Security News

The Ukrainian cyberpolice force arrested nine members of a criminal group that operated over 400 phishing websites crafted to appear like legitimate EU portals offering financial assistance to Ukrainians. The threat actors used forms on the site to steal visitors' payment card data and online banking account credentials and perform fraudulent, unauthorized transactions like moving funds to accounts under their control.

Researchers are warning a post-COVID upsurge in travel has painted a bullseye on the travel industry and has spurred related cybercrimes. Since January the researcher at Intel 471 detect multiple hacks used by cybercriminals to trade the credentials linked to the traveling websites.

The threat cluster dubbed UNC2165, which shares numerous overlaps with a Russia-based cybercrime group known as Evil Corp, has been linked to multiple LockBit ransomware intrusions in an attempt to get around sanctions imposed by the U.S. Treasury in December 2019. "These actors have shifted away from using exclusive ransomware variants to LockBit - a well-known ransomware as a service - in their operations, likely to hinder attribution efforts in order to evade sanctions," threat intelligence firm Mandiant noted in an analysis last week.

How important is it to find and treat the underlying cause of an attack, instead of just dealing with the obvious symptoms? Attackers stuck around for more than a month on average when ransomware wasn't their primary goal.

The scam industry is becoming more structured and involves more and more parties divided into hierarchical groups, according to Group-IB. The number of such groups jumped to a record high of 390, which is 3.5 times more than last year, when the maximum number of active groups was close to 110. Due to Scam-as-a-Service, in 2021 the number of cybercriminals in one scam gang increased 10 times compared to 2020 and now reaches 100.

A year-long international investigation has resulted in the arrest of the suspected head of the SilverTerrier cybercrime group by the Nigeria Police Force. "The suspect is alleged to have run a transnational cybercrime syndicate that launched mass phishing campaigns and business email compromise schemes targeting companies and individual victims," Interpol said in a statement.

A 37-year-old man from New York has been sentenced to four years in prison for buying stolen credit card information and working in cahoots with a cybercrime cartel known as the Infraud Organization. He joined the gang in August 2011 and remained a member for five-and-a-half years.

The inner workings of a cybercriminal group known as the Wizard Spider have been exposed, shedding light on its organizational structure and motivations. The TrickBot operators have also extensively cooperated with Conti, another Russia-linked cybercrime group notorious for offering ransomware-as-a-service packages to its affiliates.

US President Joe Biden has signed into law a bill that aims to improve how the federal government tracks and prosecutes cybercrime. The Better Cybercrime Metrics Act, which Biden signed late last week, requires the Department of Justice to work with the National Academy of Sciences to develop a taxonomy that law enforcement can use to categorize different types of cybercrime.

Witschi, the assistant director for cybercrime threat response and operations at Interpol, told The Register about recent successes that the agency's Gateway cyber-threat intel sharing project has had, and the increasingly well-funded, targeted attacks that law enforcement agencies are trying to prevent. Through the project private-sector security shops including Fortinet, Palo Alto Networks, Trend Micro, Kaspersky Lab and others share intelligence with Interpol member countries' law enforcement agencies to help them investigate cybercrime and attribute attacks to the various crime rings.