Security News

Chinese upstarts are selling smartphone motherboards - and kit to run and manage them at scale - to operators of outfits that use them to commit various scams and crimes, according to an undercover investigation by state television broadcaster China Central Television revealed late last week. The report shows what appear to be chassis filled with 20 smartphone motherboards each, wired to a monitor that displays the screens of all 20 units.

FBI's Internet Crime Complaint Center has released its 2023 Internet Crime Report, which recorded a 22% increase in reported losses compared to 2022, amounting to a record of $12.5 billion. The number of relevant complaints submitted to the FBI in 2023 reached 880,000, 10% higher than the previous year, with the age group topping the report being people over 60, which shows how vulnerable older adults are to cybercrime.

Singapore-based infosec firm Group-IB has detected a group that spent the last two months of 2023 stealing personal info from websites operated by jobs boards and retailers websites across Asia. The actors, dubbed "ResumeLooters" by Group-IB, used SQL injection and Cross-Site Scripting attacks to steal databases from the sites.

Global crime networks have set up shop in autonomous territories run by armed gangs across Southeast Asia, and are using them to host physical and online casinos that, in concert with crypto exchanges, have led to an explosion of money laundering, cyberfraud, and cybercrime across the region and beyond. The scenario above was outlined on Monday by the United Nations Office on Drugs and Crime in a new report [PDF] titled "Casinos, Money Laundering, Underground Banking, and Transnational Organized Crime in East and Southeast Asia: A Hidden and Accelerating Threat."

OAuth is an especially appealing target for criminals in cases where compromised accounts don't have strong authentication in place, and user permissions allow them to create or modify OAuth applications. Microsoft, in a threat intel report, details one cyber crime crew it tracks as Storm-1283 that used a compromised account to create an OAuth application and deploy VMs for crypto mining, while also racking up between $10,000 and $1.5 million in Azure compute fees.

The world's largest cryptocurrency exchange just got a little smaller, with the US Department of Justice announcing Binance and its CEO Changpeng Zhao have both pleaded guilty to a multitude of financial crimes. According to a criminal case [PDF] unsealed Tuesday, Binance failed to register as a money services business in the United States, broke the Bank Secrecy Act by failing to implement and maintain an anti-money laundering program, and violated the International Emergency Economic Powers Act by allowing US users to transact with individuals in sanctioned countries.

Global financial crime compliance costs for financial institutions exceed $206 billion. Financial crime professionals embrace AI. While certain industries are still determining the ways in which AI and ML will bring about an influence, 71% of professionals in financial crime compliance indicate that their organizations are already enhancing data utilization through advanced analytics.

"Their primary objectives were to identify which evidence of Russian war crimes and exercise control over potential ground-deployed spies have our law enforcement teams," states the report [PDF], which was released on Monday. Intruders linked to Russia's Federal Security Service, Main Intelligence Directorate, and Foreign Intelligence Service also sought out material that could be used in criminal proceedings against Russian spies, other specific individuals, institutions, and organizations "Potentially leading to sanctions or other actions," the SSSCIP reports.

India is grappling with a three-and-a-half year surge in cyber crime, with analysis suggesting cities like Bengaluru and Gurgaon - centers of India's tech development - are also hubs of evil activity. The report - A Deep Dive into Cybercrime Trends Impacting India from the non-profit Future Crime Research Foundation - identified cyber crime hot spots, as well as the most popular types of infosec assaults, from January 2020 until June 2023.

The International Criminal Court said criminals breached its IT systems last week but it isn't over yet, with the ICC saying the "Cybersecurity incident" is still ongoing. As the court continues to analyze and mitigate the impact of the incident, the priority is ensuring that the core work of the Court continues.