Security News
The impact of identity fraud varies for organizations in the financial services industry, based on whether they belong to the banking or FinTech sector, according to Regula. When asked to evaluate the cost of the identity fraud they had experienced, the banking sector was found to be the most severely impacted, with a median financial burden of over $310,000.
A new dark web marketplace called STYX launched earlier this year and appears to be on its way to becoming a thriving hub for buying and selling illegal services or stolen data. However analysts at threat intelligence company Resecurity noticed mentions of STYX on the dark web since early 2022, when the founders were still building the escrow module.
The Department of Justice declared the confiscation of digital currency valued at approximately $112 million connected to fraudulent cryptocurrency investments. In these schemes, fraudsters cultivate long-term relationships with victims met online, eventually enticing them to make investments in fraudulent cryptocurrency trading platforms.
Ukraine's cyberpolice has arrested members of a fraud gang that stole roughly $4,300,000 from over a thousand victims across the EU. The crime group created over 100 fake "Phishing" sites targeting users in France, Spain, Poland, the Czech Republic, Portugal, and other European countries, enticing them with products below market prices. Orders placed by the victims didn't correspond to actual purchases, while the threat actors stole credit card details they entered on the phony sites.
For context, digital skimming attacks occur when threat actors deploy malicious code onto a merchant website where they target their checkout pages to scrape and harvest consumer payment account data, such as primary account number, card verification value, expiration date and personally identifiable information. Cryptocurrency bridge services were a favored target for threat actors in 2022 and from January through early October 2022, the cryptocurrency ecosystem experienced 13 separate bridge attacks totaling $2B. What can payment processors and e-commerce merchants do to help protect themselves against enumeration attacks?
Multiple threat actors have been observed using two new variants of the IcedID malware in the wild with more limited functionality that removes functionality related to online banking fraud. "The well-known IcedID version consists of an initial loader which contacts a Loader server, downloads the standard DLL Loader, which then delivers the standard IcedID Bot," Proofpoint said in a new report published Monday.
New IcedID variants have been found without the usual online banking fraud functionality and instead focus on installing further malware on compromised systems. Proofpoint has identified two new variants of the IcedID loader, namely "Lite" and "Forked", both delivering the same IcedID bot with a more narrow-focused feature set.
Our reliance on face matching for identity verification is being challenged by the emergence of artificial intelligence and facial morphing technology. With the increased availability of visual editors and printing devices, attempting to use face morphing for cheating identity verification systems has never been as easy as today.
Meet the newest member of the crypto rogues' gallery: Ho Wan Kwok, aka Guo Wengui, aka Miles Guo, whom the US Department of Justice on Wednesday arrested over what investigators have described as a "Sprawling and complex scheme to solicit investments in various entities and programs through false statements and representations to hundreds of thousands of Kwok's online followers." One of Guo's operations was called Himalaya Exchange.
Keeping up with financial fraud is incredibly difficult because accurate fraud detection requires a deep, real-time analysis of all the events surrounding a transaction. Teams need to have a portfolio of techniques to call upon, a centralized structure for identifying and combatting threats, and an agile approach to fight cyber-attacks and financial fraud.