Security News

Dubbed Cosmic Lynx, the group has carried out more than 200 BEC campaigns since July 2019, according to researchers from the email security firm Agari, particularly targeting senior executives at large organizations and corporations in 46 countries. Rather than use free accounts, Cosmic Lynx will register strategic domain names for each BEC campaign to create more convincing email accounts.

Stolen domain admin login credentials can be resold by dark web criminals for up to £95,000 and a total of 15 billion purloined credentials are traded on illicit marketplaces. "Rick Holland, CISO and strategy veep of Digital Shadows, mused:"The sheer number of credentials available is staggering and in just over the past 1.5 years, we've identified and alerted our customers to some 27 million [leaked] credentials which could directly affect them.... "Details exposed from one breach could be re-used to compromise accounts used elsewhere. The message is simple - consumers should use different passwords for every account and organizations should stay ahead of the criminals by tracking where the details of their employees and customers could be compromised."

Two months ago investigators in France and the Netherlands cracked the network's encryption, allowing law enforcement to listen in to criminal communications about selling and trafficking drugs, laundering money and murdering rivals, authorities said. The service's owners apparently became aware of the criminal investigation last month, informing an estimated 60,000 users with a message warning them to get rid of their EncroChat devices because their servers-operating out of France - had been "Seized illegally by government entities," according to the NCA. The service relied on EncroChat devices, which came with pre-loaded apps for instant messaging as well as the ability to make secure internet calls, with no other "Conventional smartphone" functionality, U.K. officials said.

In a joint operation, European and British law enforcement agencies recently arrested hundreds of alleged drug dealers and other criminals after infiltrating into a global network of an encrypted chatting app that was used to plot drug deals, money laundering, extortions, and even murders. Dubbed EncroChat, the top-secret encrypted communication app comes pre-installed on a customized Android-based handset with GPS, camera, and microphone functionality removed for anonymity and security.

In May, police in France, assisted by the Netherlands' cops, infiltrated EncroChat's core network - and in mid-June the operator pulled the plug, having realised the game was up. The takedown of the network has been a poorly disguised secret, with Northern Irish suspects reportedly being arrested last week after data from EncroChat's servers was shared around European police forces.

Police said Thursday they had shut down an encrypted phone network used as a key tool by organised crime groups across Europe to plot assassination attempts and major drug deals. French and Dutch police said they hacked the EncroChat network so they could read millions of messages "Over the shoulders" of criminal suspects as they communicated, leading to more than 100 arrests.

Paul Bischoff, consumer privacy expert with Comparitech, found that Amazon's face recognition platform incorrectly misidentified more than 100 photos of US and UK lawmakers as criminals. Rekognition, Amazon's cloud-based facial recognition platform that was first launched in 2016, has been sold and used by a number of United States government agencies, including ICE and Orlando, Florida police, as well as private entities.

New Zealand police revealed Monday they had frozen NZ$140 million in assets linked to a Russian man accused of laundering money for organised crime using cyber currency. Police said they acted after discovering funds belonging to Alexander Vinnik, who is in custody in France facing fraud charges, were being held in a New Zealand company.

Sadly unlawful cryptomining is still a thing, and SophosLabs has just published a report that follows the evolution and operation of the cybercrime gang behind a botnet known as Kingminer. Servers have two desirable properties for cryptomining abuse, namely that they're always on, so any unauthorised mining runs 24/7, and they're usually much more powerful than the average laptop, so the crooks can dial in decent earnings without taking over the server so completely that they get noticed.

Masks that have made criminals stand apart long before bandanna-wearing robbers knocked over stagecoaches in the Old West and ski-masked bandits held up banks now allow them to blend in like concerned accountants, nurses and store clerks trying to avoid a deadly virus. He said he knows of seven recent armed robberies in the region where every suspect wore a mask.