Cybercrime

April 9, 2021

The Swarmshop cyber-underground “card shop” has been hit by hackers, who lifted the site’s database of stolen payment-card data and leaked it online. That’s according to researchers at Group-IB, who said that the database was posted on a rival underground forum. Card shops, are online cybercriminal forums where stolen payment-card data is bought and sold. Researchers said ...

April 9, 2021

Personal data from more than 500 million LinkedIn users has been posted for sale online in yet another incident of threat actors scraping data from public profiles and slinging it online for potential cybercriminal misuse. Hackers posted an archive containing data they said includes LinkedIn IDs, full names, professional titles, email addresses, phone numbers and other ...

April 7, 2021

A vulnerability impacting Fortinet VPNs is being exploited by a new human-operated ransomware strain known as Cring to breach and encrypt industrial sector companies’ networks. Cring ransomware (also known as Crypt3r, Vjiszy1lo, Ghost, Phantom) was discovered by Amigo_A in January and spotted by the CSIRT team of Swiss telecommunications provider Swisscom. The Cring operators drop customized Mimikatz ...

April 7, 2021

A man has been jailed for trying to buy a chemical weapon online capable of killing “hundreds” of people. On Tuesday, the US Department of Justice (DoJ) announced that Jason William Siesser, a resident of Missouri, will spend 12 years behind bars in federal prison without the possibility of parole. The 46-year-old tried to buy two and ...

April 6, 2021

A banking Trojan striking corporate targets across Brazil has been unmasked by researchers. On Tuesday, ESET published an advisory on the malware, which has been in development since 2018. Dubbed Janeleiro, the Trojan appears to be focused on Brazil as a hunting ground and has been used in cyberattacks against corporate players in sectors including healthcare, engineering, ...

April 6, 2021

The Conti Gang has demanded a $40 million ransom from a Fort Lauderdale, Fla., school district after a ransomware attack last month. Attackers stole personal information from students and teachers, disrupted the district’s networks, and caused some services to be unavailable. The incident that was discovered on March 7 at Broward County Public Schools drew limited ...

April 5, 2021

From 2019-20, we noticed a dramatic 1,160% increase in malicious PDF files – from 411,800 malicious files to 5,224,056. PDF files are an enticing phishing vector as they are cross-platform and allow attackers to engage with users, making their schemes more believable as opposed to a text-based email with just a plain link. To lure users ...

April 3, 2021

Personal and financial information stolen from Stanford Medicine, University of Maryland Baltimore (UMB), and the University of California was leaked online by the Clop ransomware group. The threat actors obtained the documents after hacking the universities’ Accellion File Transfer Appliance (FTA) software used to share and store sensitive information. Data stolen in the attack targeting Stanford Medicine’s ...

April 2, 2021

Browser lockers (aka browlocks) are a class of online threats that prevent the victim from using the browser and demand a ransom. A locker is a fake page that dupes the user, under a fictitious pretext (loss of data, legal liability, etc.), into making a call or a money transfer, or giving out payment details. ...

March 31, 2021

Distributed denial-of-service (DDoS) attacks started strong this year, setting new records and taking the extortion trend that started last August to the next level. Internet security services company Akamai has already dealt with the largest known ransom DDoS (RDDoS) attack, which was also more complex than previously seen incidents of the same type. Bigger, more complex RDDoS Akamai ...

March 31, 2021

2020 was challenging for everyone: companies, regulators, individuals. Due to the limitations imposed by the epidemiological situation, particular categories of users and businesses were increasingly targeted by cybercriminals. While we were adjusting to remote work and the rest of the new conditions, so were scammers. As a result, 2020 was extremely eventful in terms of ...

March 29, 2021

The PHP project on Sunday announced that attackers were able to gain access to its main Git server, uploading two malicious commits, including a backdoor. They were discovered before they went into production. PHP is a widely used open-source scripting language often used for web development. It can be embedded into HTML. The commits were pushed ...

March 29, 2021

The IT systems and email servers of London-based nonprofit multi-academy trust Harris Federation were taken down by a ransomware attack on Saturday. Harris Federation is an education charity running 50 Harris primary and secondary academies with 37,000 students from London and surrounding areas. The attack hit the school trust’s systems over the weekend on Saturday, March 27, ...

March 29, 2021

The Hades ransomware gang has several unique characteristics that set it apart from the rest of the pack, according to researchers – including potentially having more than extortion on the to-do list. The group appears to use multiple nation-state tools and techniques. The researchers said that its investigations into the group’s cyberattacks at the end of ...

March 28, 2021

After recently announcing the end of the operation, the administrator of Ziggy ransomware is now stating that they will also give the money back. It appears that this is a planned move since the admin shared the “good news” a little over a week ago, but gave no details. Shutdown followed by money-back move Ziggy ransomware shut down ...

March 26, 2021

hree alleged members of the Egregor ransomware cartel were apprehended in Ukraine in a crackdown conducted by the French and Ukrainian authorities last month. The arrests were also made possible with the help of private-public sector partnerships, which include Trend Micro. About Egregor ransomware Since its first appearance in September 2020, Egregor ransomware has been involved in ...

March 26, 2021

A novel ransomware attack forced insurance giant CNA to take systems offline and temporarily shutter its website. The attack occurred earlier this week and leveraged a new variant of the Phoenix CryptoLocker malware. The Chicago-based company—the seventh largest commercial insurance provider in the world—said it “sustained a sophisticated cybersecurity attack” on Sunday, March 21, according to ...

March 26, 2021

Matrix is a ransomware family that was first identified publicly in December 2016. Over the years since its inception, it has primarily targeted small- to medium-sized organizations. As of 2019, it had been observed across geographic locations such as the U.S., Belgium, Taiwan, Singapore, Germany, Brazil, Chile, South Africa, Canada and the UK. While initially leveraging ...

March 25, 2021

About 204 different “fleeceware” applications with a combined billion+ downloads have raked in more than $400 million in revenue so far, via the Apple App Store and Google Play, analysis has revealed. Fleeceware apps generally offer users a free trial to “test” the app, before commencing automatic payments that can be exorbitant. In an analysis from ...

March 25, 2021

In April 2020, we reported on a large influx of COVID-19 themed phishing attacks starting in February 2020. With March 2021 marking the one-year anniversary that the World Health Organization declared COVID-19 a pandemic, we revisited the phishing trends we observed in the past year to gain deeper insight into the various COVID-related topics that ...