Articles about Cybercrime

A new report from Barracuda finds the volume of ransomware threats detected spiked between January and June of this year to more than 1.2 million per month.

Researchers have also seen a spike in the number of service providers that have been hit with a ransomware attack. The main targets, however, are still five key industries: education, municipalities, healthcare, infrastructure, and financial.

Continue reading →

Major cyberattacks still have the power to make headline news, yet reporting and indeed conviction rates for cybercrime remain low. It's perhaps not surprising then that rising numbers of young people are getting involved in these illegal activities.

We spoke to Simon Newman, International Cyber Expo Advisory Council member and CEO of the Cyber Resilience Centre for London, to get his views on what needs to be done to improve reporting and change the mindset of 'script kiddies' for the better.

Continue reading →

According to a new study 59 percent US and UK consumers are now more cautious about trusting others online thanks to having watched fraud documentaries.

The report from Onfido looks at the impact of popular shows like Inventing Anna and The Tinder Swindler and finds that 67 percent of consumers admit they have changed their outlook on fraud.

Continue reading →

We all know that stolen information is traded on the dark web, and new research by Trustwave looks at what is available and how much it costs. It also uncovers the additional services that are being offered to make it easier to commit fraud.

Details of a stolen credit card can be bought for as little as $8. Much more valuable though is a card with 'fullz' -- extra information on the victim that makes the card more usable. These can cost up to $70.

Continue reading →

The threat landscape is constantly evolving and the shift to hybrid has only widened the attack surface. Today, organizations continue to be in the firing line as cybercriminals exploit their most used application: emails. The proliferation of phishing and business email attacks have seen hackers targeting the biggest corporate security weakness; employees.

Threat actors target workers because they are seen as the weakest link. Cybercriminals are thriving by targeting and exploiting staff, especially those who haven’t received effective user education and training. As the attack surface expands and threats become more sophisticated, organizations must reinvent the wheel by changing their approach to cybersecurity. Where should they start? With training employees and providing omnipresent tools and technology to prevent, detect, and recover from even the most sophisticated of attacks.

Continue reading →

Office macros have long been a favorite attack method for cybercriminals but now that Microsoft has started blocking them by default the bad guys have started to turn to other methods.

A new report from HP Wolf Security shows a shift to shortcut (LNK) files being used to deliver malware. Attackers often place shortcut files in ZIP email attachments, to help them evade email scanners.

Continue reading →

As global travel restrictions continue to ease this summer, many will wander to new destinations. Recent research anticipates that 208 million American adults (80.84 percent) plan to travel this summer with more than 20 percent of those planning to travel internationally. While this is a positive forecast for the travel and hospitality sector, for cybersecurity, it presents a host of potential risks. Insecure WiFi connections and personal device usage, to name a few.

As malicious activity proliferates and cybercriminals become more discrete and persistent with their attack methods, organizations and their employees must be vigilant at all times, unfortunately even when on vacation. Simply checking company emails on a personal device while connected to public WiFi at a café or airport could have massive repercussions for an organization. Employees must always take precautions, as cybercriminals will be looking to exploit organizations during employee downtime. While it is best to completely avoid bringing your corporate devices on vacation, fortunately, there are measures that we can all take to reduce our risk of falling victim to an attack while working from unfamiliar locations.

Continue reading →

The shift to remote working has boosted the popularity of messaging apps, in particular those like Discord and Telegram which have underlying elements that allow users to create and share programs or other types of content that's used inside the platform.

But research from Intel471 shows cybercriminals are finding ways to use these platforms to host, distribute, and execute functions that ultimately allow them to steal credentials or other information from unsuspecting users.

Continue reading →

Much like the legitimate eCommerce world, trust and reputation have become essential parts of the cybercriminal trade. New research by HP Wolf Security finds 77 percent of cybercriminal marketplaces analyzed require a vendor bond -- a license to sell -- which can cost up to $3,000.

In other evidence of a professional approach, 85 percent of these sites use escrow payments, and 92 percent have a third-party dispute resolution service. Every marketplace provides vendor feedback scores too. Cybercriminals also try to stay a step ahead of law enforcement by transferring reputations between websites -- as the average lifespan of a dark net website is only 55 days.

Continue reading →

According to a report by the UK’s National Cyber Security Centre, almost half of all recorded UK cyber incidents between September 2020 and August 2021 targeted the public sector. Public sector cybersecurity is being put to the test and it’s imperative that public sector organizations properly protect the sensitive data that is in their possession.

Back in October 2020, Hackney Borough Council in London suffered a serious ransomware attack which took many of its services and IT systems offline. The attack cost the council millions of pounds and today, more than 18 months later, data is still missing across many services. In February 2022, the Information Commissioner’s Office ordered Hackney Borough Council to disclose information regarding what cybersecurity training its staff had received prior to the attack, when they were required to work from home due to the Covid-19 pandemic.

Continue reading →

Phishing emails referencing corporate issues and delivery problem notifications are the ones most likely to induce people to click links according to new research.

Data on simulated phishing attacks from Kaspersky's Security Awareness Platform shows emails with these subjects were successful in getting people to click 16 to 18 percent of the time.

Continue reading →

The world of ransomware is becoming increasingly professional and it’s easier than ever for new entrants to get into the business.

A new report from Tenable looks at the ransomware ecosystem and how it has become one of the biggest threats to organizations as well as being lucrative for the criminals behind it.

Continue reading →

The age of what might be called the hobbyist hacker is long gone, replaced by a much more serious trend towards organized crime and nation states being behind hacking and cyberattacks.

In an era where data can be weaponized, both businesses and governments need to take the threat seriously. It's important for security teams to understand how attacks are carried out and the motivations that lie behind them.

Continue reading →

Although ransomware remained the most common threat last year the number of new ransomware families and unique variants discovered in 2021 decreased significantly compared to previous years.

Researchers from WithSecure suggest that this could highlight a potential opportunity to disrupt the cybercrime ecosystem that's exacerbated the problem in recent years.

Continue reading →

We've become familiar with the widespread use of ransomware, but researchers at Rapid7 have been examining the rise of a newer phenomenon, 'double extortion'.

Pioneered by the Maze ransomware group, double extortion involves cybercriminals collecting files before encrypting them. Then if the target organization refuses to pay they threaten to release sensitive information.

Continue reading →