Roughly three-quarters of small-to-medium-sized businesses (SMBs) have experienced a cyber-attack, a breach, or both in the last year. According to non-profit organization the Identity Theft Resource Center (ITRC)’s third annual ITRC Business Impact Report, 73 percent of owners or leaders of SMB’s reported being attacked or breached in the past 12 months, following a slight dip in the previous year.
Last week, the US seized 17 website domains alleged to have been used to defraud US and foreign businesses. These seizures come hard on the heels of previously sealed October 2022 and January 2023 court-authorized seizures of approximately $1.5 million of the revenue that the same group of IT workers collected from unwitting victims. According to the US Justice Department, The Democratic People’s Republic of North Korea has installed bogus contractors to steal from US companies in order to pay for weapons development.
US energy firm BHI Energy has shared details about an Akira ransomware gang attack that breached its network in May this year.
The gang used a third-party contractor’s account to reach BHI’s internal network through a VPN connection. In the weeks that followed the breach, 767K files, containing 690 GB of data were stolen. These included BHI’s Windows Active Directory database.
The Federal Bureau of Investigation (FBI) warns that cybercriminals and online blackmailers are targeting plastic surgeons to harvest electronically protected health information (ePHI) on their patients. Personal ePHI includes sensitive information and photographs, enabling the cybercriminals to extort money from the patients themselves as well as from plastic surgery practices, something that could prove lucrative to blackmailers targeting wealthy celebrities who are in the public eye.
According to Lloyds, a single well-orchestrated cyber strike breaching a financial services payments system could lead to losses of $1.1 trillion in the US alone, with global losses amounting to $3.5 trillion over a five-year period. China would face losses of around $470 billion and Japan $200 billion.
The official cost of texting fraud in 2022 rose to $330 million, representing a fivefold increase since 2019, with an average cost of $1,000 to the victims concerned. But the US Federal Trade Commission (FTC), which issued the figures, acknowledges that this is only the tip of a gigantic cybercrime iceberg, as most phone scams go unreported.
The hacker group behind the recent breaches of major casino companies, called Scattered Spider, is suspected to be behind a recent attack against Clorox Co in Malaysia.
This breach has led to a nationwide shortage of cleaning products and displays the same social-engineering tactics of Scattered Spider.
The US Federal Bureau of Investigation (FBI) is increasingly anxious to enlist the private sector in the losing battle it is fighting against global cybercrime and espionage. Speaking in Washington on Monday, FBI director Christopher Wray stressed the importance of “collaborative, public-private” operations in fighting cybercrime, developing a strategy previously outlined by FBI Deputy Director Paul Abbate at a Boston cybersecurity conference three months ago.
The European Police Office (Europol)’s first-ever threat assessment on the topic, ‘The other side of the coin: an analysis of financial and economic crime in the EU’, aims to shine a spotlight on a EUR 188 billion-plus international underground criminal economy.
A massive ransomware attack cost the Sri Lankan government four months of data and spread to UK government offices, including the Cabinet Office.
In today’s roundup; Addresses forged via email forwarding, the Sri Lankan attack causes government data loss, and Pune reports a spike in cybercrime cases.
The world’s most-wanted cybercriminal, Russia’s Mikhail Matveev, who already has a $10 million dollar bounty issued by the FBI, is believed to be behind the recent theft of thousands of documents stolen from the UK’s Ministry of Defence (MoD). While authorities are intent on taking him down, his reign of terror shows no signs of stopping.
Hackers hold Prospect Medical’s data ‘hostage’ Hacker group Rhysida has been identified as the mastermind behind the recent ransomware attack on Prospect Medical Holdings, where 500,000 social security numbers, patient records, and corporate documents were stolen. The group identified themselves in ransom notes on employee screens after the August 3 attack. GhostSec exposes Iran’s surveillance […]
LinkedIn has become a byword for respectability and overall security. But all that has started to change, with the growing attention of cybercriminal gangs, firstly with false flags and, more recently, directly taking control of targeted individual LinkedIn accounts.
Cybersecurity firm Coalfire reports that the ALPHV/BlackCat ransomware gang has been causing mayhem over the past year using a failsafe delivery system. The group suspects that the leaders of BlackCat are affiliated with the top ransomware gang, the infamous LockBit.
Western governments’ stop-and-start race towards ‘net zero’ carbon emissions has produced a global cybersecurity crisis as a potentially hostile power, China, appears to be cornering the market in electric vehicles (EVs)
Discord.io data leak Discord.io exposes the personal data of more than 760,000 users. The invite service for the popular messaging app Discord was allegedly due to a flaw in the site’s code. The information is being offered up by a hacker on the dark web. Joint Interpol-Afripol opp nets cybercriminals across Africa Interpol and Afripol […]
According to a study conducted in June, “Threat intelligence: Eyes on the enemy,” by threat intelligence firm Cyber Risk Analytics (CRA), vulnerability priority is the chief use of threat intelligence for 70 percent of the study’s respondents; 65 percent of those respondents also stated that they are starting to use threat intelligence to aid them with reactive incident response. By contrast, proactive measures still rank low on the list of primary uses for threat intelligence where most organizations are concerned, with 50 percent of respondents using threat intelligence for threat hunting and 46 percent, fewer than half, using actionable threat intelligence providing advanced warning against future attacks.
Microsoft’s OneDrive includes built in ransomware detection and recovery and is marketed as a safe place to store sensitive documents. However, SafeBrach Researcher, Or Yair, was able to demonstrate its worrying capability to be used by the very criminals it was built to protect against.
Barracuda Email Security Gateway devices have again been violated, this time through a novel backdoor malware named ‘Whirlpool.’ The US Cybersecurity and Infrastructure Security Agency (CISA) has identified the breach to be the work of a pro-China group of hackers. The threat actors have targeted a zero-day remote command injection vulnerability through the malware. Reports say this vulnerability was used to plant malware payloads of Seapsy and Whirlpool backdoors on compromised devices.
A new summer craze is hitting the world of cybercrime – weaponized Quick Response (QR) codes. According to cybersecurity firm Darktrace, last month saw a marked increase in “Quishing” attacks.
The UK Foreign Office’s culture of secrecy kept the details of the extent of a 2021 breach that endangered its staff and allies until now.
Interpol’s latest bust may look like a victory, but critics contend that its approach is outdated, ineffective, and all too often political.
Editorial Team
