Security News

Kaspersky's latest research identifies the top streaming services cybercriminals most use to disguise malicious files and lure vulnerable users. The year 2019 was host to what the report refers to as "Streaming Wars," or the moment when major network providers realized streaming services were the preferred method of consuming content.

Late last week, the University of California San Francisco revealed that it paid roughly $1.14 million to cybercriminals to recover data encrypted during a ransomware attack earlier this month. "While we stopped the attack as it was occurring, the actors launched malware that encrypted a limited number of servers within the School of Medicine, making them temporarily inaccessible," UCSF says.

A Russian computer hacker who facilitated $20 million in credit card fraud and ran a sophisticated clearinghouse for international cybercriminals was sentenced Friday to nine years in prison. Prosecutors say Aleksei Burkov of St. Petersburg, Russia, filled a unique niche in the world of cybercrime, describing his Direct Connection website as "The most exclusive criminal forum on the web." Would-be participants had to put up a $5,000 bond and have three existing members vouch for them.

Cybercriminals are increasingly using IM platforms like Telegram, Discord, Jabber, WhatsApp, IRC and others to advertise and sell their goods and services, IntSight researchers have found. IntSights CSO Etay Maor says that the migration to these platforms is at least partially the result of law enforcement operations that targeted the AlphaBay and Hansa markets several years ago, as well as the ongoing law enforcement takedowns of major marketplaces and cybercrime forums.

As multiple companies inch closer to a potentially life-saving vaccine for the coronavirus, cybercriminals with varying motives have increased attacks. During a webinar with CISO MAG earlier this month, Bryan Ware, assistant director for the US Cybersecurity and Infrastructure Security Agency said the attacks being led by the Chinese government were "Hindering vaccine development in the US," and the government body released its own memo to vaccine researchers urging them to beef up defenses.

No financial firm is ever safe, especially as cybercriminals become more determined and sophisticated in their attack methods. Cybercriminals often work to exploit fear and uncertainty during major world events by launching cyber attacks, and the pandemic is no exception.

A honeypot created by Cybereason to lure cybercriminals and analyze their methods showed that ransomware attacks infiltrate their victims in multiple stages. Using a honeypot, researchers at security firm Cybereason were able to attract multiple criminals using ransomware and follow each stage of an attack.

As a result, the FBI said it expects cybercriminals to target banking customers with fake banking apps and app-based banking trojans. Phony bank apps spoof the actual apps of major banks to trick users into entering their account credentials.

Malicious files masquerading as curriculum vitae are being sent to businesses to install malware that can capture passwords and other sensitive information, says Check Point Research. In a new malware campaign spotted by cyber threat intelligence provider Check Point Research, attackers spoof job seekers by sending out emails with file attachments that claim to be curriculum vitae.

Cybercriminals exposed over 5 billion records in 2019, costing over $1.2 trillion to U.S. organizations, according to ForgeRock. Coupled with breaches in 2018 costing over $654 billion, breaches over the last two years have cost U.S. organizations over $1.8 trillion.