarchy of Needs" to empower SOC and IR teams:

Security company McAfee is using this week's Black Hat conference to release a new report examining the role of cyber threat hunting and the evolution of the security operations center (SOC).

Among its findings are that on average, 71 percent of the most advanced SOCs closed incident investigations in less than a week and 37 percent closed threat investigations in less than 24 hours.

E-learning courses costing under $1,000 are giving aspiring cyber criminals the potential to make $12k a month, based on a standard 40-hour working week according to new research.

The study from digital risk management company Digital Shadows finds the courses, available to Russian speakers only, last for six weeks and comprise 20 lectures with five expert instructors. The course includes webinars, detailed notes and course material at a cost of RUB 45,000 ($745), plus $200 for course fees.

The Magecart attack which injects JavaScript into unpatched eCommerce sites in order to capture payment information first appeared in October last year.

Researchers at threat management specialist RiskIQ have been following a new strain of Magecart and found that it offers a rare insight into the operations of the actors behind digital threats.

Skype has been having problems this week as a result of a DDoS attack which began on Monday. The Skype team acknowledged the problem, confirming that "some users will either lose connectivity to the application or may be unable to send or receive messages" as a result.

In order to mitigate the impact, Microsoft made some configuration changes which seems to have helped. A group called CyberTeam has claimed responsibility for the attack, and says it plans to target gaming platform Steam next.

The largest share of data breach incidents involved the retail industry, closely followed by food and beverages, according to a new report.

The 2017 Global Security Report from Trustwave shows that 22 percent of incidents involved the retail industry, followed by food and beverages at 20 percent.

Last week's WannaCrypt attack infected over 200,000 devices and is estimated to have made its perpetrators $72,000.

Increasingly scammers and criminals are seeing the internet as a means of making financial returns. Cyber crime has become a serious business and no business or information is safe from attack.

DDoS attacks are a popular cyber criminal technique, used either to cause a distraction for a different crime or demand a ransom for calling off or not launching an attack.

New research from Kaspersky Lab reveals how profitable this activity can be. Researchers studied the DDoS services on offer on the black market and looked at how far the illegal business has advanced, as well as the extent of its popularity and profitability.

Sleeper cell accounts which appear normal and hide among normal users, waiting for long periods of time to age the account before striking, are the latest technique being used by cyber attackers.

These accounts are often used for testing or carrying out the attack in stages, according to fraud and financial crime detection service DataVisor.

It has become common practice for attackers to use Artificial Intelligence (AI) and Machine Learning (ML) to link tools together so that they can be run in parallel when conducting an attack.

Attackers use AI and ML to take the results from one tool and then allow the other tools to "learn" about the finding and use it against other systems. As an example, if a one tool finds a password, that tool can feed the information to another tool or bot that may conduct the exploitation of one or many systems using the discovered password.

Cyber criminals are employing more sophisticated techniques in their attacks, including the use of 'false flagging' to disguise their true source.

This is one of the findings of the latest threat intelligence report from NTT Security, on a positive note though it records a 35 percent decrease in the number of attacks in the final quarter of 2016.

Cyber crime is a competitive business, particularly for those who buy and sell their dubious services via online marketplaces.

But that competition can lead to the scammers being scammed. So called 'rippers' seek to defraud other criminals by selling dumps of fake social media credentials or invalid credit card details, or taking money without delivering the promised goods.

In the 2002 movie Minority Report, a law enforcement squad called "Precrime" arrests future criminals before they commit their act. Imagine if businesses could predict the future behavior of potential employees before hiring (or not hiring) them? That’s what Veris Benchmarks’ products aim to achieve.

The company also offers Veris Prime, is a free online test that you can take for yourself, and which measures your personal trustworthiness and shows how your results compare to white collar criminals.

A new report from Kaspersky Lab finds that businesses in North America are significantly less protected against cyberattacks compared to those worldwide.

According to the study 20 percent of global enterprises suffered four or more data breaches in the past year, while 44 percent of North American businesses suffered a similar number of attacks.