Security News

The former systems administrator for the FIN7 card-slurping gang has been sentenced to 10 years in a US prison. Fedir Hladyr, 35, pled guilty to one count of conspiracy to commit wire fraud and one count of conspiracy to commit computer hacking last year, and on Friday was sentenced for his role in the theft and resale of over than 20 million customer card records from over 6,500 point-of-sale terminals across the US using the malware dubbed Carbanak.

An academic researcher has analysed more than 100 Computer Misuse Act cases to paint a picture of the sort of computer-enabled criminals who not only plagued Great Britain's digital doings in the 21st Century but were also caught by the plod. The average Computer Misuse Act convict is likely to be a semi- or low-skilled individual, mostly working alone and more likely than not to have no knowledge of his or her victim, James Crawford of Royal Holloway, University of London, found.

An academic researcher has analysed more than 100 Computer Misuse Act cases to paint a picture of the sort of computer-enabled criminals who not only plagued Great Britain's digital doings in the 21st Century but were also caught by the plod. The average Computer Misuse Act convict is likely to be a semi- or low-skilled individual, mostly working alone and more likely than not to have no knowledge of his or her victim, James Crawford of Royal Holloway, University of London, found.

The census happens in any year ending in the digit -1, making 2021 a census year. If you're amongst those who haven't finished off their census submissions yet, but who keep meaning to get around to it, make sure you don't fall prey to fake "Census reminder" notices sent out by cybercriminals!

This prompted a switch in tactics, with the bad guys going into intelligence mode, slowly gathering information about potential targets, and exploiting the pandemic knowledge gap to spearhead increasingly sophisticated attacks. In parallel, sophisticated supply chain attacks moved out of the realm of speculation, into reality, even as organisations grappled with traditional attacks and the growing scourge of ransomware.

The U.S. Department of Justice on Friday announced an indictment against Jean-Francois Eap, the CEO of encrypted messaging company Sky Global, and an associate for wilfully participating in a criminal enterprise to help international drug traffickers avoid law enforcement. Sky ECC is said to have surged in popularity following a similar takedown of Encrochat last July by French and Dutch investigators, with many criminal gangs shifting to the service to carry out criminal acts.

A series of police raids in Belgium have resulted in the apparent shutdown of the Sky ECC encrypted mobile phone network. As the second major encrypted phone network to be shut down by police in Europe, Sky ECC's seeming downfall has parallels with the Encrochat story, where French and Dutch police man-in-the-middle'd the encrypted phone network on suspicion it was being used mainly by organised criminals.

Last week, we argued over whether or not the media, including El Reg, should stop using the word hacker as a pejorative. The original meaning of hacker and hacking, in the context of computing, didn't denote criminality nor ill-intent, and referred to an avoidance of a standard solution.

While businesses have continued to fortify their networks against remote invaders, most have overlooked the potential for cyber threats from physical intruders. While such attacks are extremely rare in comparison to the endless virtual attacks launched every day, physical security gaps can allow threat actors to circumvent otherwise strong defenses to inflict serious damage.

"The COVID-19 pandemic compounded this with new challenges in securing remote workforces, making it essential that we quickly become more adaptable and learn how to better protect workers in any environment. While our total detections are down this year, we must remain vigilant. The threats we are seeing are more refined and damaging than ever before." Despite an overall drop in detections for Macs and Windows in 2020, it's clear the COVID-19 pandemic influenced the cybercrime world so much that many anticipated campaigns either never arrived, arrived with less impact, or were replaced entirely with attacks more suited against users during a pandemic.