Tag: fraud
Deepfake news lures new victims
Deepfake videos of TV news presenters are being used to dupe gullible viewers into logging onto illegal gambling sites where malware is then downloaded onto their devices. News anchors on Sky and other channels appear to be quoting Apple CEO Tim Cook recommending an app where users can easily get rich by winning vast sums of money. The news reports have been identified as deepfake videos. It has been further revealed that thousands of similar videos of deepfakes of journalists have been circulated in the US and the UK.
From deepfakes to in-person fraudsters
Boeing Employees' Credit Union (BECU) is a not-for-profit credit union based in Washington, dedicated to improving the financial well-being of its members and communities. It has grown beyond serving Boeing’s employees to more than 1.5 million members and $29 billion in assets. In an exclusive interview, Sean Murphy, Chief Information Security Officer (CISO) at BECU, explains the changing cyber-threats now facing consumers. The cybersecurity challenges faced by all consumers have escalated with the growth of artificial intelligence (AI). We have witnessed the growing use of botnets, and AI is at such a stage that it can be used to attempt to gain access to accounts on an individual level. The use of virtual private networks (VPNs) simplifies this process and makes it difficult to track. Remember – while organizations are constantly monitoring for threats and attacks, the cybercriminals only have to get it right one time to cause a highly damaging breach. Advanced persistent threats (APTs) have now become a major ongoing threat. Financial institution employees are the first line of defense against cyber attackers and play a key role in protecting consumers. As such, a robust cybersecurity team and the regular training of employees is crucial.
Darcula can suck the blood out of any brand
Cybercrime just got easier. A new artificial intelligence off-the-shelf phishing kit named darcula now enables even inexperienced cyber criminals to impersonate any corporate brand with a complex, customizable campaign. Phishing generally refers to a form of online fraud where attackers attempt to steal sensitive information such as passwords, credit card numbers, or bank account details. “The criminals at darcula are back for more blood, and they mean business with one of the more impactful innovations in phishing in recent years. The new version of their “Phishing-as-a-Service” (PhaaS) platform, darcula-suite adds first-of-its-kind personalization capabilities …to allow criminals to build advanced phishing kits that can now target any brand with the click of a button,” says Cybersecurity company, Netcraft.
Identifying fraudsters on the internet
In an exclusive interview with Cyber Intelligence, Patrick Harding, chief product architect at digital identity security company, Ping Identity, outlines the growing threat of identity theft and fraud, explaining how it evolved and what can be done to counter it. Everybody is forced into digital transactions and relationships and identity management is fundamental to knowing who you are interacting with. The problem goes back to the beginning of the internet in the 1990s and a cartoon of a dog in front of a computer with the caption, “On the internet no-one knows you’re a dog!” That really illustrates the core problem of identifying online users and customers. The extent to which this is carried out largely depends on the sensitivity of the activity concerned. There is a big difference between buying a pair of jeans online and opening a bank account. In both cases, there is a significant series of steps which could include requesting passport ID for financial services.
FBI Takes Down Crypto-Laundering Scam
The line between cybercrime and plain old-fashioned fraud has become yet more blurred following the sentencing of international virtual currency vendor Anurag Pramod Murarka to 121 months in prison for his involvement in a classic money laundering operation that he advertised on Darknet marketplaces. According to recently unsealed court documents, Murarka operated an international money laundering business from April 2021 until September 29, 2023. Murarka was able to operate out of India and serviced shady clients in the United States through an intricate Indian “hawala” money transferring system and the use of the US Postal Service as his “unwitting partner in transferring ill-begotten funds.” The original Hawala scam was an Indian political and financial scandal involving illicit payments allegedly sent by politicians through a network of four Hawala brokers that implicated some of the country's leading politicians.
US Puts $10M Bounty on Chinese Hacker
A Chinese national, Guan Tianfeng, has been accused of involvement in the hacking of 81,000 firewall devices all over the world in 2020. Some of the compromised devices were protecting systems running US critical infrastructure and, had the attacks gone undetected, they could have had potentially deadly consequences. The US Department of State’s Rewards for Justice (RFJ) program has since announced a reward of up to $10 million for information leading to the arrest of Guan and his alleged co-conspirators. “The defendant and his conspirators compromised tens of thousands of firewalls and then continued to hold at risk these devices, which protect computers in the United States and around the world,” said Assistant Attorney General for National Security Matthew G. Olsen.
Women break glass ceiling of Russian cybercrime
Women cybercriminals and lady Darknet hackers are now starting to make inroads into the hitherto male-dominated fraternities of Russian-speaking cybercrime. According to the cybersecurity training and certification cooperative, the SANS Institute, women cybercriminals sometimes now pose as men in order to obfuscate their identities as well as to gain credibility among Russian-speaking criminals. The SANS Institute interviewed one such woman cybercriminal, who is referred to only as a "Confidential Human Source (CHS)" in order to comply with her request for anonymity. “I often took my boyfriend to in-person meetings,” CHS revealed, shining a new light on a so-far largely unrecognized aspect of cybercrime, the fact that cybercriminals meetings are frequently also conducted offline.
Cryptocurrency Laundering Top Dog Arrested
Russian-Swedish native Roman Sterlingov has been sentenced to twelve years in prison for his alleged involvement in Bitcoin Fog, the longest-running cryptocurrency laundering service on the dark web. Sterlingov reportedly operated Bitcoin Fog for a decade and processed over 1.2 million Bitcoin, valued at approximately $400 million at the time of the transactions. Bitcoin Fog ran from 2011-2021 and quickly garnered a reputation among the dark web community as the “go-to” cryptocurrency “mixer” for cybercriminals looking to hide their illicit funds from law enforcement. Bitcoin Fog would pool the “dirty” cryptocurrency and redistribute it in order to make the funds untraceable. According to court documents, the cryptocurrency laundered was mainly derived from darknet marketplaces tied to illegal narcotics, identity theft, and child sexual abuse material.
Dutch Police Take Down major global cyber threat
The Dutch Police, Politie, claim to have removed a major threat to organizations all over the world by dismantling two of the most notorious ‘infostealers’, software designed to breach computer systems to steal sensitive information. “Operation Magnus,” conducted in collaboration with Team Cybercrime Limburg, is reported to have taken down the Redline and META info stealers, which have been responsible for infecting millions of computers worldwide with malware, leaving them open to devastating ransomware attacks and other threats.
A Deluge of Powerful Fraud Tactics Are Giving Businesses Trust Issues
It feels like fraudsters are consistently staying one step ahead of us. Back in early 2022, a study found that one out of every four accounts made online was fake—and that number has only gotten worse. The auto lending industry, for example, saw a staggering $7.9 billion in losses due to a 98% spike in synthetic fraud in 2023. They’re not alone in fending off more fraud attempts than ever as malicious actors turn to generative artificial intelligence to increase both the sophistication and the sheer number of fake accounts trying to bypass verification steps and swindle businesses. The increase we’ve seen in synthetic identities is causing a new host of problems. Not only are more businesses finding themselves with fake customers in their systems—financial institutions mistakenly giving credit to synthetic identities, colleges and universities grappling with applications from fake students, and more—but some of the measures being taken to tamp down on fraudsters’ relentless advances have had the unfortunate side effect of pushing away legitimate customers.
Secret Service Hot on the Trail of Cybercriminal “Stalin”
The United States Secret Service is doubling down on the search for cybercriminal “Stalin.” On August 26, 2024, the U.S Department of State partnered with the US Secret Service to put out a bounty of up to $2.5 million for information leading to the arrest of Belarusian hacker Volodymyr Kadariya, sometimes going by the alias “Stalin.” Kadariya was allegedly part of a malicious advertising (“malvertising”) ring responsible for transmitting the Angler Exploit Kit, a toolkit utilized by threat actors to exploit vulnerabilities in a system or code.
Ex-IT worker arrested for ransomware attack
The US New Jersey District Court has arrested a man accused of conducting a ransomware attack on a former employer, highlighting the growing “insider threat” organizations increasingly face from disgruntled or former employees. It is alleged that Daniel Rhyne, 57, described in court documents as “a core infrastructure engineer,” is alleged to have conducted a $750, 000 ransomware attack on a New Jersey-based industrial company. The as-yet-unidentified organization provides services to various industries, including aquaculture, biopharmaceuticals, chemistry, electronics, food and beverage, healthcare, hydrogen mobility, manufacturing and industrial processing, metals, oil and gas, and pulp and paper companies.