Articles about Cybercrime


IoT botnet swells

The Mirai botnet has swollen to nearly 500,000 IoT compromised devices since source code for the malware was released at the start of October. The figures, taken from a new analysis by telco Level3, are a particular concern because Mirai was made up of only around 125K devices when it was abused to direct a 620 Gbps flood at …
John Leyden, 20 Oct 2016
man reads tablet on the toilet. Photo by Shutterstock

It's finally happened: Hackers are coming for home routers en masse

Cybercrooks are increasingly targeting routers in consumers’ homes. Fortinet reports that attacks of this type have regularly figured as entries in its daily top 10 IPS (intrusion prevention system) detection list over the last three months since July. The security vendor reckons that home routers have become a favoured target …
John Leyden, 19 Oct 2016

Singapore slings millions into ASEAN infosec

Singapore is slinging S$10 million (around US$7.2 million) into a fund to help infosec in ASEAN (the Association of South East Asian Nations). According to Singapore's Today Online, the money is for “resources, expertise and training”. The program was announced by Singapore's minister for communications and information, Dr …

Oz infosec spooks: ease back on the “cybers”, this is serious

Sensationalist language is making it hard to educate businesses and the public about infosec risks*, according to the Australian Cyber Security Centre's 2016 threat report. While every ICMP ping is treated as an attack by some, the report says unequivocally: “Australia still has not been subjected to malicious cyber activity …

Second hacking group targets SWIFT-connected banks

A second group of hackers – Odinaff – has broken into the SWIFT system, the fulcrum of the global financial payments system. Odinaff were found to be using the same approach as those who stole $81m from the Bangladesh central bank earlier this year. Attacks involving the Odinaff trojan and associated tools appear to have …
John Leyden, 11 Oct 2016

Invasion of the virus-addled lightbulbs (and other banana stories)

Something for the Weekend, Sir? Yikes, all I have to do is go away for a couple of weeks and all hell breaks loose. But at least it’s the right kind of hell: that is, the veritable technological hell that I’ve been predicting in these columns for years. First off as I sit back in my late-vacation sun lounger to read the news on my tablet is that the Krebs on …
Alistair Dabbs, 07 Oct 2016
Bank vault

Moldovan Dridex millionaires to spend 12 years in jail

A pair of cybercriminals responsible for laundering millions of pounds stolen using a banking trojan have been sentenced to a combined total of 12 years in prison. Pavel Gincota, 32, and Ion Turcan, 35, are Moldovan nationals with Romanian citizenship. The duo made over £2.5m in criminal profits using the banking trojan Dridex …
Image: Serazetdinov

Security analyst says Yahoo!, Dropbox, LinkedIn, Tumblr all popped by same gang

Five hackers are said to be behind breaches totalling up to a staggering three billion credentials from some of the world's biggest tech companies including the Yahoo! breach that led to the loss of 500 million credentials. The claims, made to The Reg by recognised threat intelligence boffin Andrew Komarov, pin the world's …
Darren Pauli, 30 Sep 2016
Game of Thrones

Fingerprint tech makes ATMs super secure, say banks. Crims: Bring it on, suckers

Cybercriminals are hawking their claimed ability to exploit newly introduced biometric-based ATM authentication technologies. Many banks view biometric-based technologies such as fingerprint recognition to be one of the most promising additions to current authentication methods, if not a complete replacement to chip and PIN. …
John Leyden, 29 Sep 2016
Credit card fraud

Urgent! Log in for spear-phisher survey or your account will be deleted

Europol’s annual cyber-crime survey warns that the quality of spearphishing and other "CEO fraud" is continuing to improve and "cybercrime-as-a-service" means an ever larger group of fraudsters can easily commit online attacks. Many threats remain from last year – banking trojan attacks are still an issue for businesses and …
John Oates, 28 Sep 2016

TalkTalk hack: Teen in court on hacking and blackmail charges

The fifth suspect to be arrested in connection with the megahack of TalkTalk last year has appeared in court today. Daniel Kelley, of Heol Dinbych, Llanelli, was arrested in Llanelli last November and arrived in court today charged with 14 offences relating to hacking, blackmail and fraud conducted between March and November …
Auctioneer with hammer

Going, going, done: Trio of prolific auction fraud fraudsters jailed

Three men have been jailed yesterday over a conspiracy to commit internet shopping fraud scam that involved taking payments for non-existent goods and services. Calin Serbenescu, 28, a former labourer, was sentenced to five years' imprisonment; Ionut Cotavian Anitescu, 26, unemployed, was sent down for three years; while Dorel …
John Leyden, 20 Sep 2016
Man in helmet looks uncertain, holds up shield. Photo by Shutterstock

National Cyber Security Centre to shift UK to 'active' defence

The head of the UK’s new National Cyber Security Centre (NCSC) has detailed plans to move the UK to "active cyber-defence", to better protect government networks and improve the UK’s overall security. The strategy update by NCSC chief exec Ciaran Martin comes just weeks before the new centre is due to open next month and days …
John Leyden, 16 Sep 2016

DDoSers do it more now, but they do it less fiercely*

The number of distributed denial of service attacks has doubled over the last 12 months. Akamai reports that Q2 saw a 129 per cent year-on-year increase in total DDoS attacks. During the second quarter, Akamai mitigated a total of 4,919 attacks, one of which (against a media company) reached an eye-watering 363n Gbps. Although …
John Leyden, 15 Sep 2016
Super-villain Dr Evil puts finger to lip in scheming manner, asks for one million dollars. Pic: New Line Cinema

Hacker and chums jailed over gold bullion hack, track 'n' grab scam

A UK hacker who broke into the computer systems to get details of gold bullion deliveries so they could be intercepted and stolen has been jailed for five years and four months. London resident Adam Penny, 25, was jailed this week after previously pleading guilty to conspiracy to steal and a computer misuse offence. Penny …
John Leyden, 15 Sep 2016

French hackers selling hidden .22 calibre pen guns on secret forums

French hackers are selling concealed weapons including so-called pen guns that fire .22 Long Rifle bullets on highly secretive crime forums, threat researcher Cedric Pernet says. Videos of the home-made pen guns scattered around the internet show the weapons in working use. The guns are being sold for €150 (US$169, £127, A$ …
Darren Pauli, 15 Sep 2016

Top infosec vendors, cops, liberate thousands from ransomware

Warriors from industry and law enforcement collective No More Ransom have cleansed more than 2500 machines of ransomware by distributing free decryption keys and other tools to eradicate infections. No More Ransom is an alliance of cops and anti-malware experts including McAfee and soon-to-be-former parent company Intel, …
Darren Pauli, 14 Sep 2016
Money laundering

Action Fraud warns of fraudulent anti-fraud warnings posing as Action Fraud

Fraudsters are phishing for what remains in fraud victims' bank accounts under the guise of British anti-fraud campaign Action Fraud. An email using the City of London Police logo – Action Fraud works closely with it – has circulated offering free money from the Fraud Intelligence Unit and National Fraud Intelligence bureau. …

UK will be 'cut off' from 'full intelligence picture' after Brexit – Europol strategy man

The UK will “certainly be cut off from the full intelligence picture” after Brexit, Europol's acting head of strategy for cybercrime warned The Register. This comes after UK law enforcement agencies from the National Crime Agency to Police Scotland have been meeting with Europol in an attempt to mitigate this. Phillipp Amann, …

When you've paid the ransom but you don't get your data back

Almost one in three firms that pay ransom fail to get their data back, according to new research from Trend Micro. A poll of IT managers at 300 UK businesses sponsored by Trend Micro found that 44 per cent of UK businesses have been infected by ransomware in the last two years. The study also found that around two-thirds (65 …
John Leyden, 07 Sep 2016
Florian Lukavsky, director, SEC Consult Singapore. Image: Interpol World.

Hacker takes down CEO wire transfer scammers, sends their Win 10 creds to the cops

HITB Florian Lukavsky hacks criminals profiting from out-of-control multi-billion dollar CEO wire transfer scams ... and they hate him for it. The director of SEC Consult's Singapore office has made a name striking back at so-called "whaling" scammers by sending malicious Word documents that breach their Windows 10 boxes and pass …
Darren Pauli, 06 Sep 2016
editorial only image of Whitehall. Pic Daniel Gale/Shutterstock

UK Parliament's back for Snoopers' Charter. Former head of GCHQ talks to El Reg

IPBill The UK Parliament has returned from recess for a fortnight ahead of the conference season. That's just long enough to squeeze in the House of Lords’ committee stage examination of the Investigatory Powers Bill, which resumes this afternoon. The upper chamber had been waiting for the publication of a review of the bill’s bulk …

We want GCHQ-style spy powers to hack cybercrims, say police

Traditional law enforcement techniques are incapable of tackling the rise of cybercrime, according to a panel of experts gathered to discuss the issue at the Chartered Institute of IT. Last night more than a hundred IT professionals and academics, including representatives of the National Crime Agency and Sir David Omand, the …

How much does your kid hate exams? This lad hacked his government to skip them

A teenager from Sri Lanka is in hot water after he admitted to hacking the website of the nation's president in order to get his exams cancelled. The local Daily News reports that the 17-year-old, whose name was not released, accessed the official site of President Maithripala Sirisena – – and replaced the …
Shaun Nichols, 01 Sep 2016

Blackhat wannabes proffer probably bogus Linux scamsomware

A new purported ransomware variant is hitting Linux servers, deleting files and demanding payment for the return of lost data. The scam is possibly a bluff, since it does not follow the regular format of encrypting files and leaving ransom notes for slick and automated payment. Information on the attacks is scarce. Bleeping …
Team Register, 01 Sep 2016
China will see you on the dark side of the moon

Behold: Huawei evokes always-wise God Cloud – with Terminator users

Huawei Connect Tech metaphors are getting ever more explicitly spiritual. Take Huawei, for example. Today Huawei waxed ontological as one of its time-sharing CEOs described a “digital brain… always wise, never aging ... evolving in real-time.” That sounds like a God-cloud. But will it, we mused, be a harsh God-cloud or a forgiving God-cloud …
Andrew Orlowski, 31 Aug 2016
Africa Studio

Intel douses Wildfire ransomware as-a-service Euro menace

An alliance of cops and anti-malware experts have doused the Wildfire ransomware that plagued users in Belgium and the Netherlands. Wildfire is carried in spam messages and demands up to 1.5 Bitcoins of ransom for files to be decrypted. Security researchers have uploaded 1,600 decryption keys with more to come to the No More …
Darren Pauli, 24 Aug 2016
Ben Mezrich, Once Upon a Time in Russia: The Rise of the Oligarchs and the Greatest Wealth in History

Profit-hungry Ghouls raid corporate networks worldwide

A new wave of targeted attacks against corporations in multiple countries around the world has been launched. The so-called "Operation Ghoul" attacks use the tactics of cyberspies but are more likely to be the work of profit-motivated cybercrooks, according to Kaspersky Lab. Using spear-phishing emails and malware based on …
John Leyden, 17 Aug 2016
Shark surfaces above water with prey in his teeth, Photo by Shutterstock

Shark bosses sink teeth into booming ransomware market

Cybercrooks are harnessing the “ransomware-as-a-Service” (RaaS) business model to mount a new scam. Coders distributing a ransomware builder to aspiring attackers that can be used on condition that a 20 per cent cut of any ransom payments it generates is returned to the original coders. The “Shark” ransomware is being …
John Leyden, 17 Aug 2016
man in suit clutches briefcase full of cash. Photo by Shutterstock

Hey crims: Stumped on where to invest? Try this global franchise. No experience needed!

Cerber, the world's biggest ransomware-as-a-service scheme, has evolved to become a multi-national franchise. In July 2016 alone, Cerber had over 160 active campaigns, targeting 150,000 users in 201 countries, according to security researchers at Check Point. The overall profit made by Cerber in July was $195,000. The malware …
John Leyden, 16 Aug 2016

Asia’s top cloud security conference lands in London

PROMO Working in cyber-security? Come and join the experts at CLOUDSEC 2016 in London on September 6 and explore the key security issues du jour. CLOUDSEC is one of the largest internet security conferences held across Asia Pacific and Europe. These events are vendor-neutral and features presentations by industry experts who will …
David Gordon, 16 Aug 2016
Image by Arak Rattanawijittakorn

Demise of Angler, the world's worst exploit kit, still shrouded in mystery

The Angler exploit kit has all-but vanished and whoever knows why isn't talking. Angler was the most powerful and sought-after exploit kit on the market boasting rapid integration of new vulnerabilities that made it able to employ zero day attacks on Flash, Java, and Silverlight. It also employed a battery of complex …
Darren Pauli, 16 Aug 2016
Australian money at a crime scene

Brisbane council loses $500k to scammers

The local council of the Australian city of Brisbane has been fleeced of A$450,000 (£248,000, US$334,000) from email-whaling scammers who tricked staff into wiring money into their bank accounts. The scammers phoned and emailed the council posing as one of its suppliers. Lord mayor Graham Quirk has commissioned Deloitte to …
Darren Pauli, 16 Aug 2016

Cops to let the private sector chase after cybercrims' assets

The City of London Police is piloting a scheme to allow the private sector to chase after miscreants in civil courts in return for a share of the loot. The scheme, which is set to run for two years, has been launched explicitly because of the lower standard of proof necessary for the recovery of assets in civil courts. City …

IT snafu takes down Action Fraud's web crime reporting form

An unspecified IT problem has taken down the online reporting tool for cybercrime victims in the UK. Action Fraud is the public-facing body which supports victims of online crime in the UK. It is not an investigative body and refers fraud crimes to the National Fraud Intelligence Bureau, which is run by the City of London …

US extradition of Silk Road suspect OK'd by Irish judge

An Irish court has authorized the extradition to the US of a man accused of helping to administer the infamous Silk Road website. Gary Davis, 27, of Kilpedder, Co Wicklow, has moved one step closer to a US trial on charges of conspiracy to distribute narcotics, computer hacking and conspiracy to commit money laundering. Mr …
John Leyden, 12 Aug 2016

DIY bank account raiding trojan kit touted in dark web dive bars

Cybercrooks are touting a new DIY financial crime kit that lets you roll your own ZeuS-like software nasty. The Scylex malware kit can be used to build malicious code that, once running on a victim's Windows PC, snoops on online banking passwords, intercepts web traffic and opens a backdoor granting full control over the …
John Leyden, 12 Aug 2016

Hitler ‘ransomware’ offers to sell you back access to your files – but just deletes them

Cybercrooks have put together Hitler-themed ransomware that simply deletes files on encrypted PCs. The (apparently prototype) Windows malware displays a lock screen1 featuring the infamous Austrian dictator, together with a demand falsely stating that files have been encrypted. The ransomware says files can supposedly be …
John Leyden, 10 Aug 2016
Fish hook in a clear light blue tropical ocean. Photo by Shutterstock

Phisherfolk phlock to Rio for the Olympics

Criminals are ramping up their online presence in Rio de Janeiro, where the Olympic Games will open on Friday, August 5 – with IBM and Fortinet reporting new banking trojans and cyber crime activity in Brazil. Big Blue has reported a variant of the Zeus trojan has emerged on crime forums targeting local banks and exploiting …
Darren Pauli, 05 Aug 2016
A child selling newspapers

Bloke faces years in the clink for using hacker-leaked press releases in $30m trading scam

A US stock trader has admitted he profited from insider trading – by buying and selling shares using tip-offs from Ukrainian newswire hackers. Leonid Momotok, 48, of Suwanee, Georgia, pleaded guilty in a Brooklyn court on Monday to charges of conspiracy to commit wire fraud. He could get up to 20 years behind bars in addition …
Shaun Nichols, 03 Aug 2016

Going! going! pwned? 200! million! Yahoo! logins! leaked! allegedly!

Updated What's claimed to be the login credentials for 200 million Yahoo! accounts is now on sale through a dark web cybercrime shack. The purported user database dump is being touted by someone called Peace – as in peace_of_mind, the same miscreant who previously sold LinkedIn and Yahoo-owned Tumblr logins – at an asking price of 3 …
John Leyden, 02 Aug 2016

Nigerian cops cuff cybercrime suspect, reveal you don't need 419 to make $60m

Police in Nigeria have arrested the suspected mastermind of a web of cybercrime scams thought to have cost victims worldwide more than $60m. The 40-year-old Nigerian national, known so far only as "Mike", was arrested in a joint operation by INTERPOL and the Nigerian Economic and Financial Crime Commission. The main two types …
John Leyden, 01 Aug 2016

SentinelOne's $1m ransomware guarantee dismissed as PR stunt

A “ransomware guarantee” from security outfit SentinelOne has been dismissed by critics as a marketing stunt. Ransomware is currently the biggest scourge of internet security, affecting corporates and consumers alike. So self-styled next generation endpoint security firm SentinelOne unsurprisingly created waves with a pledge …
John Leyden, 29 Jul 2016
Woman in balaclava with shopping bags. Photo by Shutterstock

Oh Cyber criminals* using one-stop DIY web biz shops

Updated Cybercrime miscreants seem to be flocking to a one-stop online web business shop. The use of sites like prove the barriers to entry for cybercrime are continually being lowered, according to threat intel firm Digital Shadows., a URL associated with cybercriminal Tessa88 who has distributed leaked …
John Leyden, 27 Jul 2016

Saved from ransomware thugs... by rival ransomware thug

Private keys of the Chimera ransomware have been leaked by a rival cybercriminal. Rather than "white hat" activity, the good deed appears to have be done by a criminal going by the handle of Janus - known for being the author of Petya - who tweeted their competitor's (Chimera) keys in an apparent bid to stifle ransomware …
John Leyden, 27 Jul 2016
Liam Neeson Taken

Euro cops, Intel and Kaspersky slay Shade ransomware

A joint operation by Europol, the Dutch National High Tech Crime Unit, Intel, and Kaspersky has seized the command and control servers for the Shade ransomware strain and published code that allows anyone hit by the malware to decrypt their files. Shade has been in circulation since 2014, and has predominantly targeted …
Iain Thomson, 25 Jul 2016

Is digital fraud big in UK? British abacus-botherers finally have some answers

Reports of fraud have doubled, according to official statistics – because the Office for National Statistics (ONS) is now including cyber crimes in its figures. The UK's ONS reckons, in crime statistics released last week, that more than two million computer misuse offences and 3.8 million online fraud offences took place in …
John Leyden, 25 Jul 2016

Ransomware gang: How can I extort you today?

Three out of four ransomware criminal gangs are willing to negotiate the shakedown price. And all the operators of file encrypting ransomware scams will give victims more time to pay up. So say security researchers at F-Secure, who investigated the "customer experience" of five active crypto-ransomware variants, beginning with …
John Leyden, 21 Jul 2016
Image by KYTan

Asian nations mull regional 'Europol' in fight against cybercrime

RSA APAC A closed-door meeting of cabinet ministers from more than a dozen countries met yesterday to mull the creation of a Europol-style organisation to crack down on cyber crime in the region and abroad, The Register has learned. The Asian organisation is conceptual only, but has support from countries including China, Malaysia, …
Darren Pauli, 21 Jul 2016

Your antivirus doesn't like Ammyy. And fraudsters will use that to RAT you out (again)

Crooks have once again targeted users downloading Ammyy's remote access software as a conduit for spreading malware. The tactic – which has been witnessed before, specifically in the infamous Lurk banking trojan – has been in play since early February, 2016. Ammyy Admin is a legitimate software package (used by top …
John Leyden, 19 Jul 2016