Security News

The Grugq has written an excellent essay on how the Russian cybercriminal gang FIN7 operates. The secret of FIN7's success is their operational art of cyber crime.

The period has seen strong transaction volume growth compared to 2019 but an overall decline in global attack volume. The EMEA region saw lower overall attack rates in comparison to most other global regions from January through June 2020.

State securities officials say cybercrime including email attacks are on the rise during the pandemic, and they're warning people to be careful online. A statement from the Alabama Securities Commission says social engineering attacks have been increasing with more people working at home and children using virtual learning because of the coronavirus outbreak.

Researchers at Digital Shadows, a San Francisco-based provider of digital risk protection solutions, have analyzed the traffic statistics of several popular cybercrime forums and they have shared some interesting observations. After seeing Altenen's post, researchers at Digital Shadows decided to look at the traffic statistics of several popular cybercriminal forums, and compared the findings to their own perception of these websites.

Cybercrime costs organizations $24.7, YOY increase of more than $2 every minute, a RiskIQ report reveals. The report covers the top threats facing today's organizations, which are proliferating at a clip of 375 per minute, and reflects the current surge in attacks leveraging the COVID-19 pandemic.

First, the crooks steal a trove of company files that they threaten to make public or to sell on to other crooks; then they scramble the data files on all the company's computers in order to bring business to a halt. Recent reports include an attack on fitness tracking company Garmin, which was allegedly blackmailed for $10m and did pay up, though apparently after wangling the amount down into the "Multi-million" range; and on business travel company CWT, which faced a similar seven-figure demand and ended up handing over $4.5m to the criminals to get its business back on the rails.

A man from the African country of Ghana was recently extradited to the United States over his role in various types of cybercrime schemes that authorities say caused millions of dollars in losses. The Ghanaian, 27-year-old Maxwell Peter, was charged along with several other individuals, back in 2017, by a federal grand jury with wire fraud, computer fraud, money laundering and identity theft.

Most APIs have /API/V1/login as an authentication endpoint. With all the possible activity in view, I can search for common misconfigurations or APIs that don't protect user data correctly.

What drives the cyber-crime economy, and how can organizations prevent their data being used as a criminal commodity?

A 350% increase in phishing websites was reported in the first quarter of the year, many targeting hospitals and health care systems and hindering their work responding to the COVID-19 pandemic, the U.N. counterterrorism chief said Thursday. Vladimir Voronkov told the U.N. Security Council that the upsurge in phishing sites was part of "a significant rise in cybercrime in recent months" reported by speakers at last month's first Virtual Counterterrorism Week at the United Nations.