cybercrime

Categories
Hacking Games CEO, Fergus Hay, speaking at last week’s International Cyber Expo

Cybercriminals are now grooming US and UK teens

By adopting such Nineteenth-Century criminal grooming methods to the online world of the Twenty-First Century, today’s threat actors are effectively criminalizing an entire generation not to pick pockets but to rifle fat online crypto wallets instead. When the media reports that a nineteen-year-old hacker has been arrested at his parent’s house for a major hack, such as the one that recently occurred at Transport for London (TfL), the sinister cybercriminals who may have orchestrated the cyber-attack doubtless breathe a sigh of relief. “What the police should be asking in a case like is who has been grooming the teenage hacker and for how many years?” says Fraser Hay, CEO and co-founder of one-year-old UK start-up The Hacking Games, whose aim is to use online gaming, TV and other media to encourage teenagers away from a life of online crime and towards careers in ethical hacking.

CrowdStrike-like vulnerabilities will persist

Exclusive: CrowdStrike crash is only the beginning…

The famous “blue screen of death,” witnessed with horror by 8.5 million Microsoft Windows users worldwide as a result of the ongoing CrowdStrike outage, may soon become a far more familiar sight across a wide range of sectors. While there is no evidence that the widespread Microsoft Windows outage caused by the CrowdStrike upgrade was anything but accidental, many in the cybersecurity industry are seeing the past week’s experience as a dummy run for a full-fledged cyber-attack aimed at crippling critical infrastructure. As the current media pictures of people sleeping in airports testify, some sectors appear to be faring better than others.

Vulnerable AI Data Centers

Exclusive: Expanding AI data centers have become tempting targets

Big Tech’s rapidly-expanding server farms are becoming increasingly tempting targets for ransomware gangs. In their Gadarene rush to be first with AI-based services, companies such as Google and Microsoft are not only abandoning any previous pretences about reducing their greenhouse emissions and energy consumption, they are also inadvertently building increasingly tempting targets for organized cybercriminals and nation-state threat actors. The online industry’s vast data centers and server farms run on similar operational technology (OT) systems to other industrial facilities. Originally designed to run offline, these systems are notoriously difficult to secure, particularly when they need to interface with newer information technology (IT) systems.

physical bank security

Exclusive: Banks face a growing physical security threat

Banks, traditionally the main target for cybercriminal groups, are now being attacked not only by new online hacking techniques but also by a growing range of physical hacking tools and techniques. While financial institutions have high levels of cybersecurity and strong physical security, they currently face a growing threat from combined physical and digital assaults. “Physical security and cybersecurity convergence in the business environment. A favorite weapon in the hacker arsenal is the Flipper Zero, an inexpensive pocketable device that enables you to hack into nearby smartphones and IT systems,” says Tim Grieveson, Senior Vice President of Global Cyber Risk, BitSight.

FBI against BreachForum

FBI takes down BreachForums -again!

The US Federal Bureau of Investigation (FBI) is investigating the criminal hacking forum BreachForums after taking down its website last week. This follows the announcement in February of the seizure of the LockBit ransomware gang’s extortion website. “From June 2023 until May 2024, BreachForums (hosted at breachforums.st/.cx/.is/.vc and run by ShinyHunters) was operating as a clear-net marketplace for cybercriminals to buy, sell, and trade contraband, including stolen access devices, means of identification, hacking tools, breached databases, and other illegal services,” says an FBI advisory.

declining social media trust

90 percent of US users mistrust social media

Nine out of 10 US citizens do not trust social media. In some other developed markets, trust in services such as Facebook is even lower. In the UK, only three percent of consumers trust social media services with their personal data, and in Japan, it is only two percent, about one in fifty. Thales 2024 Digital Trust Index, which surveyed 12,426 people worldwide, reports that, while the majority of users mistrust social media and online retail and entertainment services, trust in some other services is far higher. Consumers have much more trust in banking, healthcare, and government services when it comes to sharing their personal data – a universal trend witnessed in all the markets surveyed. Banking services are the most highly trusted with 44 percent of users placing their trust in them. This was closely followed by healthcare with 41 percent and government services with 37 percent.

Software Supply Chain Vulnerability

Supply-chain attacks impacted 54m victims in 2023

Last year saw exponential growth in the number of organizations impacted by supply-chain attacks, although the increase in the number of organizations targeted has remained slow. According to the 2023 data breach report from the Identity Theft Resource Center (ITRC) the number of organizations impacted has surged by more than 2,600 percent since 2018, affecting over 54 million victims. “We must acknowledge the significant impact of Supply Chain Attacks and their effect on all organizations. A single supply chain attack can directly or indirectly impact hundreds or thousands of businesses that rely on the same vendor,” warns the ITRC. While supply chain attacks have been around for many years, the ability to automate and launch the attacks at scale accelerated in 2018. The MOVEit attack last year shows the scope and scale a Supply Chain Attack can have. According to the report, 102 entities were directly impacted by threat actors exploiting a MOVEit product. However, 1,271 organizations were indirectly affected when information stored in or accessed by a MOVEit product or service was compromised via a vendor or vendors.

Cyber-gangs to launch media offensive in 2024

Cybercrime, which has become a multi-trillion-dollar industry over recent decades, became increasingly sophisticated during 2023, with criminal groups now adopting many of the business practices used by legitimate enterprises. According to a new report from cybersecurity firm, Sophos, leading ransomware gangs now increasingly employ their own internal HR and PR departments. Far from shying away from the media, as criminals always have in the past, some ransomware gangs have been swift to seize the opportunities it affords them. Some regularly issue press releases and take great pains to forge relationships with individual journalists using the same PR methods as those employed by legitimate corporations. Threat actors also offer Frequently Asked Questions (FAQs) and answers for journalists visiting their leak sites, encouraging reporters to get in touch, give in-depth interviews, and recruit writers, reports Sophos.

Disagreeing with AI

AI “overrated and overhyped” say cybercriminals

The verdict on artificial intelligence (AI) from the real experts is finally in; professional cybercriminal fraternities have judged AI to be “overrated, overhyped and redundant,” according to fresh research from cybersecurity firm Sophos. It has, hitherto, been accepted wisdom in the cybersecurity industry that cybercriminals, free from any regulatory authority or moral scruples, were among the first to harness the awesome power of AI to create bespoke and virtually unstoppable malware. However, having infiltrated the Dark Web forums where top professional cybercriminals discuss their trade, Sophos reports that the cybercrime sector has thoroughly tested the capabilities of AI and found it wanting.

Show More
Lost your password?