Articles about Cybercrime

You’re invited to Security SOS Week

Promo Registration is open for Security SOS Week, a short series of live webinars each featuring Sophos expert IT security practitioners. The events range from protecting your business against social engineering to embracing the Internet of Things without letting crooks into your network. You can find out more and sign-up at Security …
David Gordon, 08 Mar 2016

'You've been hacked, pay up' ... Ransomware forces your PC to read out a hostage note

Ransomware miscreants have developed a strain of malware that lets victims known that their computer has been encrypted verbally. The Cerber ransomware encrypts users' files using AES encryption before demanding an extortionate payment of 1.24 Bitcoins ($500) in order to supply a private key needed to decrypt files. The …
John Leyden, 07 Mar 2016
phishing_648

If NatWest texts you about online banking fraud, don't click the link

British customers of the NatWest bank should be on their guard against a particularly convincing SMS-based phishing scam, Action Fraud warns. The spoofed texts being sent out by fraudsters “could catch you out if it appears in an existing message thread,” the UK's national fraud & cyber reporting centre advised on Wednesday. …
John Leyden, 04 Mar 2016

Android trojan Triada implants itself into older mobes' 'brains'

Security researchers have discovered a trojan targeting Android devices that can be as complex and functional as Windows-based malware. The Triada trojan is stealthy, modular, persistent and written by professional cybercriminals, according to security researchers at Kaspersky Lab. The trojan can modify outgoing SMS messages …
John Leyden, 03 Mar 2016
hacker

OPSEC mistakes spill Russian DDoS scum's payment secrets

OPSEC mistakes by a cybercrook have allowed security researchers to estimate the revenue of a Russian DDoS booter merchant. The research is noteworthy because the only public information available on these miscreants is normally their online advertisements for site takedown services in Russian-language cybercrime forums and …
John Leyden, 03 Mar 2016

Turkish hacker pleads guilty to $55m maniac global ATM heist

The hacker behind an attack on the US banking sector that caused $55m in damages has pleaded guilty – and faces more than 57 years in prison. Turkish citizen Ercan Findikoglu, 34, admitted his role in an international syndicate including charges of computer intrusion conspiracy, bank fraud, and effecting transactions using …
Darren Pauli, 03 Mar 2016

You know how we're all supposed to automate now? Dark web devs were listening

RSA 2016 Security researchers have thrown the spotlight on a popular cybercrime tool that’s used by crooks to automate the process of taking over accounts on major websites before making fraudulent purchases. Sentry MBA, which is readily available for purchase on the so-called dark web, offer a way to break into accounts via a point- …
John Leyden, 02 Mar 2016

Phew! No evidence found for global criminal hacker conspiracy

Trend Micro security bods have 'capped' their epic research efforts to catalogue the world's regional cybercrime undergrounds. The mammoth effort saw researchers crawl through criminal forums in five countries, documenting the nuances of each as they went. The security outfit's forward-looking threat research team detail the …
Darren Pauli, 02 Mar 2016

You're a cybercrime kingpin. You need a new evil lackey. How much do you tell them?

RSA 2016 Cybercrooks, much like ethical security defenders, are facing a skills crisis and difficulties in recruiting qualified staff. Their attempts to bring workers into criminal organisations leave it possible for experts to learn more about their strategies and tactics, according to new research from threat intelligence firm Digital …
John Leyden, 01 Mar 2016
Crop of doctor with pen and clipboard

Medical superbugs: Two German hospitals hit with ransomware

At least two hospitals in Germany have come under attack from ransomware, according to local reports. The alarming incidents follow similar ransomware problems at the US Hollywood Presbyterian Medical Center. Both the Lukas Hospital in Germany's western city of Neuss and the Klinikum Arnsberg hospital in the German state of …
John Leyden, 26 Feb 2016

Gird your coins: A phishing tsunami is smashing into America

The US Internal Revenue Service (IRS) has put Americans on red alert following a massive increase in reports of phishing and malware attacks targeting taxpayers. The US tax authority said in an advisory that so far this year, reports of email and SMS-based scams were up 400 per cent and can be expected to continue in the build …
Shaun Nichols, 19 Feb 2016

Android Xbot trojan poses as banking app, nicks your login creds

Miscreants have crafted a new attack designed to steal banking credentials and credit card information via phishing pages crafted to mimic Google Play’s payment interface. The so-called Xbot trojan also weaves its malicious spell by presenting victims with login pages of seven different banks’ apps, six of which relate to …
John Leyden, 19 Feb 2016

Locky ransomware is spreading like the clap

Greedy miscreants have created a new strain of ransomware, dubbed Locky. Locky typically spreads by tricking marks into opening a Microsoft Word attachment sent to them by email. Victims are encouraged to enable macros in the document which, in turn, downloads a malicious executable that encrypts files on compromised Windows …
John Leyden, 17 Feb 2016
Liam Neeson, Taken

A third of Brits would cough up £300 to ransomware peddlers

More than four in 10 ransomware victims in the UK have paid to recover their documents, with 31 per cent of users willing to pay up to £400. A poll of 500 found 44 per cent of all ransomware victims in the UK have paid to regain access to their data. Two-thirds (67 per cent) of respondents had correctly associated ransomware …
John Leyden, 17 Feb 2016
Mobile banking, image via Shutterstock

This Android Trojan steals banking creds and wipes your phone

A new Trojan banker for Android is capable of wiping compromised smartphones as well stealing online banking credentials, security researchers are warn. The Mazar BOT Android malware is read using booby-trapped multi-media messages. If installed, the malware gains admin rights that give it the ability to do almost anything …
John Leyden, 15 Feb 2016

Moscow raids could signal end of global Dyre bank trojan menace

One of the worst examples of financial malware appears to have fallen silent after operators were reportedly arrested in Moscow after a rare raid by the Federal Security Service of the Russian Federation (FSB). Reuters reports Russian police raided Moscow film studio 25th Floor and a neighbouring office in November. Western …
Darren Pauli, 10 Feb 2016

Dumping chapter and verse on someone's private life online may be outlawed in Utah

Legislators in Utah have proposed a law that would bring serious criminal penalties for those who post others' private information online with the intent to harass. HB 225 would amend the state's existing cybercrime laws to add provisions against the distribution of personal information. The bill, floated by state …
Shaun Nichols, 10 Feb 2016

Sophisticated malware-as-a-racket fraudsters have been scamming businesses for 10 years

Security researchers have lifted the lid on the Poseidon Group, a global cyber-espionage gang in operation since at least 2005. Most top-drawer hacking crews are state-sponsored – such as the cyber-units of China’s Peoples Liberation Army or the NSA’s elite Tailored Access Operations team. Unlike these government-backed spies …
John Leyden, 09 Feb 2016
Super-villain Dr Evil puts finger to lip in scheming manner, asks for one million dollars. Pic: New Line Cinema

How cybercrooks made $330K from ransomware without really trying

The small cybercrime ring behind the CryptoWall 3.0 ransomware was able to collect more than $330,607 in ransom from 670 victims, according to new research. The figures, published by security firm Imperva, are based on an analysis [PDF] of Bitcoin wallets linked to malware-wielding extortists. Security researchers discovered …
John Leyden, 09 Feb 2016
Blackhat

Russian ATM-popping gang used nation state cybercrook tactics

Cybercrooks are increasingly adopting tactics from more advanced hackers in order to steal millions of dollars from banks and other financial institutions. The first of the two cybercrime groups, dubbed Metel, are mostly active in Russia. The group’s typical modus operandi involves gaining control over machines inside a bank …
John Leyden, 09 Feb 2016
Rat

Inside Adwind: A DIY malware toolkit used by 1,800 crooks to spy on 443k victims

Security researchers have lifted the lid on Adwind – a malware-as-a-service platform which has hit more than 400,000 users and organisations across the globe. The Adwind RAT (remote access tool) is a cross-platform, multifunctional malware program also known as AlienSpy, Frutas, Unrecom, Sockrat, JSocket and jRat, which is …
John Leyden, 08 Feb 2016

Disputed eBay platform vuln poses ‘severe risk’ to tat bazaar's users

A vulnerability in eBay’s online sales platform creates a mechanism for crooks to sling malware or run phishing campaigns. The vulnerability allowed hackers to bypass eBay’s code validation mechanisms, thereby allowing them to push malicious Javascript code towards targeted eBay users. If the flaw is left unpatched, eBay’s …
John Leyden, 02 Feb 2016

A RAT and a spammer both avoid the slammer

Two US hackers have escaped prison, receiving probation instead of time in federal coolers. Blackshades remote access trojan (RAT) co-creator Michael Hogue, 25, of Arizona, could have stared down five years prison for his role in developing the BlackShades remote access trojan but instead received the time on probation. His …
Darren Pauli, 01 Feb 2016

US police contracts and private forum posts dumped online

A data dump covering hundreds of police contracts and thousands of private forum posts by US law enforcement officers has been posted online. The 273MB zip file contains a large number of Word documents and two database backups of the forum and main website of the Fraternal Order of Police (FOP), American's largest police …
Kieren McCarthy, 29 Jan 2016

ICO says TalkTalk customers need to get themselves a lawyer

A Parliamentary inquiry into the TalkTalk security breach heard the Information Commissioner, Christopher Graham, stress that aggrieved TalkTalk customers should lawyer up. People expecting his office to sort out reparations for them should instead take their complaints directly to the telco, the hearing heard. The "TalkTalk …
British Transport Police cop. Pic: Gordon Joly

UK police have 43 separate IT systems and it's putting you at risk

Coppers need a "network of networks" for the 43 police force systems to tackle the shift to "internet enabled crime", the heads of The National Police Chiefs’ Council and Her Majesty’s Chief Inspector of Constabulary have said. Delegates at the Police ICT Suppliers Summit were told the internet is enabling a fundamental change …
Kat Hall, 27 Jan 2016

Irish government websites hit by widening DDoS attacks

A number of Irish government-related and public sector websites were knocked offline by an apparent DDoS attack on Friday morning. The latest assaults follow apparently similar web attacks on the popular boards.ie discussion boards (bang) and the Irish National Lottery earlier (wallop) this week. At the time of first of the …
John Leyden, 22 Jan 2016
steam_dota_character_648

Trojan-filled Chrome extensions for Steam boil off gamers' assets

Miscreants are slinging fraudulent Chrome extension trojans at gamers that, if installed, will empty victims’ Steam inventory. Security researcher Bart Blaze warned that supposedly "helpful" Chrome extensions for Counter-Strike: Global Offensive (CS:GO) are actually scamware. “Instead of being able to change your CS:GO Double …
John Leyden, 20 Jan 2016
botnet

Microsoft: We’ve taken down the botnets. Europol: Would Sir like a kill switch, too?

Last December, Microsoft intercepted traffic on users’ PCs and helped break up a botnet. And nobody complained. So the company very tentatively asked at a session on ethics and policy in Brussels this week whether it should do more. John Frank, Microsoft's VP of European Government Affairs, explained how Microsoft had helped …
Andrew Orlowski, 19 Jan 2016
Mobile banking, image via Shutterstock

SlemBunk slamdunk: Mobile banking Trojans found worldwide

Cybercrooks have put together a dynasty of Android Trojan apps in a bid to imitate the legitimate apps of 33 financial management institutions across the globe. The SlemBunk apps (which commonly masquerade as popular applications, such as social media, utility, etc) have spread across three major continents: North America, …
John Leyden, 14 Jan 2016

Join The Register at Enigma, USENIX’s new security conference

Promo "It's time for the security community to take a step back and get a fresh perspective on threat assessment and attacks.” So say the organisers of Enigma, a new conference designed for IT security professionals in industry and research. That works for The Register, which is covering the three-day conference held in San …
David Gordon, 12 Jan 2016
Police officers in bodu armour mill around in field

Cybercops cuff two in hunt for DDoS extortion masterminds

An international police investigation against the DD4BC DDoS extortion gang has led to one suspect being arrested and one detained, Europol said on Tuesday. Suspected key members of the organised network were identified in Bosnia and Herzegovina by the UK Metropolitan Police Cyber Crime Unit before the intelligence was passed …
John Leyden, 12 Jan 2016
US cashpoint. Pic: Tax Credits

Romanian cops bust ATM 'jackpot' cash-grab suspects in EU-wide op

Romanian cops have taken down a suspected ATM gang that used malware to trick machines into disgorging their cash contents. This operation, billed as one of the first of its kind in Europe, resulted in multiple house searches in Romania and the Republic of Moldova and the arrest of eight individuals. Police reckon the alleged …
John Leyden, 08 Jan 2016

Ruskie rats selling Choose-Your-Own-Adventure love scams

Russians have delivered another blow to beleaguered love rats with the sale of automated and plug-and-play online dating scam packages. The services are slung on underground crime sites and promise a response rate of 1.2 percent from love luckless men. The rort will earn net scum US$2,000 a week if they send out 30 romance …
Team Register, 05 Jan 2016
The Register Roundtable Room at The Soho Hotel

CIOs, what does your nightmare before Christmas look like?

CIO Manifesto We gathered 14 of the UK’s finest IT leaders in a secure bunker (elegant room in the Soho Hotel -Ed.) for the last Register Round Table of 2015 to hear their tales of when good IT goes bad. The short version is the thing they fear most is you, dear reader, your screw-ups, your documentation, your thefts, your dodgy code, your …
Joe Fay, 22 Dec 2015
bang_648

'Phantom' menace threatens to down Xbox Live, PSN at Xmas

Last Christmas LizardSquad played Grinch with the holiday fun of gamers by knocking out XBox Live and smacking the PlayStation Network offline with a distributed denial-of-service (DDoS) attack. The traffic flooding exercise turned out to be a promo for a DDoS-for-hire cybercrime service. Arrests against both the hackers and …
John Leyden, 17 Dec 2015
America

Congress strips out privacy protections from CISA 'security' bill

The little-loved Cybersecurity Information Sharing Act (CISA) will likely become law this week, and in a form far worse than first thought. After passing the House of Representatives and the Senate, CISA has been marked up in congressional sessions in a way that has removed most of its privacy protections. CISA has also been …
Iain Thomson, 16 Dec 2015

Web host Moonfruit defies Armada DDoS crew … by (temporarily) defeating itself

Web host Moonfruit last night began putting its systems back online after taking down customers’ sites in order to upgrade defences in the face of a threatened DDoS attack, with the firm blaming a recent assault (which prompted the self-takedown) on the Armada Collective crew. The unusual move of temporarily pulling its own …
John Leyden, 15 Dec 2015

UK police cuff suspect over VTech toy hack

An unnamed UK man has been arrested on suspicion of hacking toymaker VTech. Officers from the South East Regional Organised Crime Unit (SEROCU) said they'd arrested a 21-year-old in Bracknell, Berkshire as part of an investigation of the hacking of applications belonging to VTech. The suspect was arrested on suspicion of …
John Leyden, 15 Dec 2015

3 continents, 8 countries and one cyber attack on a fake petrol company

Organisers are praising the success of a multi-nation exercise – hosted by the UK – that aimed to test response to serious cyber crime. Exercise Silver Shadow, which was run by the National Crime Agency (NCA)’s National Cyber Crime Unit (NCCU), funded by the Foreign and Commonwealth Office and supported by the Home Office, saw …
John Leyden, 15 Dec 2015
Royal Marine snipers practicing with AI .338 rifles

Are second-hand MoD IPv4 addresses being used in invoice scams?

Crooks appear to be taking advantage of the recent sale of the UK Ministry of Defence’s IPv4 address space to run more convincing scams. They have purportedly bought blocks of IP addresses with previously pristine records to distribute scams. This malfeasance was enabled, in part, because the relevant Whois database entries …
John Leyden, 14 Dec 2015

Memory-resident modular malware menaces moneymen

A stealthy strain of malware resident only in memory has been quietly pwning victims around the world for two years. The backdoor, dubbed Latentbot, that has been well hidden on the web since at least mid-2013 if not earlier. The payload never touches the victims' hard disks and stays only in memory, according to security …
John Leyden, 14 Dec 2015

American cyber crims operate popup hack 'n crack sites in plain sight

North American cyber criminals are so blatantly thumbing their noses at law enforcement that their forums have been nicknamed "glass tanks". The selling of malware, stolen credentials, and other crime services are so open they can be found using Google, Trend Micro researchers Kyle Wilhoit and Stephen Hilt say. Moreover, the …
Darren Pauli, 14 Dec 2015

Russian friends make German web scum the 'best' in European Union

The German cyber crime market is an overlooked but unique beast that works in lockstep with Russian veterans to serve fraud-flinging newcomers and hardened carders alike, researchers say. In one of the few examinations into German crime forums a team of Trend Micro threat bods say the scene is the most developed in the …
Darren Pauli, 14 Dec 2015

Hackers add exploit kit to article asking 'Is cyber crime out of control?'

Hackers have hosed an article published by The Guardian using the world's nastiest exploit kit Angler to pop the machines of exposed readers. The attack firmly answers the article's headline positing the question 'is cybercrime out of control', based on arguments in a book by one Misha Glenny. Angler is the most capable and …
Darren Pauli, 11 Dec 2015
Mac malware

All eyes on the jailbroken as iOS, Mac OS X threat level ratchets up

The number of iOS threats discovered this year has more than doubled, from three in 2014 to seven so far in 2015, according to Symantec, with jailbroken devices being the focus of the majority of threats. Of the 13 iOS threats documented by the technology security company in total, nine can only infect jailbroken devices. Mac …
John Leyden, 10 Dec 2015

National Crime Agency: Your kid could be a nasty interwebs hacker

The National Crime Agency (NCA) yesterday launched a campaign targeting "the UK's youngest cybercriminals", which – despite what was a genuine attempt to connect with both technically inclined youngsters and their Luddite parents – prompted ridicule and disbelief. The campaign claims to be "aimed at educating the parents of 12 …
Man in an orange jumpsuit clutches prison bars. Image by Shutterstock

'Paedo hunter' who made £40,000 from blackmail jailed for 9 years

A 47-year-old who posed as a 13-year-old girl in order to extort more than £40,000 from paedophiles was sentenced to nine years in prison earlier this year. Lee Philip Rees, of Marlborough Road in Roath, Cardiff, was found guilty at Cardiff Crown Court of 31 counts of computer hacking, distributing indecent photographs of …

Dailymotion hit by malvertising attack as perpetrators ‘up their game'

Malicious adverts spreading malware managed to make their way onto popular French video streaming site Dailymotion. The infection involved a rogue ad and JavaScript that ultimately directs surfers to sites harbouring the Angler Exploit Kit (EK). The practical upshot was that Windows users running out-of-date software, such as …
John Leyden, 08 Dec 2015

Windows' Nemesis: Pre-boot malware pwns payment processors

Cybercrooks targeting payment card data have developed a sophisticated malware that executes before the operating system boots. Security researchers at FireEye / Mandiant came across the rarely seen so-called bootkit technique during a recent investigation at an organisation in the financial transaction processing industry. …
John Leyden, 07 Dec 2015