Latest

Fraud Management & Cybercrime

Verizon: When Ransomware Attacks Cost, They're Costing More

Mathew J. Schwartz  •  June 6, 2023

Criminals are continuing to wield stolen credentials, compromise attacks, ransomware and social engineering to earn an illicit payday, according to Verizon's latest annual analysis of data breaches and how they happened, which finds that post-ransomware cleanup costs are rising.

Fraud Management & Cybercrime

Microsoft Attributes MOVEit Transfer Hack to Clop Affiliate

Jayant Chakravarti , David Perera , Mathew J. Schwartz  •  June 5, 2023

Microsoft says an affiliate of the Russian-speaking Clop ransomware gang is behind a rash of attacks exploiting a recently patched vulnerability in Progress Software's MOVEit application. Known victims include British payroll provider Zellis, which says eight corporate customers were affected.

Fraud Management & Cybercrime

Breach Roundup: Amazon Settles US FTC Investigations

Prajeet Nair  •  June 1, 2023

This week: Amazon settled privacy and cybersecurity investigations with the U.S. FTC, SAS received a $3 million extortion demand and apparently Ukrainian hacktivists penetrated Russia's Skolkovo Foundation. Plus, breaches at Onix Group and Toyota and a warning about Salesforce "ghost sites."

Fraud Management & Cybercrime

Conti's Legacy: What's Become of Ransomware's Most Wanted?

Mathew J. Schwartz  •  June 1, 2023

Former members of the defunct Conti ransomware group are continuing to ply their trade under a variety of other guises, including Royal and Black Basta. Thanks to their agile and innovative approaches, post-Conti operations are "stronger than ever," one ransomware expert reports.

Fraud Management & Cybercrime

Gouda Hacker: Charges Tie to Ransomware Hit Affecting Cheese

Mathew J. Schwartz  •  May 30, 2023

How many hackers can claim to have caused a national cheese shortage, not least in the Gouda-loving Netherlands? Enter Mikhail Matveev, a Russian national who's been indicted for wielding not one but three strains of ransomware, in what experts say is a needed focus on ransomware affiliates.

Audit

Sports Warehouse Fined $300,000 Over Payment Card Data Theft

Mathew J. Schwartz  •  May 29, 2023

Online sports retailer Sports Warehouse has agreed overhaul its security program and pay a $300,000 fine to New York State after hackers stole 20 years' worth of payment card data and customer information the company was storing in plaintext on its e-commerce server.

Cryptocurrency Fraud

North Korea's BlueNoroff Group Targets macOS Systems

Jayant Chakravarti  •  May 23, 2023

The BlueNoroff hacker group, which is associated with the North Korean military's Reconnaissance General Bureau, is using RustBucket malware to target macOS systems of users primarily in the United States and Asia - a tactic observed for the first time since the group began its operations.

Cryptocurrency Fraud

Sharp Decline in Crypto Hacks in Q1 2023 Unlikely to Last

Rashmi Ramesh  •  May 23, 2023

Law enforcement and regulatory action over the past year in the United States most likely dissuaded hackers from stealing cryptocurrency, making the amount stolen in the first quarter of the year the lowest compared to each of the four quarters in 2022, TRM Labs said.

►

Fraud Management & Cybercrime

How the New UK Fraud Strategy Targets Scams

Suparna Goswami  •  May 23, 2023

The U.K. government earlier this month introduced a strategy to reduce fraud and scams called Fraud Strategy: Stopping Scams and Protecting the Public. Ken Palla, retired director of MUFG Bank, said this as an important step to combat authorized scams, which have now eclipsed unauthorized fraud.

Fraud Management & Cybercrime

Phishing Vendor Sells IP Addresses to Duck Anomaly Detection

Prajeet Nair  •  May 19, 2023

A large-scale phishing-as-a-service operation is shifting tactics to allow attackers to avoid anomaly detection by using localized IP addresses, warns Microsoft. The U.S. Secret Service has reported that BEC incidents cost global enterprises more than $43 billion in losses over a five-year span.

Fraud Management & Cybercrime

LexisNexis, Experian, IBM, F5 Top Fraud Reduction Tech

Michael Novinson  •  May 19, 2023

New entrants LexisNexis Risk Solutions and F5 joined longtime leaders Experian and IBM atop KuppingerCole's Leadership Compass for fraud reduction intelligence platforms. Leading vendors help users detect bots and have capabilities spanning different sectors from finance to payments to e-commerce.

►

Blockchain & Cryptocurrency

ISMG Editors: The Plot Thickens for Capita in Breach Fallout

Anna Delaney  •  May 19, 2023

In the latest weekly update, four ISMG editors discuss the mounting fallout from the March hack of Capita and accompanying data breach, the comprehensive crypto regulation adopted by the EU, and Crosspoint Capital's agreement to purchase Absolute Software for $657 million.