Security News
First, the crooks steal a trove of company files that they threaten to make public or to sell on to other crooks; then they scramble the data files on all the company's computers in order to bring business to a halt. Recent reports include an attack on fitness tracking company Garmin, which was allegedly blackmailed for $10m and did pay up, though apparently after wangling the amount down into the "Multi-million" range; and on business travel company CWT, which faced a similar seven-figure demand and ended up handing over $4.5m to the criminals to get its business back on the rails.
A man from the African country of Ghana was recently extradited to the United States over his role in various types of cybercrime schemes that authorities say caused millions of dollars in losses. The Ghanaian, 27-year-old Maxwell Peter, was charged along with several other individuals, back in 2017, by a federal grand jury with wire fraud, computer fraud, money laundering and identity theft.
Most APIs have /API/V1/login as an authentication endpoint. With all the possible activity in view, I can search for common misconfigurations or APIs that don't protect user data correctly.
What drives the cyber-crime economy, and how can organizations prevent their data being used as a criminal commodity?
A 350% increase in phishing websites was reported in the first quarter of the year, many targeting hospitals and health care systems and hindering their work responding to the COVID-19 pandemic, the U.N. counterterrorism chief said Thursday. Vladimir Voronkov told the U.N. Security Council that the upsurge in phishing sites was part of "a significant rise in cybercrime in recent months" reported by speakers at last month's first Virtual Counterterrorism Week at the United Nations.
Global police body Interpol warned Monday of an "Alarming" rate of cybercrime during the coronavirus pandemic, with criminals taking advantage of people working from home to target major institutions. "Cybercriminals are developing and boosting their attacks at an alarming pace, exploiting the fear and uncertainty caused by the unstable social and economic situation created by COVID-19," said Interpol Secretary General Juergen Stock.
The Cambridge Cybercrime Centre has a series of papers on cybercrime during the coronavirus pandemic. EDITED TO ADD (8/12): Interpol report....
The European Union has, for the first time ever, slapped sanctions on hacking crews. "Sanctions are one of the options available in the EU's cyber diplomacy toolbox to prevent, deter and respond to malicious cyber activities directed against the EU or its member states, and today is the first time the EU has used this tool," the EU said of the decision.
Trend Micro unveiled new insights analyzing the market for underground hosting services and detailing how and where cybercriminals rent the infrastructure that hosts their business. There are varied types of underground hosting and associated services used by cybercriminals to operate their businesses, including bulletproof hosting, VPNs, anonymizers, and DDoS protection.
More than 15 billion username and password pairs have been offered on cybercrime marketplaces, including over 5 billion unique credentials, according to a report published on Wednesday by San Francisco-based risk protection solutions provider Digital Shadows. Over the past few years, Digital Shadows added to its breach repository more than 15 billion credentials shared on criminal forums, paste sites, file sharing services, and code sharing websites.