cybercrime
Latest
Microsoft disrupts a botnet that infected 9 million computers
Today, Microsoft and partners from 35 countries took steps to disrupt a botnet behind the world's largest cybercrime network. The botnet, Necurs, has infected an estimated nine million computers worldwide, and it's one of the largest spam email networks, generating as many as 3.8 million spam emails in a two-month period.
Three people sentenced for running $100 million malware crime network
The takedown of a massive malware crime network is now leading to consequences for some of its alleged participants. The US and the country of Georgia have sentenced three people for their roles in using GozNym malware to steal upwards of $100 million. Krasimir Nikolov was sentenced in the US to the 39 months he'd served in prison for serving as an "account takeover specialist," and will be retirned to Bulgaria. Two others, the "primary organizer" Alexander Konolov and his assistant Marat Kazandjian, have also been prosecuted in Georgia for their roles. The US Justice Department didn't detail their punishment.
Visa warns that hackers are scraping card details from gas pumps
Cybercrime groups are actively exploiting a weakness in gas station point-of-sale (POS) networks to steal credit card data, Visa has revealed. The company's fraud disruption teams are investigating several incidents in which a hacking group known as Fin8 defrauded fuel dispenser merchants. In each case, the attackers gained access to the POS networks via malicious emails and other unknown means. They then installed POS scraping software that exploited the lack of security with old-school mag stripes in card readers that can't read chips.
UK police auction TalkTalk hacker's cryptocurrency
A UK police force auctioned off more than £240,000 of cryptocurrency that they confiscated from the teenage hacker behind the 2015 TalkTalk breach. In April 2018, police discovered that Elliott Gunton was stealing personal data in exchange for hundreds of thousands of pounds in cryptocurrency. According to BBC, he admitted to five charges, including computer misuse and money laundering. He was sentenced to 20 months jail time and ordered to pay back £407,359. Apparently he was also sitting on a pretty large stash of cryptocurrency.
HBO's 'Hackerville' cybercrime series debuts in the US
HBO is releasing Hackerville, its German series about a talented Romanian teenage hacker, to American audiences. The show follows German cybercrime investigator Liza Metz (Anna Schumacher) who is sent back to her hometown in Romania to investigate a major hack against a German bank. Lisa teams up with a local cop, Adam Sandor (Andi Vasluianu) to hunt down the criminals. Meanwhile, a local teenager and talented hacker, Cipi, (Voicu Dumitras) is being scouted by both the police and those with more nefarious motives. Shot in both Romania and Germany, Hackerville was HBO Europe's first co-international production. For American audiences, the network is only releasing the series on HBO Now, HBO Go and HBO On Demand.
International effort busts $100 million malware crime network
The US, five other countries and Europol have dismantled an elaborate cybercrime ring that relied on one piece of malware to pull off heists. Officials have charged 10 people across five countries with using GozNym malware to grab banking login credentials in a bid to steal about $100 million from over 41,000 target computers, most of them linked to US businesses and their associated banks. It's not certain how much money the team obtained.
US charges three Germans over massive dark web marketplace
The US just made a dark web bust that makes AlphaBay's 400,000-user peak seem modest by comparison. Federal prosecutors have charged three unnamed Germans for allegedly operating Wall Street Market, a dark web marketplace that sold drugs, counterfeits and hacking software to more than 1.15 million customers. The trio reportedly maintained the site, including transactional chats, forums and financial transactions.
Russian hackers are hijacking computers at embassies (updated)
Russian hackers have apparently launched cyberattacks against embassies, although it might not be the kind of campaign you're expecting. Check Point Research reports that the attackers have attempted to compromise PCs at embassies for countries like Italy, Bermuda and Kenya by tricking officials into loading malware. Most often, they emailed Excel spreadsheets with malicious macros that would hijack a computer using the popular remote access app TeamViewer.
US convicts Romanians over scheme that hijacked 400,000 computers
Two Romanian residents are about to face prison time for a particularly large digital crime spree. A federal jury has found Radu Miclaus and Bogdan Nicolescu guilty for a scheme that stole credit card data and other sensitive info by hijacking over 400,000 computers located primarily in the US. The duo reportedly developed custom malware in 2007 that would pose as a legitimate organization (such as the IRS, Norton or Western Union) and infect PCs when users opened an attachment. From then on, the perpetrators stole data and money by injecting fake websites (such as bogus eBay auctions), mining cryptocurrency in the background and amassing contact information that could be used to infect more targets.
UK sentences porn site sextortionist to over six years in prison
A British court just imprisoned one of the most aggressive sextortionists in recent memory. Zain Qaiser has been sentenced to six years and five months behind bars after pleading guilty to a scheme that blackmailed porn site visitors in over 20 countries by spreading malware-laden ads. The campaign would impersonate regional police (such as the FBI) and claim that victims who clicked the ads had committed an offense requiring a fine between $300 and $1,000. Qaiser worked with a Russian crime group that reportedly pocketed most of the money, but he still made over £700,000 (about $914,000) -- and prosecutors believe he has even more money stashed in offshore accounts.
Hackers obtain millions of cards from Planet Hollywood's parent company
More than a few restaurant-goers in the US will want to check their bank statements. Earl Enterprises has confirmed that hackers used point-of-sale malware to scoop up credit and card data at some of its US restaurants between May 2018 and March 2019, including virtually all Buca di Beppo locations, a few Earl of Sandwich locations and Planet Hollywood's presences in Las Vegas, New York City and Orlando. It's a fairly large data breach -- KrebsOnSecurity discovered that a trove of 2.15 million cards were on sale in the black market as of February.
Iranian hackers stole terabytes of data from software giant Citrix
Citrix is best-known for software that runs behind the scenes, but a massive data breach is putting the company front and center. The FBI has warned Citrix that it believes reports of foreign hackers compromising the company's internal network, swiping business documents in an apparent "password spraying" attack where the intruders guessed weak passwords and then used that early foothold to launch more extensive attacks. While Citrix didn't shed more light on the incident, researchers at Resecurity provided more detail of what likely happened in a conversation with NBC News.
Alphabet’s Chronicle finally reveals its cybersecurity moonshot
Last year, Google's parent company Alphabet announced Chronicle, a cybersecurity division spun out of X (previously Google X). Now, Chronicle has launched its first commercial product -- a global telemetry platform called Backstory. According to Chronicle, it's a bit like Google Photos, but for business network security.
US charges Iranian hackers over $30 million ransomware spree
The US is attempting to hold the creators of the infamous SamSam ransomware to account. A federal grand jury has revealed indictments against two Iranian men, Mohammad Mansouri and Faramarz Savandi, for allegedly authoring and wielding SamSam to extort money from a wide range of North American targets, including multiple hospitals, health care companies, state agencies and the city of Atlanta. They've successfully collected $6 million in ransoms so far, according to the Justice Department, and have created over $30 million in losses.
Kelihos botnet operator pleads guilty to hacking and fraud charges
The Kelihos botnet story appears to be winding to a close. Russian Peter Levashov has pleaded guilty to charges relating his operation of the botnet, including intentional damage to a computer, wire fraud, conspiracy and identity theft. He reportedly used Kelihos to spread spam email, collect login details, install ransomware and otherwise attack users' computers, including selling access to the botnet.
British Airways hackers used same tools behind Ticketmaster breach
The British Airways web hack wasn't an isolated incident. Analysts at RiskIQ have reported that the breach was likely perpetrated by Magecart, the same criminal enterprise that infiltrated Ticketmaster UK. In both cases, the culprits used similar virtual card skimming JavaScript to swipe data from payment forms. For the British Airways attack, it was just a matter of customizing the scripts and targeting the company directly instead of going through compromised third-party customers.
Egypt signs censorship-focused cybercrime bill into law
Egypt's increasingly strict regulation of internet use just became that much harsher. President Abdel Fattah al-Sisi has signed a cybercrime law that makes it illegal to run and even visit sites considered threats to the country's economy and national security. If convicted, operators and users have to pay fines or, in some cases, face prison sentences.
Three men arrested for stealing over 15 million payment cards
US officials announced today that three alleged leaders of the cybercrime group known alternatively as Fin7, Carbanak and the Navigator Group have been arrested in Germany, Poland and Spain and charged with 26 felony counts. The charges include conspiracy, wire fraud, computer hacking, access device fraud and aggravated identity theft. The Department of Justice alleges that Fin7 members have targeted more than 100 US companies, hacked thousands of computer systems and stolen 15 million credit and debit card numbers. The group is said to have breached networks in 47 states and Washington, DC and hacked 6,500 point-of-sale terminals at over 3,600 business locations.
Hackers take 5 million payment cards from Saks, Lord & Taylor stores
The wave of large-scale retail data breaches isn't about to subside any time soon. Gemini Advisory has discovered that a JokerStash online crime syndicate, Fin7, is planning to sell over 5 million payment cards stolen from the databases of 83 Saks Fifth Avenue stores (including Off 5th) and the entire network of Lord & Taylor. The crooks are 'only' selling 125,000 of the cards on the Dark Web as of this writing, but the rest are expected to reach the black market in the months ahead. The breaches reportedly started in May 2017, but could be continuing to this day.
Suspect arrested for cyber bank heists that amassed $1.2 billion
Europol announced today that the suspected leader of an international bank heist scheme has been arrested. The arrest was a result of an investigation that involved a number of cooperating law enforcement groups including the Spanish National Police, Europol, the FBI and the Romanian, Belarusian and Taiwanese authorities. The person was arrested in Alicante, Spain.
