Security News

It was only a matter of time before cybercriminals turned their attention to one of the most common activities on the internet- a Google search. The latest trick is using long-tail search terms and legitimate websites to deliver the Gootkit remote access trojan.

Two Ukrainians charged for their involvement in a network providing cash-out and money laundering services to cybercriminals have been extradited to the United States. According to the indictment, the two were part of a cash-out and money laundering network offering services to cybercriminals who accessed bank accounts using stolen credentials, and then transferred funds to drop accounts maintained by the cash-out actors.

Cybercriminals have wasted little time in capitalizing on the vulnerabilities that come with remote work, and their attacks have been highly targeted, with a focus on business-related apps, according to GreatHorn. These attacks are increasingly difficult to detect as cybercriminals become more sophisticated and targeted in their attacks - advancing beyond the 'batch and blast' methodology to social engineering phishing campaigns.

Security researchers with threat intelligence firm Gemini Advisory say they have observed dark web activities related to bypassing 3D Secure, which is designed to improve the security of online credit and debit card transactions. Gemini's security researchers say that vulnerabilities in earlier versions of 3DS could have been exploited to bypass security.

A mysterious cybercrime group apparently driven by profit has been targeting industrial organizations in Europe, Asia and North America as part of an information theft campaign. The malware is delivered using spear phishing emails that purport to come from legitimate companies, including from within the victim organization itself and other companies that the victim might do business with.

Overall unique threats in the wild increased two folds from 389 in 2019 to 600 unique threats in 2020. The financial sector is the most proactive and concerned with cyber threats, running 39% of the total assessments performed, and the technology sector is the second most security conscious.

The majority of all malware is now delivered via cloud applications, underscoring how attackers increasingly abuse popular cloud services to evade legacy security defenses putting enterprise data increasingly at risk, a Netskope research reveals. "Cybercriminals increasingly abuse the most trusted and popular cloud apps, especially for cloud phishing and cloud malware delivery," said Ray Canzanese, Threat Research Director at Netskope.

Even if you have one or all of "The big three" Netflix, Hulu and Amazon Prime, you still won't be able to watch "Wandavision," "The Servant" or "The Mandalorian." What if you're compelled to see those shows and can't justify subscribing to the channel? Using phishing pages, spam letters, cloned urls and more, these cybercriminals are hard at work finding ways to monetize viewers' interests.

Over the last year, I've spoken with state IT teams throughout the U.S., and discovered that, while states responded effectively by enabling the move to a virtual working environment, the race to establish remote operations has exposed huge cybersecurity vulnerabilities within local municipalities: the struggle for adequate funding, the challenges in attracting skilled IT workers, and the widening cyber threat landscape are pushing municipalities to the brink. In the last year, RDP attacks increased by over 768%. For cybercriminals looking for vulnerable targets, local governments and municipalities with lax remote work security protocols are perfect targets for ransomware and other malicious actions.

U.S. law enforcement arrested six "Ringleaders" of a Ghana-based cybercriminal enterprise, who had allegedly launched a slew of money-stealing scams dating back to 2013 that included romance scams, business email compromise attacks and fraud. While the six arrested were allegedly involved with the criminal enterprise based in Ghana, they were located across the U.S. and targeted individuals and businesses in the U.S. Scams Relating to Romance, COVID-19 Relief.