Security News
A Minnesota computer store suing its crime insurance provider has had its case dismissed, with the courts saying it was a clear instance of social engineering, a crime for which the insurer was only liable to cover a fraction of total losses. Travelers, which filed a motion to dismiss, said SJ's policy clearly delineated between computer fraud and social engineering fraud.
Three different offshoots of the notorious Conti cybercrime cartel have resorted to the technique of call-back phishing as an initial access vector to breach targeted networks. "Three autonomous threat groups have since adopted and independently developed their own targeted phishing tactics derived from the call back phishing methodology," cybersecurity firm AdvIntel said in a Wednesday report.
Protect your business from cybercrime with this dark web monitoring service We may be compensated by vendors who appear on this page through methods such as affiliate links or sponsored partnerships. In addition to using a VPN and anti-malware software, it's also smart to invest in a service like Dark Web Monitoring for Business.
Cybercrime is being supercharged through "Plug and play" malware kits that make it easier than ever to launch attacks. The HP Wolf Security threat team worked with Forensic Pathways, a leading group of global forensic professionals, on a three-month dark web investigation, scraping and analyzing over 35 million cybercriminal marketplaces and forum posts to understand how cybercriminals operate, gain trust, and build reputation.
The Ukrainian cyberpolice force arrested nine members of a criminal group that operated over 400 phishing websites crafted to appear like legitimate EU portals offering financial assistance to Ukrainians. The threat actors used forms on the site to steal visitors' payment card data and online banking account credentials and perform fraudulent, unauthorized transactions like moving funds to accounts under their control.
Researchers are warning a post-COVID upsurge in travel has painted a bullseye on the travel industry and has spurred related cybercrimes. Since January the researcher at Intel 471 detect multiple hacks used by cybercriminals to trade the credentials linked to the traveling websites.
The threat cluster dubbed UNC2165, which shares numerous overlaps with a Russia-based cybercrime group known as Evil Corp, has been linked to multiple LockBit ransomware intrusions in an attempt to get around sanctions imposed by the U.S. Treasury in December 2019. "These actors have shifted away from using exclusive ransomware variants to LockBit - a well-known ransomware as a service - in their operations, likely to hinder attribution efforts in order to evade sanctions," threat intelligence firm Mandiant noted in an analysis last week.
How important is it to find and treat the underlying cause of an attack, instead of just dealing with the obvious symptoms? Attackers stuck around for more than a month on average when ransomware wasn't their primary goal.
The scam industry is becoming more structured and involves more and more parties divided into hierarchical groups, according to Group-IB. The number of such groups jumped to a record high of 390, which is 3.5 times more than last year, when the maximum number of active groups was close to 110. Due to Scam-as-a-Service, in 2021 the number of cybercriminals in one scam gang increased 10 times compared to 2020 and now reaches 100.
A year-long international investigation has resulted in the arrest of the suspected head of the SilverTerrier cybercrime group by the Nigeria Police Force. "The suspect is alleged to have run a transnational cybercrime syndicate that launched mass phishing campaigns and business email compromise schemes targeting companies and individual victims," Interpol said in a statement.