Articles about Cybercrime

2001: A Space Odyssey

Lie back and think of cybersecurity: IBM lets students loose on Watson

IBM is teaming up with eight North American universities to further tune its cognitive system to tackle cybersecurity problems. Watson for Cyber Security, a platform already in pre-beta, will be further trained in “learning the nuances of security research findings and discovering patterns and evidence of hidden cyber attacks …
John Leyden, 12 May 2016
Giant burger

Burger-slinger Wendy’s admits: Cash-till data breach hit 1 in 20 outlets

Wendy’s confirmed on Wednesday that malicious software affected PoS (point-of-sale) devices in around 300 of the burger chain’s 5,500 franchised stores, or about five per cent of all its restaurants in North America. The update on Wednesday quantifies the extent of a previously announced breach and came as Wendy’s announced …
John Leyden, 12 May 2016
Blackmail

Ransomware grifters offer to donate proceeds of crime to charity

Ransomware crooks are offering to donate ransom fees to a children's charity. Security experts dismiss the promise as “psychological manipulation” from unscrupulous crooks. The offer comes from the “kind hearted” slingers of "CryptMix", one of a growing number of crypto-ransomware strains menacing Windows users worldwide. …
John Leyden, 06 May 2016
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Suck on this: White hats replace Locky malware payload with dummy

Pranksters have infiltrated the control system behind the infamous Locky ransomware and replaced the malware’s main payload with a dummy file. Locky normally spreads using malicious and disguised JavaScript inside email attachments supposedly containing an invoice or similar. Malicious messages are sent to prospective marks in …
John Leyden, 05 May 2016

Jaku botnet runs targeted attack behind sandstorm of routine malfeasance

Security researchers have spotted an on-going global botnet campaign seemingly linked to North Korea. The Jaku botnet has an unusual split personality. On the surface it’s spreading en masse through pirated software (warez) or poisoned BitTorrent trackers to notch up around 17,000 victims at any one time. However, a six month …
John Leyden, 05 May 2016

US telly stations fling malware-tipped web ads at unsuspecting surfers

A rogue advertiser abused the Taggify self-serve ad platform to inject malware-installing code into browsers visiting the websites of two US TV stations. It was a textbook malvertising attack: to infect victims' PCs, the dodgy ads used the Angler Exploit Kit, which is a grab bag of code that exploits weaknesses in Adobe Flash …
John Leyden, 04 May 2016
Type arms of an old typewriter

Mega mail breach fears

Webmail passwords of millions of users are allegedly for sale. Hundreds of millions of usernames and passwords - purportedly for Mail.ru, GMail, Yahoo Mail and Microsoft email accounts - are on sale through Russian cybercrime bazaars, according to security expert Alex Holden. Most of the stolen data refers to mail.ru accounts …
John Leyden, 04 May 2016
A man talks angrily into his mobile. Photo via Shutterstock

Did your UK biz just pay £1,500 to stop a DDoS? You've been had

What kind of a grifter pretends he's going to DDoS you? The kind that easily makes off with a lot of cash, it seems. "Hackers" who have been making empty DDoS threats while posing as the Armada Collective appear to have have moved on. No, they didn't stop scamming people, they just changed their modus operandi: they're now …
John Leyden, 04 May 2016

Gozi trojan mastermind sentenced by US court to time served

The self-confessed creator of the infamous Gozi trojan was sentenced to time served and ordered to pay $6.9m in restitution by a New York court on Monday. Nikita Kuzmin, a 28-year-old Russian citizen, pleaded guilty to computer hacking and fraud charges in May 2011. He was released after 37 months served on remand, as part of …
John Leyden, 04 May 2016

UK.gov wasted £20m telling you to 'be safe online, mmkay'

The UK wasted £20m on raising awareness about cybercrime, a study has shown, as the public still knows almost nothing about protecting itself online. Research published by YouGov and CSID has shown that in spite of the National Audit Office reporting that £20m had been allocated by government in financial year 2014/15 "to …

Paying a PoS*, USA? Your chip-and-PIN means your money's safer...

The value of online fraudulent transactions is expected to reach $25.6bn by 2020, up from $10.7bn last year, according to a new study from industry analysts Juniper Research. The researchers predict that by the end of the decade, $4 in every $1,000 of online payments will be fraudulent. Juniper’s study, Online Payment Fraud: …
John Leyden, 03 May 2016
Hacker with face obscured, wearing a hoodie,  works in front of a bank of monitors. photo by Shutterstock

Finance bods SWIFT to update after Bangladesh hack

Security vendors are pushing for a more comprehensive revamp of the SWIFT international inter-bank financial transaction messaging system beyond a update prompted by an $81m hack against Bangladesh's central bank. The loss of $81m (part of an attempted $950m heist) in February’s Bangladesh cyber-heist – reckoned to be the …
John Leyden, 29 Apr 2016

Hackers so far ahead of defenders it's not even a game

Cybercriminals are way ahead of the game against defenders without having to try anything new, according to the latest edition of Verizon's benchmark survey of security breaches. The study shows that miscreants have no need to switch up, because the same old tactics are still working fine. Security defenders are still …
John Leyden, 26 Apr 2016

Cybercrooks turn away from banks. Your health records are far juicier

Cybercrooks are switching up targets moving away from retail and financial services onto healthcare and government last year, according to figures from IBM’s security business. Retail drops out of top five most attacked sector while financial targets dropped from #1 to #3 in IBM X-Force’s 2016 Cyber Security Intelligence Index …
John Leyden, 20 Apr 2016
Monty Python sketch: Nobody expects the Spanish Inquisition

All-Python malware nasty bites Windows victims in Poland

Malware authors have put together a strain of malicious code written entirely in Python, in what may turn out to be an experiment in creating a new type of cross-platform nasty. PWOBot is written entirely in Python, and compiled via PyInstaller to generate a Microsoft Windows executable. The malware has already infected a …
John Leyden, 19 Apr 2016
LIZARD WEARING A TOP HAT SITS ON A BRANCH.  Brett Weinstein pic - ALTERED BY JUDE KARABUS - licensed under  CC 3.0

Lizard Squad back to blast Blizzard’s gaming hub

Lizard Squad has hit gaming firm Blizzard’s servers with a massive DDoS attack. Blizzard's Battle.net services were left intermittently unavailable as a result of the assault, the latest in a long line of hacking attacks against gaming firms by the notorious black hat hacking crew. Blizzard confirmed an attack in the earlier …
John Leyden, 15 Apr 2016

Halfbreed trojan targets US banks

A new piece of malware has been linked to thefts of $4m from more than 24 American and Canadian banks in just a few days. Researchers at IBM reckon that hackers combined code from two malware types, known as Nymaim and Gozi, to create GozNym, a persistent and powerful trojan. Customers of numerous credit unions and popular e- …
John Leyden, 15 Apr 2016

Russia sends exploit kit author to the GULAG for seven years

The author of the infamous "Blackhole" exploit kit has been sentenced to seven years in a Russian penal colony, local media report. Dmitry Fedotov, 29, also known as Paunch, was sentenced 12 April along with six other hackers who received between five-and-a-half and eight years for fraud offences, TASS news reported. Fedotov …
Team Register, 15 Apr 2016

Lauri Love backdoor forced-decryption case goes to court in UK

Alleged hacktivist Lauri Love appeared in a London court on Tuesday in a case that could establish new powers for UK police to compel criminal suspects into handing over encryption keys. Love, 31, faces potential extradition to the US over his alleged involvement in #OpLastResort – the online protests that followed the …
John Leyden, 13 Apr 2016
hacker

What exactly is it that infosec miscreants get up to? A quick overview

If corporate IT infrastructures are a battlefield, then the cybercriminals are putting up a good fight. Last year saw some nasty breaches. Anthem Insurance, which lost nearly 80 million records, and the US Office of Personnel Management, which lost 21 million records after failing to encrypt its records. Cybercriminals are …
Danny Bradbury, 13 Apr 2016
Selection of Australian banknotes

Retirement funds breached as crims target brokers' un-patched Windows machines

ACSC 2016 Australians are having their retirement savings accounts drained as hackers move to breach broker platforms rather than the tougher target that is banking infrastructure. The Australian Federal Police AFP are investigating a spike in breaches against devices used by brokers who administer boutique, "self-managed" …
Darren Pauli, 13 Apr 2016
London - Iconic Red telephone box with Big Ben at the background and blue sky - UK, England. Photo by Shutterstock

Spear phishers target gullible Brits more than anyone else – survey

There’s been a sharp (35 per cent) increase in crypto ransomware attacks, with the UK ranked as the nation third most targeted with ransomware. The UK is also ranked as the most targeted nation for spear phishing attacks and the second most hit-upon country with social media scams, according to other findings from Symantec's …
John Leyden, 12 Apr 2016
money_currencies_648

Baddies' brilliant plan to get mobile malware whitelisted: Bribery

Criminals have resorted to bribes in order to smuggle malware into the source code of mobile gaming apps. The scam, in which malware authors bribed the employees of a legitimate mobile games company in China to embed malware into mobile apps, was uncovered by security researchers from Check Point. The bribe ensured that …
John Leyden, 11 Apr 2016

Cyber-underworld price list revealed: $500 for company email inbox, $1,200 passports, etc

The underground bazaars for stolen online identities, access to corporate email inboxes, and fake ID are booming, we're told. Research by Dell SecureWorks says the market for underground hacking is increasing, particularly in Russia. Russian hackers are expanding their working hours and using guarantors to ensure customer …
John Leyden, 08 Apr 2016
glow in the dark cat could cure aids

Illegal drugs and dodgy pics? Nah. Half the dark web is perfectly legal

Despite its reputation, less than half of the sites on the dark web are illegal, according to a new study by security intelligence outfit Intelliagg. On the 48 per cent of the dark web which crosses the line, the unlawful content is mostly related to financial crime rather than drugs or sexual perversion, contrary to tabloid …
John Leyden, 07 Apr 2016

Brazilian and Russian cybercrooks collaborating to create more potent threats

Cybercriminals on opposite sides of the world in Russia and Brazil have overcome time differences and language barriers to work together. The collaboration is driving a rapid evolution of malicious tools, security researchers at Kaspersky Lab warn. The Brazilian and Russian cybercrime undergrounds have both created numerous, …
John Leyden, 01 Apr 2016

Ransomware scum sling PowerShell, Word macro nasty at healthcare biz

Miscreants have put together a strain of ransomware written in Microsoft Word macros and PowerShell, Redmond's scripting language. The malware is designed to infect organizations, encrypting files and demanding money to unscramble files. Interestingly, installation of the ransomware begins after someone opens a booby-trapped …
John Leyden, 29 Mar 2016

Ransomware now using disk-level encryption

Ransomware has been detected infecting master file tables, rendering Windows PC useless unless payment is made. When first executed, the Petya malware will reboot the victim's machine, and run what appears to be a Windows check disk scan as a mask for the encryption process. A screen is then displayed that directs users to a …
Darren Pauli, 29 Mar 2016
Riot police in London. Pic: Steve Jackson

Met plod commissioner: Fraud victims should not be refunded by banks

A senior police commissioner has complained that it would be wrong to interpret his comments about preventing online fraud victims from claiming compensation as a proposal for online fraud victims being unable to claim compensation. Sir Bernard Hogan-Howe asserted that the problem was systemic, telling The Times: “The system …
Syrian Electronic Army

FBI's Most Wanted: Syrian Electronic Army hacktivists

The FBI has placed suspected self-styled Syrian Electronic Army (SEA) hacktivists on its most wanted list, publicly naming members of the notorious group for the first time. Ahmad Umar Agha (AKA The Pro), 22, and Firas Dardar (AKA The Shadow), 27, were each charged with multiple conspiracies related to computer hacking. Peter …
John Leyden, 22 Mar 2016

Hackers giving up on crypto ransomware. Now they just lock up device, hope you pay

Malware slingers have gone back to basics with the release of a new strain of ransomware malware that locks up compromised devices without encrypting files. The infection was discovered on a porn site that redirects users to an exploit kit that pushes the ransom locker malware. Researchers at Cyphort Labs who discovered the …
John Leyden, 22 Mar 2016

Swedish sysadmins reach for the hex key, reassemble services after weekend DDoS

News outlets in Sweden went dark over the weekend in the face of a large-scale distributed denial-of-service (DDoS) attack. Newspaper Dagens Nyheter (DN) reports here (but English-speakers will need help with the translation) that as well as the attack it suffered, media outlets Expression, Svenska Dagbladet, Aftonbladet, …

Blundering ransomware uses backdoored crypto, unlock keys spewed

A software developer whose example encryption code was used by a strain of ransomware has released the decryption keys for the malware. The unnamed software nasty scrambles users' files on compromised Windows PCs using the AES algorithm. It appends the .locked extension to the ciphered documents before demanding that victims …
John Leyden, 16 Mar 2016
Mac malware

New iOS malware targets stock iPhones, spreads via App Store

Miscreants have forged a strain of iOS malware which poses a greater risk than previous nasties because it can infect non-jailbroken devices without the user’s confirmation. AceDeceiver is fundamentally different from recent iOS malware because it relies in exploiting flaws in Apple’s DRM software rather than abusing …
John Leyden, 16 Mar 2016
Bank vault

A typo stopped hackers siphoning nearly $1bn out of Bangladesh

Cybercrooks looted more than $80m from Bangladesh’s central bank in one of the largest known bank robberies in history. Fraudsters used stolen credentials to make illegitimate cash transfers from the Bangladesh government’s reserve account at the Federal Reserve Bank of New York. The damage could have been even worse. If …
John Leyden, 11 Mar 2016

First OS X ransomware actually a scrambled Linux file scrambler

The world's first fully functional OS X ransomware, KeRanger, is really a Mac version of the Linux Encoder Trojan, according to new research from Romanian security software firm Bitdefender. The infected OS X torrent update carrying KeRanger looks virtually identical to version 4 of the Linux Encoder Trojan that has already …
John Leyden, 09 Mar 2016

What are you doing to spot a breach?

Technology moves quickly, not just in legitimate business, but in the cybercriminal world too. Advanced attack tools are now available on the black market, lowering the barrier to entry for the average online lowlife. They are happy to target large and small organizations alike, and they only have to be lucky once. Security …
Robin Birtstone, 08 Mar 2016

You’re invited to Security SOS Week

Promo Registration is open for Security SOS Week, a short series of live webinars each featuring Sophos expert IT security practitioners. The events range from protecting your business against social engineering to embracing the Internet of Things without letting crooks into your network. You can find out more and sign-up at Security …
David Gordon, 08 Mar 2016

'You've been hacked, pay up' ... Ransomware forces your PC to read out a hostage note

Ransomware miscreants have developed a strain of malware that lets victims known that their computer has been encrypted verbally. The Cerber ransomware encrypts users' files using AES encryption before demanding an extortionate payment of 1.24 Bitcoins ($500) in order to supply a private key needed to decrypt files. The …
John Leyden, 07 Mar 2016
phishing_648

If NatWest texts you about online banking fraud, don't click the link

British customers of the NatWest bank should be on their guard against a particularly convincing SMS-based phishing scam, Action Fraud warns. The spoofed texts being sent out by fraudsters “could catch you out if it appears in an existing message thread,” the UK's national fraud & cyber reporting centre advised on Wednesday. …
John Leyden, 04 Mar 2016

Android trojan Triada implants itself into older mobes' 'brains'

Security researchers have discovered a trojan targeting Android devices that can be as complex and functional as Windows-based malware. The Triada trojan is stealthy, modular, persistent and written by professional cybercriminals, according to security researchers at Kaspersky Lab. The trojan can modify outgoing SMS messages …
John Leyden, 03 Mar 2016
hacker

OPSEC mistakes spill Russian DDoS scum's payment secrets

OPSEC mistakes by a cybercrook have allowed security researchers to estimate the revenue of a Russian DDoS booter merchant. The research is noteworthy because the only public information available on these miscreants is normally their online advertisements for site takedown services in Russian-language cybercrime forums and …
John Leyden, 03 Mar 2016

Turkish hacker pleads guilty to $55m maniac global ATM heist

The hacker behind an attack on the US banking sector that caused $55m in damages has pleaded guilty – and faces more than 57 years in prison. Turkish citizen Ercan Findikoglu, 34, admitted his role in an international syndicate including charges of computer intrusion conspiracy, bank fraud, and effecting transactions using …
Darren Pauli, 03 Mar 2016

You know how we're all supposed to automate now? Dark web devs were listening

RSA 2016 Security researchers have thrown the spotlight on a popular cybercrime tool that’s used by crooks to automate the process of taking over accounts on major websites before making fraudulent purchases. Sentry MBA, which is readily available for purchase on the so-called dark web, offer a way to break into accounts via a point- …
John Leyden, 02 Mar 2016

Phew! No evidence found for global criminal hacker conspiracy

Trend Micro security bods have 'capped' their epic research efforts to catalogue the world's regional cybercrime undergrounds. The mammoth effort saw researchers crawl through criminal forums in five countries, documenting the nuances of each as they went. The security outfit's forward-looking threat research team detail the …
Darren Pauli, 02 Mar 2016

You're a cybercrime kingpin. You need a new evil lackey. How much do you tell them?

RSA 2016 Cybercrooks, much like ethical security defenders, are facing a skills crisis and difficulties in recruiting qualified staff. Their attempts to bring workers into criminal organisations leave it possible for experts to learn more about their strategies and tactics, according to new research from threat intelligence firm Digital …
John Leyden, 01 Mar 2016
Crop of doctor with pen and clipboard

Medical superbugs: Two German hospitals hit with ransomware

At least two hospitals in Germany have come under attack from ransomware, according to local reports. The alarming incidents follow similar ransomware problems at the US Hollywood Presbyterian Medical Center. Both the Lukas Hospital in Germany's western city of Neuss and the Klinikum Arnsberg hospital in the German state of …
John Leyden, 26 Feb 2016

Gird your coins: A phishing tsunami is smashing into America

The US Internal Revenue Service (IRS) has put Americans on red alert following a massive increase in reports of phishing and malware attacks targeting taxpayers. The US tax authority said in an advisory that so far this year, reports of email and SMS-based scams were up 400 per cent and can be expected to continue in the build …
Shaun Nichols, 19 Feb 2016

Android Xbot trojan poses as banking app, nicks your login creds

Miscreants have crafted a new attack designed to steal banking credentials and credit card information via phishing pages crafted to mimic Google Play’s payment interface. The so-called Xbot trojan also weaves its malicious spell by presenting victims with login pages of seven different banks’ apps, six of which relate to …
John Leyden, 19 Feb 2016

Locky ransomware is spreading like the clap

Greedy miscreants have created a new strain of ransomware, dubbed Locky. Locky typically spreads by tricking marks into opening a Microsoft Word attachment sent to them by email. Victims are encouraged to enable macros in the document which, in turn, downloads a malicious executable that encrypts files on compromised Windows …
John Leyden, 17 Feb 2016