Security News
ValidCC, a dark web bazaar run by a cybercrime group that for more than six years hacked online merchants and sold stolen payment card data, abruptly closed up shop last week. There are dozens of online shops that sell so-called "Card not present" payment card data stolen from e-commerce stores, but most source the data from other criminals.
The U.S. Justice Department announced today the disruption of the Netwalker ransomware operation and the indictment of a Canadian national for alleged involvement in the file-encrypting extortion attacks. Earlier today, BleepingComputer reported that law enforcement in the U.S. and Bulgaria seized Netwalker sites on the dark web used for leaking data from non-paying victims and for negotiating payments for data decryption.
President Joe Biden laid out a series of cybersecurity initiatives last week at his inauguration, including earmarking $10 billion for various cybersecurity defense initiatives. While Tom Kellermann, head of cybersecurity strategy for VMware Carbon Black, applauds Biden's plan, he stressed that it should merely be considered a "Down payment" toward a much larger sum needed to invest in digital security.
Joint research released this week from Brian Carter, principal researcher at HYAS, and Vitali Kremez, CEO at Advanced Intelligence, took a the look under the Ryuk hood concerning the business operations of the group. The two were able to trace payments involving 61 Bitcoin deposit addresses attributed to the Ryuk ransomware.
"As a result of COVID-19 and associated global trends, demand for malicious and illicit goods, services and data have reached new peak highs across dark web marketplaces," said researchers in a Friday analysis. Upon a deep-dive investigation into the underground marketplace, researchers found that the pricing for stolen payment cards has soared in 2020; jumping from $14.64 in 2019 to $20.16 in 2020.
Payment card processing giant TSYS suffered a ransomware attack earlier this month. TSYS provides payment processing services, merchant services and other payment solutions, including prepaid debit cards and payroll cards.
A cybercrime group known for targeting e-commerce websites unleashed a "Multi-stage malicious campaign" earlier this year designed with an intent to distribute information stealers and JavaScript-based payment skimmers. The ultimate goal of the attack, the researchers noted, was to steal payment and user data via several attack vectors and tools to deliver the malware.
The partnership will further enhance Cellulant's cybersecurity by proactively securing its digital banking channels and guarding against digital banking and payment fraud. Entersekt is working with the Cellulant team to integrate its mobile software development kit with Cellulant's product stack, making Entersekt's authentication and app security solutions available to Cellulant's clients.
PCI Pal announced a new collaboration with Oracle to offer its contact center customers additional security and compliance options for Cardholder Not Present payments. Bringing together Oracle's market-leading Enterprise Session Border Controller with PCI Pal's proven PCI compliance solutions, Oracle customers can ensure that their voice interactions and sensitive cardholder data are secure.