Security News

Researchers analyzing the collateral consequences of a ransomware attack include costs that are roughly seven times higher than the ransom demanded by the threat actors. Ransomware attacks typically involve stealing data from the company and encrypting systems to pressure the victim into paying to decrypt files and to avoid a data leak.

At the end of March 2022, the PCI Council released the PCI DSS 4.0. The current version of PCI DSS will still be available until Q1 2024, at which point 4.0 goes into full effect, with the exception where the Council has turned the evolving controls.

Cybercriminals are attempting to trick American users of digital payment apps into making instant money transfers in social engineering attacks using text messages with fake bank fraud alerts. "Under the pretext of reversing the fake money transfer, victims are swindled into sending payment to bank accounts under the control of the cyber actors," the FBI said.

Results from an Association for Financial Professionals survey are encouraging, as 71% of organizations report having been victims of payments fraud activity in 2021, lower than the 81% reported in 2019 and the lowest percentage recorded since 2014. Check fraud activity is unchanged from the prior year at 66%, while the share of respondents reporting payments fraud via ACH debits increased four percentage points from last year to 37%. Checks and ACH debits are the most susceptible to payments fraud, while wire fraud activity continued its steady decline from 48% in 2017 to 32% in 2021.

The payment services giant advises that some users may continue to experience issues online or over the phone. The issues reported by users included being unable to log in to their Amex accounts, make payments, or get to an Amex customer service representative over the phone.

Yesterday, American Express users across the world including US, UK, and Europe, experienced widespread outages lasting hours. The issues reported by users included being unable to log in to their Amex accounts, make payments, or get to an Amex customer service representative over the phone.

As cybercriminals increasingly turned to the dark web to pressure victims to pay up by threatening to release sensitive data, ransomware has reached new heights, Palo Alto Networks revealed. The average ransom demand jumped 144% in 2021, reaching $2.2 million, while the average payment rose 78%, reaching $541,010.

Sift released a report, detailing the increasingly sophisticated - and often automated - tactics cybercriminals leverage to commit payment fraud. Derived from a global network of over 34,000 sites and apps and a survey of over 1,000 consumers, the index reveals that the payment fraud attack rate across fintech ballooned 70% in 2021-making it the highest increase across any vertical in the network.

Russia may try to dodge sanctions using ransomware payments, warns US Treasury. As the United States and its companies distance themselves from Russia in the wake of its invasion of Ukraine, the Treasury says Russia may be attempting to avoid the sanctions by utilizing ransomware payments to do so.

The Treasury Department's Financial Crimes Enforcement Network warned U.S. financial institutions this week to keep an eye out for attempts to evade sanctions and US-imposed restrictions following Russia's invasion of Ukraine. FinCEN said [PDF] that it's critical to "Identify and quickly report suspicious activity associated with potential sanctions evasion, and conduct appropriate risk-based customer due diligence or, where required, enhanced due diligence."