Security News
China has 50 hackers for every one of the FBI's cyber-centric agents, the Bureau's director told a congressional committee last week. "The scale of the Chinese cyber threat is unparalleled. They've got a bigger hacking program than every other major nation combined and have stolen more of our personal and corporate data than all other nations big or small combined."
If you plug your phone into a USB outlet that's provided by someone else, how can you be sure that it's only providing charging power, and not secretly trying to negotiate a data connection with your device at the same time? In the words of the FCC:. If your battery is running low, be aware that juicing up your electronic device at free USB port charging stations, such as those found in airports and hotel lobbies, might have unfortunate consequences.
Criminals posing as law enforcement agents of the Chinese government are shaking down Chinese nationals living the United States by accusing them of financial crimes and threatening to arrest or hurt them if they don't pay, according to the FBI. The miscreants involved in this financial fraud contact victims by spoofed phone or email messages, the bureau said in an advisory this week. Popular fake identities for the crooks include agents at the People's Republic of China Ministry of Public Security or US-based Chinese consulates.
Avoid using free charging stations in airports, hotels, or shopping centers. Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices that access these ports.
For-profit companies reportedly linked to sextortion activity are targeting victims using various deceptive tactics to pressure them into paying for "Assistance" services provided by non-profit agencies and law enforcement for free, the FBI warns. Sextortion is a digital extortion scheme where criminals use phishing emails or fake social media profiles to deceive potential victims into sharing explicit videos or images later used for blackmail.
"Account access credentials advertised for sale on Genesis Market included those connected to the financial sector, critical infrastructure, and federal, state, and local government agencies," the U.S. Department of Justice said in a statement. DoJ called Genesis Market one of the "Most prolific initial access brokers in the cybercrime world."
Active since 2018, Genesis Market's slogan was, "Our store sells bots with logs, cookies, and their real fingerprints." Customers could search for infected systems with a variety of options, including by Internet address or by specific domain names associated with stolen credentials. Multiple domains associated with Genesis had their homepages replaced with a seizure notice from the FBI, which said the domains were seized pursuant to a warrant issued by the U.S. District Court for the Eastern District of Wisconsin.
Market, has had its web site seized by the United States Federal Bureau of Investigations. Market as "An invitation-only marketplace" from which buyers can acquire "Stolen credentials, cookies, and digital fingerprints that are gathered from compromised systems".
The domains for Genesis Market, one of the most popular marketplaces for stolen credentials of all types, were seized by law enforcement earlier this week as part of Operation Cookie Monster. While authorities have yet to publish press releases about the takedown, accessing the Genesis Market domains shows a banner saying that the FBI has executed a seizure warrant.
BEC attacks are usually aimed at stealing money or valuable information, but the FBI warns that BEC scammers are increasingly trying to get their hands on physical goods such as construction materials, agricultural supplies, computer technology hardware, and solar energy products. In 2022, the FBI also warned of a BEC scheme aiming to steal shipments of food products and ingredients.