Security News

The Federal Bureau of Investigation warns of increasing complaints that cybercriminals are using Americans' stolen Personally Identifiable Information and deepfakes to apply for remote work positions. The public service announcement, published on the FBI's Internet Crime Complaint Center today, adds that the deepfakes used to apply for positions in online interviews include convincingly altered videos or images.

An illicit online marketplace known as SSNDOB was taken down in operation led by U.S. law enforcement agencies, the Department of Justice announced Tuesday. SSNDOB trafficked in personal information such as names, dates of birth, credit card numbers, and Social Security numbers of about 24 million individuals in the U.S., generating its operators $19 million in sales revenue.

In a joint advisory [PDF] this week, the FBI, CISA and US Treasury Department outlined technical details about how Karakurt operates, along with actions to take, indicators of compromise, and sample ransom notes. Karakurt doesn't target any specific sectors or industries, and the gang's victims haven't had any of their documents encrypted and held to ransom.

The Federal Bureau of Investigation and the U.S. Department of Justice announced today the seizure of three domains used by cybercriminals to sell personal info stolen in data breaches and provide DDoS attack services. To was selling subscriptions allowing its users to search a database containing information stolen in more than 10,000 data breaches.

Scammers are claiming to be collecting donations to help Ukrainian refugees and war victims while impersonating legitimate Ukrainian humanitarian aid organizations, according to the Federal Bureau of Investigation. "The FBI warns the public of fraudulent schemes seeking donations or other financial assistance related to the crisis in Ukraine," the US law enforcement agency said this week in a public service announcement.

The gathered credentials are then exfiltrated and sold on Russian cybercrime forums for prices ranging from a few to thousands of U.S. dollars. Armed with this login information, the agency pointed out, adversaries can proceed to conduct brute-force credential stuffing attacks to break into victim accounts spanning different accounts, internet sites, and services.

Russian crooks are selling network credentials and virtual private network access for a "Multitude" of US universities and colleges on criminal marketplaces, according to the FBI. According to a warning issued on Thursday, these stolen credentials sell for thousands of dollars on both dark web and public internet forums, and could lead to subsequent cyberattacks against individual employees or the schools themselves. "The exposure of usernames and passwords can lead to brute force credential stuffing computer network attacks, whereby attackers attempt logins across various internet sites or exploit them for subsequent cyber attacks as criminal actors take advantage of users recycling the same credentials across multiple accounts, internet sites, and services," the Feds' alert [PDF] said.

Cybercriminals are offering to sell for thousands of U.S. dollars network access credentials for higher education institutions based in the United States. The sensitive information consists of network credentials and virtual private network access "To a multitude" of higher education organizations in the U.S. In some cases, the seller posted a screenshot proving that the credentials provide the advertised access.

The FBI, in a joint advisory with the US government Departments of State and Treasury, has warned that North Korea's cyberspies are posing as non-North-Korean IT workers to bag Western jobs to advance Kim Jong-un's nefarious pursuits. North Korean IT workers may accept foreign contracts and then outsource those projects to non-North-Korean folks.

Multiple cybersecurity and law enforcement agencies from FVEY countries shared guidance for MSPs to secure networks and sensitive data against these rising cyber threats. "The UK, Australian, Canadian, New Zealand, and U.S. cybersecurity authorities expect malicious cyber actors-including state-sponsored advanced persistent threat groups-to step up their targeting of MSPs in their efforts to exploit provider-customer network trust relationships," the joint advisory reads.