Articles about Cybercrime

money_currencies_648

Baddies' brilliant plan to get mobile malware whitelisted: Bribery

Criminals have resorted to bribes in order to smuggle malware into the source code of mobile gaming apps. The scam, in which malware authors bribed the employees of a legitimate mobile games company in China to embed malware into mobile apps, was uncovered by security researchers from Check Point. The bribe ensured that …
John Leyden, 11 Apr 2016

Cyber-underworld price list revealed: $500 for company email inbox, $1,200 passports, etc

The underground bazaars for stolen online identities, access to corporate email inboxes, and fake ID are booming, we're told. Research by Dell SecureWorks says the market for underground hacking is increasing, particularly in Russia. Russian hackers are expanding their working hours and using guarantors to ensure customer …
John Leyden, 08 Apr 2016
glow in the dark cat could cure aids

Illegal drugs and dodgy pics? Nah. Half the dark web is perfectly legal

Despite its reputation, less than half of the sites on the dark web are illegal, according to a new study by security intelligence outfit Intelliagg. On the 48 per cent of the dark web which crosses the line, the unlawful content is mostly related to financial crime rather than drugs or sexual perversion, contrary to tabloid …
John Leyden, 07 Apr 2016

Brazilian and Russian cybercrooks collaborating to create more potent threats

Cybercriminals on opposite sides of the world in Russia and Brazil have overcome time differences and language barriers to work together. The collaboration is driving a rapid evolution of malicious tools, security researchers at Kaspersky Lab warn. The Brazilian and Russian cybercrime undergrounds have both created numerous, …
John Leyden, 01 Apr 2016

Ransomware scum sling PowerShell, Word macro nasty at healthcare biz

Miscreants have put together a strain of ransomware written in Microsoft Word macros and PowerShell, Redmond's scripting language. The malware is designed to infect organizations, encrypting files and demanding money to unscramble files. Interestingly, installation of the ransomware begins after someone opens a booby-trapped …
John Leyden, 29 Mar 2016

Ransomware now using disk-level encryption

Ransomware has been detected infecting master file tables, rendering Windows PC useless unless payment is made. When first executed, the Petya malware will reboot the victim's machine, and run what appears to be a Windows check disk scan as a mask for the encryption process. A screen is then displayed that directs users to a …
Darren Pauli, 29 Mar 2016
Riot police in London. Pic: Steve Jackson

Met plod commissioner: Fraud victims should not be refunded by banks

A senior police commissioner has complained that it would be wrong to interpret his comments about preventing online fraud victims from claiming compensation as a proposal for online fraud victims being unable to claim compensation. Sir Bernard Hogan-Howe asserted that the problem was systemic, telling The Times: “The system …
Syrian Electronic Army

FBI's Most Wanted: Syrian Electronic Army hacktivists

The FBI has placed suspected self-styled Syrian Electronic Army (SEA) hacktivists on its most wanted list, publicly naming members of the notorious group for the first time. Ahmad Umar Agha (AKA The Pro), 22, and Firas Dardar (AKA The Shadow), 27, were each charged with multiple conspiracies related to computer hacking. Peter …
John Leyden, 22 Mar 2016

Hackers giving up on crypto ransomware. Now they just lock up device, hope you pay

Malware slingers have gone back to basics with the release of a new strain of ransomware malware that locks up compromised devices without encrypting files. The infection was discovered on a porn site that redirects users to an exploit kit that pushes the ransom locker malware. Researchers at Cyphort Labs who discovered the …
John Leyden, 22 Mar 2016

Swedish sysadmins reach for the hex key, reassemble services after weekend DDoS

News outlets in Sweden went dark over the weekend in the face of a large-scale distributed denial-of-service (DDoS) attack. Newspaper Dagens Nyheter (DN) reports here (but English-speakers will need help with the translation) that as well as the attack it suffered, media outlets Expression, Svenska Dagbladet, Aftonbladet, …

Blundering ransomware uses backdoored crypto, unlock keys spewed

A software developer whose example encryption code was used by a strain of ransomware has released the decryption keys for the malware. The unnamed software nasty scrambles users' files on compromised Windows PCs using the AES algorithm. It appends the .locked extension to the ciphered documents before demanding that victims …
John Leyden, 16 Mar 2016
Mac malware

New iOS malware targets stock iPhones, spreads via App Store

Miscreants have forged a strain of iOS malware which poses a greater risk than previous nasties because it can infect non-jailbroken devices without the user’s confirmation. AceDeceiver is fundamentally different from recent iOS malware because it relies in exploiting flaws in Apple’s DRM software rather than abusing …
John Leyden, 16 Mar 2016
Bank vault

A typo stopped hackers siphoning nearly $1bn out of Bangladesh

Cybercrooks looted more than $80m from Bangladesh’s central bank in one of the largest known bank robberies in history. Fraudsters used stolen credentials to make illegitimate cash transfers from the Bangladesh government’s reserve account at the Federal Reserve Bank of New York. The damage could have been even worse. If …
John Leyden, 11 Mar 2016

First OS X ransomware actually a scrambled Linux file scrambler

The world's first fully functional OS X ransomware, KeRanger, is really a Mac version of the Linux Encoder Trojan, according to new research from Romanian security software firm Bitdefender. The infected OS X torrent update carrying KeRanger looks virtually identical to version 4 of the Linux Encoder Trojan that has already …
John Leyden, 09 Mar 2016

What are you doing to spot a breach?

Technology moves quickly, not just in legitimate business, but in the cybercriminal world too. Advanced attack tools are now available on the black market, lowering the barrier to entry for the average online lowlife. They are happy to target large and small organizations alike, and they only have to be lucky once. Security …
Robin Birtstone, 08 Mar 2016

You’re invited to Security SOS Week

Promo Registration is open for Security SOS Week, a short series of live webinars each featuring Sophos expert IT security practitioners. The events range from protecting your business against social engineering to embracing the Internet of Things without letting crooks into your network. You can find out more and sign-up at Security …
David Gordon, 08 Mar 2016

'You've been hacked, pay up' ... Ransomware forces your PC to read out a hostage note

Ransomware miscreants have developed a strain of malware that lets victims known that their computer has been encrypted verbally. The Cerber ransomware encrypts users' files using AES encryption before demanding an extortionate payment of 1.24 Bitcoins ($500) in order to supply a private key needed to decrypt files. The …
John Leyden, 07 Mar 2016
phishing_648

If NatWest texts you about online banking fraud, don't click the link

British customers of the NatWest bank should be on their guard against a particularly convincing SMS-based phishing scam, Action Fraud warns. The spoofed texts being sent out by fraudsters “could catch you out if it appears in an existing message thread,” the UK's national fraud & cyber reporting centre advised on Wednesday. …
John Leyden, 04 Mar 2016

Android trojan Triada implants itself into older mobes' 'brains'

Security researchers have discovered a trojan targeting Android devices that can be as complex and functional as Windows-based malware. The Triada trojan is stealthy, modular, persistent and written by professional cybercriminals, according to security researchers at Kaspersky Lab. The trojan can modify outgoing SMS messages …
John Leyden, 03 Mar 2016
hacker

OPSEC mistakes spill Russian DDoS scum's payment secrets

OPSEC mistakes by a cybercrook have allowed security researchers to estimate the revenue of a Russian DDoS booter merchant. The research is noteworthy because the only public information available on these miscreants is normally their online advertisements for site takedown services in Russian-language cybercrime forums and …
John Leyden, 03 Mar 2016

Turkish hacker pleads guilty to $55m maniac global ATM heist

The hacker behind an attack on the US banking sector that caused $55m in damages has pleaded guilty – and faces more than 57 years in prison. Turkish citizen Ercan Findikoglu, 34, admitted his role in an international syndicate including charges of computer intrusion conspiracy, bank fraud, and effecting transactions using …
Darren Pauli, 03 Mar 2016

You know how we're all supposed to automate now? Dark web devs were listening

RSA 2016 Security researchers have thrown the spotlight on a popular cybercrime tool that’s used by crooks to automate the process of taking over accounts on major websites before making fraudulent purchases. Sentry MBA, which is readily available for purchase on the so-called dark web, offer a way to break into accounts via a point- …
John Leyden, 02 Mar 2016

Phew! No evidence found for global criminal hacker conspiracy

Trend Micro security bods have 'capped' their epic research efforts to catalogue the world's regional cybercrime undergrounds. The mammoth effort saw researchers crawl through criminal forums in five countries, documenting the nuances of each as they went. The security outfit's forward-looking threat research team detail the …
Darren Pauli, 02 Mar 2016

You're a cybercrime kingpin. You need a new evil lackey. How much do you tell them?

RSA 2016 Cybercrooks, much like ethical security defenders, are facing a skills crisis and difficulties in recruiting qualified staff. Their attempts to bring workers into criminal organisations leave it possible for experts to learn more about their strategies and tactics, according to new research from threat intelligence firm Digital …
John Leyden, 01 Mar 2016
Crop of doctor with pen and clipboard

Medical superbugs: Two German hospitals hit with ransomware

At least two hospitals in Germany have come under attack from ransomware, according to local reports. The alarming incidents follow similar ransomware problems at the US Hollywood Presbyterian Medical Center. Both the Lukas Hospital in Germany's western city of Neuss and the Klinikum Arnsberg hospital in the German state of …
John Leyden, 26 Feb 2016

Gird your coins: A phishing tsunami is smashing into America

The US Internal Revenue Service (IRS) has put Americans on red alert following a massive increase in reports of phishing and malware attacks targeting taxpayers. The US tax authority said in an advisory that so far this year, reports of email and SMS-based scams were up 400 per cent and can be expected to continue in the build …
Shaun Nichols, 19 Feb 2016

Android Xbot trojan poses as banking app, nicks your login creds

Miscreants have crafted a new attack designed to steal banking credentials and credit card information via phishing pages crafted to mimic Google Play’s payment interface. The so-called Xbot trojan also weaves its malicious spell by presenting victims with login pages of seven different banks’ apps, six of which relate to …
John Leyden, 19 Feb 2016

Locky ransomware is spreading like the clap

Greedy miscreants have created a new strain of ransomware, dubbed Locky. Locky typically spreads by tricking marks into opening a Microsoft Word attachment sent to them by email. Victims are encouraged to enable macros in the document which, in turn, downloads a malicious executable that encrypts files on compromised Windows …
John Leyden, 17 Feb 2016
Liam Neeson, Taken

A third of Brits would cough up £300 to ransomware peddlers

More than four in 10 ransomware victims in the UK have paid to recover their documents, with 31 per cent of users willing to pay up to £400. A poll of 500 found 44 per cent of all ransomware victims in the UK have paid to regain access to their data. Two-thirds (67 per cent) of respondents had correctly associated ransomware …
John Leyden, 17 Feb 2016
Mobile banking, image via Shutterstock

This Android Trojan steals banking creds and wipes your phone

A new Trojan banker for Android is capable of wiping compromised smartphones as well stealing online banking credentials, security researchers are warn. The Mazar BOT Android malware is read using booby-trapped multi-media messages. If installed, the malware gains admin rights that give it the ability to do almost anything …
John Leyden, 15 Feb 2016

Moscow raids could signal end of global Dyre bank trojan menace

One of the worst examples of financial malware appears to have fallen silent after operators were reportedly arrested in Moscow after a rare raid by the Federal Security Service of the Russian Federation (FSB). Reuters reports Russian police raided Moscow film studio 25th Floor and a neighbouring office in November. Western …
Darren Pauli, 10 Feb 2016

Dumping chapter and verse on someone's private life online may be outlawed in Utah

Legislators in Utah have proposed a law that would bring serious criminal penalties for those who post others' private information online with the intent to harass. HB 225 would amend the state's existing cybercrime laws to add provisions against the distribution of personal information. The bill, floated by state …
Shaun Nichols, 10 Feb 2016

Sophisticated malware-as-a-racket fraudsters have been scamming businesses for 10 years

Security researchers have lifted the lid on the Poseidon Group, a global cyber-espionage gang in operation since at least 2005. Most top-drawer hacking crews are state-sponsored – such as the cyber-units of China’s Peoples Liberation Army or the NSA’s elite Tailored Access Operations team. Unlike these government-backed spies …
John Leyden, 09 Feb 2016
Super-villain Dr Evil puts finger to lip in scheming manner, asks for one million dollars. Pic: New Line Cinema

How cybercrooks made $330K from ransomware without really trying

The small cybercrime ring behind the CryptoWall 3.0 ransomware was able to collect more than $330,607 in ransom from 670 victims, according to new research. The figures, published by security firm Imperva, are based on an analysis [PDF] of Bitcoin wallets linked to malware-wielding extortists. Security researchers discovered …
John Leyden, 09 Feb 2016
Blackhat

Russian ATM-popping gang used nation state cybercrook tactics

Cybercrooks are increasingly adopting tactics from more advanced hackers in order to steal millions of dollars from banks and other financial institutions. The first of the two cybercrime groups, dubbed Metel, are mostly active in Russia. The group’s typical modus operandi involves gaining control over machines inside a bank …
John Leyden, 09 Feb 2016
Rat

Inside Adwind: A DIY malware toolkit used by 1,800 crooks to spy on 443k victims

Security researchers have lifted the lid on Adwind – a malware-as-a-service platform which has hit more than 400,000 users and organisations across the globe. The Adwind RAT (remote access tool) is a cross-platform, multifunctional malware program also known as AlienSpy, Frutas, Unrecom, Sockrat, JSocket and jRat, which is …
John Leyden, 08 Feb 2016

Disputed eBay platform vuln poses ‘severe risk’ to tat bazaar's users

A vulnerability in eBay’s online sales platform creates a mechanism for crooks to sling malware or run phishing campaigns. The vulnerability allowed hackers to bypass eBay’s code validation mechanisms, thereby allowing them to push malicious Javascript code towards targeted eBay users. If the flaw is left unpatched, eBay’s …
John Leyden, 02 Feb 2016

A RAT and a spammer both avoid the slammer

Two US hackers have escaped prison, receiving probation instead of time in federal coolers. Blackshades remote access trojan (RAT) co-creator Michael Hogue, 25, of Arizona, could have stared down five years prison for his role in developing the BlackShades remote access trojan but instead received the time on probation. His …
Darren Pauli, 01 Feb 2016

US police contracts and private forum posts dumped online

A data dump covering hundreds of police contracts and thousands of private forum posts by US law enforcement officers has been posted online. The 273MB zip file contains a large number of Word documents and two database backups of the forum and main website of the Fraternal Order of Police (FOP), American's largest police …
Kieren McCarthy, 29 Jan 2016

ICO says TalkTalk customers need to get themselves a lawyer

A Parliamentary inquiry into the TalkTalk security breach heard the Information Commissioner, Christopher Graham, stress that aggrieved TalkTalk customers should lawyer up. People expecting his office to sort out reparations for them should instead take their complaints directly to the telco, the hearing heard. The "TalkTalk …
British Transport Police cop. Pic: Gordon Joly

UK police have 43 separate IT systems and it's putting you at risk

Coppers need a "network of networks" for the 43 police force systems to tackle the shift to "internet enabled crime", the heads of The National Police Chiefs’ Council and Her Majesty’s Chief Inspector of Constabulary have said. Delegates at the Police ICT Suppliers Summit were told the internet is enabling a fundamental change …
Kat Hall, 27 Jan 2016

Irish government websites hit by widening DDoS attacks

A number of Irish government-related and public sector websites were knocked offline by an apparent DDoS attack on Friday morning. The latest assaults follow apparently similar web attacks on the popular boards.ie discussion boards (bang) and the Irish National Lottery earlier (wallop) this week. At the time of first of the …
John Leyden, 22 Jan 2016
steam_dota_character_648

Trojan-filled Chrome extensions for Steam boil off gamers' assets

Miscreants are slinging fraudulent Chrome extension trojans at gamers that, if installed, will empty victims’ Steam inventory. Security researcher Bart Blaze warned that supposedly "helpful" Chrome extensions for Counter-Strike: Global Offensive (CS:GO) are actually scamware. “Instead of being able to change your CS:GO Double …
John Leyden, 20 Jan 2016
botnet

Microsoft: We’ve taken down the botnets. Europol: Would Sir like a kill switch, too?

Last December, Microsoft intercepted traffic on users’ PCs and helped break up a botnet. And nobody complained. So the company very tentatively asked at a session on ethics and policy in Brussels this week whether it should do more. John Frank, Microsoft's VP of European Government Affairs, explained how Microsoft had helped …
Andrew Orlowski, 19 Jan 2016
Mobile banking, image via Shutterstock

SlemBunk slamdunk: Mobile banking Trojans found worldwide

Cybercrooks have put together a dynasty of Android Trojan apps in a bid to imitate the legitimate apps of 33 financial management institutions across the globe. The SlemBunk apps (which commonly masquerade as popular applications, such as social media, utility, etc) have spread across three major continents: North America, …
John Leyden, 14 Jan 2016

Join The Register at Enigma, USENIX’s new security conference

Promo "It's time for the security community to take a step back and get a fresh perspective on threat assessment and attacks.” So say the organisers of Enigma, a new conference designed for IT security professionals in industry and research. That works for The Register, which is covering the three-day conference held in San …
David Gordon, 12 Jan 2016
Police officers in bodu armour mill around in field

Cybercops cuff two in hunt for DDoS extortion masterminds

An international police investigation against the DD4BC DDoS extortion gang has led to one suspect being arrested and one detained, Europol said on Tuesday. Suspected key members of the organised network were identified in Bosnia and Herzegovina by the UK Metropolitan Police Cyber Crime Unit before the intelligence was passed …
John Leyden, 12 Jan 2016
US cashpoint. Pic: Tax Credits

Romanian cops bust ATM 'jackpot' cash-grab suspects in EU-wide op

Romanian cops have taken down a suspected ATM gang that used malware to trick machines into disgorging their cash contents. This operation, billed as one of the first of its kind in Europe, resulted in multiple house searches in Romania and the Republic of Moldova and the arrest of eight individuals. Police reckon the alleged …
John Leyden, 08 Jan 2016

Ruskie rats selling Choose-Your-Own-Adventure love scams

Russians have delivered another blow to beleaguered love rats with the sale of automated and plug-and-play online dating scam packages. The services are slung on underground crime sites and promise a response rate of 1.2 percent from love luckless men. The rort will earn net scum US$2,000 a week if they send out 30 romance …
Team Register, 05 Jan 2016
The Register Roundtable Room at The Soho Hotel

CIOs, what does your nightmare before Christmas look like?

CIO Manifesto We gathered 14 of the UK’s finest IT leaders in a secure bunker (elegant room in the Soho Hotel -Ed.) for the last Register Round Table of 2015 to hear their tales of when good IT goes bad. The short version is the thing they fear most is you, dear reader, your screw-ups, your documentation, your thefts, your dodgy code, your …
Joe Fay, 22 Dec 2015